Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2022:2116-1
Rating: important
References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266 #1162338 #1162369 #1173871 #1188885 #1194124 #1195651 #1196426 #1196570 #1197219 #1197601 #1198438 #1198577 #1198899 #1199035 #1199063 #1199237 #1199239 #1199314 #1199399 #1199426 #1199505 #1199507 #1199526 #1199602 #1199605 #1199606 #1199631 #1199650 #1199671 #1199839 #1200015 #1200045 #1200057 #1200143 #1200144 #1200173 #1200249
Cross-References:CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-30594
Affected Products:
  • SUSE Linux Enterprise Desktop 12-SP5
  • SUSE Linux Enterprise High Availability 12-SP5
  • SUSE Linux Enterprise High Performance Computing 12-SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server for SAP Applications 12-SP5
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Workstation Extension 12-SP5

An update that solves 17 vulnerabilities and has 26 fixes is now available.

Description:


The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:

  • CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143)
  • CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
  • CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
  • CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
  • CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
  • CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
  • CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
  • CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
  • CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
  • CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
  • CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
  • CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).

The following non-security bugs were fixed:
  • ACPI: property: Release subnode properties with data nodes (git-fixes).
  • ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
  • arm64: set plt* section addresses to 0x0 (git-fixes)
  • arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes)
  • arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
  • arm64: avoid -Woverride-init warning (git-fixes)
  • arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too.
  • arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
  • arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes).
  • arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
  • arm64: compat: Reduce address limit (git-fixes)
  • arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
  • arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
  • arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
  • arm64: csum: Fix handling of bad packets (git-fixes)
  • arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes)
  • arm64: debug: Ensure debug handlers check triggering exception level (git-fixes)
  • arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
  • arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
  • arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
  • arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
  • arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
  • arm64: Fix size of __early_cpu_boot_status (git-fixes)
  • arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
  • arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
  • arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
  • arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes)
  • arm64: futex: Restore oldval initialization to work around buggy (git-fixes)
  • arm64: hibernate: check pgd table allocation (git-fixes)
  • arm64: hugetlb: avoid potential NULL dereference (git-fixes)
  • arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes)
  • arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
  • arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
  • arm64: kgdb: Fix single-step exception handling oops (git-fixes)
  • arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes)
  • arm64: module: remove (NOLOAD) from linker script (git-fixes)
  • arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
  • arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
  • arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
  • arm64: Relax GIC version check during early boot (git-fixes)
  • arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
  • arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
  • arm64: smp: fix smp_send_stop() behaviour (git-fixes)
  • arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes)
  • arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
  • arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
  • arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
  • bonding: pair enable_port with slave_arr_updates (git-fixes).
  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
  • btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  • cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
  • cputime, cpuacct: Include guest time in user time in (git-fixes)
  • crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes)
  • crypto: ixp4xx - dma_unmap the correct address (git-fixes).
  • crypto: qat - do not cast parameter in bit operations (git-fixes).
  • crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601).
  • crypto: virtio - deal with unsupported input sizes (git-fixes).
  • crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
  • drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
  • drbd: Fix five use after free bugs in get_initial_state (git-fixes).
  • drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
  • drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
  • i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
  • i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
  • i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes).
  • i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
  • i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
  • i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes).
  • i40e: Remove scheduling while atomic possibility (git-fixes).
  • iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
  • Input: aiptek - properly check endpoint type (git-fixes).
  • Input: appletouch - initialize work before device registration (git-fixes).
  • Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
  • Input: spaceball - fix parsing of movement data packets (git-fixes).
  • Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
  • Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
  • Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
  • KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
  • KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
  • KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes).
  • lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
  • media: cpia2: fix control-message timeouts (git-fixes).
  • media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
  • media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
  • media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
  • media: em28xx: fix control-message timeouts.
  • media: flexcop-usb: fix control-message timeouts (git-fixes).
  • media: mceusb: fix control-message timeouts (git-fixes).
  • media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
  • media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
  • media: pvrusb2: fix control-message timeouts (git-fixes).
  • media: redrat3: fix control-message timeouts (git-fixes).
  • media: s2255: fix control-message timeouts (git-fixes).
  • media: stk1160: fix control-message timeouts (git-fixes).
  • media: vim2m: Remove surplus name initialization (git-fixes).
  • mm, page_alloc: fix build_zonerefs_node() (git-fixes).
  • net: bcmgenet: Do not claim WOL when its not available (git-fixes).
  • net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  • net: mana: Add counter for XDP_TX (bsc#1195651).
  • net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
  • net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
  • net: mana: Reuse XDP dropped page (bsc#1195651).
  • net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
  • net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes).
  • net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes).
  • netfilter: conntrack: connection timeout after re-register (bsc#1199035).
  • netfilter: conntrack: move synack init code to helper (bsc#1199035).
  • netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
  • netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
  • netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
  • netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015).
  • NFS: Do not invalidate inode attributes on delegation return (git-fixes).
  • NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
  • PCI / ACPI: Mark expected switch fall-through (git-fixes).
  • PCI: Do not enable AtomicOps on VFs (bsc#1129770)
  • PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
  • powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
  • powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
  • powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
  • powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329).
  • powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
  • powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
  • qed: display VF trust config (git-fixes).
  • qed: return status of qed_iov_get_link (git-fixes).
  • qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
  • revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
  • sched/core: Add __sched tag for io_schedule() (git-fixes)
  • sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
  • sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
  • scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
  • scsi: fnic: Fix a tracing statement (git-fixes).
  • scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
  • scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
  • scsi: pm8001: Fix abort all task initialization (git-fixes).
  • scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
  • scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
  • scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
  • scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
  • scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
  • scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
  • scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
  • scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
  • scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
  • scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
  • scsi: sr: Do not leak information in ioctl (git-fixes).
  • scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes).
  • scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
  • smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
  • SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
  • SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
  • timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
  • tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
  • USB: cdc-wdm: fix reading stuck on device close (git-fixes).
  • USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
  • USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
  • USB: hub: Fix locking issues with address0_mutex (git-fixes).
  • USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
  • USB: quirks: add a Realtek card reader (git-fixes).
  • USB: quirks: add STRING quirk for VCOM device (git-fixes).
  • USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
  • USB: serial: option: add Fibocom L610 modem (git-fixes).
  • USB: serial: option: add Fibocom MA510 modem (git-fixes).
  • USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
  • USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
  • USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
  • USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
  • USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
  • veth: Ensure eth header is in skb's linear part (git-fixes).
  • video: backlight: Drop maximum brightness override for brightness (bsc#1129770)
  • video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
  • vxlan: fix memleak of fdb (git-fixes).
  • xhci: stop polling roothubs after shutdown (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Workstation Extension 12-SP5:
    zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2116=1
  • SUSE Linux Enterprise Software Development Kit 12-SP5:
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2116=1
  • SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2116=1
  • SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2116=1
  • SUSE Linux Enterprise High Availability 12-SP5:
    zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2116=1

Package List:

  • SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
    • kernel-default-debuginfo-4.12.14-122.124.3
    • kernel-default-debugsource-4.12.14-122.124.3
    • kernel-default-extra-4.12.14-122.124.3
    • kernel-default-extra-debuginfo-4.12.14-122.124.3
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • kernel-obs-build-4.12.14-122.124.3
    • kernel-obs-build-debugsource-4.12.14-122.124.3
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
    • kernel-docs-4.12.14-122.124.2
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • kernel-default-4.12.14-122.124.3
    • kernel-default-base-4.12.14-122.124.3
    • kernel-default-base-debuginfo-4.12.14-122.124.3
    • kernel-default-debuginfo-4.12.14-122.124.3
    • kernel-default-debugsource-4.12.14-122.124.3
    • kernel-default-devel-4.12.14-122.124.3
    • kernel-syms-4.12.14-122.124.2
  • SUSE Linux Enterprise Server 12-SP5 (x86_64):
    • kernel-default-devel-debuginfo-4.12.14-122.124.3
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • kernel-devel-4.12.14-122.124.2
    • kernel-macros-4.12.14-122.124.2
    • kernel-source-4.12.14-122.124.2
  • SUSE Linux Enterprise Server 12-SP5 (s390x):
    • kernel-default-man-4.12.14-122.124.3
  • SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
    • kernel-default-debuginfo-4.12.14-122.124.3
    • kernel-default-debugsource-4.12.14-122.124.3
    • kernel-default-kgraft-4.12.14-122.124.3
    • kernel-default-kgraft-devel-4.12.14-122.124.3
    • kgraft-patch-4_12_14-122_124-default-1-8.3.3
  • SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
    • cluster-md-kmp-default-4.12.14-122.124.3
    • cluster-md-kmp-default-debuginfo-4.12.14-122.124.3
    • dlm-kmp-default-4.12.14-122.124.3
    • dlm-kmp-default-debuginfo-4.12.14-122.124.3
    • gfs2-kmp-default-4.12.14-122.124.3
    • gfs2-kmp-default-debuginfo-4.12.14-122.124.3
    • kernel-default-debuginfo-4.12.14-122.124.3
    • kernel-default-debugsource-4.12.14-122.124.3
    • ocfs2-kmp-default-4.12.14-122.124.3
    • ocfs2-kmp-default-debuginfo-4.12.14-122.124.3

References: