Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2022:2423-1
Rating: important
References: #1194013 #1195775 #1196901 #1197362 #1199487 #1199489 #1199657 #1200263 #1200442 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1201050 #1201080
Cross-References:CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981
Affected Products:
  • SUSE Enterprise Storage 7
  • SUSE Linux Enterprise High Availability 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
  • SUSE Linux Enterprise Module for Live Patching 15-SP2
  • SUSE Linux Enterprise Server 15-SP2
  • SUSE Linux Enterprise Server 15-SP2-BCL
  • SUSE Linux Enterprise Server 15-SP2-LTSS
  • SUSE Linux Enterprise Server for SAP 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15-SP2
  • SUSE Linux Enterprise Storage 7
  • SUSE Manager Proxy 4.1
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1

An update that solves 9 vulnerabilities and has 9 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
  • CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
  • CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
  • CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
  • CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
  • CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
  • CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
  • CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).

The following non-security bugs were fixed:
  • bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
  • blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
  • blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
  • blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
  • exec: Force single empty string when argv is empty (bsc#1200571).
  • vmxnet3: fix minimum vectors alloc issue (bsc#1199489).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Server 4.1:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2423=1
  • SUSE Manager Retail Branch Server 4.1:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2423=1
  • SUSE Manager Proxy 4.1:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2423=1
  • SUSE Linux Enterprise Server for SAP 15-SP2:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2423=1
  • SUSE Linux Enterprise Server 15-SP2-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2423=1
  • SUSE Linux Enterprise Server 15-SP2-BCL:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2423=1
  • SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2423=1
    Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by seperate standalone kernel livepatch updates.
  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2423=1
  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2423=1
  • SUSE Linux Enterprise High Availability 15-SP2:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2423=1
  • SUSE Enterprise Storage 7:
    zypper in -t patch SUSE-Storage-7-2022-2423=1

Package List:

  • SUSE Manager Server 4.1 (ppc64le s390x x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Manager Server 4.1 (x86_64):
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
  • SUSE Manager Server 4.1 (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Manager Retail Branch Server 4.1 (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Manager Retail Branch Server 4.1 (x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Manager Proxy 4.1 (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Manager Proxy 4.1 (x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-livepatch-5.3.18-150200.24.120.1
    • kernel-default-livepatch-devel-5.3.18-150200.24.120.1
    • kernel-livepatch-5_3_18-150200_24_120-default-1-150200.5.5.1
    • kernel-livepatch-5_3_18-150200_24_120-default-debuginfo-1-150200.5.5.1
    • kernel-livepatch-SLE15-SP2_Update_28-debugsource-1-150200.5.5.1
  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1
  • SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
    • cluster-md-kmp-default-5.3.18-150200.24.120.1
    • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.120.1
    • dlm-kmp-default-5.3.18-150200.24.120.1
    • dlm-kmp-default-debuginfo-5.3.18-150200.24.120.1
    • gfs2-kmp-default-5.3.18-150200.24.120.1
    • gfs2-kmp-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • ocfs2-kmp-default-5.3.18-150200.24.120.1
    • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Enterprise Storage 7 (aarch64 x86_64):
    • kernel-default-5.3.18-150200.24.120.1
    • kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
    • kernel-default-debuginfo-5.3.18-150200.24.120.1
    • kernel-default-debugsource-5.3.18-150200.24.120.1
    • kernel-default-devel-5.3.18-150200.24.120.1
    • kernel-default-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-obs-build-5.3.18-150200.24.120.1
    • kernel-obs-build-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-5.3.18-150200.24.120.1
    • kernel-preempt-debuginfo-5.3.18-150200.24.120.1
    • kernel-preempt-debugsource-5.3.18-150200.24.120.1
    • kernel-preempt-devel-5.3.18-150200.24.120.1
    • kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1
    • kernel-syms-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-5.3.18-150200.24.120.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1
  • SUSE Enterprise Storage 7 (noarch):
    • kernel-devel-5.3.18-150200.24.120.1
    • kernel-docs-5.3.18-150200.24.120.1
    • kernel-macros-5.3.18-150200.24.120.1
    • kernel-source-5.3.18-150200.24.120.1

References: