Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2022:2549-1
Rating: important
References: #1065729 #1179195 #1180814 #1184924 #1185762 #1192761 #1193629 #1194013 #1195504 #1195775 #1196901 #1197362 #1197754 #1198020 #1198924 #1199482 #1199487 #1199489 #1199657 #1200217 #1200263 #1200343 #1200442 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200622 #1200692 #1200806 #1200807 #1200809 #1200810 #1200813 #1200816 #1200820 #1200821 #1200822 #1200825 #1200828 #1200829 #1200925 #1201050 #1201080 #1201143 #1201147 #1201149 #1201160 #1201171 #1201177 #1201193 #1201222 #1201644 #1201664 #1201672 #1201673 #1201676
Cross-References:CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918
Affected Products:
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Availability 15-SP3
  • SUSE Linux Enterprise High Performance Computing
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Module for Basesystem 15-SP3
  • SUSE Linux Enterprise Module for Development Tools 15-SP3
  • SUSE Linux Enterprise Module for Legacy Software 15-SP3
  • SUSE Linux Enterprise Module for Live Patching 15-SP3
  • SUSE Linux Enterprise Server
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Linux Enterprise Storage 7.1
  • SUSE Linux Enterprise Workstation Extension 15-SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.2
  • openSUSE Leap 15.3
  • openSUSE Leap 15.4

An update that solves 11 vulnerabilities and has 49 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
  • CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
  • CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
  • CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
  • CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
  • CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
  • CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
  • CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
  • CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
  • CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).

The following non-security bugs were fixed:
  • ALSA: hda/conexant: Fix missing beep setup (git-fixes).
  • ALSA: hda/realtek - Add HW8326 support (git-fixes).
  • ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
  • ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
  • ALSA: hda/via: Fix missing beep setup (git-fixes).
  • arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
  • arm64: ftrace: fix branch range checks (git-fixes)
  • ASoC: cs35l36: Update digital volume TLV (git-fixes).
  • ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
  • ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
  • ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
  • ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
  • ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
  • ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
  • ASoC: wm8962: Fix suspend while playing music (git-fixes).
  • ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
  • ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
  • ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
  • bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
  • bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
  • bcache: fixup multiple threads crash (git-fixes).
  • bcache: improve multithreaded bch_btree_check() (git-fixes).
  • bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
  • bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
  • bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
  • bio: fix page leak bio_add_hw_page failure (git-fixes).
  • blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
  • blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
  • blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
  • blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
  • blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
  • blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
  • block: advance iov_iter on bio_add_hw_page failure (git-fixes).
  • block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
  • block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
  • block: Fix kABI in blk-merge.c (bsc#1198020).
  • block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
  • bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
  • caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
  • ceph: add some lockdep assertions around snaprealm handling (bsc#1201147).
  • ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149).
  • certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
  • cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
  • cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217).
  • cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217).
  • cifs: avoid parallel session setups on same channel (bsc#1200217).
  • cifs: avoid race during socket reconnect between send and recv (bsc#1200217).
  • cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
  • cifs: call helper functions for marking channels for reconnect (bsc#1200217).
  • cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217).
  • cifs: check for smb1 in open_cached_dir() (bsc#1200217).
  • cifs: check reconnects for channels of active tcons too (bsc#1200217).
  • cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
  • cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217).
  • cifs: clean up an inconsistent indenting (bsc#1200217).
  • cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217).
  • cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
  • cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217).
  • cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
  • cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
  • cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217).
  • cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217).
  • cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
  • cifs: fix handlecache and multiuser (bsc#1200217).
  • cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
  • cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
  • cifs: fix minor compile warning (bsc#1200217).
  • cifs: fix missed refcounting of ipc tcon (bsc#1200217).
  • cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
  • cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
  • cifs: fix potential deadlock in direct reclaim (bsc#1200217).
  • cifs: fix potential double free during failed mount (bsc#1200217).
  • cifs: fix potential race with cifsd thread (bsc#1200217).
  • cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
  • cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217).
  • cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
  • cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
  • cifs: fix the connection state transitions with multichannel (bsc#1200217).
  • cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217).
  • cifs: fix workstation_name for multiuser mounts (bsc#1200217).
  • cifs: force new session setup and tcon for dfs (bsc#1200217).
  • cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
  • cifs: ignore resource_id while getting fscache super cookie (bsc#1200217).
  • cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
  • cifs: make status checks in version independent callers (bsc#1200217).
  • cifs: mark sessions for reconnection in helper function (bsc#1200217).
  • cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
  • cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
  • cifs: move superblock magic defitions to magic.h (bsc#1200217).
  • cifs: potential buffer overflow in handling symlinks (bsc#1200217).
  • cifs: print TIDs as hex (bsc#1200217).
  • cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
  • cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217).
  • cifs: reconnect only the connection and not smb session where possible (bsc#1200217).
  • cifs: release cached dentries only if mount is complete (bsc#1200217).
  • cifs: remove check of list iterator against head past the loop body (bsc#1200217).
  • cifs: remove redundant assignment to pointer p (bsc#1200217).
  • cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
  • cifs: remove repeated state change in dfs tree connect (bsc#1200217).
  • cifs: remove unused variable ses_selected (bsc#1200217).
  • cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
  • cifs: return the more nuanced writeback error on close() (bsc#1200217).
  • cifs: sanitize multiple delimiters in prepath (bsc#1200217).
  • cifs: serialize all mount attempts (bsc#1200217).
  • cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217).
  • cifs: skip trailing separators of prefix paths (bsc#1200217).
  • cifs: smbd: fix typo in comment (bsc#1200217).
  • cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
  • cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
  • cifs: track individual channel status using chans_need_reconnect (bsc#1200217).
  • cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
  • cifs: update internal module number (bsc#1193629).
  • cifs: update internal module number (bsc#1200217).
  • cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
  • cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217).
  • cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
  • cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
  • cifs: use new enum for ses_status (bsc#1200217).
  • cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217).
  • cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217).
  • cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217).
  • cifs: wait for tcon resource_id before getting fscache super (bsc#1200217).
  • cifs: we do not need a spinlock around the tree access during umount (bsc#1200217).
  • cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217).
  • drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
  • drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
  • drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
  • drm/msm: Fix double pm_runtime_disable() call (git-fixes).
  • drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
  • drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
  • exec: Force single empty string when argv is empty (bsc#1200571).
  • ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
  • ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
  • ext4: fix bug_on in __es_tree_search (bsc#1200809).
  • ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
  • ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
  • ext4: make variable "count" signed (bsc#1200820).
  • Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
  • fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
  • gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
  • gtp: use icmp_ndo_send helper (git-fixes).
  • hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
  • i2c: designware: Use standard optional ref clock implementation (git-fixes).
  • ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
  • iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
  • iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
  • iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
  • iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
  • iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
  • iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
  • iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
  • init: Initialize noop_backing_dev_info early (bsc#1200822).
  • inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
  • iomap: iomap_write_failed fix (bsc#1200829).
  • ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
  • jfs: fix divide error in dbNextAG (bsc#1200828).
  • kABI fix of sysctl_run_estimation (git-fixes).
  • kabi: nvme workaround header include (bsc#1201193).
  • kabi/severities: ignore KABI for NVMe target (bsc#1192761)
  • linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
  • md: fix update super 1.0 on rdev size change (git-fixes).
  • move devm_allocate to end of structure for kABI (git-fixes).
  • mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
  • net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
  • net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
  • net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
  • net: lantiq: Add locking for TX DMA channel (git-fixes).
  • net: rose: fix UAF bugs caused by timer handler (git-fixes).
  • net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
  • net: usb: ax88179_178a: Fix packet receiving (git-fixes).
  • nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
  • nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
  • NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
  • NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
  • NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
  • NFS: Do not report flush errors in nfs_write_end() (git-fixes).
  • NFS: Further fixes to the writeback error handling (git-fixes).
  • NFS: Memory allocation failures are not server fatal errors (git-fixes).
  • NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
  • nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
  • nvdimm/region: Fix default alignment for small regions (git-fixes).
  • nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
  • nvme: Add connect option 'discovery' (bsc#1192761).
  • nvme: add new discovery log page entry definitions (bsc#1192761).
  • nvme: display correct subsystem NQN (bsc#1192761).
  • nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761).
  • nvme: kabi fix nvme subsystype change (bsc#1192761)
  • nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
  • nvmet: add nvmet_req_subsys() helper (bsc#1192761).
  • nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
  • nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761).
  • nvmet: fix freeing unallocated p2pmem (git-fixes).
  • nvmet: make discovery NQN configurable (bsc#1192761).
  • nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
  • nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes).
  • nvmet: register discovery subsystem as 'current' (bsc#1192761).
  • nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
  • nvmet: switch check for subsystem type (bsc#1192761).
  • phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
  • pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
  • powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
  • powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
  • powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
  • random: Add and use pr_fmt() (bsc#1184924).
  • random: remove unnecessary unlikely() (bsc#1184924).
  • regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
  • Revert "block: Fix a lockdep complaint triggered by request queue flushing" (git-fixes).
  • scsi: core: Show SCMD_LAST in text form (git-fixes).
  • scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
  • scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
  • scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
  • scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
  • scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
  • scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
  • scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
  • scsi: lpfc: Commonize VMID code location (bsc#1201193).
  • scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
  • scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
  • scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
  • scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
  • scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
  • scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
  • scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
  • scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
  • scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
  • scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
  • scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
  • scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
  • scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
  • scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
  • scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
  • scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
  • scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
  • scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
  • scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
  • scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
  • scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
  • scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
  • scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
  • scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
  • scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
  • scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
  • scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
  • scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
  • scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
  • scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
  • scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
  • scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
  • scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
  • scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
  • scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
  • scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
  • scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
  • scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
  • scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
  • scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
  • scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
  • scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
  • scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
  • scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
  • scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
  • scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
  • scsi: sd: Signal drive managed SMR disks (git-fixes).
  • scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
  • scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
  • scsi: sd_zbc: Improve zone revalidation (git-fixes).
  • scsi: sd_zbc: Remove unused inline functions (git-fixes).
  • scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
  • scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622).
  • smb3: add mount parm nosparse (bsc#1200217).
  • smb3: add trace point for lease not found issue (bsc#1200217).
  • smb3: add trace point for oplock not found (bsc#1200217).
  • smb3: check for null tcon (bsc#1200217).
  • smb3: cleanup and clarify status of tree connections (bsc#1200217).
  • smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217).
  • SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217).
  • smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217).
  • smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217).
  • smb3: fix snapshot mount option (bsc#1200217).
  • smb3 improve error message when mount options conflict with posix (bsc#1200217).
  • smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217).
  • smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217).
  • smb3: move more common protocol header definitions to smbfs_common (bsc#1200217).
  • smb3: send NTLMSSP version information (bsc#1200217).
  • soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
  • spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
  • SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
  • sunvnet: use icmp_ndo_send helper (git-fixes).
  • tty: goldfish: Fix free_irq() on remove (git-fixes).
  • usb: chipidea: udc: check request status before setting device address (git-fixes).
  • usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
  • usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
  • usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
  • usbnet: fix memory allocation in helpers (git-fixes).
  • USB: serial: io_ti: add Agilent E5805A support (git-fixes).
  • USB: serial: option: add Quectel EM05-G modem (git-fixes).
  • USB: serial: option: add Quectel RM500K module support (git-fixes).
  • USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
  • USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
  • usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
  • veth: fix races around rq->rx_notify_masked (git-fixes).
  • virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
  • virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
  • virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
  • virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
  • vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
  • writeback: Avoid skipping inode writeback (bsc#1200813).
  • writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
  • xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
  • x86/entry: Remove skip_r11rcx (bsc#1201644).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:
    zypper in -t patch openSUSE-SLE-15.4-2022-2549=1
  • openSUSE Leap 15.3:
    zypper in -t patch openSUSE-SLE-15.3-2022-2549=1
  • SUSE Linux Enterprise Workstation Extension 15-SP3:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2549=1
  • SUSE Linux Enterprise Module for Live Patching 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2549=1
    Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by seperate standalone kernel livepatch updates.
  • SUSE Linux Enterprise Module for Legacy Software 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2549=1
  • SUSE Linux Enterprise Module for Development Tools 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2549=1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2549=1
  • SUSE Linux Enterprise Micro 5.2:
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2549=1
  • SUSE Linux Enterprise Micro 5.1:
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2549=1
  • SUSE Linux Enterprise High Availability 15-SP3:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2549=1

Package List:

  • openSUSE Leap 15.4 (aarch64):
    • dtb-al-5.3.18-150300.59.87.1
    • dtb-zte-5.3.18-150300.59.87.1
  • openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
    • cluster-md-kmp-default-5.3.18-150300.59.87.1
    • cluster-md-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • dlm-kmp-default-5.3.18-150300.59.87.1
    • dlm-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • gfs2-kmp-default-5.3.18-150300.59.87.1
    • gfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-5.3.18-150300.59.87.1
    • kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
    • kernel-default-base-rebuild-5.3.18-150300.59.87.1.150300.18.50.2
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
    • kernel-default-devel-5.3.18-150300.59.87.1
    • kernel-default-devel-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-extra-5.3.18-150300.59.87.1
    • kernel-default-extra-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-livepatch-5.3.18-150300.59.87.1
    • kernel-default-livepatch-devel-5.3.18-150300.59.87.1
    • kernel-default-optional-5.3.18-150300.59.87.1
    • kernel-default-optional-debuginfo-5.3.18-150300.59.87.1
    • kernel-obs-build-5.3.18-150300.59.87.1
    • kernel-obs-build-debugsource-5.3.18-150300.59.87.1
    • kernel-obs-qa-5.3.18-150300.59.87.1
    • kernel-syms-5.3.18-150300.59.87.1
    • kselftests-kmp-default-5.3.18-150300.59.87.1
    • kselftests-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • ocfs2-kmp-default-5.3.18-150300.59.87.1
    • ocfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • reiserfs-kmp-default-5.3.18-150300.59.87.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150300.59.87.1
  • openSUSE Leap 15.3 (aarch64 x86_64):
    • cluster-md-kmp-preempt-5.3.18-150300.59.87.1
    • cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.87.1
    • dlm-kmp-preempt-5.3.18-150300.59.87.1
    • dlm-kmp-preempt-debuginfo-5.3.18-150300.59.87.1
    • gfs2-kmp-preempt-5.3.18-150300.59.87.1
    • gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-5.3.18-150300.59.87.1
    • kernel-preempt-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-debugsource-5.3.18-150300.59.87.1
    • kernel-preempt-devel-5.3.18-150300.59.87.1
    • kernel-preempt-devel-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-extra-5.3.18-150300.59.87.1
    • kernel-preempt-extra-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-livepatch-devel-5.3.18-150300.59.87.1
    • kernel-preempt-optional-5.3.18-150300.59.87.1
    • kernel-preempt-optional-debuginfo-5.3.18-150300.59.87.1
    • kselftests-kmp-preempt-5.3.18-150300.59.87.1
    • kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.87.1
    • ocfs2-kmp-preempt-5.3.18-150300.59.87.1
    • ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.87.1
    • reiserfs-kmp-preempt-5.3.18-150300.59.87.1
    • reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.87.1
  • openSUSE Leap 15.3 (ppc64le x86_64):
    • kernel-debug-5.3.18-150300.59.87.1
    • kernel-debug-debuginfo-5.3.18-150300.59.87.1
    • kernel-debug-debugsource-5.3.18-150300.59.87.1
    • kernel-debug-devel-5.3.18-150300.59.87.1
    • kernel-debug-devel-debuginfo-5.3.18-150300.59.87.1
    • kernel-debug-livepatch-devel-5.3.18-150300.59.87.1
    • kernel-kvmsmall-5.3.18-150300.59.87.1
    • kernel-kvmsmall-debuginfo-5.3.18-150300.59.87.1
    • kernel-kvmsmall-debugsource-5.3.18-150300.59.87.1
    • kernel-kvmsmall-devel-5.3.18-150300.59.87.1
    • kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.87.1
    • kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.87.1
  • openSUSE Leap 15.3 (aarch64):
    • cluster-md-kmp-64kb-5.3.18-150300.59.87.1
    • cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.87.1
    • dlm-kmp-64kb-5.3.18-150300.59.87.1
    • dlm-kmp-64kb-debuginfo-5.3.18-150300.59.87.1
    • dtb-al-5.3.18-150300.59.87.1
    • dtb-allwinner-5.3.18-150300.59.87.1
    • dtb-altera-5.3.18-150300.59.87.1
    • dtb-amd-5.3.18-150300.59.87.1
    • dtb-amlogic-5.3.18-150300.59.87.1
    • dtb-apm-5.3.18-150300.59.87.1
    • dtb-arm-5.3.18-150300.59.87.1
    • dtb-broadcom-5.3.18-150300.59.87.1
    • dtb-cavium-5.3.18-150300.59.87.1
    • dtb-exynos-5.3.18-150300.59.87.1
    • dtb-freescale-5.3.18-150300.59.87.1
    • dtb-hisilicon-5.3.18-150300.59.87.1
    • dtb-lg-5.3.18-150300.59.87.1
    • dtb-marvell-5.3.18-150300.59.87.1
    • dtb-mediatek-5.3.18-150300.59.87.1
    • dtb-nvidia-5.3.18-150300.59.87.1
    • dtb-qcom-5.3.18-150300.59.87.1
    • dtb-renesas-5.3.18-150300.59.87.1
    • dtb-rockchip-5.3.18-150300.59.87.1
    • dtb-socionext-5.3.18-150300.59.87.1
    • dtb-sprd-5.3.18-150300.59.87.1
    • dtb-xilinx-5.3.18-150300.59.87.1
    • dtb-zte-5.3.18-150300.59.87.1
    • gfs2-kmp-64kb-5.3.18-150300.59.87.1
    • gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.87.1
    • kernel-64kb-5.3.18-150300.59.87.1
    • kernel-64kb-debuginfo-5.3.18-150300.59.87.1
    • kernel-64kb-debugsource-5.3.18-150300.59.87.1
    • kernel-64kb-devel-5.3.18-150300.59.87.1
    • kernel-64kb-devel-debuginfo-5.3.18-150300.59.87.1
    • kernel-64kb-extra-5.3.18-150300.59.87.1
    • kernel-64kb-extra-debuginfo-5.3.18-150300.59.87.1
    • kernel-64kb-livepatch-devel-5.3.18-150300.59.87.1
    • kernel-64kb-optional-5.3.18-150300.59.87.1
    • kernel-64kb-optional-debuginfo-5.3.18-150300.59.87.1
    • kselftests-kmp-64kb-5.3.18-150300.59.87.1
    • kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.87.1
    • ocfs2-kmp-64kb-5.3.18-150300.59.87.1
    • ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.87.1
    • reiserfs-kmp-64kb-5.3.18-150300.59.87.1
    • reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.87.1
  • openSUSE Leap 15.3 (noarch):
    • kernel-devel-5.3.18-150300.59.87.1
    • kernel-docs-5.3.18-150300.59.87.1
    • kernel-docs-html-5.3.18-150300.59.87.1
    • kernel-macros-5.3.18-150300.59.87.1
    • kernel-source-5.3.18-150300.59.87.1
    • kernel-source-vanilla-5.3.18-150300.59.87.1
  • openSUSE Leap 15.3 (s390x):
    • kernel-zfcpdump-5.3.18-150300.59.87.1
    • kernel-zfcpdump-debuginfo-5.3.18-150300.59.87.1
    • kernel-zfcpdump-debugsource-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
    • kernel-default-extra-5.3.18-150300.59.87.1
    • kernel-default-extra-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-debugsource-5.3.18-150300.59.87.1
    • kernel-preempt-extra-5.3.18-150300.59.87.1
    • kernel-preempt-extra-debuginfo-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
    • kernel-default-livepatch-5.3.18-150300.59.87.1
    • kernel-default-livepatch-devel-5.3.18-150300.59.87.1
    • kernel-livepatch-5_3_18-150300_59_87-default-1-150300.7.5.1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
    • reiserfs-kmp-default-5.3.18-150300.59.87.1
    • reiserfs-kmp-default-debuginfo-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
    • kernel-obs-build-5.3.18-150300.59.87.1
    • kernel-obs-build-debugsource-5.3.18-150300.59.87.1
    • kernel-syms-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
    • kernel-preempt-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-debugsource-5.3.18-150300.59.87.1
    • kernel-preempt-devel-5.3.18-150300.59.87.1
    • kernel-preempt-devel-debuginfo-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
    • kernel-docs-5.3.18-150300.59.87.1
    • kernel-source-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
    • kernel-default-5.3.18-150300.59.87.1
    • kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
    • kernel-default-devel-5.3.18-150300.59.87.1
    • kernel-default-devel-debuginfo-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
    • kernel-preempt-5.3.18-150300.59.87.1
    • kernel-preempt-debuginfo-5.3.18-150300.59.87.1
    • kernel-preempt-debugsource-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
    • kernel-64kb-5.3.18-150300.59.87.1
    • kernel-64kb-debuginfo-5.3.18-150300.59.87.1
    • kernel-64kb-debugsource-5.3.18-150300.59.87.1
    • kernel-64kb-devel-5.3.18-150300.59.87.1
    • kernel-64kb-devel-debuginfo-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
    • kernel-devel-5.3.18-150300.59.87.1
    • kernel-macros-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
    • kernel-zfcpdump-5.3.18-150300.59.87.1
    • kernel-zfcpdump-debuginfo-5.3.18-150300.59.87.1
    • kernel-zfcpdump-debugsource-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
    • kernel-default-5.3.18-150300.59.87.1
    • kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
    • kernel-default-5.3.18-150300.59.87.1
    • kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
  • SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
    • cluster-md-kmp-default-5.3.18-150300.59.87.1
    • cluster-md-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • dlm-kmp-default-5.3.18-150300.59.87.1
    • dlm-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • gfs2-kmp-default-5.3.18-150300.59.87.1
    • gfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debuginfo-5.3.18-150300.59.87.1
    • kernel-default-debugsource-5.3.18-150300.59.87.1
    • ocfs2-kmp-default-5.3.18-150300.59.87.1
    • ocfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1

References: