Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2022:3263-1
Rating: important
References: #1133374 #1191881 #1196616 #1201420 #1201726 #1201948 #1202096 #1202346 #1202347 #1202393 #1202897 #1202898 #1203098 #1203107
Cross-References:CVE-2019-3900 CVE-2020-36516 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2991 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188
Affected Products:
  • SUSE Linux Enterprise Server 12-SP3-BCL

An update that solves 11 vulnerabilities and has three fixes is now available.


The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

  • CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
  • CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
  • CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
  • CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).
  • CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
  • CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
  • CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
  • CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
  • CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
  • CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
  • CVE-2019-3900: Fixed infinite loop the vhost_net kernel module that could result in a DoS scenario (bnc#1133374).

The following non-security bugs were fixed:
  • net_sched: cls_route: Disallowed handle of 0 (bsc#1202393).
  • mm, rmap: Fixed anon_vma->degree ambiguity leading to double-reuse (bsc#1203098).
  • lightnvm: Removed lightnvm implemenation (bsc#1191881).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP3-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3263=1

Package List:

  • SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
    • kernel-devel-4.4.180-94.174.1
    • kernel-macros-4.4.180-94.174.1
    • kernel-source-4.4.180-94.174.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • kernel-default-4.4.180-94.174.1
    • kernel-default-base-4.4.180-94.174.1
    • kernel-default-base-debuginfo-4.4.180-94.174.1
    • kernel-default-debuginfo-4.4.180-94.174.1
    • kernel-default-debugsource-4.4.180-94.174.1
    • kernel-default-devel-4.4.180-94.174.1
    • kernel-syms-4.4.180-94.174.1