Security update for the Linux Kernel

Announcement ID: SUSE-SU-2022:4585-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-2602 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-2602 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-3176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-3176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-3567 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-3567 ( NVD ): 4.6 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2022-3635 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-3635 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2022-3643 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2022-3643 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2022-3707 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-3707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-3903 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-3903 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-4095 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-4095 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-4139 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-4139 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-41850 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
  • CVE-2022-41850 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-41858 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-41858 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-42328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-42328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-42329 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-42329 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-42895 ( SUSE ): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-42895 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-42896 ( SUSE ): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2022-42896 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • CVE-2022-4378 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-4378 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45869 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45869 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45888 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
  • CVE-2022-45888 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-45934 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2022-45934 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Basesystem Module 15-SP4
  • Development Tools Module 15-SP4
  • Legacy Module 15-SP4
  • openSUSE Leap 15.4
  • openSUSE Leap Micro 5.3
  • SUSE Linux Enterprise Desktop 15 SP4
  • SUSE Linux Enterprise High Availability Extension 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Workstation Extension 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves 22 vulnerabilities, contains seven features and has 52 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
  • CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
  • CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
  • CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
  • CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
  • CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
  • CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
  • CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
  • CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
  • CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
  • CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
  • CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
  • CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
  • CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
  • CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
  • CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
  • CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
  • CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
  • CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405).
  • CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
  • CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
  • CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).

The following non-security bugs were fixed:

  • ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
  • ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes).
  • ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
  • ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
  • ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes).
  • ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
  • ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
  • ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes).
  • ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
  • ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100).
  • ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100).
  • ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
  • ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
  • ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
  • ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
  • ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111).
  • ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111).
  • ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes).
  • ARM: at91: rm9200: fix usb device clock id (git-fixes).
  • ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes).
  • ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
  • ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes).
  • ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes).
  • ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
  • ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
  • ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
  • ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
  • ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes).
  • ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
  • ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
  • ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
  • ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
  • ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
  • ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
  • ASoC: fsl_sai: use local device pointer (git-fixes).
  • ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
  • ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes).
  • ASoC: ops: Fix bounds check for _sx controls (git-fixes).
  • ASoC: rt1019: Fix the TDM settings (git-fixes).
  • ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
  • ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
  • ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
  • ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
  • ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
  • ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
  • ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
  • Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes).
  • Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
  • Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes).
  • Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
  • Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
  • Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
  • Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
  • Drivers: hv: Fix syntax errors in comments (git-fixes).
  • Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
  • Drivers: hv: fix repeated words in comments (git-fixes).
  • Drivers: hv: remove duplicate word in a comment (git-fixes).
  • Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
  • Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
  • Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes).
  • Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
  • Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
  • Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
  • Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
  • Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
  • Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
  • Drivers: hv: vmbus: fix typo in comment (git-fixes).
  • Fix formatting of client smbdirect RDMA logging (bsc#1193629).
  • HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
  • HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
  • HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
  • HID: playstation: add initial DualSense Edge controller support (git-fixes).
  • HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
  • Handle variable number of SGEs in client smbdirect send (bsc#1193629).
  • IB/hfi1: Correctly move list in sc_disable() (git-fixes)
  • IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
  • Input: goodix - try resetting the controller when no config is set (git-fixes).
  • Input: i8042 - fix leaking of platform device on module removal (git-fixes).
  • Input: iforce - invert valid length check when fetching device IDs (git-fixes).
  • Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes).
  • Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes).
  • Input: soc_button_array - add use_low_level_irq module parameter (git-fixes).
  • Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes).
  • KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
  • KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
  • KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
  • KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes).
  • KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
  • KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
  • KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes).
  • KVM: SVM: retrieve VMCB from assembly (git-fixes).
  • KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes).
  • KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes).
  • KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes).
  • KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007).
  • KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavaila