Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2022:2177-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 20 vulnerabilities, contains three features and has 39 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472)
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-20141: Fixwed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- ARM: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: avoid fixmap race condition when create pud mapping (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
- ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
- dim: initialize all struct fields (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register (bsc#1178134).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
- firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
- firewire: remove check of list iterator against head past the loop body (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
- ftrace: Clean up hash direct_functions on registe