Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:2809-1
Rating:	important
References:	bsc#1114648 bsc#1194013 bsc#1195478 bsc#1195775 bsc#1196472 bsc#1196901 bsc#1197362 bsc#1198829 bsc#1199487 bsc#1199489 bsc#1199647 bsc#1199648 bsc#1199657 bsc#1200263 bsc#1200442 bsc#1200571 bsc#1200599 bsc#1200604 bsc#1200605 bsc#1200608 bsc#1200619 bsc#1200692 bsc#1200762 bsc#1200905 bsc#1200910 bsc#1201050 bsc#1201080 bsc#1201251 bsc#1201429 bsc#1201458 bsc#1201635 bsc#1201636 bsc#1201644 bsc#1201664 bsc#1201672 bsc#1201673 bsc#1201676 bsc#1201742 bsc#1201752 bsc#1201930 bsc#1201940
Cross-References:	CVE-2020-36557 CVE-2020-36558 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2021-4157 CVE-2022-1116 CVE-2022-1462 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVE-2022-36946
CVSS scores:	CVE-2020-36557 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36557 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-26341 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-26341 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33655 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-33656 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2021-4157 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1679 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 ( SUSE ): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20132 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20141 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21505 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-26365 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-29900 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29900 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29901 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-33740 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-36946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 22 vulnerabilities and has 19 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free (bnc#1201429).
• CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
• CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
• CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
• CVE-2021-33655: Fixed memory out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635).
• CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636).
• CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
• CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem. This flaw allowed a local user to crash the system or read unauthorized random data from memory. (bnc#1198829)
• CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
• CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
• CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
• CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
• CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
• CVE-2022-21505: Fixed kexec lockdown bypass with ima policy (bsc#1201458).
• CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
• CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
• CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
• CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).

The following non-security bugs were fixed:

• bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
• blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
• blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
• blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
• dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).
• dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).
• dma-mapping: add a dma_ops_bypass flag to struct device (bsc#1196472 ltc#192278).
• dma-mapping: move the remaining DMA API calls out of line (bsc#1196472 ltc#192278).
• dma: kABI: Add back removed exports (bsc#1196472 ltc#192278).
• exec: Force single empty string when argv is empty (bsc#1200571).
• fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478 bsc#1200905).
• kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
• kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
• powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278).
• powerpc/pseries/iommu: Create defines for operations in ibm, ddw-applicable (bsc#1196472 ltc#192278).
• powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).
• powerpc/pseries/iommu: Update call to ibm, query-pe-dma-windows (bsc#1196472 ltc#192278).
• powerpc: dma: kABI workaround for moving around dma_bypass bit (bsc#1196472 ltc#192278).
• powerpc: use the generic dma_ops_bypass mode (bsc#1196472 ltc#192278).
• vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
• x86/bugs: Remove apostrophe typo (bsc#1114648).
• x86/entry: Remove skip_r11rcx (bsc#1201644).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2809=1
  Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2809=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2809=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2809=1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2809=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2809=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2809=1
• SUSE Manager Proxy 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2809=1
• SUSE Manager Retail Branch Server 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2809=1
• SUSE Manager Server 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2809=1
• SUSE Enterprise Storage 7
  zypper in -t patch SUSE-Storage-7-2022-2809=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.126.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-livepatch-5_3_18-150200_24_126-default-1-150200.5.5.1
  • kernel-default-debugsource-5.3.18-150200.24.126.1
  • kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-1-150200.5.5.1
  • kernel-default-livepatch-5.3.18-150200.24.126.1
  • kernel-livepatch-SLE15-SP2_Update_29-debugsource-1-150200.5.5.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.126.1
  • kernel-default-debuginfo-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.126.1
  • kernel-default-debugsource-5.3.18-150200.24.126.1
  • ocfs2-kmp-default-5.3.18-150200.24.126.1
  • cluster-md-kmp-default-5.3.18-150200.24.126.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.126.1
  • dlm-kmp-default-5.3.18-150200.24.126.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.126.1
  • gfs2-kmp-default-5.3.18-150200.24.126.1
  • kernel-default-debuginfo-5.3.18-150200.24.126.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.126.1
  • kernel-default-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (aarch64 x86_64)
  • kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2
  • kernel-default-debugsource-5.3.18-150200.24.126.1
  • kernel-syms-5.3.18-150200.24.126.1
  • kernel-preempt-debugsource-5.3.18-150200.24.126.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.126.1
  • kernel-default-debuginfo-5.3.18-150200.24.126.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.126.1
  • kernel-obs-build-5.3.18-150200.24.126.1
  • kernel-preempt-devel-5.3.18-150200.24.126.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.126.1
  • kernel-default-devel-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch)
  • kernel-source-5.3.18-150200.24.126.1
  • kernel-devel-5.3.18-150200.24.126.1
  • kernel-macros-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.126.1
  • kernel-default-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2
  • kernel-default-debugsource-5.3.18-150200.24.126.1
  • kernel-syms-5.3.18-150200.24.126.1
  • kernel-preempt-debugsource-5.3.18-150200.24.126.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.126.1
  • kernel-default-debuginfo-5.3.18-150200.24.126.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.126.1
  • kernel-obs-build-5.3.18-150200.24.126.1
  • kernel-preempt-devel-5.3.18-150200.24.126.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.126.1
  • kernel-default-devel-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-source-5.3.18-150200.24.126.1
  • kernel-devel-5.3.18-150200.24.126.1
  • kernel-macros-5.3.18-150200.24.126.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.126.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.126.1
  • kernel-default-5.3.18-150200.24.126.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (x86_64)
  • kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2
  • kernel-default-debugsource-5.3.18-150200.24.126.1
  • kernel-syms-5.3.18-150200.24.126.1
  • kernel-preempt-debugsource-5.3.18-150200.24.126.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.126.1
  • kernel-default-debuginfo-5.3.18-150200.24.126.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.126.1
  • kernel-preempt-devel-5.3.18-150200.24.126.1
  • kernel-obs-build-5.3.18-150200.24.126.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.126.1