Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2022:4616-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 19 vulnerabilities and has 40 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
The following non-security bugs were fixed:
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (git-fixes).
- ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes).
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes).
- KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes).
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215).
- NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix typo (bsc#1204446).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: remove old LARA-R6 PID.
- Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
- add another bug reference to some hyperv changes (bsc#1205617).
- arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
- block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- block: use "unsigned long" for blk_validate_block_size() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986).
- ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987).
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- dm era: commit metadata in postsuspend after worker stops (git-fixes).
- dm integrity: set journal entry unused when shrinking device (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
- dm raid: fix accesses beyond end of raid member array (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes).
- dm writecache: return the exact table values that were set (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes).
- dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- kABI: remove new member of usbip_device (git-fixes).
- kabi: fix transport_add_device change (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995).
- livepatch: fix race between fork and KLP transition (bsc#1071995).
- loop: Check for overflow while configuring loop (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).
- media: vim2m: initialize the media device earlier (git-fixes).
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram(