Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2022:1256-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 19 vulnerabilities, contains two features and has six security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
- CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639).
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331).
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
The following non-security bugs were fixed:
- ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- gve/net: Fixed multiple bugfixes (jsc#SLE-23652).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- net: tipc: validate domain record count on input (bsc#1195254).
- powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1
-
SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1
-
SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1
-
SUSE Enterprise Storage 6
zypper in -t patch SUSE-Storage-6-2022-1256=1
-
SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
-
SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
- kernel-default-livepatch-4.12.14-150100.197.111.1
- kernel-livepatch-4_12_14-150100_197_111-default-1-150100.3.3.1
- kernel-default-livepatch-devel-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64)
- dlm-kmp-default-4.12.14-150100.197.111.1
- ocfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1
- gfs2-kmp-default-4.12.14-150100.197.111.1
- ocfs2-kmp-default-4.12.14-150100.197.111.1
- gfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1
- cluster-md-kmp-default-debuginfo-4.12.14-150100.197.111.1
- dlm-kmp-default-debuginfo-4.12.14-150100.197.111.1
- cluster-md-kmp-default-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 x86_64)
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch)
- kernel-devel-4.12.14-150100.197.111.1
- kernel-macros-4.12.14-150100.197.111.1
- kernel-source-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
- kernel-devel-4.12.14-150100.197.111.1
- kernel-macros-4.12.14-150100.197.111.1
- kernel-source-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (nosrc x86_64)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- reiserfs-kmp-default-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch)
- kernel-devel-4.12.14-150100.197.111.1
- kernel-macros-4.12.14-150100.197.111.1
- kernel-source-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- reiserfs-kmp-default-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
- kernel-devel-4.12.14-150100.197.111.1
- kernel-macros-4.12.14-150100.197.111.1
- kernel-source-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
- kernel-zfcpdump-debuginfo-4.12.14-150100.197.111.1
- kernel-default-man-4.12.14-150100.197.111.1
- kernel-zfcpdump-debugsource-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
- kernel-zfcpdump-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- reiserfs-kmp-default-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
- kernel-devel-4.12.14-150100.197.111.1
- kernel-macros-4.12.14-150100.197.111.1
- kernel-source-4.12.14-150100.197.111.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.111.1
-
SUSE Enterprise Storage 6 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE Enterprise Storage 6 (aarch64 x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- reiserfs-kmp-default-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.111.1
- kernel-default-debuginfo-4.12.14-150100.197.111.1
- kernel-default-devel-4.12.14-150100.197.111.1
-
SUSE Enterprise Storage 6 (noarch)
- kernel-devel-4.12.14-150100.197.111.1
- kernel-macros-4.12.14-150100.197.111.1
- kernel-source-4.12.14-150100.197.111.1
-
SUSE Enterprise Storage 6 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.111.1
-
SUSE CaaS Platform 4.0 (nosrc x86_64)
- kernel-default-4.12.14-150100.197.111.1
-
SUSE CaaS Platform 4.0 (x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- kernel-syms-4.12.14-150100.197.111.1
- kernel-default-base-debuginfo-4.12.14-150100.197.111.1
- reiserfs-kmp-default-4.12.14-150100.197.111.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
- kernel-default-base-4.12.14-150100.197.111.1
- kernel-obs-build-4.12.14-150100.197.111.1
- kernel-default-debugsource-4.12.14-150100.197.111.1
- kernel-obs-build-debugsource-4.12.14-150100.197.