Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:3450-1
Rating:	important
References:	bsc#1023051 bsc#1180153 bsc#1188944 bsc#1191881 bsc#1192968 bsc#1194272 bsc#1194535 bsc#1196616 bsc#1197158 bsc#1199482 bsc#1199665 bsc#1201726 bsc#1201948 bsc#1202096 bsc#1202097 bsc#1202154 bsc#1202346 bsc#1202347 bsc#1202393 bsc#1202396 bsc#1202564 bsc#1202672 bsc#1202860 bsc#1202895 bsc#1202898 bsc#1203098 bsc#1203107 bsc#1203159
Cross-References:	CVE-2016-3695 CVE-2020-27784 CVE-2020-36516 CVE-2021-4155 CVE-2021-4203 CVE-2022-1012 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-2905 CVE-2022-29581 CVE-2022-2977 CVE-2022-3028 CVE-2022-32250 CVE-2022-36879 CVE-2022-39188
CVSS scores:	CVE-2016-3695 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2016-3695 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27784 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2020-27784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36516 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-36516 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2021-4155 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1012 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1012 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-20166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-20166 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26373 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2639 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2639 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2663 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2663 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2905 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29581 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-2977 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-36879 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39188 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 20 vulnerabilities and has eight security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
• CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
• CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
• CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
• CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
• CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
• CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
• CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
• CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
• CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).
• CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
• CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
• CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
• CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
• CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
• CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
• CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
• CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015)
• CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665).
• CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).

The following non-security bugs were fixed:

• cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
• cifs: skip trailing separators of prefix paths (bsc#1188944).
• config: Update files NVRAM=y (bsc#1201361 bsc#1192968).
• kernel-obs-build: include qemu_fw_cfg (boo#1201705)
• lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
• md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
• mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
• mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
• net_sched: cls_route: disallow handle of 0 (bsc#1202393).
• objtool: Add support for intra-function calls (bsc#1202396).
• objtool: Make handle_insn_ops() unconditional (bsc#1202396).
• objtool: Remove INSN_STACK (bsc#1202396).
• objtool: Rework allocating stack_ops on decode (bsc#1202396).
• objtool: Support multiple stack_op per instruction (bsc#1202396).
• rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
• tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
• tcp: change source port randomizarion at connect() time (bsc#1180153).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3450=1
  Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3450=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3450=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3450=1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3450=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3450=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3450=1
• SUSE Manager Proxy 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3450=1
• SUSE Manager Retail Branch Server 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3450=1
• SUSE Manager Server 4.1
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3450=1
• SUSE Enterprise Storage 7
  zypper in -t patch SUSE-Storage-7-2022-3450=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-default-livepatch-devel-5.3.18-150200.24.129.1
  • kernel-livepatch-SLE15-SP2_Update_30-debugsource-1-150200.5.3.1
  • kernel-livepatch-5_3_18-150200_24_129-default-1-150200.5.3.1
  • kernel-default-livepatch-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-1-150200.5.3.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • ocfs2-kmp-default-5.3.18-150200.24.129.1
  • cluster-md-kmp-default-5.3.18-150200.24.129.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.129.1
  • gfs2-kmp-default-5.3.18-150200.24.129.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.129.1
  • dlm-kmp-default-5.3.18-150200.24.129.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debuginfo-5.3.18-150200.24.129.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-default-5.3.18-150200.24.129.1
  • kernel-preempt-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (aarch64 x86_64)
  • kernel-syms-5.3.18-150200.24.129.1
  • kernel-preempt-debugsource-5.3.18-150200.24.129.1
  • kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
  • kernel-obs-build-5.3.18-150200.24.129.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.129.1
  • kernel-macros-5.3.18-150200.24.129.1
  • kernel-source-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-default-5.3.18-150200.24.129.1
  • kernel-preempt-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-syms-5.3.18-150200.24.129.1
  • kernel-preempt-debugsource-5.3.18-150200.24.129.1
  • kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
  • kernel-obs-build-5.3.18-150200.24.129.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.129.1
  • kernel-macros-5.3.18-150200.24.129.1
  • kernel-source-5.3.18-150200.24.129.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (nosrc x86_64)
  • kernel-default-5.3.18-150200.24.129.1
  • kernel-preempt-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (x86_64)
  • kernel-syms-5.3.18-150200.24.129.1
  • kernel-preempt-debugsource-5.3.18-150200.24.129.1
  • kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
  • kernel-obs-build-5.3.18-150200.24.129.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.129.1
  • kernel-macros-5.3.18-150200.24.129.1
  • kernel-source-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
  • reiserfs-kmp-default-5.3.18-150200.24.129.1
  • kernel-syms-5.3.18-150200.24.129.1
  • kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-obs-build-5.3.18-150200.24.129.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-default-devel-5.3.18-150200.24.129.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.129.1
  • kernel-macros-5.3.18-150200.24.129.1
  • kernel-source-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
  • kernel-preempt-devel-5.3.18-150200.24.129.1
  • kernel-preempt-debugsource-5.3.18-150200.24.129.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
  • kernel-default-5.3.18-150200.24.129.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
  • reiserfs-kmp-default-5.3.18-150200.24.129.1
  • kernel-syms-5.3.18-150200.24.129.1
  • kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
  • kernel-obs-build-5.3.18-150200.24.129.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.129.1
  • kernel-default-debugsource-5.3.18-150200.24.