Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:3291-1
Rating:	important
References:	bsc#1169514 bsc#1177440 bsc#1188944 bsc#1191881 bsc#1194535 bsc#1196616 bsc#1201019 bsc#1201420 bsc#1201705 bsc#1201726 bsc#1201948 bsc#1202096 bsc#1202097 bsc#1202154 bsc#1202346 bsc#1202347 bsc#1202393 bsc#1202396 bsc#1202672 bsc#1202897 bsc#1202898 bsc#1203098 bsc#1203107
Cross-References:	CVE-2020-36516 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-39188
CVSS scores:	CVE-2020-36516 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-36516 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21385 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21385 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2588 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26373 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2639 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2639 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2663 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2663 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2977 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-2977 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-36879 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39188 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves 13 vulnerabilities and has 10 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
• CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
• CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
• CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
• CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
• CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
• CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
• CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
• CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
• CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
• CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
• CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
• CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).

The following non-security bugs were fixed:

• cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
• cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
• cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
• cifs: skip trailing separators of prefix paths (bsc#1188944).
• kernel-obs-build: include qemu_fw_cfg (boo#1201705)
• lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
• mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
• mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
• net_sched: cls_route: disallow handle of 0 (bsc#1202393).
• objtool: Add --backtrace support (bsc#1202396).
• objtool: Add relocation check for alternative sections (bsc#1202396).
• objtool: Add support for intra-function calls (bsc#1202396).
• objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
• objtool: Clean instruction state before each function validation (bsc#1169514).
• objtool: Convert insn type to enum (bsc#1202396).
• objtool: Do not use ignore flag for fake jumps (bsc#1202396).
• objtool: Fix !CFI insn_state propagation (bsc#1202396).
• objtool: Fix ORC vs alternatives (bsc#1202396).
• objtool: Fix sibling call detection (bsc#1202396).
• objtool: Fix switch table detection in .text.unlikely (bsc#1202396).
• objtool: Ignore empty alternatives (bsc#1169514).
• objtool: Make BP scratch register warning more robust (bsc#1202396).
• objtool: Make handle_insn_ops() unconditional (bsc#1202396).
• objtool: Remove INSN_STACK (bsc#1202396).
• objtool: Remove check preventing branches within alternative (bsc#1202396).
• objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
• objtool: Rename struct cfi_state (bsc#1202396).
• objtool: Rework allocating stack_ops on decode (bsc#1202396).
• objtool: Rewrite alt->skip_orig (bsc#1202396).
• objtool: Set insn->func for alternatives (bsc#1202396).
• objtool: Support conditional retpolines (bsc#1202396).
• objtool: Support multiple stack_op per instruction (bsc#1202396).
• objtool: Track original function across branches (bsc#1202396).
• objtool: Uniquely identify alternative instruction groups (bsc#1202396).
• objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
• rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3291=1
• SUSE Linux Enterprise High Availability Extension 15
  zypper in -t patch SUSE-SLE-Product-HA-15-2022-3291=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3291=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3291=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3291=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3291=1

Package List:

• SUSE Linux Enterprise Live Patching 15 (nosrc)
  • kernel-default-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
  • kernel-default-livepatch-4.12.14-150000.150.101.1
  • kernel-default-debugsource-4.12.14-150000.150.101.1
  • kernel-livepatch-4_12_14-150000_150_101-default-debuginfo-1-150000.1.3.1
  • kernel-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-livepatch-4_12_14-150000_150_101-default-1-150000.1.3.1
• SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
  • dlm-kmp-default-debuginfo-4.12.14-150000.150.101.1
  • cluster-md-kmp-default-debuginfo-4.12.14-150000.150.101.1
  • gfs2-kmp-default-debuginfo-4.12.14-150000.150.101.1
  • dlm-kmp-default-4.12.14-150000.150.101.1
  • gfs2-kmp-default-4.12.14-150000.150.101.1
  • ocfs2-kmp-default-4.12.14-150000.150.101.1
  • kernel-default-debugsource-4.12.14-150000.150.101.1
  • ocfs2-kmp-default-debuginfo-4.12.14-150000.150.101.1
  • cluster-md-kmp-default-4.12.14-150000.150.101.1
  • kernel-default-debuginfo-4.12.14-150000.150.101.1
• SUSE Linux Enterprise High Availability Extension 15 (nosrc)
  • kernel-default-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • kernel-obs-build-debugsource-4.12.14-150000.150.101.1
  • kernel-obs-build-4.12.14-150000.150.101.1
  • kernel-vanilla-base-4.12.14-150000.150.101.1
  • kernel-syms-4.12.14-150000.150.101.1
  • kernel-default-base-4.12.14-150000.150.101.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-debugsource-4.12.14-150000.150.101.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-4.12.14-150000.150.101.1
  • kernel-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • kernel-source-4.12.14-150000.150.101.1
  • kernel-macros-4.12.14-150000.150.101.1
  • kernel-devel-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server ESPOS 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.101.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150000.150.101.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • kernel-obs-build-debugsource-4.12.14-150000.150.101.1
  • kernel-obs-build-4.12.14-150000.150.101.1
  • kernel-vanilla-base-4.12.14-150000.150.101.1
  • kernel-syms-4.12.14-150000.150.101.1
  • kernel-default-base-4.12.14-150000.150.101.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-debugsource-4.12.14-150000.150.101.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-4.12.14-150000.150.101.1
  • kernel-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.101.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • kernel-source-4.12.14-150000.150.101.1
  • kernel-macros-4.12.14-150000.150.101.1
  • kernel-devel-4.12.14-150000.150.101.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.101.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • kernel-obs-build-debugsource-4.12.14-150000.150.101.1
  • kernel-obs-build-4.12.14-150000.150.101.1
  • kernel-vanilla-base-4.12.14-150000.150.101.1
  • kernel-syms-4.12.14-150000.150.101.1
  • reiserfs-kmp-default-4.12.14-150000.150.101.1
  • kernel-default-base-4.12.14-150000.150.101.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-debugsource-4.12.14-150000.150.101.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-4.12.14-150000.150.101.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • kernel-source-4.12.14-150000.150.101.1
  • kernel-macros-4.12.14-150000.150.101.1
  • kernel-devel-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.101.1
  • kernel-zfcpdump-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
  • kernel-zfcpdump-debugsource-4.12.14-150000.150.101.1
  • kernel-zfcpdump-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-man-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • kernel-obs-build-debugsource-4.12.14-150000.150.101.1
  • kernel-obs-build-4.12.14-150000.150.101.1
  • kernel-vanilla-base-4.12.14-150000.150.101.1
  • kernel-syms-4.12.14-150000.150.101.1
  • reiserfs-kmp-default-4.12.14-150000.150.101.1
  • kernel-default-base-4.12.14-150000.150.101.1
  • kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-debugsource-4.12.14-150000.150.101.1
  • kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-devel-4.12.14-150000.150.101.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-default-debuginfo-4.12.14-150000.150.101.1
  • kernel-vanilla-debugsource-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • kernel-source-4.12.14-150000.150.101.1
  • kernel-macros-4.12.14-150000.150.101.1
  • kernel-devel-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
  • kernel-docs-4.12.14-150000.150.101.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
  • kernel-vanilla-4.12.14-150000.150.101.1

References:

• https://www.suse.com/security/cve/CVE-2020-36516.html
• https://www.suse.com/security/cve/CVE-2021-4203.html
• https://www.suse.com/security/cve/CVE-2022-20368.html
• https://www.suse.com/security/cve/CVE-2022-20369.html
• https://www.suse.com/security/cve/CVE-2022-21385.html
• https://www.suse.com/security/cve/CVE-2022-2588.html
• https://www.suse.com/security/cve/CVE-2022-26373.html
• https://www.suse.com/security/cve/CVE-2022-2639.html
• https://www.suse.com/security/cve/CVE-2022-2663.html
• https://www.suse.com/security/cve/CVE-2022-2977.html
• https://www.suse.com/security/cve/CVE-2022-3028.html
• https://www.suse.com/security/cve/CVE-2022-36879.html
• https://www.suse.com/security/cve/CVE-2022-39188.html
• https://bugzilla.suse.com/show_bug.cgi?id=1169514
• https://bugzilla.suse.com/show_bug.cgi?id=1177440
• https://bugzilla.suse.com/show_bug.cgi?id=1188944
• https://bugzilla.suse.com/show_bug.cgi?id=1191881
• https://bugzilla.suse.com/show_bug.cgi?id=1194535
• https://bugzilla.suse.com/show_bug.cgi?id=1196616
• https://bugzilla.suse.com/show_bug.cgi?id=1201019
• https://bugzilla.suse.com/show_bug.cgi?id=1201420
• https://bugzilla.suse.com/show_bug.cgi?id=1201705
• https://bugzilla.suse.com/show_bug.cgi?id=1201726
• https://bugzilla.suse.com/show_bug.cgi?id=1201948
• https://bugzilla.suse.com/show_bug.cgi?id=1202096
• https://bugzilla.suse.com/show_bug.cgi?id=1202097
• https://bugzilla.suse.com/show_bug.cgi?id=1202154
• https://bugzilla.suse.com/show_bug.cgi?id=1202346
• https://bugzilla.suse.com/show_bug.cgi?id=1202347
• https://bugzilla.suse.com/show_bug.cgi?id=1202393
• https://bugzilla.suse.com/show_bug.cgi?id=1202396
• https://bugzilla.suse.com/show_bug.cgi?id=1202672
• https://bugzilla.suse.com/show_bug.cgi?id=1202897
• https://bugzilla.suse.com/show_bug.cgi?id=1202898
• https://bugzilla.suse.com/show_bug.cgi?id=1203098
• https://bugzilla.suse.com/show_bug.cgi?id=1203107