Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:3293-1
Rating:	important
References:	bsc#1023051 bsc#1032323 bsc#1065729 bsc#1156395 bsc#1190497 bsc#1194592 bsc#1194869 bsc#1194904 bsc#1195480 bsc#1195917 bsc#1196616 bsc#1197158 bsc#1197391 bsc#1197755 bsc#1197756 bsc#1197757 bsc#1197763 bsc#1198410 bsc#1198971 bsc#1199086 bsc#1199364 bsc#1199670 bsc#1200313 bsc#1200431 bsc#1200465 bsc#1200544 bsc#1200845 bsc#1200868 bsc#1200869 bsc#1200870 bsc#1200871 bsc#1200872 bsc#1200873 bsc#1201019 bsc#1201308 bsc#1201427 bsc#1201442 bsc#1201455 bsc#1201489 bsc#1201610 bsc#1201675 bsc#1201725 bsc#1201768 bsc#1201940 bsc#1201956 bsc#1201958 bsc#1202096 bsc#1202097 bsc#1202113 bsc#1202131 bsc#1202154 bsc#1202262 bsc#1202265 bsc#1202312 bsc#1202346 bsc#1202347 bsc#1202385 bsc#1202393 bsc#1202447 bsc#1202471 bsc#1202558 bsc#1202564 bsc#1202623 bsc#1202636 bsc#1202672 bsc#1202681 bsc#1202710 bsc#1202711 bsc#1202712 bsc#1202713 bsc#1202715 bsc#1202716 bsc#1202757 bsc#1202758 bsc#1202759 bsc#1202761 bsc#1202762 bsc#1202763 bsc#1202764 bsc#1202765 bsc#1202766 bsc#1202767 bsc#1202768 bsc#1202769 bsc#1202770 bsc#1202771 bsc#1202773 bsc#1202774 bsc#1202775 bsc#1202776 bsc#1202778 bsc#1202779 bsc#1202780 bsc#1202781 bsc#1202782 bsc#1202783 bsc#1202822 bsc#1202823 bsc#1202824 bsc#1202860 bsc#1202867 bsc#1202874 bsc#1202898 bsc#1203036 bsc#1203041 bsc#1203063 bsc#1203107 bsc#1203117 bsc#1203138 bsc#1203139 bsc#1203159 jsc#SLE-18130 jsc#SLE-19359 jsc#SLE-20183 jsc#SLE-23766 jsc#SLE-24572
Cross-References:	CVE-2016-3695 CVE-2020-36516 CVE-2021-33135 CVE-2021-4037 CVE-2022-20368 CVE-2022-20369 CVE-2022-2588 CVE-2022-2639 CVE-2022-2663 CVE-2022-28356 CVE-2022-28693 CVE-2022-2873 CVE-2022-2905 CVE-2022-2938 CVE-2022-2959 CVE-2022-2977 CVE-2022-3028 CVE-2022-3078 CVE-2022-32250 CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39190
CVSS scores:	CVE-2016-3695 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2016-3695 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36516 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-36516 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2021-33135 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33135 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4037 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-4037 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2639 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2639 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2663 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2663 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-28356 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28693 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2873 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-2873 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2905 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2938 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2938 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2959 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2959 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-2977 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3078 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3078 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-32250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-36879 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39188 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP4 Development Tools Module 15-SP4 Legacy Module 15-SP4 openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Availability Extension 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Live Patching 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that solves 23 vulnerabilities, contains five features and has 88 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685).
CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874).
CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of