Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:2741-1
Rating:	important
References:	bsc#1178134 bsc#1198829 bsc#1199364 bsc#1199647 bsc#1199665 bsc#1199670 bsc#1200521 bsc#1200598 bsc#1200644 bsc#1200651 bsc#1200762 bsc#1200910 bsc#1201196 bsc#1201206 bsc#1201251 bsc#1201381 bsc#1201429 bsc#1201458 bsc#1201635 bsc#1201636 bsc#1201644 bsc#1201664 bsc#1201672 bsc#1201673 bsc#1201676 bsc#1201846 bsc#1201930 bsc#1201940 bsc#1201954 bsc#1201956 bsc#1201958 jsc#SLE-24559
Cross-References:	CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946
CVSS scores:	CVE-2020-36557 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36557 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33655 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-33656 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-20166 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21505 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-26365 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-29581 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-36946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.3 Public Cloud Module 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves 16 vulnerabilities, contains one feature and has 15 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940).
• CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665).
• CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598).
• CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
• CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs that could lead to a use-after-free (bnc#1201429).
• CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635).
• CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636).
• CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458).
• CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829).
• CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which allowed a local attacker to escalate privileges to root (bnc#1199647).- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251).
• CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).

The following non-security bugs were fixed:

• Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
• qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
• kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
• bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
• bpf: enable BPF type format (BTF) (jsc#SLE-24559).
• nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196).
• hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
• hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
• hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
• hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
• hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
• kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
• lkdtm: Disable return thunks in rodata.c (bsc#1178134).
• net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
• net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
• nvme: consider also host_iface when checking ip options (bsc#1199670).
• powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
• powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
• powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
• scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
• scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
• scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
• scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
• scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
• scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
• scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
• scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
• scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
• scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
• scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
• scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
• scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
• scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
• scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
• scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
• scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
• scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
• scsi: qla2xxx: Update manufacturer details (bsc#1201958).
• scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
• scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
• scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
• watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
• x86/bugs: Remove apostrophe typo (bsc#1178134).
• x86/entry: Remove skip_r11rcx (bsc#1201644).
• x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
• xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-2741=1
• Public Cloud Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1

Package List:

• openSUSE Leap 15.3 (x86_64)
  • dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  • ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1
  • kselftests-kmp-azure-5.3.18-150300.38.75.1
  • gfs2-kmp-azure-5.3.18-150300.38.75.1
  • reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  • cluster-md-kmp-azure-5.3.18-150300.38.75.1
  • reiserfs-kmp-azure-5.3.18-150300.38.75.1
  • gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-debugsource-5.3.18-150300.38.75.1
  • kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
  • kernel-azure-optional-5.3.18-150300.38.75.1
  • kernel-syms-azure-5.3.18-150300.38.75.1
  • kernel-azure-extra-5.3.18-150300.38.75.1
  • dlm-kmp-azure-5.3.18-150300.38.75.1
  • ocfs2-kmp-azure-5.3.18-150300.38.75.1
  • kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
  • kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  • cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-devel-5.3.18-150300.38.75.1
• openSUSE Leap 15.3 (nosrc x86_64)
  • kernel-azure-5.3.18-150300.38.75.1
• openSUSE Leap 15.3 (noarch)
  • kernel-devel-azure-5.3.18-150300.38.75.1
  • kernel-source-azure-5.3.18-150300.38.75.1
• Public Cloud Module 15-SP3 (nosrc x86_64)
  • kernel-azure-5.3.18-150300.38.75.1
• Public Cloud Module 15-SP3 (x86_64)
  • kernel-syms-azure-5.3.18-150300.38.75.1
  • kernel-azure-debugsource-5.3.18-150300.38.75.1
  • kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-debuginfo-5.3.18-150300.38.75.1
  • kernel-azure-devel-5.3.18-150300.38.75.1
• Public Cloud Module 15-SP3 (noarch)
  • kernel-devel-azure-5.3.18-150300.38.75.1
  • kernel-source-azure-5.3.18-150300.38.75.1

References:

• https://www.suse.com/security/cve/CVE-2020-36557.html
• https://www.suse.com/security/cve/CVE-2020-36558.html
• https://www.suse.com/security/cve/CVE-2021-33655.html
• https://www.suse.com/security/cve/CVE-2021-33656.html
• https://www.suse.com/security/cve/CVE-2022-1116.html
• https://www.suse.com/security/cve/CVE-2022-1462.html
• https://www.suse.com/security/cve/CVE-2022-20166.html
• https://www.suse.com/security/cve/CVE-2022-21505.html
• https://www.suse.com/security/cve/CVE-2022-2318.html
• https://www.suse.com/security/cve/CVE-2022-26365.html
• https://www.suse.com/security/cve/CVE-2022-29581.html
• https://www.suse.com/security/cve/CVE-2022-32250.html
• https://www.suse.com/security/cve/CVE-2022-33740.html
• https://www.suse.com/security/cve/CVE-2022-33741.html
• https://www.suse.com/security/cve/CVE-2022-33742.html
• https://www.suse.com/security/cve/CVE-2022-36946.html
• https://bugzilla.suse.com/show_bug.cgi?id=1178134
• https://bugzilla.suse.com/show_bug.cgi?id=1198829
• https://bugzilla.suse.com/show_bug.cgi?id=1199364
• https://bugzilla.suse.com/show_bug.cgi?id=1199647
• https://bugzilla.suse.com/show_bug.cgi?id=1199665
• https://bugzilla.suse.com/show_bug.cgi?id=1199670
• https://bugzilla.suse.com/show_bug.cgi?id=1200521
• https://bugzilla.suse.com/show_bug.cgi?id=1200598
• https://bugzilla.suse.com/show_bug.cgi?id=1200644
• https://bugzilla.suse.com/show_bug.cgi?id=1200651
• https://bugzilla.suse.com/show_bug.cgi?id=1200762
• https://bugzilla.suse.com/show_bug.cgi?id=1200910
• https://bugzilla.suse.com/show_bug.cgi?id=1201196
• https://bugzilla.suse.com/show_bug.cgi?id=1201206
• https://bugzilla.suse.com/show_bug.cgi?id=1201251
• https://bugzilla.suse.com/show_bug.cgi?id=1201381
• https://bugzilla.suse.com/show_bug.cgi?id=1201429
• https://bugzilla.suse.com/show_bug.cgi?id=1201458
• https://bugzilla.suse.com/show_bug.cgi?id=1201635
• https://bugzilla.suse.com/show_bug.cgi?id=1201636
• https://bugzilla.suse.com/show_bug.cgi?id=1201644
• https://bugzilla.suse.com/show_bug.cgi?id=1201664
• https://bugzilla.suse.com/show_bug.cgi?id=1201672
• https://bugzilla.suse.com/show_bug.cgi?id=1201673
• https://bugzilla.suse.com/show_bug.cgi?id=1201676
• https://bugzilla.suse.com/show_bug.cgi?id=1201846
• https://bugzilla.suse.com/show_bug.cgi?id=1201930
• https://bugzilla.suse.com/show_bug.cgi?id=1201940
• https://bugzilla.suse.com/show_bug.cgi?id=1201954
• https://bugzilla.suse.com/show_bug.cgi?id=1201956
• https://bugzilla.suse.com/show_bug.cgi?id=1201958
• https://jira.suse.com/browse/SLE-24559