Security update for the Linux Kernel

Announcement ID: SUSE-SU-2022:2741-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-36557 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-36557 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-36558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-36558 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-33655 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-33655 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-33656 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
  • CVE-2021-33656 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1116 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1116 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1462 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-1462 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-20166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2022-20166 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-21505 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-2318 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-2318 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-26365 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2022-26365 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-29581 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-29581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-32250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-32250 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-33740 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2022-33740 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-33741 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2022-33741 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-33742 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2022-33742 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-36946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-36946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • openSUSE Leap 15.3
  • Public Cloud Module 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.2

An update that solves 16 vulnerabilities, contains one feature and has 15 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940).
  • CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665).
  • CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598).
  • CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
  • CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs that could lead to a use-after-free (bnc#1201429).
  • CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635).
  • CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636).
  • CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458).
  • CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829).
  • CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which allowed a local attacker to escalate privileges to root (bnc#1199647).- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251).
  • CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).

The following non-security bugs were fixed:

  • Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
  • qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
  • kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
  • bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
  • bpf: enable BPF type format (BTF) (jsc#SLE-24559).
  • nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196).
  • hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
  • hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
  • hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
  • hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
  • hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
  • kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
  • lkdtm: Disable return thunks in rodata.c (bsc#1178134).
  • net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
  • net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
  • nvme: consider also host_iface when checking ip options (bsc#1199670).
  • powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
  • powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
  • powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
  • scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
  • scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
  • scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
  • scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
  • scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
  • scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
  • scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
  • scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
  • scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
  • scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
  • scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
  • scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
  • scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
  • scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
  • scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
  • scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
  • scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
  • scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
  • scsi: qla2xxx: Update manufacturer details (bsc#1201958).
  • scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
  • scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
  • scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
  • watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
  • x86/bugs: Remove apostrophe typo (bsc#1178134).
  • x86/entry: Remove skip_r11rcx (bsc#1201644).
  • x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
  • xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3
    zypper in -t patch SUSE-2022-2741=1
  • Public Cloud Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1

Package List:

  • openSUSE Leap 15.3 (x86_64)
    • dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
    • ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1
    • kselftests-kmp-azure-5.3.18-150300.38.75.1
    • gfs2-kmp-azure-5.3.18-150300.38.75.1
    • reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1
    • cluster-md-kmp-azure-5.3.18-150300.38.75.1
    • reiserfs-kmp-azure-5.3.18-150300.38.75.1
    • gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-debugsource-5.3.18-150300.38.75.1
    • kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
    • kernel-azure-optional-5.3.18-150300.38.75.1
    • kernel-syms-azure-5.3.18-150300.38.75.1
    • kernel-azure-extra-5.3.18-150300.38.75.1
    • dlm-kmp-azure-5.3.18-150300.38.75.1
    • ocfs2-kmp-azure-5.3.18-150300.38.75.1
    • kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
    • kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
    • cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-devel-5.3.18-150300.38.75.1
  • openSUSE Leap 15.3 (nosrc x86_64)
    • kernel-azure-5.3.18-150300.38.75.1
  • openSUSE Leap 15.3 (noarch)
    • kernel-devel-azure-5.3.18-150300.38.75.1
    • kernel-source-azure-5.3.18-150300.38.75.1
  • Public Cloud Module 15-SP3 (nosrc x86_64)
    • kernel-azure-5.3.18-150300.38.75.1
  • Public Cloud Module 15-SP3 (x86_64)
    • kernel-syms-azure-5.3.18-150300.38.75.1
    • kernel-azure-debugsource-5.3.18-150300.38.75.1
    • kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-debuginfo-5.3.18-150300.38.75.1
    • kernel-azure-devel-5.3.18-150300.38.75.1
  • Public Cloud Module 15-SP3 (noarch)
    • kernel-devel-azure-5.3.18-150300.38.75.1
    • kernel-source-azure-5.3.18-150300.38.75.1

References: