Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2022:4504-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 22 vulnerabilities, contains seven features and has 26 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
- CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
- CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960).
The following non-security bugs were fixed:
- ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
- ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes).
- ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
- ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
- ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes).
- ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes).
- ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100).
- ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111).
- ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111).
- ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes).
- ARM: at91: rm9200: fix usb device clock id (git-fixes).
- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes).
- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
- ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes).
- ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
- ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
- ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
- ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
- ASoC: fsl_sai: use local device pointer (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes).
- ASoC: ops: Fix bounds check for _sx controls (git-fixes).
- ASoC: rt1019: Fix the TDM settings (git-fixes).
- ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
- ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
- ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
- ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes).
- Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
- Drivers: hv: Fix syntax errors in comments (git-fixes).
- Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
- Drivers: hv: fix repeated words in comments (git-fixes).
- Drivers: hv: remove duplicate word in a comment (git-fixes).
- Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes).
- Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
- Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
- Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
- Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix typo in comment (git-fixes).
- Fix formatting of client smbdirect RDMA logging (bsc#1193629).
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
- HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
- HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
- HID: playstation: add initial DualSense Edge controller support (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Handle variable number of SGEs in client smbdirect send (bsc#1193629).
- IB/hfi1: Correctly move list in sc_disable() (git-fixes)
- IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
- Input: goodix - try resetting the controller when no config is set (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes).
- Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes).
- Input: soc_button_array - add use_low_level_irq module parameter (git-fixes).
- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes).
- KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
- KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
- KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
- KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes).
- KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
- KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
- KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes).
- KVM: SVM: retrieve VMCB from assembly (git-fixes).
- KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes).
- KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes).
- KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes).
- KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007).
- KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes).
- KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes).
- KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes).
- KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes).
- KVM: x86/mmu: WARN if old or new SPTE is REMOVED in non-atomic path (git-fixes).
- KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes).
- KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes).
- KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes).
- KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes).
- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes).
- KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes).
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
- KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes).
- KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744).
- KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes).
- KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes).
- KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes).
- KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes).
- KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes).
- KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
- KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
- KVM: x86: emulator: update the emulation mode after rsm (git-fixes).
- KVM: x86: use a separate asm-offsets.c file (git-fixes).
- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes).
- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes).
- NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes).
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes)
- RDMA/cma: Use output interface for net_dev check (git-fixes)
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
- RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
- RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
- RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes)
- RDMA/hns: Disable local invalidate operation (git-fixes)
- RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
- RDMA/hns: Fix supported page size (git-fixes)
- RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
- RDMA/hns: Remove magic number (git-fixes)
- RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
- RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
- RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes)
- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
- RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
- RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes)
- RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
- RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
- RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
- RDMA/rxe: Remove useless pkt parameters (git-fixes)
- Reduce client smbdirect max receive segment size (bsc#1193629).
- Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes).
- Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (git-fixes).
- Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes).
- Revert "usb: dwc3: disable USB core PHY management" (git-fixes).
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629).
- USB: bcma: Make GPIO explicitly optional (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- arcnet: fix potential memory leak in com20020_probe() (git-fixes).
- arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- arm64: Add AMPERE1 to the Sp