Security update for the Linux Kernel

Announcement ID: SUSE-SU-2022:1163-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2021-39698 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39698 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-45402 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  • CVE-2021-45402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-45868 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-45868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2022-0850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  • CVE-2022-0850 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-1011 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1011 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-1016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-1048 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1048 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1055 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1055 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-1195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1195 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1198 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1199 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1199 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1205 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-1205 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-23036 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-23037 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23037 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-23038 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23038 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-23039 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23039 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-23040 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23040 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-23041 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23041 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-23042 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2022-23042 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-27223 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2022-27223 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-27666 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • CVE-2022-27666 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-28388 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CVE-2022-28388 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-28389 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-28389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-28390 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-28390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • openSUSE Leap 15.3
  • Public Cloud Module 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.2

An update that solves 25 vulnerabilities and has 33 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
  • CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
  • CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
  • CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
  • CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
  • CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
  • CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
  • CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
  • CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
  • CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
  • CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
  • CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
  • CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
  • CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
  • CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
  • CVE-2022-27223: Fixed an out-of-array access in /usb/gadget/udc/udc-xilinx.c. (bsc#1197245)
  • CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
  • CVE-2021-45402: Fixed a pointer leak in check_alu_op() of kernel/bpf/verifier.c. (bsc#1196130).
  • CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)

The following non-security bugs were fixed:

  • ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
  • ACPI: APEI: fix return value of __setup handlers (git-fixes).
  • ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
  • ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
  • ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
  • ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
  • ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
  • ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
  • ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
  • ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
  • ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
  • ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
  • ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
  • ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
  • ALSA: spi: Add check for clk_enable() (git-fixes).
  • ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
  • ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
  • ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
  • ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
  • ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
  • ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
  • ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
  • ASoC: fsi: Add check for clk_enable (git-fixes).
  • ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
  • ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
  • ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
  • ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
  • ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
  • ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
  • ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
  • ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
  • ASoC: SOF: topology: remove redundant code (git-fixes).
  • ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
  • ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
  • ASoC: topology: Allow TLV control to be either read or write (git-fixes).
  • ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
  • ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
  • ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
  • ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
  • ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
  • block: update io_ticks when io hang (bsc#1197817).
  • block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
  • bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
  • bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
  • btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
  • btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
  • btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
  • btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
  • btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
  • btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
  • btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
  • btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
  • btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
  • btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
  • btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
  • btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
  • btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
  • btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
  • btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
  • btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
  • btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
  • btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
  • btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
  • can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
  • can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
  • can: mcba_usb: properly check endpoint type (git-fixes).
  • can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
  • cifs: do not skip link targets when an I/O fails (bsc#1194625).
  • cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
  • clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
  • clk: bcm2835: Remove unused variable (git-fixes).
  • clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
  • clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
  • clk: Initialize orphan req_rate (git-fixes).
  • clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
  • clk: nxp: Remove unused variable (git-fixes).
  • clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
  • clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
  • clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
  • clk: uniphier: Fix fixed-rate initialization (git-fixes).
  • clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
  • clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
  • cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
  • crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
  • crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
  • crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
  • crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
  • crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
  • crypto: qat - do not cast parameter in bit operations (git-fixes).
  • crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
  • crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
  • crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
  • crypto: vmx - add missing dependencies (git-fixes).
  • dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
  • driver core: dd: fix return value of __setup handler (git-fixes).
  • drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
  • drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
  • drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
  • drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
  • drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
  • drm/doc: overview before functions for drm_writeback.c (git-fixes).
  • drm/i915: Fix dbuf slice config lookup (git-fixes).
  • drm/i915/gem: add missing boundary check in vm_access (git-fixes).
  • drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).