SUSE-SU-2022:0363-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20220363-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0363-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:0363-1
Related
Published
2022-02-10T16:01:35Z
Modified
2022-02-10T16:01:35Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
  • CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
  • CVE-2022-0286: Fixed null pointer dereference in bondipsecadd_sa() that may have lead to local denial of service (bnc#1195371).
  • CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
  • CVE-2021-45095: Fixed refcount leak in pepsockaccept in net/phonet/pep.c (bnc#1193867).
  • CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/teeshm.c in the TEE subsystem, that could have occured because of a race condition in teeshmgetfrom_id during an attempt to free a shared memory object (bnc#1193767).
  • CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcdehdeviceresethandler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
  • CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadgetdevdescUDCshow of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
  • CVE-2021-22600: Fixed double free bug in packetsetring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
  • CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).
  • CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerceregto_size (bsc#1194227).

The following security references were added to already fixed issues:

  • CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).

The following non-security bugs were fixed:

  • ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes).
  • ACPICA: Executer: Fix the REFCLASSREFOF case in acpiexopcode1A0T1R() (git-fixes).
  • ACPICA: Fix wrong interpretation of PCC address (git-fixes).
  • ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).
  • ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).
  • ACPICA: actypes.h: Expand the ACPIACCESS definitions (git-fixes).
  • ALSA: seq: Set upper limit of processed events (git-fixes).
  • ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
  • Bluetooth: Fix debugfs entry leak in hciregisterdev() (git-fixes).
  • Documentation: fix firewire.rst ABI file path error (git-fixes).
  • HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
  • HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
  • HID: uhid: Fix worker destroying device without any protection (git-fixes).
  • HID: wacom: Reset expected and received contact counts at the same time (git-fixes).
  • PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
  • RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
  • RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
  • ar5523: Fix null-ptr-deref with unexpected WDCMSGTARGETSTART reply (git-fixes).
  • arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
  • asix: fix wrong return value in asixcheckhost_enable() (git-fixes).
  • ata: pataplatform: Fix a NULL pointer dereference in _pataplatformprobe() (git-fixes).
  • ath10k: Fix tx hanging (git-fixes).
  • ath9k: Fix out-of-bound memcpy in ath9khifusbrxstream (git-fixes).
  • batman-adv: allow netlink usage in unprivileged containers (git-fixes).
  • btrfs: tree-checker: Add EXTENTITEM and METADATAITEM check (bsc#1195009).
  • btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
  • btrfs: tree-checker: check for BTRFSBLOCKFLAGFULLBACKREF being set improperly (bsc#1195009).
  • cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
  • clk: si5341: Fix clock HW provider cleanup (git-fixes).
  • crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
  • drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
  • drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).
  • drm/etnaviv: limit submit sizes (git-fixes).
  • drm/etnaviv: relax submit size limits (git-fixes).
  • drm/lima: fix warning when CONFIGDEBUGSG=y & CONFIGDMAAPI_DEBUG=y (git-fixes).
  • drm/msm/dpu: invalid parameter check in dpusetupdspp_pcc (git-fixes).
  • drm/msm/dsi: invalid parameter check in msmdsiphy_enable (git-fixes).
  • drm/msm/hdmi: Fix missing putdevice() call in msmhdmigetphy (git-fixes).
  • drm/msm: Fix wrong size calculation (git-fixes).
  • drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
  • drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).
  • drm/radeon: fix error handling in radeondriveropen_kms (git-fixes).
  • drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).
  • ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).
  • floppy: Add max size check for user space request (git-fixes).
  • gpio: aspeed: Convert aspeedgpio.lock to rawspinlock (git-fixes).
  • gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).
  • hvnetvsc: Set neededheadroom according to VF (bsc#1193506).
  • hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
  • hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
  • hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
  • hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
  • hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
  • i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).
  • i2c: i801: Do not silently correct invalid transfer size (git-fixes).
  • i2c: mpc: Correct I2C reset procedure (git-fixes).
  • ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
  • ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
  • ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
  • ibmvnic: init ->runningcapcrqs early (bsc#1195073 ltc#195713).
  • ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
  • ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
  • igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
  • iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
  • iwlwifi: mvm: Fix calculation of frame length (git-fixes).
  • iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
  • iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
  • iwlwifi: remove module loading failure message (git-fixes).
  • lib82596: Fix IRQ check in sni82596probe (git-fixes).
  • lightnvm: Remove lightnvm implemenation (bsc#1191881).
  • mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
  • media: b2c2: Add missing check in flexcoppciisr: (git-fixes).
  • media: coda/imx-vdoa: Handle dmasetcoherent_mask error codes (git-fixes).
  • media: igorplugusb: receiver overflow should be reported (git-fixes).
  • media: m920x: do not use stack on USB reads (git-fixes).
  • media: saa7146: hexiumgemini: Fix a NULL pointer dereference in hexiumattach() (git-fixes).
  • media: saa7146: hexiumorion: Fix a NULL pointer dereference in hexiumattach() (git-fixes).
  • media: uvcvideo: Increase UVCCTRLCONTROL_TIMEOUT to 5 seconds (git-fixes).
  • mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).
  • mmc: core: Fixup storing of OCR for MMCQUIRKNONSTD_SDIO (git-fixes).
  • mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
  • mtd: rawnand: gpmi: Add ERR007117 protection for nfcapplytimings (git-fixes).
  • mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).
  • net, xdp: Introduce xdpinitbuff utility routine (bsc#1193506).
  • net, xdp: Introduce xdppreparebuff utility routine (bsc#1193506).
  • net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).
  • net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
  • net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).
  • net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
  • net: bonding: fix bondxmitbroadcast return value error bug (bsc#1176447).
  • net: bridge: vlan: fix memory leak in _allowedingress (bsc#1176447).
  • net: bridge: vlan: fix single net device option dumping (bsc#1176447).
  • net: mana: Add RX fencing (bsc#1193506).
  • net: mana: Add XDP support (bsc#1193506).
  • net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
  • net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
  • net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
  • net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
  • net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
  • net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
  • net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
  • net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).
  • netdevsim: set .owner to THIS_MODULE (bsc#1154353).
  • nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).
  • nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
  • phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).
  • phylib: fix potential use-after-free (git-fixes).
  • pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
  • pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
  • powerpc/book3s64/radix: make tlbsinglepageflushceiling a debugfs entry (bsc#1195183 ltc#193865).
  • regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).
  • rsi: Fix use-after-free in rsirxdone_handler() (git-fixes).
  • sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).
  • sched/numa: Fix iscoreidle() (git fixes (sched/numa)).
  • scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
  • serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).
  • serial: Fix incorrect rs485 polarity on uart open (git-fixes).
  • serial: amba-pl011: do not request memory region twice (git-fixes).
  • serial: core: Keep mctrl register state and cached copy in sync (git-fixes).
  • serial: pl010: Drop CR register reset on set_termios (git-fixes).
  • serial: stm32: fix software flow control transfer (git-fixes).
  • supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
  • tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
  • ucsiccg: Check DEVINT bit only when starting CCG4 (git-fixes).
  • usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
  • usb: gadget: ffs: Use streamopen() for endpoint files (git-fixes).
  • usb: gadget: fsourcesink: Fix isoc transfer for USBSPEEDSUPERPLUS (git-fixes).
  • usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
  • usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
  • usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
  • usb: uhci: add aspeed ast2600 uhci support (git-fixes).
  • vfio/iommu_type1: replace kfree with kvfree (git-fixes).
  • video: hyperv_fb: Fix validation of screen resolution (git-fixes).
  • vxlan: fix error return code in _vxlandev_create() (bsc#1154353).
  • workqueue: Fix unbindworkers() VS wqworker_running() race (bsc#1195062).
  • x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).
  • xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.40.4

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-150300.38.40.4",
            "kernel-azure-devel": "5.3.18-150300.38.40.4",
            "kernel-devel-azure": "5.3.18-150300.38.40.4",
            "kernel-syms-azure": "5.3.18-150300.38.40.1",
            "kernel-source-azure": "5.3.18-150300.38.40.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.40.4

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-150300.38.40.4",
            "kernel-azure-devel": "5.3.18-150300.38.40.4",
            "kernel-devel-azure": "5.3.18-150300.38.40.4",
            "kernel-syms-azure": "5.3.18-150300.38.40.1",
            "kernel-source-azure": "5.3.18-150300.38.40.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-150300.38.40.4",
            "kernel-azure-devel": "5.3.18-150300.38.40.4",
            "kernel-devel-azure": "5.3.18-150300.38.40.4",
            "kernel-syms-azure": "5.3.18-150300.38.40.1",
            "kernel-source-azure": "5.3.18-150300.38.40.4"
        }
    ]
}