SUSE-SU-2022:1686-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20221686-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1686-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:1686-1
Related
Published
2022-05-16T11:56:14Z
Modified
2022-05-16T11:56:14Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
  • CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
  • CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
  • CVE-2022-1419: Fixed a concurrency use-after-free in vgemgemdumb_create (bsc#1198742).
  • CVE-2022-1353: Fixed access controll to kernel memory in the pfkeyregister function in net/key/afkey.c (bnc#1198516).
  • CVE-2022-1280: Fixed a use-after-free vulnerability in drmleaseheld in drivers/gpu/drm/drm_lease.c (bnc#1197914).
  • CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation (bnc#1197343).
  • CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
  • CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
  • CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
  • CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveausgdmacreate_ttm in Nouveau DRM subsystem (bnc#1183723).
  • CVE-2019-20811: Fixed issue in rxqueueaddkobject() and netdevqueueaddkobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
  • CVE-2018-7755: Fixed an issue in the fdlockedioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513).

The following non-security bugs were fixed:

  • IB/qib: Fix memory leak in qibusersdmaqueuepkts() (git-fixes)
  • NFSD: prevent underflow in nfssvcdecodewriteargs() (git-fixes).
  • NFSv4: recover from pre-mature loss of openstateid (bsc#1196247).
  • NFSv4: Do not try to CLOSE if the stateid 'other' field has changed (bsc#1196247).
  • NFSv4: Fix a regression in nfssetopenstateidlocked() (bsc#1196247).
  • NFSv4: Handle NFS4ERROLDSTATEID in CLOSE/OPEN_DOWNGRADE (bsc#1196247).
  • NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1196247).
  • NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
  • PCI/switchtec: Read all 64 bits of parteventbitmap (git-fixes).
  • PCI: Add device even if driver attach failed (git-fixes).
  • PCI: Fix overflow in command-line resource alignment requests (git-fixes).
  • PCI: iproc: Fix out-of-bound array accesses (git-fixes).
  • PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
  • PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
  • PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (git-fixes).
  • RDMA/rxe: Missing unlock on error in getsrqwqe() (git-fixes)
  • RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
  • RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
  • SUNRPC: Handle low memory situations in call_status() (git-fixes).
  • USB: Fix 'slab-out-of-bounds Write' bug in usbhcdpollrhstatus (git-fixes).
  • USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes).
  • USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
  • USB: serial: pl2303: add IBM device IDs (git-fixes).
  • USB: serial: simple: add Nokia phone driver (git-fixes).
  • USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
  • arm64: cmpxchg: Use 'K' instead of 'L' for ll/sc immediate constraint (git-fixes)
  • arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
  • arm64: drop linker script hack to hide _efistub symbols (git-fixes)
  • arm64: fix for bad_mode() handler to always result in panic (git-fixes)
  • arm64: hibernate: Clean the _hyptext to PoC after resume (git-fixes)
  • arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
  • arm64: kaslr: ensure randomized quantities are clean also when kaslr (git-fixes)
  • arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes)
  • arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
  • arm64: only advance singlestep for user instruction traps (git-fixes)
  • arm64: relocatable: fix inconsistencies in linker script and options (git-fixes)
  • ath10k: fix max antenna gain unit (git-fixes).
  • ath6kl: fix control-message timeout (git-fixes).
  • ath6kl: fix division by zero in send path (git-fixes).
  • ath9k: Fix potential interrupt storm on queue reset (git-fixes).
  • b43: fix a lower bounds test (git-fixes).
  • b43legacy: fix a lower bounds test (git-fixes).
  • backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770)
  • bnx2x: fix napi API usage sequence (bsc#1198217).
  • can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes).
  • char/mwave: Adjust io port register size (git-fixes).
  • cifs: do not skip link targets when an I/O fails (bsc#1194625).
  • crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
  • fbmem: do not allow too huge resolutions (bsc#1129770)
  • fix parallelism for rpc tasks (bsc#1197663).
  • fs/nfs: Use fatalsignalpending instead of signal_pending (git-fixes).
  • fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
  • hwrng: atmel - disable trng on failure path (git-fixes).
  • hwrng: cavium - HWRANDOMCAVIUM should depend on ARCH_THUNDER (git-fixes).
  • i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
  • i40e: add correct exception tracing for XDP (git-fixes).
  • i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
  • ieee802154: atusb: fix uninit value in atusbsetextended_addr (git-fixes).
  • io-64-nonatomic: add io{read|write}64{lohi|hilo} macros (git-fixes).
  • libertas: Fix possible memory leak in probe and disconnect (git-fixes).
  • libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
  • livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
  • mac80211: mesh: fix potentially unaligned access (git-fixes).
  • media: dvb-usb: fix uninit-value in dvbusbadapterdvbinit (git-fixes).
  • media: dvb-usb: fix uninit-value in vp702xreadmac_addr (git-fixes).
  • media: dvb-usb: fix ununit-value in az6027rcquery (git-fixes).
  • media: em28xx: fix memory leak in em28xxinitdev (git-fixes).
  • media: lmedm04: Fix misuse of comma (git-fixes).
  • media: rc-loopback: return number of emitters rather than error (git-fixes).
  • media: stkwebcam: fix memory leak in stkcameraprobe (git-fixes).
  • media: uvc: do not do DMA on stack (git-fixes).
  • media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
  • media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
  • mt7601u: fix rx buffer refcounting (git-fixes).
  • mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
  • mwifiex: Send DELBA requests according to spec (git-fixes).
  • mxser: fix xmit_buf leak in activate when LSR == 0xff (git-fixes).
  • net/mlx5e: Reduce tc unsupported key print level (git-fixes).
  • net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
  • net: ethernet: mtkethsoc: fix return values and refactor MDIO ops (git-fixes).
  • net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
  • net: stmicro: handle clk_prepare() failure during init (git-fixes).
  • net:emac/emac-mac: Fix a use after free in emacmactxbufsend (git-fixes).
  • parisc/sticon: fix reverse colors (bsc#1129770)
  • powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
  • ppp: ensure minimum packet size in ppp_write() (git-fixes).
  • ptrace: Check PTRACEOSUSPENDSECCOMP permission on PTRACESEIZE (bsc#1198413).
  • random: check for signalpending() outside of needresched() check (git-fixes).
  • random: fix data race on crngnodepool (git-fixes).
  • rtl8187: fix control-message timeouts (git-fixes).
  • scsi: libsas: Fix sasataqc_issue() handling of NCQ NON DATA commands (git-fixes).
  • scsi: scsidhalua: Avoid crash during aluabusdetach() (bsc#1028340 bsc#1198825).
  • tcp: Fix potential use-after-free due to double kfree() (bsc#1197075).
  • tcp: fix race condition when creating child sockets from syncookies (bsc#1197075).
  • usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
  • usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
  • usb: ulpi: Call ofnodeput correctly (git-fixes).
  • usb: ulpi: Move ofnodeput to ulpidevrelease (git-fixes).
  • video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
  • video: fbdev: atmellcdfb: fix an error code in atmellcdfb_probe() (bsc#1129770)
  • video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
  • video: fbdev: fbcvt.c: fix printing in fbcvtprint_name() (bsc#1129770)
  • video: fbdev: omapfb: Add missing ofnodeput() in dvicprobeof (bsc#1129770)
  • video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
  • video: fbdev: smscufx: Fix null-ptr-deref in ufxusbprobe() (bsc#1129770)
  • video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
  • wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
  • wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
  • x86/pm: Save the MSR validity status at context setup (bsc#1114648).
  • x86/sev: Unroll string mmio with CCATTRGUESTUNROLLSTRING_IO (git-fixes).
  • x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).
  • xen/blkfront: fix comment for need_copy (git-fixes).
  • xen: detect uninitialized xenbus in xenbus_init (git-fixes).
  • xen: do not continue xenstore initialization in case of errors (git-fixes).
  • xen: fix isxenpmu() (git-fixes).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.121.2",
            "gfs2-kmp-default": "4.12.14-122.121.2",
            "ocfs2-kmp-default": "4.12.14-122.121.2",
            "cluster-md-kmp-default": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_121-default": "1-8.5.2",
            "kernel-default-kgraft": "4.12.14-122.121.2",
            "kernel-default-kgraft-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_31

Package

Name
kgraft-patch-SLE12-SP5_Update_31
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP5_Update_31&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.5.2

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_121-default": "1-8.5.2",
            "kernel-default-kgraft": "4.12.14-122.121.2",
            "kernel-default-kgraft-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-docs

Package

Name
kernel-docs
Purl
purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.121.2",
            "kernel-obs-build": "4.12.14-122.121.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.121.2",
            "kernel-obs-build": "4.12.14-122.121.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.121.2",
            "kernel-devel": "4.12.14-122.121.2",
            "kernel-default-base": "4.12.14-122.121.2",
            "kernel-default-man": "4.12.14-122.121.2",
            "kernel-default": "4.12.14-122.121.2",
            "kernel-source": "4.12.14-122.121.2",
            "kernel-syms": "4.12.14-122.121.2",
            "kernel-default-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.121.2",
            "kernel-devel": "4.12.14-122.121.2",
            "kernel-default-base": "4.12.14-122.121.2",
            "kernel-default-man": "4.12.14-122.121.2",
            "kernel-default": "4.12.14-122.121.2",
            "kernel-source": "4.12.14-122.121.2",
            "kernel-syms": "4.12.14-122.121.2",
            "kernel-default-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.121.2",
            "kernel-devel": "4.12.14-122.121.2",
            "kernel-default-base": "4.12.14-122.121.2",
            "kernel-default-man": "4.12.14-122.121.2",
            "kernel-default": "4.12.14-122.121.2",
            "kernel-source": "4.12.14-122.121.2",
            "kernel-syms": "4.12.14-122.121.2",
            "kernel-default-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.121.2",
            "kernel-devel": "4.12.14-122.121.2",
            "kernel-default-base": "4.12.14-122.121.2",
            "kernel-default-man": "4.12.14-122.121.2",
            "kernel-default": "4.12.14-122.121.2",
            "kernel-source": "4.12.14-122.121.2",
            "kernel-syms": "4.12.14-122.121.2",
            "kernel-default-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.121.2",
            "kernel-devel": "4.12.14-122.121.2",
            "kernel-default-base": "4.12.14-122.121.2",
            "kernel-default-man": "4.12.14-122.121.2",
            "kernel-default": "4.12.14-122.121.2",
            "kernel-source": "4.12.14-122.121.2",
            "kernel-syms": "4.12.14-122.121.2",
            "kernel-default-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.121.2",
            "kernel-devel": "4.12.14-122.121.2",
            "kernel-default-base": "4.12.14-122.121.2",
            "kernel-default-man": "4.12.14-122.121.2",
            "kernel-default": "4.12.14-122.121.2",
            "kernel-source": "4.12.14-122.121.2",
            "kernel-syms": "4.12.14-122.121.2",
            "kernel-default-devel": "4.12.14-122.121.2"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.121.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "4.12.14-122.121.2"
        }
    ]
}