SUSE-SU-2022:2080-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2080-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2080-1
Related
Published
2022-06-14T18:51:26Z
Modified
2022-06-14T18:51:26Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated.

The following security bugs were fixed:

  • CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
  • CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
  • CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
  • CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
  • CVE-2022-24448: Fixed an issue if an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
  • CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
  • CVE-2022-1729: Fixed a sysperfevent_open() race condition against self (bsc#1199507).
  • CVE-2021-39711: In bpfprogtestrunskb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
  • CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
  • CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
  • CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
  • CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
  • CVE-2022-30594: Fixed restriction bypass on setting the PTSUSPENDSECCOMP flag (bnc#1199505).
  • CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).

The following non-security bugs were fixed:

  • ACPI: property: Release subnode properties with data nodes (git-fixes).
  • ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
  • arm64: set plt* section addresses to 0x0 (git-fixes)
  • arm64: Add missing ISB after invalidating TLB in _primaryswitch (git-fixes)
  • arm64: armv8deprecated: Fix undefhook mask for thumb setend (git-fixes)
  • arm64: avoid -Woverride-init warning (git-fixes)
  • arm64: berlin: Select DWAPBTIMER_OF (git-fixes) Update arm64 default config too.
  • arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
  • arm64: clearpage() shouldn't use DC ZVA when DCZIDEL0.DZP == 1 (git-fixes).
  • arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
  • arm64: compat: Reduce address limit (git-fixes)
  • arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
  • arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
  • arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
  • arm64: csum: Fix handling of bad packets (git-fixes)
  • arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes)
  • arm64: debug: Ensure debug handlers check triggering exception level (git-fixes)
  • arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
  • arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
  • arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
  • arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
  • arm64: fix inline asm in loadunalignedzeropad() (git-fixes)
  • arm64: Fix size of _earlycpubootstatus (git-fixes)
  • arm64: fix the flushicacherange arguments in machine_kexec (git-fixes)
  • arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
  • arm64: futex: Bound number of LDXR/STXR loops in FUTEXWAKEOP (git-fixes)
  • arm64: futex: Fix FUTEXWAKEOP atomic ops with non-zero result value (git-fixes)
  • arm64: futex: Restore oldval initialization to work around buggy (git-fixes)
  • arm64: hibernate: check pgd table allocation (git-fixes)
  • arm64: hugetlb: avoid potential NULL dereference (git-fixes)
  • arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes)
  • arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
  • arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
  • arm64: kgdb: Fix single-step exception handling oops (git-fixes)
  • arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes)
  • arm64: module: remove (NOLOAD) from linker script (git-fixes)
  • arm64: perf: Report the PC value in REGSABI32 mode (git-fixes)
  • arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
  • arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
  • arm64: Relax GIC version check during early boot (git-fixes)
  • arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
  • arm64: smp: fix crashsmpsend_stop() behaviour (git-fixes)
  • arm64: smp: fix smpsendstop() behaviour (git-fixes)
  • arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes)
  • arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
  • arm64: handle non-remapped addresses in ->mmap and (git-fixes)
  • arm64: avoid fixmap race condition when create pud mapping (git-fixes)
  • bonding: pair enableport with slavearr_updates (git-fixes).
  • btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
  • btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  • cgroup/cpuset: Remove cpusallowed/memsallowed setup in cpusetinitsmp() (bsc#1199839).
  • cputime, cpuacct: Include guest time in user time in (git-fixes)
  • crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes)
  • crypto: ixp4xx - dma_unmap the correct address (git-fixes).
  • crypto: qat - do not cast parameter in bit operations (git-fixes).
  • crypto: rsa-pkcs1pad - fix buffer overread in pkcs1padverifycomplete() (bsc#1197601).
  • crypto: virtio - deal with unsupported input sizes (git-fixes).
  • crypto: virtio: Fix dest length calculation in _virtiocryptoskcipherdo_req() (git-fixes).
  • drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
  • drbd: Fix five use after free bugs in getinitialstate (git-fixes).
  • drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
  • drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
  • i40e: always propagate error value in i40esetvsi_promisc() (git-fixes).
  • i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
  • i40e: fix return of uninitialized aqret in i40esetvsipromisc (git-fixes).
  • i40e: Fix the conditional for i40evcvalidatevqsbitmaps (git-fixes).
  • i40e: Fix virtchnlqueueselect bitmap validation (git-fixes).
  • i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes).
  • i40e: Remove scheduling while atomic possibility (git-fixes).
  • iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
  • Input: aiptek - properly check endpoint type (git-fixes).
  • Input: appletouch - initialize work before device registration (git-fixes).
  • Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
  • Input: spaceball - fix parsing of movement data packets (git-fixes).
  • Input: tiam335xtsc - fix STEPCONFIG setup for Z2 (git-fixes).
  • Input: tiam335xtsc - set ADCREFM for X configuration (git-fixes).
  • Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
  • KVM: arm64: Fix definition of PAGEHYPDEVICE (git-fixes)
  • KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
  • KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes).
  • lpfc: drop driver update 14.2.0.x The amount of backport changes necessary for due to the refactoring is introducing to much code churn and is likely to introduce regressions. This ends the backport effort to keep the lpfc in sync with mainline.
  • lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
  • media: cpia2: fix control-message timeouts (git-fixes).
  • media: cx23885: Fix sndcardfree call on null card pointer (git-fixes).
  • media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
  • media: dmxdev: fix UAF when dvbregisterdevice() fails (git-fixes).
  • media: em28xx: fix control-message timeouts.
  • media: flexcop-usb: fix control-message timeouts (git-fixes).
  • media: mceusb: fix control-message timeouts (git-fixes).
  • media: mtk-vpu: Fix a resource leak in the error handling path of 'mtkvpuprobe()' (git-fixes).
  • media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
  • media: pvrusb2: fix control-message timeouts (git-fixes).
  • media: redrat3: fix control-message timeouts (git-fixes).
  • media: s2255: fix control-message timeouts (git-fixes).
  • media: stk1160: fix control-message timeouts (git-fixes).
  • media: vim2m: Remove surplus name initialization (git-fixes).
  • mm, pagealloc: fix buildzonerefs_node() (git-fixes).
  • net: bcmgenet: Do not claim WOL when its not available (git-fixes).
  • net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  • net: mana: Add counter for XDP_TX (bsc#1195651).
  • net: mana: Add handling of CQERXTRUNCATED (bsc#1195651).
  • net: mana: Remove unnecessary check of cqetype in manaprocessrxcqe() (bsc#1195651).
  • net: mana: Reuse XDP dropped page (bsc#1195651).
  • net: mana: Use structsize() helper in managdcreatedma_region() (bsc#1195651).
  • net: qlogic: check the return value of dmaalloccoherent() in qedvfhw_prepare() (git-fixes).
  • net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes).
  • netfilter: conntrack: connection timeout after re-register (bsc#1199035).
  • netfilter: conntrack: move synack init code to helper (bsc#1199035).
  • netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
  • netfilter: nfconntracktcp: preserve liberal flag in tcp options (bsc#1199035).
  • netfilter: nfconntracktcp: re-init for syn packets only (bsc#1199035).
  • netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015).
  • NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
  • NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
  • PCI / ACPI: Mark expected switch fall-through (git-fixes).
  • PCI: Do not enable AtomicOps on VFs (bsc#1129770)
  • PCI: hv: Do not set PCICOMMANDMEMORY to reduce VM boot time (bsc#1199314).
  • powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
  • powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
  • powerpc/64s: Add CPUFTRSPOWER9DD22 to CPUFTRSALWAYS mask (bsc#1061840 git-fixes).
  • powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329).
  • powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/xive: Add some error handling code to 'xivespaprinit()' (git-fixes).
  • powerpc/xive: Fix refcount leak in xivespaprinit (git-fixes).
  • qed: display VF trust config (git-fixes).
  • qed: return status of qediovget_link (git-fixes).
  • qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
  • revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
  • sched/core: Add _sched tag for ioschedule() (git-fixes)
  • sched/core: Fix comment regarding nriowaitcpu() and (git-fixes)
  • sched/debug: Remove mpolget/put and tasklock/unlock from (git-fixes)
  • scsi: bnx2fc: Make bnx2fcrecvframe() mp safe (git-fixes).
  • scsi: fnic: Fix a tracing statement (git-fixes).
  • scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
  • scsi: hisisas: Change permission of parameter protmask (git-fixes).
  • scsi: pm8001: Fix abort all task initialization (git-fixes).
  • scsi: pm8001: Fix command initialization in pm8001chipssptmreq() (git-fixes).
  • scsi: pm8001: Fix command initialization in pm80XXsendread_log() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xxchipsata_req() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xxchipsspioreq() (git-fixes).
  • scsi: pm8001: Fix le32 values handling in pm80xxsetsasprotocoltimer_config() (git-fixes).
  • scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
  • scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
  • scsi: pm8001: Fix payload initialization in pm80xxencryptupdate() (git-fixes).
  • scsi: pm8001: Fix payload initialization in pm80xxsetthermal_config() (git-fixes).
  • scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
  • scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
  • scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
  • scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
  • scsi: sr: Do not leak information in ioctl (git-fixes).
  • scsi: virtio-scsi: Eliminate anonymous moduleinit & moduleexit (git-fixes).
  • scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone() (git-fixes).
  • smp: Fix offline cpu check in flushsmpcallfunctionqueue() (git-fixes).
  • SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
  • SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
  • timekeeping: Really make sure walltomonotonic isn't (git-fixes)
  • tpm: ibmvtpm: Correct the return value in tpmibmvtpmprobe() (bsc#1065729).
  • USB: cdc-wdm: fix reading stuck on device close (git-fixes).
  • USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
  • USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
  • USB: hub: Fix locking issues with address0_mutex (git-fixes).
  • USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
  • USB: quirks: add a Realtek card reader (git-fixes).
  • USB: quirks: add STRING quirk for VCOM device (git-fixes).
  • USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
  • USB: serial: option: add Fibocom L610 modem (git-fixes).
  • USB: serial: option: add Fibocom MA510 modem (git-fixes).
  • USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
  • USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
  • USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
  • USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
  • USB: serial: whiteheat: fix heap overflow in WHITEHEATGETDTR_RTS (git-fixes).
  • veth: Ensure eth header is in skb's linear part (git-fixes).
  • video: backlight: Drop maximum brightness override for brightness (bsc#1129770)
  • video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
  • vxlan: fix memleak of fdb (git-fixes).
  • xhci: stop polling roothubs after shutdown (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.100.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.100.2",
            "kernel-azure-devel": "4.12.14-16.100.2",
            "kernel-devel-azure": "4.12.14-16.100.1",
            "kernel-syms-azure": "4.12.14-16.100.1",
            "kernel-azure-base": "4.12.14-16.100.2",
            "kernel-source-azure": "4.12.14-16.100.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.100.2",
            "kernel-azure-devel": "4.12.14-16.100.2",
            "kernel-devel-azure": "4.12.14-16.100.1",
            "kernel-syms-azure": "4.12.14-16.100.1",
            "kernel-azure-base": "4.12.14-16.100.2",
            "kernel-source-azure": "4.12.14-16.100.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.100.2",
            "kernel-azure-devel": "4.12.14-16.100.2",
            "kernel-devel-azure": "4.12.14-16.100.1",
            "kernel-syms-azure": "4.12.14-16.100.1",
            "kernel-azure-base": "4.12.14-16.100.2",
            "kernel-source-azure": "4.12.14-16.100.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.100.2

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.100.2",
            "kernel-azure-devel": "4.12.14-16.100.2",
            "kernel-devel-azure": "4.12.14-16.100.1",
            "kernel-syms-azure": "4.12.14-16.100.1",
            "kernel-azure-base": "4.12.14-16.100.2",
            "kernel-source-azure": "4.12.14-16.100.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.100.2",
            "kernel-azure-devel": "4.12.14-16.100.2",
            "kernel-devel-azure": "4.12.14-16.100.1",
            "kernel-syms-azure": "4.12.14-16.100.1",
            "kernel-azure-base": "4.12.14-16.100.2",
            "kernel-source-azure": "4.12.14-16.100.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.100.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.100.2",
            "kernel-azure-devel": "4.12.14-16.100.2",
            "kernel-devel-azure": "4.12.14-16.100.1",
            "kernel-syms-azure": "4.12.14-16.100.1",
            "kernel-azure-base": "4.12.14-16.100.2",
            "kernel-source-azure": "4.12.14-16.100.1"
        }
    ]
}