SUSE-SU-2022:3274-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223274-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3274-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3274-1
Related
Published
2022-09-14T07:59:26Z
Modified
2022-09-14T07:59:26Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-36946: Fixed a denial of service (panic) inside nfqnlmangle in net/netfilter/nfnetlinkqueue.c (bnc#1201940).
  • CVE-2022-36879: Fixed an issue in xfrmexpandpolicies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
  • CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
  • CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
  • CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
  • CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
  • CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
  • CVE-2022-21385: Fixed a flaw in netrdsalloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
  • CVE-2022-20369: Fixed out of bounds write in v4l2m2mquerybuf of v4l2-mem2mem.c (bnc#1202347).
  • CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
  • CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
  • CVE-2021-4203: Fixed use-after-free read flaw that was found in sockgetsockopt() in net/core/sock.c due to SOPEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
  • CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
  • CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429).
  • CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).

The following non-security bugs were fixed:

  • cifs: fix error paths in cifstreeconnect() (bsc#1177440).
  • cifs: fix uninitialized pointer in error case in dfscachegettgtshare (bsc#1188944).
  • cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
  • cifs: skip trailing separators of prefix paths (bsc#1188944).
  • kernel-obs-build: include qemufwcfg (boo#1201705)
  • lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
  • mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
  • mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
  • netsched: clsroute: disallow handle of 0 (bsc#1202393).
  • objtool: Add --backtrace support (bsc#1202396).
  • objtool: Add support for intra-function calls (bsc#1202396).
  • objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
  • objtool: Convert insn type to enum (bsc#1202396).
  • objtool: Do not use ignore flag for fake jumps (bsc#1202396).
  • objtool: Fix !CFI insn_state propagation (bsc#1202396).
  • objtool: Fix ORC vs alternatives (bsc#1202396).
  • objtool: Fix sibling call detection (bsc#1202396).
  • objtool: Make handleinsnops() unconditional (bsc#1202396).
  • objtool: Remove INSN_STACK (bsc#1202396).
  • objtool: Remove check preventing branches within alternative (bsc#1202396).
  • objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
  • objtool: Rename struct cfi_state (bsc#1202396).
  • objtool: Rework allocating stack_ops on decode (bsc#1202396).
  • objtool: Rewrite alt->skip_orig (bsc#1202396).
  • objtool: Set insn->func for alternatives (bsc#1202396).
  • objtool: Support conditional retpolines (bsc#1202396).
  • objtool: Support multiple stack_op per instruction (bsc#1202396).
  • objtool: Track original function across branches (bsc#1202396).
  • objtool: Uniquely identify alternative instruction groups (bsc#1202396).
  • objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
  • powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
  • powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
  • powerpc/pci: Use ofirqparseandmap_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
  • rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
References

Affected packages

SUSE:OpenStack Cloud 9 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise High Availability Extension 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-95.108.1",
            "gfs2-kmp-default": "4.12.14-95.108.1",
            "ocfs2-kmp-default": "4.12.14-95.108.1",
            "cluster-md-kmp-default": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-95_108-default": "1-6.3.1",
            "kernel-default-kgraft": "4.12.14-95.108.1",
            "kernel-default-kgraft-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP4 / kgraft-patch-SLE12-SP4_Update_30

Package

Name
kgraft-patch-SLE12-SP4_Update_30
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP4_Update_30&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-6.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-95_108-default": "1-6.3.1",
            "kernel-default-kgraft": "4.12.14-95.108.1",
            "kernel-default-kgraft-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default-man": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default-man": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-95.108.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-95.108.1",
            "kernel-devel": "4.12.14-95.108.1",
            "kernel-default-base": "4.12.14-95.108.1",
            "kernel-default-man": "4.12.14-95.108.1",
            "kernel-default": "4.12.14-95.108.1",
            "kernel-source": "4.12.14-95.108.1",
            "kernel-syms": "4.12.14-95.108.1",
            "kernel-default-devel": "4.12.14-95.108.1"
        }
    ]
}