SUSE-SU-2022:0767-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20220767-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0767-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:0767-1
Related
Published
2022-03-09T10:21:52Z
Modified
2022-03-09T10:21:52Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.

The following security bugs were fixed:

  • CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
  • CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
  • CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
  • CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udffilewrite_iter() via a malicious UDF image. (bsc#1196079)
  • CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernelreadfilefromfd() (bsc#1196155).
  • CVE-2021-44879: In gcdatasegment() in fs/f2fs/gc.c, special files were not considered, which lead to a movedatapage NULL pointer dereference (bsc#1195987).
  • CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
  • CVE-2022-0487: A use-after-free vulnerability was found in rtsxusbmsdrvremove() in drivers/memstick/host/rtsxusbms.c (bsc#1194516).
  • CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
  • CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
  • CVE-2021-45095: Fixed refcount leak in pepsockaccept in net/phonet/pep.c (bsc#1193867).

The following non-security bugs were fixed:

  • Bluetooth: bfusb: fix division by zero in send path (git-fixes).
  • Bluetooth: fix the erroneous flush_work() order (git-fixes).
  • EDAC/xgene: Fix deferred probing (bsc#1114648).
  • IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685).
  • NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). Make this work-around optional
  • NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes).
  • NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
  • NFSv4: Handle case where the lookup of a directory fails (git-fixes).
  • NFSv4: nfsatomicopen() can race when looking up a non-regular file (git-fixes).
  • PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
  • RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244).
  • RDMA/mlx5: Set user priority for DCT (bsc#1103991).
  • RDMA/netlink: Add _maybeunused to static inline in C file (bsc#1046306).
  • Replace with an alternative fix for bsc#1185377
  • crypto: afalg - getpage upon reassignment to TX SGL (bsc#1195840).
  • cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).
  • e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533).
  • ext4: avoid trim error on fs with small groups (bsc#1191271).
  • fuse: annotate lock in fusereverseinval_entry() (bsc#1195795).
  • gve: Add RX context (bsc#1191655).
  • gve: Add a jumbo-frame device option (bsc#1191655).
  • gve: Add consumed counts to ethtool stats (bsc#1191655).
  • gve: Add netifsetxps_queue call (bsc#1191655).
  • gve: Add optional metadata descriptor type GVETXDMTD (bsc#1191655).
  • gve: Add rx buffer pagecnt bias (bsc#1191655).
  • gve: Allow pageflips on larger pages (bsc#1191655).
  • gve: Avoid freeing NULL pointer (bsc#1191655).
  • gve: Correct available tx qpl check (bsc#1191655).
  • gve: Correct order of processing device options (bsc#1191655).
  • gve: DQO: avoid unused variable warnings (bsc#1191655).
  • gve: Do lazy cleanup in TX path (bsc#1191655).
  • gve: Fix GFP flags when allocing pages (bsc#1191655).
  • gve: Implement packet continuation for RX (bsc#1191655).
  • gve: Implement suspend/resume/shutdown (bsc#1191655).
  • gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
  • gve: Properly handle errors in gveassignqpl (bsc#1191655).
  • gve: Recording rx queue before sending to napi (bsc#1191655).
  • gve: Switch to use napicompletedone (bsc#1191655).
  • gve: Track RX buffer allocation failures (bsc#1191655).
  • gve: Update gvefreequeuepagelist signature (bsc#1191655).
  • gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
  • gve: fix for null pointer dereference (bsc#1191655).
  • gve: fix gvegetstats() (bsc#1191655).
  • gve: fix the wrong AdminQ buffer queue index check (bsc#1191655).
  • gve: fix unmatched u64statsupdate_end() (bsc#1191655).
  • gve: remove memory barrier around seqno (bsc#1191655).
  • gve: report 64bit txbytes counter from gvehandlereportstats() (bsc#1191655).
  • i40e: Fix changing previously set numqueuepairs for PFs (bsc#1094978).
  • i40e: Fix correct maxpktsize on VF RX queue (bsc#1101816 ).
  • i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816).
  • i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ).
  • i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797).
  • i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ).
  • i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978).
  • i40e: Fix pre-set max number of queues for VF (bsc#1111981 ).
  • i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ).
  • iavf: Fix limit of total number of queues to active queues of VF (bsc#1111981).
  • iavf: prevent accidental free of filter structure (bsc#1111981 ).
  • ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
  • ibmvnic: Update driver return codes (bsc#1196516 ltc#196391).
  • ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
  • ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
  • ibmvnic: define flushresetqueue helper (bsc#1196516 ltc#196391).
  • ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
  • ibmvnic: init initdonerc earlier (bsc#1196516 ltc#196391).
  • ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
  • ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
  • ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
  • ice: Delete always true check of PF pointer (bsc#1118661 ).
  • ice: ignore dropped packets during init (bsc#1118661 ).
  • igb: Fix removal of unicast MAC filters of VFs (bsc#1117495).
  • ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674).
  • kabi: Hide changes to s390/AP structures (jsc#SLE-20809).
  • lib/ioviter: initialize 'flags' in new pipebuffer (bsc#1196584).
  • mqprio: Correct stats in mqpriodumpclass_stats() (bsc#1109837).
  • net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
  • net: Prevent infinite while loop in skbtxhash() (bsc#1109837).
  • net: ena: Fix error handling when calculating max IO queues number (bsc#1174852).
  • net: ena: Fix undefined state when tx request id is out of bounds (bsc#1174852).
  • net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113).
  • net: phylink: avoid mvneta warning when setting pause parameters (bsc#1119113).
  • net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
  • nfsd: fix use-after-free due to delegation race (git-fixes).
  • phylib: fix potential use-after-free (bsc#1119113).
  • platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc#1112374).
  • powerpc/64s: Fix debugfssimpleattr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
  • powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
  • powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
  • powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
  • qed: Handle management FW error (git-fixes).
  • qed: rdma - do not wait for resources under hw error recovery flow (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
  • rndis_host: support Hytera digital radios (git-fixes).
  • s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809).
  • s390/ap: rework crypto config info and default domain code (jsc#SLE-20809).
  • s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC#196090).
  • s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195080 LTC#196090).
  • s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354).
  • scsi: bnx2fc: Flush destroywork queue before calling bnx2fcinterface_put() (git-fixes).
  • scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
  • scsi: lpfc: Terminate string in lpfcdebugfsnvmeiotrcwrite() (git-fixes).
  • scsi: nsp_cs: Check of ioremap return value (git-fixes).
  • scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
  • scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
  • scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
  • scsi: qla2xxx: Add qla2x00asyncdone() for async routines (bsc#1195823).
  • scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
  • scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
  • scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
  • scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
  • scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
  • scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
  • scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
  • scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
  • scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
  • scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
  • scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
  • scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
  • scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
  • scsi: qla2xxx: Remove a declaration (bsc#1195823).
  • scsi: qla2xxx: Remove unused qlasessopcmdlist from scsiqlahost_t (bsc#1195823).
  • scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
  • scsi: qla2xxx: Suppress a kernel complaint in qlacreateqpair() (bsc#1195823).
  • scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
  • scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
  • scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
  • scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
  • scsi: qla2xxx: edif: Replace listforeachsafe with listforeachentry_safe (bsc#1195823).
  • scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
  • scsi: scsidebug: Sanity check block descriptor length in respmode_select() (git-fixes).
  • scsi: ufs: Fix race conditions related to driver data (git-fixes).
  • scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245).
  • sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857).
  • tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
  • tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
  • usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
  • usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
  • xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.113.1",
            "gfs2-kmp-default": "4.12.14-122.113.1",
            "ocfs2-kmp-default": "4.12.14-122.113.1",
            "cluster-md-kmp-default": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_113-default": "1-8.3.1",
            "kernel-default-kgraft": "4.12.14-122.113.1",
            "kernel-default-kgraft-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_29

Package

Name
kgraft-patch-SLE12-SP5_Update_29
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_29&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_113-default": "1-8.3.1",
            "kernel-default-kgraft": "4.12.14-122.113.1",
            "kernel-default-kgraft-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-docs

Package

Name
kernel-docs
Purl
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.113.1",
            "kernel-obs-build": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.113.1",
            "kernel-obs-build": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.113.1",
            "kernel-devel": "4.12.14-122.113.1",
            "kernel-default-base": "4.12.14-122.113.1",
            "kernel-default-man": "4.12.14-122.113.1",
            "kernel-default": "4.12.14-122.113.1",
            "kernel-source": "4.12.14-122.113.1",
            "kernel-syms": "4.12.14-122.113.1",
            "kernel-default-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.113.1",
            "kernel-devel": "4.12.14-122.113.1",
            "kernel-default-base": "4.12.14-122.113.1",
            "kernel-default-man": "4.12.14-122.113.1",
            "kernel-default": "4.12.14-122.113.1",
            "kernel-source": "4.12.14-122.113.1",
            "kernel-syms": "4.12.14-122.113.1",
            "kernel-default-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.113.1",
            "kernel-devel": "4.12.14-122.113.1",
            "kernel-default-base": "4.12.14-122.113.1",
            "kernel-default-man": "4.12.14-122.113.1",
            "kernel-default": "4.12.14-122.113.1",
            "kernel-source": "4.12.14-122.113.1",
            "kernel-syms": "4.12.14-122.113.1",
            "kernel-default-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.113.1",
            "kernel-devel": "4.12.14-122.113.1",
            "kernel-default-base": "4.12.14-122.113.1",
            "kernel-default-man": "4.12.14-122.113.1",
            "kernel-default": "4.12.14-122.113.1",
            "kernel-source": "4.12.14-122.113.1",
            "kernel-syms": "4.12.14-122.113.1",
            "kernel-default-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.113.1",
            "kernel-devel": "4.12.14-122.113.1",
            "kernel-default-base": "4.12.14-122.113.1",
            "kernel-default-man": "4.12.14-122.113.1",
            "kernel-default": "4.12.14-122.113.1",
            "kernel-source": "4.12.14-122.113.1",
            "kernel-syms": "4.12.14-122.113.1",
            "kernel-default-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.113.1",
            "kernel-devel": "4.12.14-122.113.1",
            "kernel-default-base": "4.12.14-122.113.1",
            "kernel-default-man": "4.12.14-122.113.1",
            "kernel-default": "4.12.14-122.113.1",
            "kernel-source": "4.12.14-122.113.1",
            "kernel-syms": "4.12.14-122.113.1",
            "kernel-default-devel": "4.12.14-122.113.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.113.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "4.12.14-122.113.1"
        }
    ]
}