The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
CVE-2022-24448: Fixed an issue if an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
CVE-2022-1729: Fixed a sysperfevent_open() race condition against self (bsc#1199507).
CVE-2021-39711: In bpfprogtestrunskb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
CVE-2022-30594: Fixed restriction bypass on setting the PTSUSPENDSECCOMP flag (bnc#1199505).
CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
The following non-security bugs were fixed:
ACPI: property: Release subnode properties with data nodes (git-fixes).
Input: spaceball - fix parsing of movement data packets (git-fixes).
Input: tiam335xtsc - fix STEPCONFIG setup for Z2 (git-fixes).
Input: tiam335xtsc - set ADCREFM for X configuration (git-fixes).
Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
KVM: arm64: Fix definition of PAGEHYPDEVICE (git-fixes)
KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes).
lpfc: drop driver update 14.2.0.x The amount of backport changes necessary for due to the refactoring is introducing to much code churn and is likely to introduce regressions. This ends the backport effort to keep the lpfc in sync with mainline.
lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).