SUSE-SU-2022:2116-1

The SUSE Linux Enterprise 12 SP5 kernel was updated.

The following security bugs were fixed:

• CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143)
• CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
• CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
• CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
• CVE-2022-1729: Fixed a sysperfevent_open() race condition against self (bsc#1199507).
• CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
• CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
• CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
• CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
• CVE-2021-39711: In bpfprogtestrunskb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
• CVE-2022-30594: Fixed restriction bypass on setting the PTSUSPENDSECCOMP flag (bnc#1199505).
• CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).

The following non-security bugs were fixed:

• ACPI: property: Release subnode properties with data nodes (git-fixes).
• ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
• arm64: set plt* section addresses to 0x0 (git-fixes)
• arm64: Add missing ISB after invalidating TLB in _primaryswitch (git-fixes)
• arm64: armv8deprecated: Fix undefhook mask for thumb setend (git-fixes)
• arm64: avoid -Woverride-init warning (git-fixes)
• arm64: berlin: Select DWAPBTIMER_OF (git-fixes) Update arm64 default config too.
• arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
• arm64: clearpage() shouldn't use DC ZVA when DCZIDEL0.DZP == 1 (git-fixes).
• arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
• arm64: compat: Reduce address limit (git-fixes)
• arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
• arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
• arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
• arm64: csum: Fix handling of bad packets (git-fixes)
• arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes)
• arm64: debug: Ensure debug handlers check triggering exception level (git-fixes)
• arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
• arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
• arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
• arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
• arm64: fix inline asm in loadunalignedzeropad() (git-fixes)
• arm64: Fix size of _earlycpubootstatus (git-fixes)
• arm64: fix the flushicacherange arguments in machine_kexec (git-fixes)
• arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
• arm64: futex: Bound number of LDXR/STXR loops in FUTEXWAKEOP (git-fixes)
• arm64: futex: Fix FUTEXWAKEOP atomic ops with non-zero result value (git-fixes)
• arm64: futex: Restore oldval initialization to work around buggy (git-fixes)
• arm64: hibernate: check pgd table allocation (git-fixes)
• arm64: hugetlb: avoid potential NULL dereference (git-fixes)
• arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes)
• arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
• arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
• arm64: kgdb: Fix single-step exception handling oops (git-fixes)
• arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes)
• arm64: module: remove (NOLOAD) from linker script (git-fixes)
• arm64: perf: Report the PC value in REGSABI32 mode (git-fixes)
• arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
• arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
• arm64: Relax GIC version check during early boot (git-fixes)
• arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
• arm64: smp: fix crashsmpsend_stop() behaviour (git-fixes)
• arm64: smp: fix smpsendstop() behaviour (git-fixes)
• arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes)
• arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
• arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
• arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
• bonding: pair enableport with slavearr_updates (git-fixes).
• btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
• btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
• cgroup/cpuset: Remove cpusallowed/memsallowed setup in cpusetinitsmp() (bsc#1199839).
• cputime, cpuacct: Include guest time in user time in (git-fixes)
• crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes)
• crypto: ixp4xx - dma_unmap the correct address (git-fixes).
• crypto: qat - do not cast parameter in bit operations (git-fixes).
• crypto: rsa-pkcs1pad - fix buffer overread in pkcs1padverifycomplete() (bsc#1197601).
• crypto: virtio - deal with unsupported input sizes (git-fixes).
• crypto: virtio: Fix dest length calculation in _virtiocryptoskcipherdo_req() (git-fixes).
• drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
• drbd: Fix five use after free bugs in getinitialstate (git-fixes).
• drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
• drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
• i40e: always propagate error value in i40esetvsi_promisc() (git-fixes).
• i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
• i40e: fix return of uninitialized aqret in i40esetvsipromisc (git-fixes).
• i40e: Fix the conditional for i40evcvalidatevqsbitmaps (git-fixes).
• i40e: Fix virtchnlqueueselect bitmap validation (git-fixes).
• i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes).
• i40e: Remove scheduling while atomic possibility (git-fixes).
• iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
• Input: aiptek - properly check endpoint type (git-fixes).
• Input: appletouch - initialize work before device registration (git-fixes).
• Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
• Input: spaceball - fix parsing of movement data packets (git-fixes).
• Input: tiam335xtsc - fix STEPCONFIG setup for Z2 (git-fixes).
• Input: tiam335xtsc - set ADCREFM for X configuration (git-fixes).
• Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
• KVM: arm64: Fix definition of PAGEHYPDEVICE (git-fixes)
• KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
• KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes).
• lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
• media: cpia2: fix control-message timeouts (git-fixes).
• media: cx23885: Fix sndcardfree call on null card pointer (git-fixes).
• media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
• media: dmxdev: fix UAF when dvbregisterdevice() fails (git-fixes).
• media: em28xx: fix control-message timeouts.
• media: flexcop-usb: fix control-message timeouts (git-fixes).
• media: mceusb: fix control-message timeouts (git-fixes).
• media: mtk-vpu: Fix a resource leak in the error handling path of 'mtkvpuprobe()' (git-fixes).
• media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
• media: pvrusb2: fix control-message timeouts (git-fixes).
• media: redrat3: fix control-message timeouts (git-fixes).
• media: s2255: fix control-message timeouts (git-fixes).
• media: stk1160: fix control-message timeouts (git-fixes).
• media: vim2m: Remove surplus name initialization (git-fixes).
• mm, pagealloc: fix buildzonerefs_node() (git-fixes).
• net: bcmgenet: Do not claim WOL when its not available (git-fixes).
• net: mana: Add counter for packet dropped by XDP (bsc#1195651).
• net: mana: Add counter for XDP_TX (bsc#1195651).
• net: mana: Add handling of CQERXTRUNCATED (bsc#1195651).
• net: mana: Remove unnecessary check of cqetype in manaprocessrxcqe() (bsc#1195651).
• net: mana: Reuse XDP dropped page (bsc#1195651).
• net: mana: Use structsize() helper in managdcreatedma_region() (bsc#1195651).
• net: qlogic: check the return value of dmaalloccoherent() in qedvfhw_prepare() (git-fixes).
• net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes).
• netfilter: conntrack: connection timeout after re-register (bsc#1199035).
• netfilter: conntrack: move synack init code to helper (bsc#1199035).
• netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
• netfilter: nfconntracktcp: preserve liberal flag in tcp options (bsc#1199035).
• netfilter: nfconntracktcp: re-init for syn packets only (bsc#1199035).
• netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015).
• NFS: Do not invalidate inode attributes on delegation return (git-fixes).
• NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
• PCI / ACPI: Mark expected switch fall-through (git-fixes).
• PCI: Do not enable AtomicOps on VFs (bsc#1129770)
• PCI: hv: Do not set PCICOMMANDMEMORY to reduce VM boot time (bsc#1199314).
• powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
• powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
• powerpc/64s: Add CPUFTRSPOWER9DD22 to CPUFTRSALWAYS mask (bsc#1061840 git-fixes).
• powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329).
• powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
• powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
• powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
• powerpc/xive: Add some error handling code to 'xivespaprinit()' (git-fixes).
• powerpc/xive: Fix refcount leak in xivespaprinit (git-fixes).
• qed: display VF trust config (git-fixes).
• qed: return status of qediovget_link (git-fixes).
• qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
• revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
• sched/core: Add _sched tag for ioschedule() (git-fixes)
• sched/core: Fix comment regarding nriowaitcpu() and (git-fixes)
• sched/debug: Remove mpolget/put and tasklock/unlock from (git-fixes)
• scsi: bnx2fc: Make bnx2fcrecvframe() mp safe (git-fixes).
• scsi: fnic: Fix a tracing statement (git-fixes).
• scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
• scsi: hisisas: Change permission of parameter protmask (git-fixes).
• scsi: pm8001: Fix abort all task initialization (git-fixes).
• scsi: pm8001: Fix command initialization in pm8001chipssptmreq() (git-fixes).
• scsi: pm8001: Fix command initialization in pm80XXsendread_log() (git-fixes).
• scsi: pm8001: Fix le32 values handling in pm80xxchipsata_req() (git-fixes).
• scsi: pm8001: Fix le32 values handling in pm80xxchipsspioreq() (git-fixes).
• scsi: pm8001: Fix le32 values handling in pm80xxsetsasprotocoltimer_config() (git-fixes).
• scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
• scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
• scsi: pm8001: Fix payload initialization in pm80xxencryptupdate() (git-fixes).
• scsi: pm8001: Fix payload initialization in pm80xxsetthermal_config() (git-fixes).
• scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
• scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
• scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
• scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
• scsi: sr: Do not leak information in ioctl (git-fixes).
• scsi: virtio-scsi: Eliminate anonymous moduleinit and moduleexit (git-fixes).
• scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone() (git-fixes).
• smp: Fix offline cpu check in flushsmpcallfunctionqueue() (git-fixes).
• SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
• SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
• timekeeping: Really make sure walltomonotonic isn't (git-fixes)
• tpm: ibmvtpm: Correct the return value in tpmibmvtpmprobe() (bsc#1065729).
• USB: cdc-wdm: fix reading stuck on device close (git-fixes).
• USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
• USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
• USB: hub: Fix locking issues with address0_mutex (git-fixes).
• USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
• USB: quirks: add a Realtek card reader (git-fixes).
• USB: quirks: add STRING quirk for VCOM device (git-fixes).
• USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
• USB: serial: option: add Fibocom L610 modem (git-fixes).
• USB: serial: option: add Fibocom MA510 modem (git-fixes).
• USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
• USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
• USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
• USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
• USB: serial: whiteheat: fix heap overflow in WHITEHEATGETDTR_RTS (git-fixes).
• veth: Ensure eth header is in skb's linear part (git-fixes).
• video: backlight: Drop maximum brightness override for brightness (bsc#1129770)
• video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
• vxlan: fix memleak of fdb (git-fixes).
• xhci: stop polling roothubs after shutdown (git-fixes).