SUSE-SU-2022:2172-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222172-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2172-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2172-1
Related
Published
2022-06-24T08:33:58Z
Modified
2022-06-24T08:33:58Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

  • CVE-2022-1012: Fixed a small table perturb size in the TCP source port generation algorithm which could leads to information leak. (bsc#1199482).
  • CVE-2022-20141: Fixed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604)
  • CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
  • CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
  • CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
  • CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)

The following non-security bugs were fixed:

  • ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
  • ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
  • ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
  • ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
  • ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
  • ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
  • ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
  • ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
  • arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
  • ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
  • ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
  • ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
  • ASoC: tscs454: Add endianness flag in sndsoccomponent_driver (git-fixes).
  • ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
  • ath9k: fix QCA9561 PA bias level (git-fixes).
  • b43: Fix assigning negative value to unsigned variable (git-fixes).
  • b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
  • blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
  • blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
  • block: fix biocloneblkgassociation() to associate with proper blkcggq (bsc#1200259).
  • btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  • certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
  • cfg80211: set custom regdomain after wiphy registration (git-fixes).
  • clocksource/drivers/oxnas-rps: Fix irqofparseandmap() return value (git-fixes).
  • clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
  • dma-buf: fix use of DMABUFSETNAME{A,B} in userspace (git-fixes).
  • dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type (git-fixes).
  • drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
  • drivers: staging: rtl8192e: Fix deadlock in rtllibbeaconsstop() (git-fixes).
  • drivers: staging: rtl8192u: Fix deadlock in ieee80211beaconsstop() (git-fixes).
  • drivers: tty: serial: Fix deadlock in sa1100settermios() (git-fixes).
  • drivers: usb: host: Fix deadlock in oxubussuspend() (git-fixes).
  • drm: imx: fix compiler warning with gcc-12 (git-fixes).
  • drm: msm: fix error check return value of irqofparseandmap() (git-fixes).
  • drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
  • drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
  • drm/amdgpu/ucode: Remove firmware load type check in amdgpuucodefree_bo (git-fixes).
  • drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
  • drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
  • drm/i915: Fix -Wstringop-overflow warning in call to intelreadwm_latency() (git-fixes).
  • drm/i915: fix i915globalsexit() section mismatch error (git-fixes).
  • drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
  • drm/i915/reset: Fix errorstateread ptr + offset use (git-fixes).
  • drm/komeda: return early if drmuniversalplane_init() fails (git-fixes).
  • drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
  • drm/plane: Move range check for format_count earlier (git-fixes).
  • drm/radeon: fix a possible null pointer dereference (git-fixes).
  • drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes (git-fixes).
  • efi: Add missing prototype for eficapsulesetup_info (git-fixes).
  • efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
  • fbcon: Consistently protect deferredtakeover with consolelock() (git-fixes).
  • ftrace: Clean up hash direct_functions on register failures (git-fixes).
  • HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
  • HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
  • hwmon: Make chip parameter for with_info API mandatory (git-fixes).
  • i2c: cadence: Increase timeout per message if necessary (git-fixes).
  • i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
  • iio: dummy: iiosimpledummy: check the return value of kstrdup() (git-fixes).
  • Input: bcm5974 - set missing URBNOTRANSFERDMAMAP urb flag (git-fixes).
  • Input: goodix - fix spurious key release events (git-fixes).
  • ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
  • irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
  • irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
  • irqchip/aspeed-i2c-ic: Fix irqofparseandmap() return value (git-fixes).
  • irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
  • iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
  • KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
  • KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
  • KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
  • KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
  • KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
  • KVM: s390: pv: add macros for UVC CC values (git-fixes).
  • KVM: s390: pv: avoid double free of sida page (git-fixes).
  • KVM: s390: pv: avoid stalls for kvms390pvinitvm (git-fixes).
  • KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
  • KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
  • KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
  • KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
  • KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
  • KVM: x86: Fix emulation in writing cr8 (git-fixes).
  • KVM: x86: Fix off-by-one error in kvmvcpuioctlx86setup_mce (git-fixes).
  • KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
  • KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
  • KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
  • KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
  • KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
  • KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
  • KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
  • KVM: x86/emulator: Defer not-present segment check in _loadsegment_descriptor() (git-fixes).
  • KVM: x86/pmu: Fix HWREFCPUCYCLES event pseudo-encoding in intelarch_events[] (git-fixes).
  • mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
  • md: fix an incorrect NULL check in doessbneed_changing (git-fixes).
  • md: fix an incorrect NULL check in mdreloadsb (git-fixes).
  • media: cx25821: Fix the warning when removing the module (git-fixes).
  • media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
  • media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
  • media: venus: hfi: avoid null dereference in deinit (git-fixes).
  • misc: rtsx: set NULL intfdata when probe fails (git-fixes).
  • mmc: block: Fix CQE recovery reset success (git-fixes).
  • mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
  • modpost: fix removing numeric suffixes (git-fixes).
  • modpost: fix undefined behavior of isarmmapping_symbol() (git-fixes).
  • mt76: check return value of mt76txqsendburst in mt76txqschedulelist (git-fixes).
  • mwifiex: add mutex lock for call in mwifiexdfschanswwork_queue (git-fixes).
  • net: ax25: Fix deadlock caused by skbrecvdatagram in ax25_recvmsg (git-fixes).
  • net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
  • nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
  • nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
  • nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
  • NFS: Do not report ENOSPC write errors twice (git-fixes).
  • nfsd: Fix null-ptr-deref in nfsdfillsuper() (git-fixes).
  • PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
  • pcmcia: db1xxxss: restrict to MIPSDB1XXX boards (git-fixes).
  • pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
  • platform/chrome: crosecproto: Send command again when timeout occurs (git-fixes).
  • platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
  • platform/x86: wmi: Replace readtakesno_args with a flags field (git-fixes).
  • PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
  • powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
  • raid5: introduce MD_BROKEN (git-fixes).
  • random: Add and use pr_fmt() (bsc#1184924).
  • random: remove unnecessary unlikely() (bsc#1184924).
  • rtl818x: Prevent using not initialized queues (git-fixes).
  • rtlwifi: Use prwarn instead of WARNONCE (git-fixes).
  • s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
  • s390: fix strrchr() implementation (git-fixes).
  • s390/cio: dont call csswaitforslowpath() inside a lock (git-fixes).
  • s390/cio: Fix the 'type' field in s390ciotpi tracepoint (git-fixes).
  • s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
  • s390/ctcm: fix potential memory leak (git-fixes).
  • s390/ctcm: fix variable dereferenced before check (git-fixes).
  • s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
  • s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
  • s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
  • s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
  • s390/ftrace: fix ftraceupdateftrace_func implementation (git-fixes).
  • s390/lcs: fix variable dereferenced before check (git-fixes).
  • s390/mcck: fix invalid KVM guest condition check (git-fixes).
  • s390/mcck: isolate SIE instruction when setting CIFMCCKGUEST flag (git-fixes).
  • s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
  • s390/nmi: handle vector validity failures for KVM guests (git-fixes).
  • s390/pv: fix the forcing of the swiotlb (git-fixes).
  • s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
  • s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
  • s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
  • serial: msmserial: disable interrupts in _msmconsolewrite() (git-fixes).
  • spi: Introduce device-managed SPI controller allocation (git-fixes).
  • spi: spi-rspi: Remove setting {src,dst}{addr,addrwidth} based on DMA direction (git-fixes).
  • spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
  • staging: rtl8712: fix uninit-value in r871xudrvinit() (git-fixes).
  • staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
  • tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
  • tty: Fix a possible resource leak in icom_probe (git-fixes).
  • tty: synclinkgt: Fix null-pointer-dereference in slgtclean() (git-fixes).
  • usb: core: hcd: Add support for deferring roothub registration (git-fixes).
  • usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
  • usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
  • usb: host: isp116x: check return value after calling platformgetresource() (git-fixes).
  • usb: new quirk for Dell Gen 2 devices (git-fixes).
  • usb: serial: option: add Quectel BG95 modem (git-fixes).
  • vfio-ccw: Check initialized flag in cp_init() (git-fixes).
  • vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
  • video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xxgcuprobe/remove() (git-fixes).
  • virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
  • vringh: Fix loop descriptors check in the indirect cases (git-fixes).
  • watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.62.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-devel": "5.3.18-150300.38.62.1",
            "kernel-devel-azure": "5.3.18-150300.38.62.1",
            "kernel-syms-azure": "5.3.18-150300.38.62.1",
            "kernel-source-azure": "5.3.18-150300.38.62.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.62.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-devel": "5.3.18-150300.38.62.1",
            "kernel-devel-azure": "5.3.18-150300.38.62.1",
            "kernel-syms-azure": "5.3.18-150300.38.62.1",
            "kernel-source-azure": "5.3.18-150300.38.62.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.62.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-devel": "5.3.18-150300.38.62.1",
            "kernel-devel-azure": "5.3.18-150300.38.62.1",
            "kernel-syms-azure": "5.3.18-150300.38.62.1",
            "kernel-source-azure": "5.3.18-150300.38.62.1"
        }
    ]
}

openSUSE:Leap 15.3 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.62.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-devel-azure": "5.3.18-150300.38.62.1",
            "dlm-kmp-azure": "5.3.18-150300.38.62.1",
            "cluster-md-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-extra": "5.3.18-150300.38.62.1",
            "gfs2-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-optional": "5.3.18-150300.38.62.1",
            "kernel-azure-devel": "5.3.18-150300.38.62.1",
            "kernel-azure": "5.3.18-150300.38.62.1",
            "kselftests-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-syms-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-livepatch-devel": "5.3.18-150300.38.62.1",
            "ocfs2-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-source-azure": "5.3.18-150300.38.62.1"
        }
    ]
}

openSUSE:Leap 15.3 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.62.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-devel-azure": "5.3.18-150300.38.62.1",
            "dlm-kmp-azure": "5.3.18-150300.38.62.1",
            "cluster-md-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-extra": "5.3.18-150300.38.62.1",
            "gfs2-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-optional": "5.3.18-150300.38.62.1",
            "kernel-azure-devel": "5.3.18-150300.38.62.1",
            "kernel-azure": "5.3.18-150300.38.62.1",
            "kselftests-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-syms-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-livepatch-devel": "5.3.18-150300.38.62.1",
            "ocfs2-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-source-azure": "5.3.18-150300.38.62.1"
        }
    ]
}

openSUSE:Leap 15.3 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.38.62.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-devel-azure": "5.3.18-150300.38.62.1",
            "dlm-kmp-azure": "5.3.18-150300.38.62.1",
            "cluster-md-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-extra": "5.3.18-150300.38.62.1",
            "gfs2-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-optional": "5.3.18-150300.38.62.1",
            "kernel-azure-devel": "5.3.18-150300.38.62.1",
            "kernel-azure": "5.3.18-150300.38.62.1",
            "kselftests-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-syms-azure": "5.3.18-150300.38.62.1",
            "kernel-azure-livepatch-devel": "5.3.18-150300.38.62.1",
            "ocfs2-kmp-azure": "5.3.18-150300.38.62.1",
            "kernel-source-azure": "5.3.18-150300.38.62.1"
        }
    ]
}