SUSE-SU-2022:2382-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222382-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2382-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2382-1
Related
Published
2022-07-13T09:26:10Z
Modified
2025-05-02T04:30:41.712834Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
  • CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages (bsc#1199487).
  • CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
  • CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
  • CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
  • CVE-2022-20141: Fixed a possible use after free due to improper locking in ipcheckmc_rcu() (bsc#1200604).
  • CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
  • CVE-2022-20154: Fixed a use after free due to a race condition in locksocknested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
  • CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)
  • CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
  • CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).

The following non-security bugs were fixed:

  • add mainline tag for a pci-hyperv change
  • audit: fix a race condition with the auditd tracking code (bsc#1197170).
  • block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
  • bnxten: Remove the setting of devport (git-fixes).
  • bonding: fix bondneighinit() (git-fixes).
  • dm crypt: Avoid percpucounter spinlock contention in cryptpage_alloc() (git-fixes).
  • drbd: fix duplicate array initializer (git-fixes).
  • drbd: remove assignpsizes_qlim (git-fixes).
  • drbd: use bdevalignmentoffset instead of queuealignmentoffset (git-fixes).
  • drbd: use bdev based limit helpers in drbdsendsizes (git-fixes).
  • exec: Force single empty string when argv is empty (bsc#1200571).
  • ext4: fix bugon ext4mbuseinode_pa (bsc#1200810).
  • ext4: fix bugon in _estreesearch (bsc#1200809).
  • ext4: fix bugon in ext4writepages (bsc#1200872).
  • ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
  • ext4: fix race condition between ext4write and ext4convertinlinedata (bsc#1200807).
  • ext4: fix symlink file size not match to file content (bsc#1200868).
  • ext4: fix use-after-free in ext4renamedir_prepare (bsc#1200871).
  • ext4: force overhead calculation if the soverheadcluster makes no sense (bsc#1200870).
  • ext4: limit length to bitmapmaxbytes - blocksize in punchhole (bsc#1200806).
  • ext4: make variable 'count' signed (bsc#1200820).
  • fs-writeback: writebacksbinodes Recalculate 'wrote' according skipped pages (bsc#1200873).
  • i915vma: Rename vmalookup to i915vmalookup (git-fixes).
  • ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
  • init: Initialize noopbackingdev_info early (bsc#1200822).
  • inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
  • Input: bcm5974 - set missing URBNOTRANSFERDMAMAP urb flag (git-fixes).
  • Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
  • Input: elani2c - move regulator[en|dis]able() out of elan[en|dis]ablepower() (git-fixes).
  • Input: omap4-keypad - fix pmruntimeget_sync() error checking (git-fixes).
  • iomap: iomapwritefailed fix (bsc#1200829).
  • kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
  • kvm: i8254: remove redundant assignment to pointer s (git-fixes).
  • KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (git-fixes).
  • KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
  • KVM: x86: Allocate new rmap and large page tracking when moving memslot (git-fixes).
  • KVM: x86: always stop emulation on page fault (git-fixes).
  • KVM: x86: clear stale x86emulatectxt->intercept value (git-fixes).
  • KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
  • kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
  • KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
  • KVM: x86: do not modify masked bits of shared MSRs (git-fixes).
  • KVM: x86/emulator: Defer not-present segment check in _loadsegment_descriptor() (git-fixes).
  • KVM: x86: Fix emulation in writing cr8 (git-fixes).
  • KVM: x86: Fix off-by-one error in kvmvcpuioctlx86setup_mce (git-fixes).
  • KVM: x86: Fix potential putfpu() w/o loadfpu() on MPX platform (git-fixes).
  • KVM: x86: Fix x86decodeinsn() return when fetching insn bytes fails (git-fixes).
  • KVM: x86: Free wbinvddirtymask if vCPU creation fails (git-fixes).
  • kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH (git-fixes).
  • KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
  • KVM: x86: Manually calculate reserved bits when loading PDPTRS (git-fixes).
  • KVM: x86: Manually flush collapsible SPTEs only when toggling flags (git-fixes).
  • KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
  • KVM: x86/mmu: Treat invalid shadow pages as obsolete (git-fixes).
  • KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
  • KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes).
  • KVM: x86: Remove spurious kvmmmuunload() from vcpu destruction path (git-fixes).
  • KVM: x86: remove stale comment from struct x86emulatectxt (git-fixes).
  • KVM: x86: set ctxt->haveexception in x86decode_insn() (git-fixes).
  • kvm: x86: skip populating logical dest map if apic is not sw enabled (git-fixes).
  • KVM: x86: Trace the original requested CPUID function in kvm_cpuid() (git-fixes).
  • md: bcache: check the return value of kzalloc() in detacheddevdo_request() (git-fixes).
  • md: fix an incorrect NULL check in doessbneed_changing (git-fixes).
  • md: fix an incorrect NULL check in mdreloadsb (git-fixes).
  • md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
  • mm: add vmalookup(), update findvma_intersection() comments (git-fixes).
  • net/mlx5: Avoid double free of root ns in the error flow path (git-fixes).
  • net/mlx5e: Replace reciprocal_scale in TX select queue function (git-fixes).
  • net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes).
  • net/mlx5: Fix auto group size calculation (git-fixes).
  • net: qed: Disable aRFS for NPAR and 100G (git-fixes).
  • net: qede: Disable aRFS for NPAR and 100G (git-fixes).
  • net: stmmac: update rx tail pointer register to fix rx dma hang issue (git-fixes).
  • NFSD: Fix possible sleep during nfsd4releaselockowner() (git-fixes).
  • NFS: Further fixes to the writeback error handling (git-fixes).
  • PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes).
  • PCI: Tidy comments (git-fixes).
  • platform/chrome: crosecproto: Send command again when timeout occurs (git-fixes).
  • powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
  • powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
  • powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
  • qed: Enable automatic recovery on error condition (bsc#1196964).
  • raid5: introduce MD_BROKEN (git-fixes).
  • s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
  • s390: fix strrchr() implementation (git-fixes).
  • s390/ftrace: fix ftraceupdateftrace_func implementation (git-fixes).
  • s390/gmap: do not unconditionally call pteunmapunlock() in _gmapzap() (git-fixes).
  • s390/gmap: validate VMA in _gmapzap() (git-fixes).
  • s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes).
  • s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
  • scsi: dc395x: Fix a missing check on list iterator (git-fixes).
  • scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
  • scsi: ufs: qcom: Fix ufsqcomresume() (git-fixes).
  • SUNRPC: Fix the calculation of xdr->end in xdrgetnextencodebuffer() (git-fixes).
  • target: remove an incorrect unmap zeroes data deduction (git-fixes).
  • tracing: Fix return value of tracepidwrite() (git-fixes).
  • usb: musb: Fix missing ofnodeput() in omap2430_probe (git-fixes).
  • USB: serial: option: add Quectel BG95 modem (git-fixes).
  • USB: storage: karma: fix riokarmainit return (git-fixes).
  • usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
  • usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
  • video: fbdev: clcdfb: Fix refcount leak in clcdfbofvram_setup (bsc#1129770)
  • writeback: Avoid skipping inode writeback (bsc#1200813).
  • writeback: Fix inode->iiolist not be protected by inode->i_lock error (bsc#1200821).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.127.1",
            "gfs2-kmp-default": "4.12.14-122.127.1",
            "ocfs2-kmp-default": "4.12.14-122.127.1",
            "cluster-md-kmp-default": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_127-default": "1-8.3.1",
            "kernel-default-kgraft": "4.12.14-122.127.1",
            "kernel-default-kgraft-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_33

Package

Name
kgraft-patch-SLE12-SP5_Update_33
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_33&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_127-default": "1-8.3.1",
            "kernel-default-kgraft": "4.12.14-122.127.1",
            "kernel-default-kgraft-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-docs

Package

Name
kernel-docs
Purl
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.127.1",
            "kernel-obs-build": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.127.1",
            "kernel-obs-build": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.127.1",
            "kernel-devel": "4.12.14-122.127.1",
            "kernel-default-base": "4.12.14-122.127.1",
            "kernel-default-man": "4.12.14-122.127.1",
            "kernel-default": "4.12.14-122.127.1",
            "kernel-source": "4.12.14-122.127.1",
            "kernel-syms": "4.12.14-122.127.1",
            "kernel-default-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.127.1",
            "kernel-devel": "4.12.14-122.127.1",
            "kernel-default-base": "4.12.14-122.127.1",
            "kernel-default-man": "4.12.14-122.127.1",
            "kernel-default": "4.12.14-122.127.1",
            "kernel-source": "4.12.14-122.127.1",
            "kernel-syms": "4.12.14-122.127.1",
            "kernel-default-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.127.1",
            "kernel-devel": "4.12.14-122.127.1",
            "kernel-default-base": "4.12.14-122.127.1",
            "kernel-default-man": "4.12.14-122.127.1",
            "kernel-default": "4.12.14-122.127.1",
            "kernel-source": "4.12.14-122.127.1",
            "kernel-syms": "4.12.14-122.127.1",
            "kernel-default-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.127.1",
            "kernel-devel": "4.12.14-122.127.1",
            "kernel-default-base": "4.12.14-122.127.1",
            "kernel-default-man": "4.12.14-122.127.1",
            "kernel-default": "4.12.14-122.127.1",
            "kernel-source": "4.12.14-122.127.1",
            "kernel-syms": "4.12.14-122.127.1",
            "kernel-default-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.127.1",
            "kernel-devel": "4.12.14-122.127.1",
            "kernel-default-base": "4.12.14-122.127.1",
            "kernel-default-man": "4.12.14-122.127.1",
            "kernel-default": "4.12.14-122.127.1",
            "kernel-source": "4.12.14-122.127.1",
            "kernel-syms": "4.12.14-122.127.1",
            "kernel-default-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.127.1",
            "kernel-devel": "4.12.14-122.127.1",
            "kernel-default-base": "4.12.14-122.127.1",
            "kernel-default-man": "4.12.14-122.127.1",
            "kernel-default": "4.12.14-122.127.1",
            "kernel-source": "4.12.14-122.127.1",
            "kernel-syms": "4.12.14-122.127.1",
            "kernel-default-devel": "4.12.14-122.127.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.127.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-extra": "4.12.14-122.127.1"
        }
    ]
}