The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2022-36879: Fixed an issue in xfrmexpandpolicies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665).
CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-21385: Fixed a flaw in netrdsalloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2m2mquerybuf of v4l2-mem2mem.c (bnc#1202347).
CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
CVE-2021-4203: Fixed use-after-free read flaw that was found in sockgetsockopt() in net/core/sock.c due to SOPEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
The following non-security bugs were fixed:
9p: migrate from syncinode to filemapfdatawrite_wbc (bsc#1202528).
ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
Fix releasing of old bundles in xfrmbundlelookup() (bsc#1201264 bsc#1190397 bsc#1199617).
KABI: cgroup: Restore KABI of css_set (bsc#1201610).