SUSE-SU-2022:3282-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223282-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3282-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3282-1
Related
Published
2022-09-15T13:33:30Z
Modified
2022-09-15T13:33:30Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-36879: Fixed an issue in xfrmexpandpolicies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
  • CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
  • CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
  • CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665).
  • CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
  • CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
  • CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
  • CVE-2022-21385: Fixed a flaw in netrdsalloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
  • CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2m2mquerybuf of v4l2-mem2mem.c (bnc#1202347).
  • CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
  • CVE-2021-4203: Fixed use-after-free read flaw that was found in sockgetsockopt() in net/core/sock.c due to SOPEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
  • CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).

The following non-security bugs were fixed:

  • 9p: migrate from syncinode to filemapfdatawrite_wbc (bsc#1202528).
  • ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
  • Fix releasing of old bundles in xfrmbundlelookup() (bsc#1201264 bsc#1190397 bsc#1199617).
  • KABI: cgroup: Restore KABI of css_set (bsc#1201610).
  • KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
  • KVM: arm64: Avoid setting the upper 32 bits of TCREL2 and CPTREL2 (bsc#1201442)
  • KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716).
  • KVM: x86: Mark TSS busy during LTR emulation after all fault checks (git-fixes).
  • KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
  • PCI: dwc: Deallocate EPC memory on dwpcieep_init() errors (git-fixes).
  • Revert 'USB: xhci: fix U1/U2 handling for hardware with XHCIINTELHOST quirk set' (git-fixes).
  • Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
  • SUNRPC: Fix READ_PLUS crasher (git-fixes).
  • SUNRPC: Fix the svcdeferredevent trace class (git-fixes).
  • USB: new quirk for Dell Gen 2 devices (git-fixes).
  • USB: serial: io_ti: add Agilent E5805A support (git-fixes).
  • add Kirk Allan as branch maintainer
  • ata: libata: add qc->flags in ataqccomplete_template tracepoint (git-fixes).
  • btrfs: Convert fsinfo->freechunkspace to atomic64t (bsc#1202528).
  • btrfs: add a trace class for dumping the current ENOSPC state (bsc#1202528).
  • btrfs: add a trace point for reserve tickets (bsc#1202528).
  • btrfs: adjust the flush trace point to include the source (bsc#1202528).
  • btrfs: check reclaimsize in needpreemptive_reclaim (bsc#1202528).
  • btrfs: check worker before needpreemptivereclaim (bsc#1202528).
  • btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1202528).
  • btrfs: do not include the global rsv size in the preemptive used amount (bsc#1202528).
  • btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
  • btrfs: handle preemptive delalloc flushing slightly differently (bsc#1202528).
  • btrfs: implement space clamping for preemptive flushing (bsc#1202528).
  • btrfs: improve preemptive background space flushing (bsc#1202528).
  • btrfs: include delalloc related info in dump space info tracepoint (bsc#1202528).
  • btrfs: introduce a FORCECOMMITTRANS flush operation (bsc#1202528).
  • btrfs: make flushspace take a enum btrfsflush_state instead of int (bsc#1202528).
  • btrfs: only clamp the first time we have to start flushing (bsc#1202528).
  • btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1202528).
  • btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
  • btrfs: remove FLUSHDELAYEDREFS from data ENOSPC flushing (bsc#1202528).
  • btrfs: rename needdoasync_reclaim (bsc#1202528).
  • btrfs: rework btrfscalcreclaimmetadatasize (bsc#1202528).
  • btrfs: rip out btrfsspaceinfo::totalbytespinned (bsc#1202528).
  • btrfs: rip out maycommittransaction (bsc#1202528).
  • btrfs: rip the firstticketbytes logic from failalltickets (bsc#1202528).
  • btrfs: simplify the logic in needpreemptiveflushing (bsc#1202528).
  • btrfs: take into account global rsv in needpreemptivereclaim (bsc#1202528).
  • btrfs: use delallocbytes to determine flush amount for shrinkdelalloc (bsc#1202528).
  • btrfs: use percpureadpositive instead of sumpositive for needpreempt (bsc#1202528).
  • btrfs: use the filemapfdatawritewbc helper for delalloc shrinking (bsc#1202528).
  • btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1202528).
  • btrfs: wait on async extents when flushing delalloc (bsc#1202528).
  • btrfs: wake up asyncdelallocpages waiters after submit (bsc#1202528).
  • ceph: do not truncate file in atomic_open (bsc#1202830).
  • cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
  • check skpeercred pointer before put_cred() call
  • crypto: arm64/gcm - Select AEAD for GHASHARM64CE (git-fixes).
  • crypto: inside-secure - Add missing MODULEDEVICETABLE for of (git-fixes).
  • cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
  • cxgb4: move handling L2T ARP failures to caller (git-fixes).
  • cxgb4: parse TC-U32 key values and masks natively (git-fixes).
  • dm raid: fix KASAN warning in raid5adddisks (git-fixes).
  • drivers/perf: armspe: Fix consistency of SYSPMSCR_EL1.CX (git-fixes).
  • fs: add a filemapfdatawritewbc helper (bsc#1202528).
  • fuse: limit nsec (bsc#1203126).
  • iommu/vt-d: avoid invalid memory access via nodeonline(NUMANO_NODE) (git-fixes).
  • ipheth: fix EOVERFLOW in iphethrcvbulkcallback (git-fixes).
  • kabi/severities: add mlx5 internal symbols
  • kernel-obs-build: include qemufwcfg (boo#1201705)
  • lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
  • md-raid: destroy the bitmap after destroying the thread (git-fixes).
  • md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
  • mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
  • mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
  • mvpp2: fix panic on module removal (git-fixes).
  • mvpp2: refactor the HW checksum setup (git-fixes).
  • net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
  • net/mlx5: Fix auto group size calculation (git-fixes).
  • net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
  • net/mlx5e: Use the inner headers to determine tc/pedit offload limitation on decap flows (git-fixes).
  • net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes).
  • net: emaclite: Simplify if-else statements (git-fixes).
  • net: lltemac: Add more error handling of dmamap_single() calls (git-fixes).
  • net: ll_temac: Enable DMA when ready, not before (git-fixes).
  • net: lltemac: Fix RX buffer descriptor handling on GFPATOMIC pressure (git-fixes).
  • net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
  • net: ll_temac: Fix support for 64-bit platforms (git-fixes).
  • net: ll_temac: Fix support for little-endian platforms (git-fixes).
  • net: ll_temac: Fix typo bug for 32-bit (git-fixes).
  • net: sock: tracing: Fix sockexceedbuf_limit not to dereference stale pointer (git-fixes).
  • net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
  • net: usb: lan78xx: Connect PHY before registering MAC (git-fixes).
  • net: xilinx: replace devkfreeskbirq by devconsumeskbirq for drop profiles (git-fixes).
  • netsched: clsroute: disallow handle of 0 (bsc#1202393).
  • objtool: Add --backtrace support (bsc#1202396).
  • objtool: Add support for intra-function calls (bsc#1202396).
  • objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
  • objtool: Convert insn type to enum (bsc#1202396).
  • objtool: Do not use ignore flag for fake jumps (bsc#1202396).
  • objtool: Fix !CFI insn_state propagation (bsc#1202396).
  • objtool: Fix ORC vs alternatives (bsc#1202396).
  • objtool: Fix sibling call detection (bsc#1202396).
  • objtool: Make handleinsnops() unconditional (bsc#1202396).
  • objtool: Remove INSN_STACK (bsc#1202396).
  • objtool: Remove check preventing branches within alternative (bsc#1202396).
  • objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
  • objtool: Rename struct cfi_state (bsc#1202396).
  • objtool: Rework allocating stack_ops on decode (bsc#1202396).
  • objtool: Rewrite alt->skip_orig (bsc#1202396).
  • objtool: Set insn->func for alternatives (bsc#1202396).
  • objtool: Support conditional retpolines (bsc#1202396).
  • objtool: Support multiple stack_op per instruction (bsc#1202396).
  • objtool: Track original function across branches (bsc#1202396).
  • objtool: Uniquely identify alternative instruction groups (bsc#1202396).
  • objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
  • pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
  • phy: tegra: fix device-tree node lookups (git-fixes).
  • powerpc/perf: Add privileged access check for thread_imc (bsc#1054914, git-fixes).
  • powerpc/perf: Fix loop exit condition in nestimcevent_init (bsc#1054914, git-fixes).
  • powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914, git-fixes).
  • powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
  • powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
  • powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
  • powerpc/powernv: Use darn instruction for getrandomseed() on Power9 (bsc#1065729).
  • powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
  • powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
  • powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
  • powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
  • powerpc/xive: Fix refcount leak in xivegetmax_prio (git-fixess).
  • powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
  • powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914, git-fixes).
  • powerpc: define get_cycles macro for arch-override (bsc#1065729).
  • powerpc: powernv: kABI: add back powernvgetrandom_long (bsc#1065729).
  • qed: Add EDPM mode type for user-fw compatibility (git-fixes).
  • qed: fix kABI in qedrdmacreateqpin_params (git-fixes).
  • rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
  • scsi: smartpqi: set forceblkmq=1.(bsc#1179310)
  • spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
  • squashfs: add more sanity checks in id lookup (git-fixes).
  • squashfs: add more sanity checks in inode lookup (git-fixes).
  • squashfs: add more sanity checks in xattr id lookup (git-fixes).
  • squashfs: fix divide error in calculate_skip() (git-fixes).
  • squashfs: fix inode lookup sanity checks (bsc#1203013).
  • squashfs: fix xattr id and id lookup sanity checks (bsc#1203013).
  • tracepoint: Add tracepointproberegistermayexist() for BPF tracing (git-fixes).
  • tracing/perf: Use strndup_user() instead of buggy open-coded version (git-fixes).
  • tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes).
  • tracing: Fix race in perftracebuf initialization (git-fixes).
  • usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
  • usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
  • usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
  • xen/xenbus: fix return type in xenbusfileread() (git-fixes).
  • xfs: always free inline data before resetting inode fork during ifree (bsc#1202017).
  • xfs: check sbmetauuid for dabuf buffer recovery (bsc#1202577).
  • xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
  • xprtrdma: Fix trace point use-after-free race (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.109.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.109.1",
            "kernel-azure-devel": "4.12.14-16.109.1",
            "kernel-devel-azure": "4.12.14-16.109.1",
            "kernel-syms-azure": "4.12.14-16.109.1",
            "kernel-azure-base": "4.12.14-16.109.1",
            "kernel-source-azure": "4.12.14-16.109.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.109.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.109.1",
            "kernel-azure-devel": "4.12.14-16.109.1",
            "kernel-devel-azure": "4.12.14-16.109.1",
            "kernel-syms-azure": "4.12.14-16.109.1",
            "kernel-azure-base": "4.12.14-16.109.1",
            "kernel-source-azure": "4.12.14-16.109.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.109.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.109.1",
            "kernel-azure-devel": "4.12.14-16.109.1",
            "kernel-devel-azure": "4.12.14-16.109.1",
            "kernel-syms-azure": "4.12.14-16.109.1",
            "kernel-azure-base": "4.12.14-16.109.1",
            "kernel-source-azure": "4.12.14-16.109.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.109.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.109.1",
            "kernel-azure-devel": "4.12.14-16.109.1",
            "kernel-devel-azure": "4.12.14-16.109.1",
            "kernel-syms-azure": "4.12.14-16.109.1",
            "kernel-azure-base": "4.12.14-16.109.1",
            "kernel-source-azure": "4.12.14-16.109.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.109.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.109.1",
            "kernel-azure-devel": "4.12.14-16.109.1",
            "kernel-devel-azure": "4.12.14-16.109.1",
            "kernel-syms-azure": "4.12.14-16.109.1",
            "kernel-azure-base": "4.12.14-16.109.1",
            "kernel-source-azure": "4.12.14-16.109.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.109.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.109.1",
            "kernel-azure-devel": "4.12.14-16.109.1",
            "kernel-devel-azure": "4.12.14-16.109.1",
            "kernel-syms-azure": "4.12.14-16.109.1",
            "kernel-azure-base": "4.12.14-16.109.1",
            "kernel-source-azure": "4.12.14-16.109.1"
        }
    ]
}