The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677).
CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564)
CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nfconntrackirc configured (bnc#1202097).
CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).
The following non-security bugs were fixed:
arm64: cpufeature: Allow different PMU versions in IDDFR0EL1 (git-fixes)
cifs: alloc_mid function should be marked as static (bsc#1190317).
cifs: allocpathwithtreeprefix: do not append sep. if the path is empty (bsc#1190317).
cifs: change smb2queryinfo_compound to use a cached fid, if available (bsc#1190317).
cifs: check for smb1 in opencacheddir() (bsc#1190317).
cifs: Check the IOCBDIRECT flag, not ODIRECT (bsc#1190317).
cifs: clean up an inconsistent indenting (bsc#1190317).
cifs: convert the path to utf16 in smb2queryinfo_compound (bsc#1190317).
cifs: Do not use tcon->cfid directly, use the cfid we get from opencacheddir (bsc#1190317).
cifs: do not use uninitialized data in the owner/group sid (bsc#1190317).
cifs: fix double free race when mount fails in cifsgetroot() (bsc#1190317).
cifs: remove useless parameter 'isfsctl' from SMB2ioctl() (bsc#1190317).
cifs: return errors during session setup during reconnects (bsc#1190317).
cifs: return the more nuanced writeback error on close() (bsc#1190317).
cifs: sanitize multiple delimiters in prepath (bsc#1190317).
cifs: set the CREATENOTFILE when opening the directory in usecacheddir() (bsc#1190317).
cifs: skip trailing separators of prefix paths (bsc#1190317).
cifs: smbd: fix typo in comment (bsc#1190317).
cifs: Split the smb3addcredits tracepoint (bsc#1190317).
cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
cifs: verify that tcon is valid before dereference in cifskillsb (bsc#1190317).
cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317).
cifs: we do not need a spinlock around the tree access during umount (bsc#1190317).
cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317).
dm thin metadata: Fix use-after-free in dmbmsetreadonly (bsc#1203462).
dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
ftrace: Fix NULL pointer dereference in isftracetrampoline when ftrace is dead (git-fixes).
Input: iforce - constify usbdeviceid and fix space before '[' error (git-fixes).
Input: melfasmip4 - fix return value check in mip4probe() (git-fixes).
Input: stop telling users to snail-mail Vojtech (git-fixes).
md-raid10: fix KASAN warning (git-fixes).
md: call _mdstopwrites in mdstop (git-fixes).
net: mana: Add rmb after checking owner bits (git-fixes).
net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544).
powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
scsi: ch: Make it possible to open a ch device multiple times again (git-fixes).
scsi: core: Avoid that a kernel warning appears during system resume (git-fixes).
scsi: core: Avoid that system resume triggers a kernel warning (git-fixes).
scsi: fcoe: Embed fcrportpriv in fcoe_rport structure (git-fixes).
scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes).
scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes).
scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes).
video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
video: fbdev: arkfb: Fix a divide-by-zero bug in arksetpixclock() (bsc#1154048)
video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
xhci: bail out early if driver can't accress host in resume (git-fixes).