SUSE-SU-2022:3810-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223810-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3810-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3810-1
Related
Published
2022-10-31T08:30:34Z
Modified
2022-10-31T08:30:34Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel rt was updated.

The following security bugs were fixed:

  • CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514)
  • CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVMEIOCTLRESET and the NVMEIOCTLSUBSYS_RESET are sent. (bnc#1203290)
  • CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
  • CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
  • CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
  • CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
  • CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
  • CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564)
  • CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c. (bnc#1203322)
  • CVE-2022-3424: Fixed a use-after-free in grusetcontext_option which was leading to kernel panic. (bsc#1204166)

The following non-security bugs were fixed:

  • ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802).
  • ACPI: processor_idle: Skip dummy wait if kernel is in guest (bnc#1203802).
  • arm64: cpufeature: Allow different PMU versions in IDDFR0EL1 (git-fixes)
  • cifs: alloc_mid function should be marked as static (bsc#1190317).
  • cifs: allocpathwithtreeprefix: do not append sep. if the path is empty (bsc#1190317).
  • cifs: change smb2queryinfo_compound to use a cached fid, if available (bsc#1190317).
  • cifs: check for smb1 in opencacheddir() (bsc#1190317).
  • cifs: Check the IOCBDIRECT flag, not ODIRECT (bsc#1190317).
  • cifs: clean up an inconsistent indenting (bsc#1190317).
  • cifs: convert the path to utf16 in smb2queryinfo_compound (bsc#1190317).
  • cifs: Do not use tcon->cfid directly, use the cfid we get from opencacheddir (bsc#1190317).
  • cifs: do not use uninitialized data in the owner/group sid (bsc#1190317).
  • cifs: fix double free race when mount fails in cifsgetroot() (bsc#1190317).
  • cifs: fix FILEBOTHDIRECTORY_INFO definition (bsc#1190317).
  • cifs: fix handlecache and multiuser (bsc#1190317).
  • cifs: fix lock length calculation (bsc#1190317).
  • cifs: fix ntlmssp auth when there is no key exchange (bsc#1190317).
  • cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1190317).
  • cifs: fix NULL ptr dereference in smb2ioctlquery_info() (bsc#1190317).
  • cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
  • cifs: fix signed integer overflow when flend is OFFSETMAX (bsc#1190317).
  • cifs: Fix smb311updatepreauth_hash() kernel-doc comment (bsc#1190317).
  • cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
  • cifs: fix uninitialized pointer in error case in dfscachegettgtshare (bsc#1190317).
  • cifs: mark sessions for reconnection in helper function (bsc#1190317).
  • cifs: modefromsids must add an ACE for authenticated users (bsc#1190317).
  • cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1190317).
  • cifs: move from strlcpy with unused retval to strscpy (bsc#1190317).
  • cifs: move superblock magic defitions to magic.h (bsc#1190317).
  • cifs: potential buffer overflow in handling symlinks (bsc#1190317).
  • cifs: prevent bad output lengths in smb2ioctlquery_info() (bsc#1190317).
  • cifs: release cached dentries only if mount is complete (bsc#1190317).
  • cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1190317).
  • cifs: remove check of list iterator against head past the loop body (bsc#1190317).
  • cifs: remove minor build warning (bsc#1190317).
  • cifs: remove redundant initialization to variable mntsignenabled (bsc#1190317).
  • cifs: remove remaining build warnings (bsc#1190317).
  • cifs: remove repeated debug message on cifsputsmb_ses() (bsc#1190317).
  • cifs: remove some camelCase and also some static build warnings (bsc#1190317).
  • cifs: remove unnecessary (void*) conversions (bsc#1190317).
  • cifs: remove unused server parameter from calcsmbsize() (bsc#1190317).
  • cifs: remove useless DeleteMidQEntry() (bsc#1190317).
  • cifs: remove useless parameter 'isfsctl' from SMB2ioctl() (bsc#1190317).
  • cifs: return errors during session setup during reconnects (bsc#1190317).
  • cifs: return the more nuanced writeback error on close() (bsc#1190317).
  • cifs: sanitize multiple delimiters in prepath (bsc#1190317).
  • cifs: set the CREATENOTFILE when opening the directory in usecacheddir() (bsc#1190317).
  • cifs: skip trailing separators of prefix paths (bsc#1190317).
  • cifs: smbd: fix typo in comment (bsc#1190317).
  • cifs: Split the smb3addcredits tracepoint (bsc#1190317).
  • cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
  • cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
  • cifs: verify that tcon is valid before dereference in cifskillsb (bsc#1190317).
  • cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317).
  • cifs: we do not need a spinlock around the tree access during umount (bsc#1190317).
  • cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317).
  • dm: thin metadata: Fix use-after-free in dmbmsetreadonly (bsc#1203462).
  • dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
  • fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
  • ftrace: Fix NULL pointer dereference in isftracetrampoline when ftrace is dead (git-fixes).
  • Input: iforce - constify usbdeviceid and fix space before '[' error (git-fixes).
  • Input: melfasmip4 - fix return value check in mip4probe() (git-fixes).
  • Input: stop telling users to snail-mail Vojtech (git-fixes).
  • KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
  • locking/csdlock: Change csdlockdebug from earlyparam to _setup (git-fixes).
  • md-raid10: fix KASAN warning (git-fixes).
  • md: call _mdstopwrites in mdstop (git-fixes).
  • mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
  • net: mana: Add rmb after checking owner bits (git-fixes).
  • net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
  • NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
  • NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
  • NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
  • powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544).
  • powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
  • powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
  • ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
  • s390: fix double free of GS and RI CBs on fork() failure (bsc#1203254 LTC#199911).
  • s390/guarded storage: simplify task exit handling (bsc#1203254 LTC#199911).
  • s390/hugetlb: fix preparehugepagerange() check for 2 GB hugepages (bsc#1203142 LTC#199883).
  • s390/hypfs: avoid error message under KVM (bsc#1032323).
  • s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1203198 LTC#199898).
  • scsi: ch: Make it possible to open a ch device multiple times again (git-fixes).
  • scsi: core: Avoid that a kernel warning appears during system resume (git-fixes).
  • scsi: core: Avoid that system resume triggers a kernel warning (git-fixes).
  • scsi: fcoe: Embed fcrportpriv in fcoe_rport structure (git-fixes).
  • scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes).
  • scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes).
  • scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes).
  • scsi: mpt3sas: Fix ioctl timeout (git-fixes).
  • scsi: mpt3sas: Fix sync irqs (git-fixes).
  • scsi: mpt3sas: Fix use-after-free warning (git-fixes).
  • scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
  • scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
  • scsi: qla2xxx: Always wait for qltsessworkfn() from qltstop_phase1() (bsc#1203935).
  • scsi: qla2xxx: Avoid flushscheduledwork() usage (bsc#1203935).
  • scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
  • scsi: qla2xxx: Drop DIDTARGETFAILURE use (bsc#1203935).
  • scsi: qla2xxx: Fix memory leak in _qlt24xxhandleabts() (bsc#1203935).
  • scsi: qla2xxx: Fix memory leak in _qlt24xxhandleabts() (git-fixes).
  • scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
  • scsi: qla2xxx: Log message 'skipping scsiscanhost()' as informational (bsc#1203935).
  • scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
  • scsi: qla2xxx: Remove unused delsesslist field (bsc#1203935).
  • scsi: qla2xxx: Remove unused qlttmrwork() (bsc#1203935).
  • scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
  • scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
  • scsi: sd_zbc: Fix compilation warning (git-fixes).
  • scsi: sd: enable compat ioctls for sed-opal (git-fixes).
  • scsi: sd: Fix Opal support (git-fixes).
  • scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
  • scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
  • smb2: small refactor in smb2checkmessage() (bsc#1190317).
  • smb3: add trace point for SMB2seteof (bsc#1190317).
  • smb3: check for null tcon (bsc#1190317).
  • smb3: check xattr value length earlier (bsc#1190317).
  • smb3: do not set rc when used and unneeded in queryinfocompound (bsc#1190317).
  • smb3: EBADF/EIO errors in rename/open caused by race condition in smb2compoundop (bsc#1190317).
  • SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
  • sysfb: Enable boot time VESA graphic mode selection (bsc#1129770) Backporting notes: * context changes * config update
  • USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
  • USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
  • USB: core: Prevent nested device-reset calls (git-fixes).
  • USB: dwc2: fix wrong order of phypoweron and phy_init (git-fixes).
  • USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
  • USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
  • USB: serial: option: add Quectel EM05-G modem (git-fixes).
  • USB: serial: option: add Quectel RM500K module support.
  • USB: serial: option: add Quectel RM520N (git-fixes).
  • USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
  • USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
  • USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
  • USB: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
  • USB: struct usb_device: hide new member (git-fixes).
  • USB: Fix memory leak in usbnet_disconnect() (git-fixes).
  • video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048) Backporting notes: * context changes
  • video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
  • video: fbdev: arkfb: Fix a divide-by-zero bug in arksetpixclock() (bsc#1154048)
  • video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
  • video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
  • video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
  • x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
  • x86/xen: Remove undefined behavior in setup_features() (git-fixes).
  • xhci: bail out early if driver can't accress host in resume (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.103.1",
            "dlm-kmp-rt": "4.12.14-10.103.1",
            "gfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug": "4.12.14-10.103.1",
            "kernel-rt-devel": "4.12.14-10.103.1",
            "cluster-md-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug-devel": "4.12.14-10.103.1",
            "kernel-source-rt": "4.12.14-10.103.1",
            "kernel-rt": "4.12.14-10.103.1",
            "ocfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-syms-rt": "4.12.14-10.103.1",
            "kernel-rt-base": "4.12.14-10.103.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.103.1",
            "dlm-kmp-rt": "4.12.14-10.103.1",
            "gfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug": "4.12.14-10.103.1",
            "kernel-rt-devel": "4.12.14-10.103.1",
            "cluster-md-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug-devel": "4.12.14-10.103.1",
            "kernel-source-rt": "4.12.14-10.103.1",
            "kernel-rt": "4.12.14-10.103.1",
            "ocfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-syms-rt": "4.12.14-10.103.1",
            "kernel-rt-base": "4.12.14-10.103.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.103.1",
            "dlm-kmp-rt": "4.12.14-10.103.1",
            "gfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug": "4.12.14-10.103.1",
            "kernel-rt-devel": "4.12.14-10.103.1",
            "cluster-md-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug-devel": "4.12.14-10.103.1",
            "kernel-source-rt": "4.12.14-10.103.1",
            "kernel-rt": "4.12.14-10.103.1",
            "ocfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-syms-rt": "4.12.14-10.103.1",
            "kernel-rt-base": "4.12.14-10.103.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.103.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.103.1",
            "dlm-kmp-rt": "4.12.14-10.103.1",
            "gfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug": "4.12.14-10.103.1",
            "kernel-rt-devel": "4.12.14-10.103.1",
            "cluster-md-kmp-rt": "4.12.14-10.103.1",
            "kernel-rt_debug-devel": "4.12.14-10.103.1",
            "kernel-source-rt": "4.12.14-10.103.1",
            "kernel-rt": "4.12.14-10.103.1",
            "ocfs2-kmp-rt": "4.12.14-10.103.1",
            "kernel-syms-rt": "4.12.14-10.103.1",
            "kernel-rt-base": "4.12.14-10.103.1"
        }
    ]
}