Oval Definition:oval:org.opensuse.security:def:118647
Revision Date:2022-06-16Version:1
Title:Security update for the Linux Kernel (Important)
Description:



The SUSE Linux Enterprise 15 SP2 kernel was updated.

The following security bugs were fixed:

- CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

The following non-security bugs were fixed:

- btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cifs: fix bad fids sent over wire (bsc#1197157). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - net: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - ping: remove pr_err from ping_lookup (bsc#1199918). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
Family:unixClass:patch
Status:Reference(s):1028340
1065729
1071995
1158266
1177282
1191647
1195651
1195926
1196114
1196367
1196426
1196433
1196514
1196570
1196942
1197157
1197343
1197472
1197656
1197660
1197895
1198330
1198400
1198484
1198516
1198577
1198660
1198687
1198778
1198825
1199012
1199063
1199314
1199505
1199507
1199605
1199650
1199918
1200015
1200143
1200144
1200249
CVE-2019-19377
CVE-2020-26541
CVE-2021-20321
CVE-2021-33061
CVE-2022-0168
CVE-2022-1011
CVE-2022-1158
CVE-2022-1184
CVE-2022-1353
CVE-2022-1516
CVE-2022-1652
CVE-2022-1729
CVE-2022-1734
CVE-2022-1966
CVE-2022-1974
CVE-2022-1975
CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
CVE-2022-21180
CVE-2022-28893
CVE-2022-30594
SUSE-SU-2022:2104-1
Platform(s):SUSE Linux Enterprise High Availability 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 SP2 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND Package Information
  • cluster-md-kmp-default-5.3.18-150200.24.115.1 is installed
  • OR dlm-kmp-default-5.3.18-150200.24.115.1 is installed
  • OR gfs2-kmp-default-5.3.18-150200.24.115.1 is installed
  • OR ocfs2-kmp-default-5.3.18-150200.24.115.1 is installed
  • BACK