Oval Definition:oval:org.opensuse.security:def:653
Revision Date:2022-10-05Version:1
Title:Security update for the Linux Kernel (Important) (in QA)
Description:



The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes.



The following security bugs were fixed:

- CVE-2022-20008: Fixed local information disclosure due to possibility to read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bnc#1203987).

The following non-security bugs were fixed:

- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.

This patch is currently in QA and not yet available for download.
Family:unixClass:patch
Status:Reference(s):1199564
1200288
1201309
1202677
1202960
1203552
1203769
1203987
CVE-2014-2240
CVE-2014-9656
CVE-2014-9657
CVE-2014-9658
CVE-2014-9659
CVE-2014-9660
CVE-2014-9661
CVE-2014-9662
CVE-2014-9663
CVE-2014-9664
CVE-2014-9665
CVE-2014-9666
CVE-2014-9667
CVE-2014-9668
CVE-2014-9669
CVE-2014-9670
CVE-2014-9671
CVE-2014-9672
CVE-2014-9673
CVE-2014-9674
CVE-2014-9675
CVE-2016-9082
CVE-2016-9082
CVE-2017-7475
CVE-2017-7475
CVE-2017-8105
CVE-2017-8287
CVE-2018-6942
CVE-2019-19451
CVE-2022-20008
CVE-2022-2503
CVE-2022-32296
CVE-2022-3239
CVE-2022-3303
CVE-2022-41218
CVE-2022-41848
Platform(s):openSUSE 13.1
openSUSE Leap 15.4
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Workstation Extension 15 SP3
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • kernel-debug-base-4.12.14-150100.197.126.1 is installed
  • OR kernel-default-man-4.12.14-150100.197.126.1 is installed
  • OR kernel-kvmsmall-base-4.12.14-150100.197.126.1 is installed
  • OR kernel-vanilla-4.12.14-150100.197.126.1 is installed
  • OR kernel-vanilla-base-4.12.14-150100.197.126.1 is installed
  • OR kernel-vanilla-devel-4.12.14-150100.197.126.1 is installed
  • OR kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1 is installed
  • OR kernel-zfcpdump-man-4.12.14-150100.197.126.1 is installed
    • Definition Synopsis
  • SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
  • AND Package Information
  • openstack-neutron-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-dhcp-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-ha-tool-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-l3-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-lbaas-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-linuxbridge-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-metadata-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-metering-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-openvswitch-agent-2014.2.2.dev26-3 is installed
  • OR openstack-neutron-vpn-agent-2014.2.2.dev26-3 is installed
  • OR python-neutron-2014.2.2.dev26-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-5 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-5 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-5 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-5 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.12.5-1 is installed
  • OR libwebkit2gtk-4_0-37-2.12.5-1 is installed
  • OR libwebkit2gtk3-lang-2.12.5-1 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.12.5-1 is installed
  • OR typelib-1_0-WebKit2-4_0-2.12.5-1 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.12.5-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • freetype2-devel-2.10.1-4.3.1 is installed
  • OR libfreetype6-2.10.1-4.3.1 is installed
  • OR libfreetype6-32bit-2.10.1-4.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed
  • AND Package Information
  • dia-0.97.3-4.3.3 is installed
  • OR dia-lang-0.97.3-4.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 is installed
  • AND Package Information
  • libpq5-10.6-4.8 is installed
  • OR postgresql10-10.6-4.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • freetype2-devel-2.10.1-4.3 is installed
  • OR libfreetype6-2.10.1-4.3 is installed
  • OR libfreetype6-32bit-2.10.1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 is installed
  • AND libcairo2-32bit-1.15.10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 is installed
  • AND Package Information
  • kernel-docs-4.12.14-25.3 is installed
  • OR kernel-obs-build-4.12.14-25.3 is installed
  • OR kernel-source-4.12.14-25.3 is installed
  • OR kernel-syms-4.12.14-25.3 is installed
  • OR kernel-vanilla-4.12.14-25.3 is installed
  • OR kernel-vanilla-base-4.12.14-25.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.6 is installed
  • OR reiserfs-kmp-default-4.12.14-25.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.13 is installed
  • OR kernel-default-livepatch-4.12.14-25.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 is installed
  • AND Package Information
  • kernel-azure-4.12.14-5.13 is installed
  • OR kernel-azure-base-4.12.14-5.13 is installed
  • OR kernel-azure-devel-4.12.14-5.13 is installed
  • OR kernel-devel-azure-4.12.14-5.13 is installed
  • OR kernel-source-azure-4.12.14-5.13 is installed
  • OR kernel-syms-azure-4.12.14-5.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • openslp-2.0.0-6.3 is installed
  • OR openslp-server-2.0.0-6.3 is installed
    • BACK