Oval Definition:oval:org.opensuse.security:def:783
Revision Date:2022-09-26Version:1
Title:Security update for the Linux Kernel (Important)
Description:



The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes.



The following security bugs were fixed:

- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).

The following non-security bugs were fixed:

- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335). - tcp: change source port randomizarion at connect() time (bsc#1180153 bsc#1202335).
Family:unixClass:patch
Status:Reference(s):1177440
1180153
1186489
1187911
1188944
1191881
1194535
1196616
1197158
1199482
1199665
1201019
1201420
1201705
1201726
1201948
1202096
1202097
1202154
1202335
1202346
1202347
1202393
1202396
1202672
1202897
1202898
1203098
1203107
CVE-2014-2892
CVE-2014-2892
CVE-2014-4650
CVE-2016-0772
CVE-2016-1000110
CVE-2016-5636
CVE-2016-5699
CVE-2017-18207
CVE-2018-1000802
CVE-2018-1060
CVE-2018-1061
CVE-2018-14647
CVE-2018-20406
CVE-2018-20852
CVE-2019-10160
CVE-2019-15903
CVE-2019-16056
CVE-2019-16935
CVE-2019-5010
CVE-2019-9636
CVE-2019-9674
CVE-2019-9947
CVE-2020-36516
CVE-2020-8492
CVE-2021-33574
CVE-2021-35942
CVE-2021-4203
CVE-2022-1012
CVE-2022-20368
CVE-2022-20369
CVE-2022-21385
CVE-2022-2588
CVE-2022-26373
CVE-2022-2639
CVE-2022-2663
CVE-2022-29581
CVE-2022-2977
CVE-2022-3028
CVE-2022-36879
CVE-2022-39188
SUSE-SU-2021:3291-1
SUSE-SU-2022:3408-1
Platform(s):openSUSE 13.2
openSUSE Leap 15.4
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise for SAP 12
SUSE Linux Enterprise for SAP 12 SP1
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for High Performance Computing 15
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for Rasperry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Package Hub for SUSE Linux Enterprise 12
Product(s):
Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • kernel-debug-base-4.12.14-150100.197.123.1 is installed
  • OR kernel-default-man-4.12.14-150100.197.123.1 is installed
  • OR kernel-kvmsmall-base-4.12.14-150100.197.123.1 is installed
  • OR kernel-vanilla-4.12.14-150100.197.123.1 is installed
  • OR kernel-vanilla-base-4.12.14-150100.197.123.1 is installed
  • OR kernel-vanilla-devel-4.12.14-150100.197.123.1 is installed
  • OR kernel-vanilla-livepatch-devel-4.12.14-150100.197.123.1 is installed
  • OR kernel-zfcpdump-man-4.12.14-150100.197.123.1 is installed
    • Definition Synopsis
  • SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
  • AND Package Information
  • openstack-cinder-2014.2.3.dev13-1 is installed
  • OR openstack-cinder-volume-2014.2.3.dev13-1 is installed
  • OR python-cinder-2014.2.3.dev13-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • MozillaFirefox-31.1.0esr-1 is installed
  • OR MozillaFirefox-translations-31.1.0esr-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND tftp-5.2-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libpython3_6m1_0-3.6.10-3.53.1 is installed
  • OR python3-3.6.10-3.53.1 is installed
  • OR python3-base-3.6.10-3.53.1 is installed
  • OR python3-curses-3.6.10-3.53.1 is installed
  • OR python3-dbm-3.6.10-3.53.1 is installed
  • OR python3-devel-3.6.10-3.53.1 is installed
  • OR python3-idle-3.6.10-3.53.1 is installed
  • OR python3-tk-3.6.10-3.53.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • glibc-2.31-9.3.2 is installed
  • OR glibc-32bit-2.31-9.3.2 is installed
  • OR glibc-devel-2.31-9.3.2 is installed
  • OR glibc-extra-2.31-9.3.2 is installed
  • OR glibc-i18ndata-2.31-9.3.2 is installed
  • OR glibc-info-2.31-9.3.2 is installed
  • OR glibc-lang-2.31-9.3.2 is installed
  • OR glibc-locale-2.31-9.3.2 is installed
  • OR glibc-locale-base-2.31-9.3.2 is installed
  • OR glibc-locale-base-32bit-2.31-9.3.2 is installed
  • OR glibc-profile-2.31-9.3.2 is installed
  • OR nscd-2.31-9.3.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 is installed
  • AND Package Information
  • cluster-md-kmp-default-4.12.14-25.6 is installed
  • OR dlm-kmp-default-4.12.14-25.6 is installed
  • OR gfs2-kmp-default-4.12.14-25.6 is installed
  • OR kernel-default-4.12.14-25.6 is installed
  • OR ocfs2-kmp-default-4.12.14-25.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libpython3_6m1_0-3.6.10-3.53 is installed
  • OR python3-3.6.10-3.53 is installed
  • OR python3-base-3.6.10-3.53 is installed
  • OR python3-curses-3.6.10-3.53 is installed
  • OR python3-dbm-3.6.10-3.53 is installed
  • OR python3-devel-3.6.10-3.53 is installed
  • OR python3-idle-3.6.10-3.53 is installed
  • OR python3-tk-3.6.10-3.53 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 is installed
  • AND Package Information
  • wireshark-2.4.8-3.6 is installed
  • OR wireshark-devel-2.4.8-3.6 is installed
  • OR wireshark-ui-qt-2.4.8-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • libmms-devel-0.6.4-1 is installed
  • OR libmms0-0.6.4-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 is installed
  • AND Package Information
  • crash-7.2.1-3.2 is installed
  • OR crash-devel-7.2.1-3.2 is installed
  • OR crash-kmp-default-7.2.1_k4.12.14_23-3.2 is installed
  • OR lttng-modules-2.10.0-5.2 is installed
  • OR lttng-modules-kmp-default-2.10.0_k4.12.14_23-5.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for High Performance Computing 15 is installed
  • AND Package Information
  • libpmi0-17.11.7-6.3 is installed
  • OR libslurm32-17.11.7-6.3 is installed
  • OR perl-slurm-17.11.7-6.3 is installed
  • OR slurm-17.11.7-6.3 is installed
  • OR slurm-auth-none-17.11.7-6.3 is installed
  • OR slurm-config-17.11.7-6.3 is installed
  • OR slurm-devel-17.11.7-6.3 is installed
  • OR slurm-doc-17.11.7-6.3 is installed
  • OR slurm-lua-17.11.7-6.3 is installed
  • OR slurm-munge-17.11.7-6.3 is installed
  • OR slurm-node-17.11.7-6.3 is installed
  • OR slurm-pam_slurm-17.11.7-6.3 is installed
  • OR slurm-plugins-17.11.7-6.3 is installed
  • OR slurm-slurmdbd-17.11.7-6.3 is installed
  • OR slurm-sql-17.11.7-6.3 is installed
  • OR slurm-torque-17.11.7-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.6 is installed
  • OR reiserfs-kmp-default-4.12.14-25.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.6 is installed
  • OR kernel-default-livepatch-4.12.14-25.6 is installed
  • OR kernel-livepatch-4_12_14-25_6-default-1-1.3 is installed
  • OR kernel-livepatch-SLE15_Update_2-1-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • containerd-1.1.2-5.3 is installed
  • OR containerd-ctr-1.1.2-5.3 is installed
  • OR containerd-test-1.1.2-5.3 is installed
  • OR docker-18.06.1_ce-6.8 is installed
  • OR docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3 is installed
  • OR docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.3 is installed
  • OR docker-test-18.06.1_ce-6.8 is installed
  • OR docker-zsh-completion-18.06.1_ce-6.8 is installed
  • OR go-1.10.4-3.6 is installed
  • OR go-doc-1.10.4-3.6 is installed
  • OR go1.10-1.10.7-1.5 is installed
  • OR go1.10-doc-1.10.7-1.5 is installed
  • OR golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3 is installed
  • OR golang-packaging-15.0.11-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 is installed
  • AND Package Information
  • kernel-azure-4.12.14-5.13 is installed
  • OR kernel-azure-base-4.12.14-5.13 is installed
  • OR kernel-azure-devel-4.12.14-5.13 is installed
  • OR kernel-devel-azure-4.12.14-5.13 is installed
  • OR kernel-source-azure-4.12.14-5.13 is installed
  • OR kernel-syms-azure-4.12.14-5.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • xen-4.10.1_06-3.3 is installed
  • OR xen-devel-4.10.1_06-3.3 is installed
  • OR xen-tools-4.10.1_06-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.3 is installed
  • OR kernel-default-extra-4.12.14-25.3 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND Package Information
  • chromedriver-53.0.2785.89-96 is installed
  • OR chromium-53.0.2785.89-96 is installed
  • OR chromium-desktop-gnome-53.0.2785.89-96 is installed
  • OR chromium-desktop-kde-53.0.2785.89-96 is installed
  • OR chromium-ffmpegsumo-53.0.2785.89-96 is installed
    • BACK