Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2022:1196-1
Rating: important
References: #1065729 #1114648 #1180153 #1184207 #1189562
#1191428 #1191451 #1191580 #1192273 #1193738
#1194163 #1194541 #1194580 #1194586 #1194590
#1194591 #1194943 #1195051 #1195353 #1195403
#1195480 #1195482 #1196018 #1196114 #1196339
#1196367 #1196468 #1196478 #1196488 #1196514
#1196639 #1196657 #1196723 #1196761 #1196830
#1196836 #1196901 #1196942 #1196973 #1196999
#1197099 #1197227 #1197331 #1197366 #1197462
#1197531 #1197661 #1197675 #1197754 #1197755
#1197756 #1197757 #1197758 #1197760 #1197763
#1197806 #1197894 #1197914 #1198031 #1198032
#1198033 SLE-15288 SLE-18234 SLE-24125
Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0001
CVE-2022-0002 CVE-2022-0812 CVE-2022-0850
CVE-2022-1016 CVE-2022-1048 CVE-2022-23036
CVE-2022-23037 CVE-2022-23038 CVE-2022-23039
CVE-2022-23040 CVE-2022-23041 CVE-2022-23042
CVE-2022-23960 CVE-2022-26490 CVE-2022-26966
CVE-2022-27666 CVE-2022-28388 CVE-2022-28389
CVE-2022-28390
CVSS scores:
CVE-2021-39713 (NVD) : 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39713 (SUSE): 7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45868 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-45868 (SUSE): 5.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0001 (NVD) : 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0001 (SUSE): 5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (NVD) : 6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0002 (SUSE): 5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-0812 (SUSE): 6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-0850 (SUSE): 4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-1016 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1048 (SUSE): 7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23036 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23036 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23037 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23037 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23038 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23038 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23039 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23039 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23040 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23040 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23041 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23041 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23042 (NVD) : 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23042 (SUSE): 7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23960 (NVD) : 5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23960 (SUSE): 5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-26490 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26490 (SUSE): 6.8
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2022-26966 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26966 (SUSE): 4.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-27666 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27666 (SUSE): 7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2022-28388 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28388 (SUSE): 5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28389 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28389 (SUSE): 5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28390 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28390 (SUSE): 5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

An update that solves 22 vulnerabilities, contains three
features and has 39 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated.

The following security bugs were fixed:

- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
netfilter subsystem. This vulnerability gives an attacker a powerful
primitive that can be used to both read from and write to relative stack
data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-0812: Fixed an incorrect header size calculations which could
lead to a memory leak. (bsc#1196639)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock.
(bsc#1197331)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in
iov_iter.c. (bsc#1196761)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which
allowed attackers to obtain sensitive information from the memory via
crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
which could lead to an use-after-free if there is a corrupted quota
file. (bnc#1197366)
- CVE-2021-39713: Fixed a race condition in the network scheduling
subsystem which could lead to a use-after-free. (bnc#1196973)
-
CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,
CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have
lead to read/write access to memory pages or denial of service. These
issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
attacker with adjacent NFC access could crash the system or corrupt the
system memory. (bsc#1196830)
- CVE-2022-0001,CVE-2022-0002,CVE-2022-23960: Fixed a new kind of
speculation issues, exploitable via JITed eBPF for instance.
(bsc#1191580)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP
transformation code. This flaw allowed a local attacker with a normal
user privilege to overwrite kernel heap objects and may cause a local
privilege escalation. (bnc#1197462)

The following non-security bugs were fixed:

- asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes).
- asix: Ensure asix_rx_fixup_info members are all reset (git-fixes).
- asix: Fix small memory leak in ax88772_unbind() (git-fixes).
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
- can: dev: can_restart: fix use after free bug (git-fixes).
- cgroup: Correct privileges check in release_agent writes (bsc#1196723).
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
(bsc#1196723).
- cgroup: Use open-time cgroup namespace for process migration perm checks
(bsc#1196723).
- dax: update to new mmu_notifier semantic (bsc#1184207).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr() (bsc#1114648).
- ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125).
- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099
jsc#SLE-24125).
- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099
jsc#SLE-24125).
- ext4: add check to prevent attempting to resize an fs with sparse_super2
(bsc#1197754).
- ext4: check for inconsistent extents between index and leaf block
(bsc#1194163 bsc#1196339).
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix an use-after-free issue about data=journal writeback mode
(bsc#1195482).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix lazy initialization next schedule time computation in more
granular unit (bsc#1194580).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: prevent partial update of the extent blocks (bsc#1194163
bsc#1196339).
- ext4: update i_disksize if direct write past ondisk size (bsc#1197806).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- IB/core: Fix ODP get user pages flow (git-fixes)
- IB/hfi1: Acquire lock to release TID entries when user file is closed
(git-fixes)
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes)
- IB/hfi1: Ensure pq is not left on waitlist (git-fixes)
- IB/hfi1: Fix another case where pq is left on waitlist (git-fixes)
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes)
- IB/hfi1: Fix possible null-pointer dereference in
_extend_sdma_tx_descs() (git-fixes)
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes)
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
(git-fixes)
- IB/qib: Use struct_size() helper (git-fixes)
- IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes)
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19
("rpm: Use bash for %() expansion (jsc#SLE-18234).")
- mdio: fix mdio-thunder.c dependency build error (git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207).
- mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207).
- mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: asix: fix uninit value bugs (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the
probe functin (git-fixes).
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: ena: Add capabilities field with support for ENI stats capability
(bsc#1197099 jsc#SLE-24125).
- net: ena: Add debug prints for invalid req_id resets (bsc#1197099
jsc#SLE-24125).
- net: ena: add device distinct log prefix to files (bsc#1197099
jsc#SLE-24125).
- net: ena: add jiffies of last napi call to stats (bsc#1197099
jsc#SLE-24125).
- net: ena: aggregate doorbell common operations into a function
(bsc#1197099 jsc#SLE-24125).
- net: ena: aggregate stats increase into a function (bsc#1197099
jsc#SLE-24125).
- net: ena: Change ENI stats support check to use capabilities field
(bsc#1197099 jsc#SLE-24125).
- net: ena: Change return value of ena_calc_io_queue_size() to void
(bsc#1197099 jsc#SLE-24125).
- net: ena: Change the name of bad_csum variable (bsc#1197099
jsc#SLE-24125).
- net: ena: Extract recurring driver reset code into a function
(bsc#1197099 jsc#SLE-24125).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125).
- net: ena: fix DMA mapping function issues in XDP (bsc#1197099
jsc#SLE-24125).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125).
- net: ena: Fix wrong rx request id by resetting device (bsc#1197099
jsc#SLE-24125).
- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
(bsc#1197099 jsc#SLE-24125).
- net: ena: introduce XDP redirect implementation (bsc#1197099
jsc#SLE-24125).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099
jsc#SLE-24125).
- net: ena: Move reset completion print to the reset function (bsc#1197099
jsc#SLE-24125).
- net: ena: optimize data access in fast-path code (bsc#1197099
jsc#SLE-24125).
- net: ena: re-organize code to improve readability (bsc#1197099
jsc#SLE-24125).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099
jsc#SLE-24125).
- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove module param and change message severity (bsc#1197099
jsc#SLE-24125).
- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125).
- net: ena: store values in their appropriate variables types (bsc#1197099
jsc#SLE-24125).
- net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125).
- net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125).
- net: ena: use constant value for net_device allocation (bsc#1197099
jsc#SLE-24125).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099
jsc#SLE-24125).
- net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099
jsc#SLE-24125).
- net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099
jsc#SLE-24125).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
(git-fixes).
- net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is
running (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
ether_setup (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
(git-fixes).
- net: hns: fix return value check in __lb_other_process() (git-fixes).
- net: marvell: Fix OF_MDIO config check (git-fixes).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: asix: add error handling for asix_mdio_* functions (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir
(git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Clamp WRITE offsets (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client
(git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head
(git-fixes).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288,
jsc#ECO-2990).
- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S
git-fixes).
- powerpc/64: Interrupts save PPR on stack rather than thread_struct
(bsc#1196999 ltc#196609).
- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h
(jec#SLE-23780).
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729).
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729).
- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score
(jec#SLE-23780).
- powerpc/sysdev: fix incorrect use to determine if list is empty
(bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- qed: select CONFIG_CRC32 (git-fixes).
- quota: correct error number in free_dqentry() (bsc#1194590).
- RDMA/addr: Be strict with gid size (git-fixes)
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal()
(git-fixes)
- RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW
with pending cmd-bit" (git-fixes)
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
(git-fixes)
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
(git-fixes)
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty
entry (git-fixes)
- RDMA/core: Do not infoleak GRH fields (git-fixes)
- RDMA/core: Let ib_find_gid() continue search even after empty entry
(git-fixes)
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- RDMA/cxgb4: check for ipv6 address properly while destroying listener
(git-fixes)
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening
server (git-fixes)
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes)
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- RDMA/hns: Encapsulate some lines for setting sq size in user mode
(git-fixes)
- RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes)
- RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()
(git-fixes)
- RDMA/hns: Validate the pkey index (git-fixes)
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- RDMA/ib_srp: Fix a deadlock (git-fixes)
- RDMA/iwcm: Release resources if iw_cm module initialization fails
(git-fixes)
- RDMA/mlx4: Do not continue event handler after memory allocation failure
(git-fixes)
- RDMA/mlx4: Return missed an error if device does not support steering
(git-fixes)
- RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes)
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr()
(git-fixes)
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes)
- RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes)
- RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages()
(git-fixes)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- RDMA/rxe: Fix failure during driver load (git-fixes)
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes)
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes)
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes)
- RDMA/rxe: Remove rxe_link_layer() (git-fixes)
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- RDMA/ucma: Fix locking for ctx->events_reported (git-fixes)
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes)
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg
(git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675
bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
(bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
(bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths
(bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
(bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure
(bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test
(bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing
(bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- sr9700: sanity check for packet length (bsc#1196836).
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bnc#1195403).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Fix transport accounting when caller specifies an rpc_xprt
(bsc#1197531).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541).
- tracing: Fix return value of __setup handlers (git-fixes).
- USB: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes).
- USB: chipidea: fix interrupt deadlock (git-fixes).
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
(git-fixes).
- USB: ftdi-elan: fix memory leak on device disconnect (git-fixes).
- USB: host: xen-hcd: add missing unlock in error path (git-fixes).
- USB: host: xhci-rcar: Do not reload firmware after the completion
(git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
(git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
(git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
(bsc#1114648).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648).
- xen/gntdev: update to new mmu_notifier semantic (bsc#1184207).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done()
(bsc#1196488, XSA-396).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller
(git-fixes).
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set
(git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return value
(git-fixes).
- xhci: re-initialize the HC during resume if HCE was set (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Workstation Extension 12-SP5:

zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1196=1

- SUSE Linux Enterprise Software Development Kit 12-SP5:

zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1196=1

- SUSE Linux Enterprise Server 12-SP5:

zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1196=1

- SUSE Linux Enterprise Live Patching 12-SP5:

zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1196=1

- SUSE Linux Enterprise High Availability 12-SP5:

zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1196=1

Package List:

- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

kernel-default-debuginfo-4.12.14-122.116.1
kernel-default-debugsource-4.12.14-122.116.1
kernel-default-extra-4.12.14-122.116.1
kernel-default-extra-debuginfo-4.12.14-122.116.1

- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):

kernel-obs-build-4.12.14-122.116.1
kernel-obs-build-debugsource-4.12.14-122.116.1

- SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

kernel-docs-4.12.14-122.116.1

- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

kernel-default-4.12.14-122.116.1
kernel-default-base-4.12.14-122.116.1
kernel-default-base-debuginfo-4.12.14-122.116.1
kernel-default-debuginfo-4.12.14-122.116.1
kernel-default-debugsource-4.12.14-122.116.1
kernel-default-devel-4.12.14-122.116.1
kernel-syms-4.12.14-122.116.1

- SUSE Linux Enterprise Server 12-SP5 (x86_64):

kernel-default-devel-debuginfo-4.12.14-122.116.1

- SUSE Linux Enterprise Server 12-SP5 (noarch):

kernel-devel-4.12.14-122.116.1
kernel-macros-4.12.14-122.116.1
kernel-source-4.12.14-122.116.1

- SUSE Linux Enterprise Server 12-SP5 (s390x):

kernel-default-man-4.12.14-122.116.1

- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

kernel-default-debuginfo-4.12.14-122.116.1
kernel-default-debugsource-4.12.14-122.116.1
kernel-default-kgraft-4.12.14-122.116.1
kernel-default-kgraft-devel-4.12.14-122.116.1
kgraft-patch-4_12_14-122_116-default-1-8.3.1

- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

cluster-md-kmp-default-4.12.14-122.116.1
cluster-md-kmp-default-debuginfo-4.12.14-122.116.1
dlm-kmp-default-4.12.14-122.116.1
dlm-kmp-default-debuginfo-4.12.14-122.116.1
gfs2-kmp-default-4.12.14-122.116.1
gfs2-kmp-default-debuginfo-4.12.14-122.116.1
kernel-default-debuginfo-4.12.14-122.116.1
kernel-default-debugsource-4.12.14-122.116.1
ocfs2-kmp-default-4.12.14-122.116.1
ocfs2-kmp-default-debuginfo-4.12.14-122.116.1

References:

https://www.suse.com/security/cve/CVE-2021-39713.html
https://www.suse.com/security/cve/CVE-2021-45868.html
https://www.suse.com/security/cve/CVE-2022-0001.html
https://www.suse.com/security/cve/CVE-2022-0002.html
https://www.suse.com/security/cve/CVE-2022-0812.html
https://www.suse.com/security/cve/CVE-2022-0850.html
https://www.suse.com/security/cve/CVE-2022-1016.html
https://www.suse.com/security/cve/CVE-2022-1048.html
https://www.suse.com/security/cve/CVE-2022-23036.html
https://www.suse.com/security/cve/CVE-2022-23037.html
https://www.suse.com/security/cve/CVE-2022-23038.html
https://www.suse.com/security/cve/CVE-2022-23039.html
https://www.suse.com/security/cve/CVE-2022-23040.html
https://www.suse.com/security/cve/CVE-2022-23041.html
https://www.suse.com/security/cve/CVE-2022-23042.html
https://www.suse.com/security/cve/CVE-2022-23960.html
https://www.suse.com/security/cve/CVE-2022-26490.html
https://www.suse.com/security/cve/CVE-2022-26966.html
https://www.suse.com/security/cve/CVE-2022-27666.html
https://www.suse.com/security/cve/CVE-2022-28388.html
https://www.suse.com/security/cve/CVE-2022-28389.html
https://www.suse.com/security/cve/CVE-2022-28390.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1114648
https://bugzilla.suse.com/1180153
https://bugzilla.suse.com/1184207
https://bugzilla.suse.com/1189562
https://bugzilla.suse.com/1191428
https://bugzilla.suse.com/1191451
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1192273
https://bugzilla.suse.com/1193738
https://bugzilla.suse.com/1194163
https://bugzilla.suse.com/1194541
https://bugzilla.suse.com/1194580
https://bugzilla.suse.com/1194586
https://bugzilla.suse.com/1194590
https://bugzilla.suse.com/1194591
https://bugzilla.suse.com/1194943
https://bugzilla.suse.com/1195051
https://bugzilla.suse.com/1195353
https://bugzilla.suse.com/1195403
https://bugzilla.suse.com/1195480
https://bugzilla.suse.com/1195482
https://bugzilla.suse.com/1196018
https://bugzilla.suse.com/1196114
https://bugzilla.suse.com/1196339
https://bugzilla.suse.com/1196367
https://bugzilla.suse.com/1196468
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196488
https://bugzilla.suse.com/1196514
https://bugzilla.suse.com/1196639
https://bugzilla.suse.com/1196657
https://bugzilla.suse.com/1196723
https://bugzilla.suse.com/1196761
https://bugzilla.suse.com/1196830
https://bugzilla.suse.com/1196836
https://bugzilla.suse.com/1196901
https://bugzilla.suse.com/1196942
https://bugzilla.suse.com/1196973
https://bugzilla.suse.com/1196999
https://bugzilla.suse.com/1197099
https://bugzilla.suse.com/1197227
https://bugzilla.suse.com/1197331
https://bugzilla.suse.com/1197366
https://bugzilla.suse.com/1197462
https://bugzilla.suse.com/1197531
https://bugzilla.suse.com/1197661
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1197754
https://bugzilla.suse.com/1197755
https://bugzilla.suse.com/1197756
https://bugzilla.suse.com/1197757
https://bugzilla.suse.com/1197758
https://bugzilla.suse.com/1197760
https://bugzilla.suse.com/1197763
https://bugzilla.suse.com/1197806
https://bugzilla.suse.com/1197894
https://bugzilla.suse.com/1197914
https://bugzilla.suse.com/1198031
https://bugzilla.suse.com/1198032
https://bugzilla.suse.com/1198033