SUSE 5146 Published by

A Linux Kernel security update has been released for SUSE Linux Enterprise and openSUSE Leap 15.3/15.4.



SUSE-SU-2022:1687-1: important: Security update for the Linux Kernel


SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________

Announcement ID: SUSE-SU-2022:1687-1
Rating: important
References: #1028340 #1071995 #1137728 #1152472 #1152489 #1177028 #1179878 #1182073 #1183723 #1187055 #1191647 #1193556 #1193842 #1194625 #1195651 #1195926 #1196018 #1196114 #1196367 #1196514 #1196639 #1196942 #1197157 #1197391 #1197656 #1197660 #1197677 #1197914 #1197926 #1198077 #1198217 #1198330 #1198400 #1198413 #1198437 #1198448 #1198484 #1198515 #1198516 #1198534 #1198742 #1198825 #1198989 #1199012 #1199024 SLE-13208 SLE-13513 SLE-15172 SLE-15175 SLE-18234 SLE-8449
Cross-References: CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29156
CVSS scores:
CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0707 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0707 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4154 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-29156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29156 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________

An update that solves 16 vulnerabilities, contains 6
features and has 29 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2022-1419: Fixed a concurrency use-after-free in
vgem_gem_dumb_create (bsc#1198742).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in
drivers/gpu/drm/drm_lease.c (bnc#1197914).
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in
kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege couldcause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the
system (bnc#1193842).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference andBUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2021-0707: Fixed possible memory corruption due to a use after freeinside dma_buf_releas e of dma-buf.c (bnc#1198437).
- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).

The following non-security bugs were fixed:

- ACPI: processor idle: Check for architectural support for LPI (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
- adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
- ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
(git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- arm64: dts: ls1028a: fix memory node (git-fixes)
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use(git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for
devm_snd_soc_register_component (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes).
- ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).- bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217).
- bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157).
- clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).- direct-io: defer alignment check until after the EOF check (bsc#1197656).
- direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of
mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"(git-fixes).
- Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes).- drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes).
- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()(git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448).
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video
(git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
- power: supply: axp20x_battery: properly report current when discharging(git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
- random: check for signal_pending() outside of need_resched() check (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
- rpm: Use bash for %() expansion (jsc#SLE-18234).
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
- rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes).
- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
(git-fixes).
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
- xen: fix is_xen_pmu() (git-fixes).
- xen/blkfront: fix comment for need_copy (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI(bsc#1193556).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:

zypper in -t patch openSUSE-SLE-15.4-2022-1687=1

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-1687=1

- SUSE Linux Enterprise Workstation Extension 15-SP3:

zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1687=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1687=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1687=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1687=1

- SUSE Linux Enterprise Module for Basesystem 15-SP3:

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1687=1
- SUSE Linux Enterprise Micro 5.2:

zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1687=1

- SUSE Linux Enterprise Micro 5.1:

zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1687=1

- SUSE Linux Enterprise High Availability 15-SP3:

zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1687=1

Package List:

- openSUSE Leap 15.4 (aarch64 x86_64):

cluster-md-kmp-preempt-5.3.18-150300.59.68.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.68.1 dlm-kmp-preempt-5.3.18-150300.59.68.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-preempt-5.3.18-150300.59.68.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-devel-5.3.18-150300.59.68.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-extra-5.3.18-150300.59.68.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.68.1
kernel-preempt-optional-5.3.18-150300.59.68.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.68.1 kselftests-kmp-preempt-5.3.18-150300.59.68.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.68.1 ocfs2-kmp-preempt-5.3.18-150300.59.68.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.68.1

- openSUSE Leap 15.4 (aarch64):

dtb-al-5.3.18-150300.59.68.1
dtb-zte-5.3.18-150300.59.68.1

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

cluster-md-kmp-default-5.3.18-150300.59.68.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.68.1 dlm-kmp-default-5.3.18-150300.59.68.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-default-5.3.18-150300.59.68.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3 kernel-default-base-rebuild-5.3.18-150300.59.68.1.150300.18.41.3 kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-devel-5.3.18-150300.59.68.1
kernel-default-devel-debuginfo-5.3.18-150300.59.68.1
kernel-default-extra-5.3.18-150300.59.68.1
kernel-default-extra-debuginfo-5.3.18-150300.59.68.1
kernel-default-livepatch-5.3.18-150300.59.68.1
kernel-default-livepatch-devel-5.3.18-150300.59.68.1
kernel-default-optional-5.3.18-150300.59.68.1
kernel-default-optional-debuginfo-5.3.18-150300.59.68.1 kernel-obs-build-5.3.18-150300.59.68.1
kernel-obs-build-debugsource-5.3.18-150300.59.68.1
kernel-obs-qa-5.3.18-150300.59.68.1
kernel-syms-5.3.18-150300.59.68.1
kselftests-kmp-default-5.3.18-150300.59.68.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.68.1 ocfs2-kmp-default-5.3.18-150300.59.68.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-default-5.3.18-150300.59.68.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.68.1

- openSUSE Leap 15.3 (aarch64 x86_64):

cluster-md-kmp-preempt-5.3.18-150300.59.68.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.68.1 dlm-kmp-preempt-5.3.18-150300.59.68.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-preempt-5.3.18-150300.59.68.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-devel-5.3.18-150300.59.68.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-extra-5.3.18-150300.59.68.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.68.1
kernel-preempt-optional-5.3.18-150300.59.68.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.68.1 kselftests-kmp-preempt-5.3.18-150300.59.68.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.68.1 ocfs2-kmp-preempt-5.3.18-150300.59.68.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-5.3.18-150300.59.68.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.68.1

- openSUSE Leap 15.3 (ppc64le x86_64):

kernel-debug-5.3.18-150300.59.68.1
kernel-debug-debuginfo-5.3.18-150300.59.68.1
kernel-debug-debugsource-5.3.18-150300.59.68.1
kernel-debug-devel-5.3.18-150300.59.68.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.68.1
kernel-debug-livepatch-devel-5.3.18-150300.59.68.1
kernel-kvmsmall-5.3.18-150300.59.68.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.68.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.68.1
kernel-kvmsmall-devel-5.3.18-150300.59.68.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.68.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.68.1
- openSUSE Leap 15.3 (aarch64):

cluster-md-kmp-64kb-5.3.18-150300.59.68.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
dlm-kmp-64kb-5.3.18-150300.59.68.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
dtb-al-5.3.18-150300.59.68.1
dtb-allwinner-5.3.18-150300.59.68.1
dtb-altera-5.3.18-150300.59.68.1
dtb-amd-5.3.18-150300.59.68.1
dtb-amlogic-5.3.18-150300.59.68.1
dtb-apm-5.3.18-150300.59.68.1
dtb-arm-5.3.18-150300.59.68.1
dtb-broadcom-5.3.18-150300.59.68.1
dtb-cavium-5.3.18-150300.59.68.1
dtb-exynos-5.3.18-150300.59.68.1
dtb-freescale-5.3.18-150300.59.68.1
dtb-hisilicon-5.3.18-150300.59.68.1
dtb-lg-5.3.18-150300.59.68.1
dtb-marvell-5.3.18-150300.59.68.1
dtb-mediatek-5.3.18-150300.59.68.1
dtb-nvidia-5.3.18-150300.59.68.1
dtb-qcom-5.3.18-150300.59.68.1
dtb-renesas-5.3.18-150300.59.68.1
dtb-rockchip-5.3.18-150300.59.68.1
dtb-socionext-5.3.18-150300.59.68.1
dtb-sprd-5.3.18-150300.59.68.1
dtb-xilinx-5.3.18-150300.59.68.1
dtb-zte-5.3.18-150300.59.68.1
gfs2-kmp-64kb-5.3.18-150300.59.68.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-5.3.18-150300.59.68.1
kernel-64kb-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-debugsource-5.3.18-150300.59.68.1
kernel-64kb-devel-5.3.18-150300.59.68.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-extra-5.3.18-150300.59.68.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.68.1
kernel-64kb-optional-5.3.18-150300.59.68.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.68.1
kselftests-kmp-64kb-5.3.18-150300.59.68.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
ocfs2-kmp-64kb-5.3.18-150300.59.68.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.68.1
reiserfs-kmp-64kb-5.3.18-150300.59.68.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.68.1

- openSUSE Leap 15.3 (noarch):

kernel-devel-5.3.18-150300.59.68.1
kernel-docs-5.3.18-150300.59.68.1
kernel-docs-html-5.3.18-150300.59.68.1
kernel-macros-5.3.18-150300.59.68.1
kernel-source-5.3.18-150300.59.68.1
kernel-source-vanilla-5.3.18-150300.59.68.1

- openSUSE Leap 15.3 (s390x):

kernel-zfcpdump-5.3.18-150300.59.68.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.68.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-extra-5.3.18-150300.59.68.1
kernel-default-extra-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-extra-5.3.18-150300.59.68.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-livepatch-5.3.18-150300.59.68.1
kernel-default-livepatch-devel-5.3.18-150300.59.68.1
kernel-livepatch-5_3_18-150300_59_68-default-1-150300.7.5.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
reiserfs-kmp-default-5.3.18-150300.59.68.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

kernel-obs-build-5.3.18-150300.59.68.1
kernel-obs-build-debugsource-5.3.18-150300.59.68.1
kernel-syms-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):

kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1
kernel-preempt-devel-5.3.18-150300.59.68.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.68.1
kernel-source-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3 kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
kernel-default-devel-5.3.18-150300.59.68.1
kernel-default-devel-debuginfo-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.68.1
kernel-preempt-debuginfo-5.3.18-150300.59.68.1
kernel-preempt-debugsource-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.68.1
kernel-64kb-debuginfo-5.3.18-150300.59.68.1
kernel-64kb-debugsource-5.3.18-150300.59.68.1
kernel-64kb-devel-5.3.18-150300.59.68.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.68.1
kernel-macros-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.68.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.68.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3 kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1

- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.68.1
kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3 kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1

- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

cluster-md-kmp-default-5.3.18-150300.59.68.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.68.1 dlm-kmp-default-5.3.18-150300.59.68.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.68.1
gfs2-kmp-default-5.3.18-150300.59.68.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debuginfo-5.3.18-150300.59.68.1
kernel-default-debugsource-5.3.18-150300.59.68.1
ocfs2-kmp-default-5.3.18-150300.59.68.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.68.1

References:

  https://www.suse.com/security/cve/CVE-2020-27835.html
  https://www.suse.com/security/cve/CVE-2021-0707.html
  https://www.suse.com/security/cve/CVE-2021-20292.html
  https://www.suse.com/security/cve/CVE-2021-20321.html
  https://www.suse.com/security/cve/CVE-2021-38208.html
  https://www.suse.com/security/cve/CVE-2021-4154.html
  https://www.suse.com/security/cve/CVE-2022-0812.html
  https://www.suse.com/security/cve/CVE-2022-1158.html
  https://www.suse.com/security/cve/CVE-2022-1280.html
  https://www.suse.com/security/cve/CVE-2022-1353.html
  https://www.suse.com/security/cve/CVE-2022-1419.html
  https://www.suse.com/security/cve/CVE-2022-1516.html
  https://www.suse.com/security/cve/CVE-2022-28356.html
  https://www.suse.com/security/cve/CVE-2022-28748.html
  https://www.suse.com/security/cve/CVE-2022-28893.html
  https://www.suse.com/security/cve/CVE-2022-29156.html
  https://bugzilla.suse.com/1028340
  https://bugzilla.suse.com/1071995
  https://bugzilla.suse.com/1137728
  https://bugzilla.suse.com/1152472
  https://bugzilla.suse.com/1152489
  https://bugzilla.suse.com/1177028
  https://bugzilla.suse.com/1179878
  https://bugzilla.suse.com/1182073
  https://bugzilla.suse.com/1183723
  https://bugzilla.suse.com/1187055
  https://bugzilla.suse.com/1191647
  https://bugzilla.suse.com/1193556
  https://bugzilla.suse.com/1193842
  https://bugzilla.suse.com/1194625
  https://bugzilla.suse.com/1195651
  https://bugzilla.suse.com/1195926
  https://bugzilla.suse.com/1196018
  https://bugzilla.suse.com/1196114
  https://bugzilla.suse.com/1196367
  https://bugzilla.suse.com/1196514
  https://bugzilla.suse.com/1196639
  https://bugzilla.suse.com/1196942
  https://bugzilla.suse.com/1197157
  https://bugzilla.suse.com/1197391
  https://bugzilla.suse.com/1197656
  https://bugzilla.suse.com/1197660
  https://bugzilla.suse.com/1197677
  https://bugzilla.suse.com/1197914
  https://bugzilla.suse.com/1197926
  https://bugzilla.suse.com/1198077
  https://bugzilla.suse.com/1198217
  https://bugzilla.suse.com/1198330
  https://bugzilla.suse.com/1198400
  https://bugzilla.suse.com/1198413
  https://bugzilla.suse.com/1198437
  https://bugzilla.suse.com/1198448
  https://bugzilla.suse.com/1198484
  https://bugzilla.suse.com/1198515
  https://bugzilla.suse.com/1198516
  https://bugzilla.suse.com/1198534
  https://bugzilla.suse.com/1198742
  https://bugzilla.suse.com/1198825
  https://bugzilla.suse.com/1198989
  https://bugzilla.suse.com/1199012
  https://bugzilla.suse.com/1199024