SUSE 5185 Published by

A Linux Kernel security update has been released for SUSE Linux Enterprise and openSUSE Leap 15.3.



SUSE-SU-2022:2741-1: important: Security update for the Linux Kernel


SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________

Announcement ID: SUSE-SU-2022:2741-1
Rating: important
References: #1178134 #1198829 #1199364 #1199647 #1199665 #1199670 #1200521 #1200598 #1200644 #1200651 #1200762 #1200910 #1201196 #1201206 #1201251 #1201381 #1201429 #1201458 #1201635 #1201636 #1201644 #1201664 #1201672 #1201673 #1201676 #1201846 #1201930 #1201940 #1201954 #1201956 #1201958 SLE-24559
Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946
CVSS scores:
CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________

An update that solves 16 vulnerabilities, contains one
feature and has 15 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940).
- CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which couldlead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctland closing/opening of TTYs that could lead to a use-after-free (bnc#1201429).
- CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636).
- CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829).
- CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which
allowed a local attacker to escalate privileges to root (bnc#1199647).-CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler
in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when usinguntrusted backends (bsc#1200762).

The following non-security bugs were fixed:

- Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: enable BPF type format (BTF) (jsc#SLE-24559).
- nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- nvme: consider also host_iface when checking ip options (bsc#1199670). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration(bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue(bsc#1201381).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-2741=1

- SUSE Linux Enterprise Module for Public Cloud 15-SP3:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1

Package List:

- openSUSE Leap 15.3 (noarch):

kernel-devel-azure-5.3.18-150300.38.75.1
kernel-source-azure-5.3.18-150300.38.75.1

- openSUSE Leap 15.3 (x86_64):

cluster-md-kmp-azure-5.3.18-150300.38.75.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
dlm-kmp-azure-5.3.18-150300.38.75.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
gfs2-kmp-azure-5.3.18-150300.38.75.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
kernel-azure-5.3.18-150300.38.75.1
kernel-azure-debuginfo-5.3.18-150300.38.75.1
kernel-azure-debugsource-5.3.18-150300.38.75.1
kernel-azure-devel-5.3.18-150300.38.75.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
kernel-azure-extra-5.3.18-150300.38.75.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
kernel-azure-optional-5.3.18-150300.38.75.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1 kernel-syms-azure-5.3.18-150300.38.75.1
kselftests-kmp-azure-5.3.18-150300.38.75.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
ocfs2-kmp-azure-5.3.18-150300.38.75.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
reiserfs-kmp-azure-5.3.18-150300.38.75.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1

- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.75.1
kernel-azure-debuginfo-5.3.18-150300.38.75.1
kernel-azure-debugsource-5.3.18-150300.38.75.1
kernel-azure-devel-5.3.18-150300.38.75.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
kernel-syms-azure-5.3.18-150300.38.75.1

- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.75.1
kernel-source-azure-5.3.18-150300.38.75.1

References:

  https://www.suse.com/security/cve/CVE-2020-36557.html
  https://www.suse.com/security/cve/CVE-2020-36558.html
  https://www.suse.com/security/cve/CVE-2021-33655.html
  https://www.suse.com/security/cve/CVE-2021-33656.html
  https://www.suse.com/security/cve/CVE-2022-1116.html
  https://www.suse.com/security/cve/CVE-2022-1462.html
  https://www.suse.com/security/cve/CVE-2022-20166.html
  https://www.suse.com/security/cve/CVE-2022-21505.html
  https://www.suse.com/security/cve/CVE-2022-2318.html
  https://www.suse.com/security/cve/CVE-2022-26365.html
  https://www.suse.com/security/cve/CVE-2022-29581.html
  https://www.suse.com/security/cve/CVE-2022-32250.html
  https://www.suse.com/security/cve/CVE-2022-33740.html
  https://www.suse.com/security/cve/CVE-2022-33741.html
  https://www.suse.com/security/cve/CVE-2022-33742.html
  https://www.suse.com/security/cve/CVE-2022-36946.html
  https://bugzilla.suse.com/1178134
  https://bugzilla.suse.com/1198829
  https://bugzilla.suse.com/1199364
  https://bugzilla.suse.com/1199647
  https://bugzilla.suse.com/1199665
  https://bugzilla.suse.com/1199670
  https://bugzilla.suse.com/1200521
  https://bugzilla.suse.com/1200598
  https://bugzilla.suse.com/1200644
  https://bugzilla.suse.com/1200651
  https://bugzilla.suse.com/1200762
  https://bugzilla.suse.com/1200910
  https://bugzilla.suse.com/1201196
  https://bugzilla.suse.com/1201206
  https://bugzilla.suse.com/1201251
  https://bugzilla.suse.com/1201381
  https://bugzilla.suse.com/1201429
  https://bugzilla.suse.com/1201458
  https://bugzilla.suse.com/1201635
  https://bugzilla.suse.com/1201636
  https://bugzilla.suse.com/1201644
  https://bugzilla.suse.com/1201664
  https://bugzilla.suse.com/1201672
  https://bugzilla.suse.com/1201673
  https://bugzilla.suse.com/1201676
  https://bugzilla.suse.com/1201846
  https://bugzilla.suse.com/1201930
  https://bugzilla.suse.com/1201940
  https://bugzilla.suse.com/1201954
  https://bugzilla.suse.com/1201956
  https://bugzilla.suse.com/1201958