SUSE 5181 Published by

A Linux Kernel security update has been released for SUSE Linux Enterprise and openSUSE Leap 15.3.



SUSE-SU-2022:4503-1: important: Security update for the Linux Kernel


SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________

Announcement ID: SUSE-SU-2022:4503-1
Rating: important
References: #1065729 #1071995 #1156395 #1184350 #1189297 #1192761 #1200845 #1201455 #1203144 #1203746 #1203960 #1204017 #1204142 #1204215 #1204228 #1204241 #1204328 #1204446 #1204636 #1204693 #1204780 #1204791 #1204810 #1204827 #1204850 #1204868 #1204934 #1204957 #1204963 #1204967 #1205220 #1205264 #1205329 #1205330 #1205428 #1205514 #1205567 #1205617 #1205671 #1205700 #1205705 #1205709 #1205753 #1205984 #1205985 #1205986 #1205987 #1205988 #1205989 #1206207
Cross-References: CVE-2022-2602 CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934
CVSS scores:
CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________

An update that solves 17 vulnerabilities and has 33 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in
brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in
inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPUto access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the
net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).

The following non-security bugs were fixed:

- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (git-fixes).
- ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
(bsc#1204017).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()(git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes).
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes).
- KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes).
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215).
- NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix typo (bsc#1204446).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID.
- Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern(git-fixes).
- block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
- block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985).
- ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986).
- ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987).
- cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).- dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes).
- dm writecache: return the exact table values that were set (git-fixes).- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes).
- dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- hamradio: fix issue of dev reference count leakage in bpq_device_event()
(git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after
NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message fromhost (bsc#1204850).
- hv_netvsc: Print value of invalid ID in
netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in
at91_adc_allocate_trigger() (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes).
- kabi: fix transport_add_device change (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).- media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
- mmc: core: properly select voltage range without power cycle (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
(git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed(git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes).
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
(git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).- powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes).
- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
- ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
- ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
- ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes).- rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup(git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
- s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes).
- scsi: drivers: base: Support atomic version of
attribute_container_device_trigger (git-fixes).
- scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
hardening (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in
storvsc_on_channel_callback() (bsc#1204017).
- scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).- tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
- tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
- tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
- tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup.
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes).
- usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes).
- usbip: vudc synchronize sysfs code paths (git-fixes).
- usbip: vudc_sysfs: use global lock (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" (bsc#1200845)
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
- vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes).- wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
- x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes).
- x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes).
- xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes).
- xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes).
- xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status(git-fixes).
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
- xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
- xfs: check owner of dir3 blocks (git-fixes).
- xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-4503=1

- SUSE Linux Enterprise Module for Public Cloud 15-SP3:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4503=1

Package List:

- openSUSE Leap 15.3 (x86_64):

cluster-md-kmp-azure-5.3.18-150300.38.88.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.88.1
dlm-kmp-azure-5.3.18-150300.38.88.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.88.1
gfs2-kmp-azure-5.3.18-150300.38.88.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.88.1
kernel-azure-5.3.18-150300.38.88.1
kernel-azure-debuginfo-5.3.18-150300.38.88.1
kernel-azure-debugsource-5.3.18-150300.38.88.1
kernel-azure-devel-5.3.18-150300.38.88.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.88.1
kernel-azure-extra-5.3.18-150300.38.88.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.88.1
kernel-azure-livepatch-devel-5.3.18-150300.38.88.1
kernel-azure-optional-5.3.18-150300.38.88.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.88.1 kernel-syms-azure-5.3.18-150300.38.88.1
kselftests-kmp-azure-5.3.18-150300.38.88.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.88.1
ocfs2-kmp-azure-5.3.18-150300.38.88.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.88.1
reiserfs-kmp-azure-5.3.18-150300.38.88.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.88.1

- openSUSE Leap 15.3 (noarch):

kernel-devel-azure-5.3.18-150300.38.88.1
kernel-source-azure-5.3.18-150300.38.88.1

- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.88.1
kernel-azure-debuginfo-5.3.18-150300.38.88.1
kernel-azure-debugsource-5.3.18-150300.38.88.1
kernel-azure-devel-5.3.18-150300.38.88.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.88.1
kernel-syms-azure-5.3.18-150300.38.88.1

- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.88.1
kernel-source-azure-5.3.18-150300.38.88.1

References:

  https://www.suse.com/security/cve/CVE-2022-2602.html
  https://www.suse.com/security/cve/CVE-2022-28693.html
  https://www.suse.com/security/cve/CVE-2022-3567.html
  https://www.suse.com/security/cve/CVE-2022-3628.html
  https://www.suse.com/security/cve/CVE-2022-3635.html
  https://www.suse.com/security/cve/CVE-2022-3707.html
  https://www.suse.com/security/cve/CVE-2022-3903.html
  https://www.suse.com/security/cve/CVE-2022-4095.html
  https://www.suse.com/security/cve/CVE-2022-4129.html
  https://www.suse.com/security/cve/CVE-2022-4139.html
  https://www.suse.com/security/cve/CVE-2022-41850.html
  https://www.suse.com/security/cve/CVE-2022-41858.html
  https://www.suse.com/security/cve/CVE-2022-42895.html
  https://www.suse.com/security/cve/CVE-2022-42896.html
  https://www.suse.com/security/cve/CVE-2022-4378.html
  https://www.suse.com/security/cve/CVE-2022-43945.html
  https://www.suse.com/security/cve/CVE-2022-45934.html
  https://bugzilla.suse.com/1065729
  https://bugzilla.suse.com/1071995
  https://bugzilla.suse.com/1156395
  https://bugzilla.suse.com/1184350
  https://bugzilla.suse.com/1189297
  https://bugzilla.suse.com/1192761
  https://bugzilla.suse.com/1200845
  https://bugzilla.suse.com/1201455
  https://bugzilla.suse.com/1203144
  https://bugzilla.suse.com/1203746
  https://bugzilla.suse.com/1203960
  https://bugzilla.suse.com/1204017
  https://bugzilla.suse.com/1204142
  https://bugzilla.suse.com/1204215
  https://bugzilla.suse.com/1204228
  https://bugzilla.suse.com/1204241
  https://bugzilla.suse.com/1204328
  https://bugzilla.suse.com/1204446
  https://bugzilla.suse.com/1204636
  https://bugzilla.suse.com/1204693
  https://bugzilla.suse.com/1204780
  https://bugzilla.suse.com/1204791
  https://bugzilla.suse.com/1204810
  https://bugzilla.suse.com/1204827
  https://bugzilla.suse.com/1204850
  https://bugzilla.suse.com/1204868
  https://bugzilla.suse.com/1204934
  https://bugzilla.suse.com/1204957
  https://bugzilla.suse.com/1204963
  https://bugzilla.suse.com/1204967
  https://bugzilla.suse.com/1205220
  https://bugzilla.suse.com/1205264
  https://bugzilla.suse.com/1205329
  https://bugzilla.suse.com/1205330
  https://bugzilla.suse.com/1205428
  https://bugzilla.suse.com/1205514
  https://bugzilla.suse.com/1205567
  https://bugzilla.suse.com/1205617
  https://bugzilla.suse.com/1205671
  https://bugzilla.suse.com/1205700
  https://bugzilla.suse.com/1205705
  https://bugzilla.suse.com/1205709
  https://bugzilla.suse.com/1205753
  https://bugzilla.suse.com/1205984
  https://bugzilla.suse.com/1205985
  https://bugzilla.suse.com/1205986
  https://bugzilla.suse.com/1205987
  https://bugzilla.suse.com/1205988
  https://bugzilla.suse.com/1205989
  https://bugzilla.suse.com/1206207