[SUSE-SU-2022:0761-1] Security update for the Linux Kernel
Severity
Important
CVEs
8
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
The following non-security bugs were fixed:
- Bluetooth: bfusb: fix division by zero in send path (git-fixes).
- EDAC/xgene: Fix deferred probing (bsc#1114648).
- IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685).
- NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). Make this work-around optional
- NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes).
- NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
- NFSv4: Handle case where the lookup of a directory fails (git-fixes).
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
- RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244).
- RDMA/mlx5: Set user priority for DCT (bsc#1103991).
- RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306).
- crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
- cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).
- e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533).
- ext4: avoid trim error on fs with small groups (bsc#1191271).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795).
- gve: Add RX context (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Add netif_set_xps_queue call (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
- gve: Add rx buffer pagecnt bias (bsc#1191655).
- gve: Allow pageflips on larger pages (bsc#1191655).
- gve: Avoid freeing NULL pointer (bsc#1191655).
- gve: Correct available tx qpl check (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: DQO: avoid unused variable warnings (bsc#1191655).
- gve: Do lazy cleanup in TX path (bsc#1191655).
- gve: Fix GFP flags when allocing pages (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
- gve: Properly handle errors in gve_assign_qpl (bsc#1191655).
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Switch to use napi_complete_done (bsc#1191655).
- gve: Track RX buffer allocation failures (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix gve_get_stats() (bsc#1191655).
- gve: fix the wrong AdminQ buffer queue index check (bsc#1191655).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1191655).
- i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978).
- i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ).
- i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816).
- i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ).
- i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797).
- i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ).
- i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978).
- i40e: Fix pre-set max number of queues for VF (bsc#1111981 ).
- i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ).
- iavf: Fix limit of total number of queues to active queues of VF (bsc#1111981).
- iavf: prevent accidental free of filter structure (bsc#1111981 ).
- ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
- ibmvnic: Update driver return codes (bsc#1196516 ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
- ice: Delete always true check of PF pointer (bsc#1118661 ).
- ice: ignore dropped packets during init (bsc#1118661 ).
- igb: Fix removal of unicast MAC filters of VFs (bsc#1117495).
- ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674).
- kabi: Hide changes to s390/AP structures (jsc#SLE-20809).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837).
- net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1174852).
- net: ena: Fix undefined state when tx request id is out of bounds (bsc#1174852).
- net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113).
- net: phylink: avoid mvneta warning when setting pause parameters (bsc#1119113).
- net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- phylib: fix potential use-after-free (bsc#1119113).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc#1112374).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
- powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
- powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- rndis_host: support Hytera digital radios (git-fixes).
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809).
- s390/ap: rework crypto config info and default domain code (jsc#SLE-20809).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC#196090).
- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195080 LTC#196090).
- s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354).
- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
- scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: ufs: Fix race conditions related to driver data (git-fixes).
- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245).
- sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857).
- tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
- tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- ID
- SUSE-SU-2022:0761-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20220761-1/
- Published
-
2022-03-09T13:27:14
(2 years ago) - Modified
-
2022-03-09T13:27:14
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2022-1563
- ALAS-2022-1571
- ALAS2-2022-1749
- ALAS2-2022-1761
- ALSA-2022:0825
- ALSA-2022:1988
- ALSA-2022:7683
- ALSA-2022:8267
- ASB-A-220741611
- CISA-2022:0425
- DSA-5092-1
- DSA-5095-1
- DSA-5096-1
- DSA-5594-1
- ELSA-2022-0825
- ELSA-2022-1988
- ELSA-2022-4642
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9141
- ELSA-2022-9142
- ELSA-2022-9147
- ELSA-2022-9148
- ELSA-2022-9179
- ELSA-2022-9180
- ELSA-2022-9210
- ELSA-2022-9211
- ELSA-2022-9212
- ELSA-2022-9213
- ELSA-2022-9244
- ELSA-2022-9245
- ELSA-2022-9273
- ELSA-2022-9274
- ELSA-2022-9313
- ELSA-2022-9314
- ELSA-2022-9348
- ELSA-2022-9667
- ELSA-2022-9781
- MS:CVE-2021-44879
- MS:CVE-2022-0492
- MS:CVE-2022-0617
- MS:CVE-2022-0847
- MS:CVE-2022-24959
- openSUSE-SU-2022:0755-1
- openSUSE-SU-2022:0760-1
- openSUSE-SU-2022:0768-1
- openSUSE-SU-2022:0940-1
- openSUSE-SU-2022:1037-1
- openSUSE-SU-2022:1039-1
- RHSA-2022:0819
- RHSA-2022:0825
- RHSA-2022:0849
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2022:4642
- RHSA-2022:4644
- RHSA-2022:4655
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RLSA-2022:1988
- RLSA-2022:7683
- RLSA-2022:819
- SSA:2022-067-01
- SSA:2022-129-01
- SUSE-SU-2022:0755-1
- SUSE-SU-2022:0756-1
- SUSE-SU-2022:0757-1
- SUSE-SU-2022:0759-1
- SUSE-SU-2022:0760-1
- SUSE-SU-2022:0762-1
- SUSE-SU-2022:0763-1
- SUSE-SU-2022:0764-1
- SUSE-SU-2022:0765-1
- SUSE-SU-2022:0766-1
- SUSE-SU-2022:0767-1
- SUSE-SU-2022:0768-1
- SUSE-SU-2022:0931-1
- SUSE-SU-2022:0939-1
- SUSE-SU-2022:0940-1
- SUSE-SU-2022:0978-1
- SUSE-SU-2022:0984-1
- SUSE-SU-2022:0991-1
- SUSE-SU-2022:0998-1
- SUSE-SU-2022:1012-1
- SUSE-SU-2022:1035-1
- SUSE-SU-2022:1036-1
- SUSE-SU-2022:1037-1
- SUSE-SU-2022:1038-1
- SUSE-SU-2022:1039-1
- SUSE-SU-2022:1196-1
- SUSE-SU-2022:1257-1
- SUSE-SU-2022:1285-1
- SUSE-SU-2022:1300-1
- SUSE-SU-2022:1359-1
- SUSE-SU-2022:1375-1
- SUSE-SU-2022:1408-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- USN-5302-1
- USN-5317-1
- USN-5318-1
- USN-5319-1
- USN-5337-1
- USN-5338-1
- USN-5339-1
- USN-5343-1
- USN-5362-1
- USN-5368-1
- USN-5377-1
- USN-5383-1
- USN-5384-1
- USN-5385-1
- USN-6001-1
- USN-6013-1
- USN-6014-1
- USN-6681-1
- USN-6681-2
- USN-6681-3
- USN-6681-4
- USN-6716-1
- VU:155143
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |