1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2022:1037-1

[SUSE-SU-2022:1037-1] Security update for the Linux Kernel

Severity Important
CVEs 12
Info References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
  • CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
  • CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
  • CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
  • CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
  • CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
  • CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
  • CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
  • CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
  • CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
  • CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
  • CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864).

The following non-security bugs were fixed:

  • ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
  • ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
  • ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
  • ASoC: cs4265: Fix the duplicated control name (git-fixes).
  • ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
  • ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
  • ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
  • Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
  • EDAC/altera: Fix deferred probing (bsc#1178134).
  • HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
  • HID: add mapping for KEY_DICTATE (git-fixes).
  • Hand over the maintainership to SLE15-SP3 maintainers
  • IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
  • IB/hfi1: Fix early init panic (git-fixes).
  • IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
  • IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes).
  • IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
  • Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
  • Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
  • Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
  • RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes).
  • RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147).
  • RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes).
  • RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes).
  • RDMA/core: Do not infoleak GRH fields (git-fixes).
  • RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes).
  • RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
  • RDMA/hns: Validate the pkey index (git-fixes).
  • RDMA/ib_srp: Fix a deadlock (git-fixes).
  • RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
  • RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).
  • RDMA/rxe: Fix a typo in opcode name (git-fixes).
  • RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
  • RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
  • RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
  • Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes).
  • SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
  • USB: gadget: validate endpoint index for xilinx udc (git-fixes).
  • USB: gadget: validate interface OS descriptor requests (git-fixes).
  • USB: hub: Clean up use of port initialization schemes and retries (git-fixes).
  • USB: serial: option: add Telit LE910R1 compositions (git-fixes).
  • USB: serial: option: add support for DW5829e (git-fixes).
  • USB: zaurus: support another broken Zaurus (git-fixes).
  • arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
  • asix: fix uninit-value in asix_mdio_read() (git-fixes).
  • ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
  • batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
  • batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
  • batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
  • blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787).
  • bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
  • bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
  • bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
  • bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
  • bonding: force carrier update when releasing slave (git-fixes).
  • can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
  • cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
  • cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
  • clk: jz4725b: fix mmc0 clock gating (git-fixes).
  • cpufreq: schedutil: Use kobject release() method to free (git-fixes)
  • cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
  • cputime, cpuacct: Include guest time in user time in (git-fixes)
  • dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).
  • dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).
  • dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
  • drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
  • drm/edid: Always set RGB444 (git-fixes).
  • drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).
  • drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).
  • drm/i915: Nuke not needed members of dram_info (bsc#1195211).
  • drm/i915: Remove memory frequency calculation (bsc#1195211).
  • drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).
  • efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
  • exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
  • exfat: fix incorrect loading of i_blocks for large files (git-fixes).
  • firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
  • gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).
  • gpio: tegra186: Fix chip_data type confusion (git-fixes).
  • gtp: remove useless rcu_read_lock() (git-fixes).
  • hamradio: fix macro redefine warning (git-fixes).
  • i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
  • iavf: Fix missing check for running netdev (git-fixes).
  • ice: initialize local variable 'tlv' (jsc#SLE-12878).
  • igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
  • igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
  • iio: Fix error handling for PM (git-fixes).
  • iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes).
  • iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
  • ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
  • mac80211: fix forwarded mesh frames AC & queue selection (git-fixes).
  • mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
  • mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
  • mask out added spinlock in rndis_params (git-fixes).
  • net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
  • net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
  • net/mlx5: Update the list of the PCI supported devices (git-fixes).
  • net/mlx5: Update the list of the PCI supported devices (git-fixes).
  • net/mlx5e: Fix modify header actions memory leak (git-fixes).
  • net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
  • net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
  • net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
  • net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
  • net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172).
  • net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172).
  • net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes).
  • net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes).
  • net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).
  • net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
  • net: sfc: Replace in_interrupt() usage (git-fixes).
  • net: tipc: validate domain record count on input (bsc#1195254).
  • net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
  • netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447).
  • netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
  • nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
  • nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
  • ntb: intel: fix port config status offset for SPR (git-fixes).
  • nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
  • nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes).
  • nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes).
  • nvme: fix a possible use-after-free in controller reset during load (git-fixes).
  • powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files.
  • powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
  • powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449).
  • powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
  • powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).
  • sched/core: Mitigate race (git-fixes)
  • scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).
  • scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
  • scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).
  • scsi: nsp_cs: Check of ioremap return value (git-fixes).
  • scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
  • scsi: smartpqi: Add PCI IDs (bsc#1196627).
  • scsi: ufs: Fix race conditions related to driver data (git-fixes).
  • selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).
  • soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
  • soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
  • soc: fsl: qe: Check of ioremap return value (git-fixes).
  • spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
  • sr9700: sanity check for packet length (bsc#1196836).
  • tracing: Fix return value of __setup handlers (git-fixes).
  • tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
  • tty: n_gsm: fix proper link termination after failed open (git-fixes).
  • usb: dwc2: use well defined macros for power_down (git-fixes).
  • usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
  • usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
  • usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
  • usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
  • vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes).
  • xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
  • xhci: re-initialize the HC during resume if HCE was set (git-fixes).
ID
SUSE-SU-2022:1037-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2022/suse-su-20221037-1/
Published
2022-03-30T07:36:59
(2 years ago)
Modified
2022-03-30T07:36:59
(2 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1037-1.json
Suse URL for SUSE-SU-2022:1037-1 https://www.suse.com/support/update/announcement/2022/suse-su-20221037-1/
Suse E-Mail link for SUSE-SU-2022:1037-1 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010570.html
Bugzilla SUSE Bug 1176447 https://bugzilla.suse.com/1176447
Bugzilla SUSE Bug 1176774 https://bugzilla.suse.com/1176774
Bugzilla SUSE Bug 1178134 https://bugzilla.suse.com/1178134
Bugzilla SUSE Bug 1179439 https://bugzilla.suse.com/1179439
Bugzilla SUSE Bug 1181147 https://bugzilla.suse.com/1181147
Bugzilla SUSE Bug 1191428 https://bugzilla.suse.com/1191428
Bugzilla SUSE Bug 1192273 https://bugzilla.suse.com/1192273
Bugzilla SUSE Bug 1193731 https://bugzilla.suse.com/1193731
Bugzilla SUSE Bug 1193787 https://bugzilla.suse.com/1193787
Bugzilla SUSE Bug 1193864 https://bugzilla.suse.com/1193864
Bugzilla SUSE Bug 1194463 https://bugzilla.suse.com/1194463
Bugzilla SUSE Bug 1194516 https://bugzilla.suse.com/1194516
Bugzilla SUSE Bug 1195211 https://bugzilla.suse.com/1195211
Bugzilla SUSE Bug 1195254 https://bugzilla.suse.com/1195254
Bugzilla SUSE Bug 1195403 https://bugzilla.suse.com/1195403
Bugzilla SUSE Bug 1195612 https://bugzilla.suse.com/1195612
Bugzilla SUSE Bug 1195897 https://bugzilla.suse.com/1195897
Bugzilla SUSE Bug 1195905 https://bugzilla.suse.com/1195905
Bugzilla SUSE Bug 1195939 https://bugzilla.suse.com/1195939
Bugzilla SUSE Bug 1195949 https://bugzilla.suse.com/1195949
Bugzilla SUSE Bug 1195987 https://bugzilla.suse.com/1195987
Bugzilla SUSE Bug 1196079 https://bugzilla.suse.com/1196079
Bugzilla SUSE Bug 1196095 https://bugzilla.suse.com/1196095
Bugzilla SUSE Bug 1196132 https://bugzilla.suse.com/1196132
Bugzilla SUSE Bug 1196155 https://bugzilla.suse.com/1196155
Bugzilla SUSE Bug 1196299 https://bugzilla.suse.com/1196299
Bugzilla SUSE Bug 1196301 https://bugzilla.suse.com/1196301
Bugzilla SUSE Bug 1196433 https://bugzilla.suse.com/1196433
Bugzilla SUSE Bug 1196468 https://bugzilla.suse.com/1196468
Bugzilla SUSE Bug 1196472 https://bugzilla.suse.com/1196472
Bugzilla SUSE Bug 1196627 https://bugzilla.suse.com/1196627
Bugzilla SUSE Bug 1196723 https://bugzilla.suse.com/1196723
Bugzilla SUSE Bug 1196779 https://bugzilla.suse.com/1196779
Bugzilla SUSE Bug 1196830 https://bugzilla.suse.com/1196830
Bugzilla SUSE Bug 1196836 https://bugzilla.suse.com/1196836
Bugzilla SUSE Bug 1196866 https://bugzilla.suse.com/1196866
Bugzilla SUSE Bug 1196868 https://bugzilla.suse.com/1196868
CVE SUSE CVE CVE-2021-0920 page https://www.suse.com/security/cve/CVE-2021-0920/
CVE SUSE CVE CVE-2021-39657 page https://www.suse.com/security/cve/CVE-2021-39657/
CVE SUSE CVE CVE-2021-44879 page https://www.suse.com/security/cve/CVE-2021-44879/
CVE SUSE CVE CVE-2022-0487 page https://www.suse.com/security/cve/CVE-2022-0487/
CVE SUSE CVE CVE-2022-0617 page https://www.suse.com/security/cve/CVE-2022-0617/
CVE SUSE CVE CVE-2022-0644 page https://www.suse.com/security/cve/CVE-2022-0644/
CVE SUSE CVE CVE-2022-24448 page https://www.suse.com/security/cve/CVE-2022-24448/
CVE SUSE CVE CVE-2022-24958 page https://www.suse.com/security/cve/CVE-2022-24958/
CVE SUSE CVE CVE-2022-24959 page https://www.suse.com/security/cve/CVE-2022-24959/
CVE SUSE CVE CVE-2022-25258 page https://www.suse.com/security/cve/CVE-2022-25258/
CVE SUSE CVE CVE-2022-25636 page https://www.suse.com/security/cve/CVE-2022-25636/
CVE SUSE CVE CVE-2022-26490 page https://www.suse.com/security/cve/CVE-2022-26490/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date