[SUSE-SU-2022:2407-1] Security update for the Linux Kernel

Severity Important

Affected Packages 33

CVEs 15

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)

The following non-security bugs were fixed:

exec: Force single empty string when argv is empty (bsc#1200571).

Package	Affected Version
pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-vanilla-base?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-vanilla-base?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-vanilla-base?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-vanilla-base?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15	< 4.12.14-150000.150.95.1
pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15	< 4.12.14-150000.150.95.1

ID

SUSE-SU-2022:2407-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2022/suse-su-20222407-1/

Published

2022-07-15T09:51:14
(2 years ago)

Modified

2022-07-15T09:51:14
(2 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2407-1.json
Suse	URL for SUSE-SU-2022:2407-1	https://www.suse.com/support/update/announcement/2022/suse-su-20222407-1/
Suse	E-Mail link for SUSE-SU-2022:2407-1	https://lists.suse.com/pipermail/sle-security-updates/2022-July/011557.html
Bugzilla	SUSE Bug 1177282	https://bugzilla.suse.com/1177282
Bugzilla	SUSE Bug 1194013	https://bugzilla.suse.com/1194013
Bugzilla	SUSE Bug 1196901	https://bugzilla.suse.com/1196901
Bugzilla	SUSE Bug 1199487	https://bugzilla.suse.com/1199487
Bugzilla	SUSE Bug 1199657	https://bugzilla.suse.com/1199657
Bugzilla	SUSE Bug 1200571	https://bugzilla.suse.com/1200571
Bugzilla	SUSE Bug 1200599	https://bugzilla.suse.com/1200599
Bugzilla	SUSE Bug 1200604	https://bugzilla.suse.com/1200604
Bugzilla	SUSE Bug 1200605	https://bugzilla.suse.com/1200605
Bugzilla	SUSE Bug 1200608	https://bugzilla.suse.com/1200608
Bugzilla	SUSE Bug 1200619	https://bugzilla.suse.com/1200619
Bugzilla	SUSE Bug 1200692	https://bugzilla.suse.com/1200692
Bugzilla	SUSE Bug 1200762	https://bugzilla.suse.com/1200762
Bugzilla	SUSE Bug 1201050	https://bugzilla.suse.com/1201050
Bugzilla	SUSE Bug 1201080	https://bugzilla.suse.com/1201080
Bugzilla	SUSE Bug 1201251	https://bugzilla.suse.com/1201251
CVE	SUSE CVE CVE-2020-26541 page	https://www.suse.com/security/cve/CVE-2020-26541/
CVE	SUSE CVE CVE-2021-26341 page	https://www.suse.com/security/cve/CVE-2021-26341/
CVE	SUSE CVE CVE-2021-4157 page	https://www.suse.com/security/cve/CVE-2021-4157/
CVE	SUSE CVE CVE-2022-1679 page	https://www.suse.com/security/cve/CVE-2022-1679/
CVE	SUSE CVE CVE-2022-20132 page	https://www.suse.com/security/cve/CVE-2022-20132/
CVE	SUSE CVE CVE-2022-20141 page	https://www.suse.com/security/cve/CVE-2022-20141/
CVE	SUSE CVE CVE-2022-20154 page	https://www.suse.com/security/cve/CVE-2022-20154/
CVE	SUSE CVE CVE-2022-2318 page	https://www.suse.com/security/cve/CVE-2022-2318/
CVE	SUSE CVE CVE-2022-26365 page	https://www.suse.com/security/cve/CVE-2022-26365/
CVE	SUSE CVE CVE-2022-29900 page	https://www.suse.com/security/cve/CVE-2022-29900/
CVE	SUSE CVE CVE-2022-29901 page	https://www.suse.com/security/cve/CVE-2022-29901/
CVE	SUSE CVE CVE-2022-33740 page	https://www.suse.com/security/cve/CVE-2022-33740/
CVE	SUSE CVE CVE-2022-33741 page	https://www.suse.com/security/cve/CVE-2022-33741/
CVE	SUSE CVE CVE-2022-33742 page	https://www.suse.com/security/cve/CVE-2022-33742/
CVE	SUSE CVE CVE-2022-33981 page	https://www.suse.com/security/cve/CVE-2022-33981/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15	suse	reiserfs-kmp-default	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15	suse	reiserfs-kmp-default	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15	suse	reiserfs-kmp-default	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15	suse	reiserfs-kmp-default	< 4.12.14-150000.150.95.1	sles-15	aarch64
Affected	pkg:rpm/suse/kernel-vanilla-base?arch=x86_64&distro=sles-15	suse	kernel-vanilla-base	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/kernel-vanilla-base?arch=s390x&distro=sles-15	suse	kernel-vanilla-base	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-vanilla-base?arch=ppc64le&distro=sles-15	suse	kernel-vanilla-base	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/kernel-vanilla-base?arch=aarch64&distro=sles-15	suse	kernel-vanilla-base	< 4.12.14-150000.150.95.1	sles-15	aarch64
Affected	pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15	suse	kernel-syms	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15	suse	kernel-syms	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15	suse	kernel-syms	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15	suse	kernel-syms	< 4.12.14-150000.150.95.1	sles-15	aarch64
Affected	pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15	suse	kernel-source	< 4.12.14-150000.150.95.1	sles-15	noarch
Affected	pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15	suse	kernel-obs-build	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15	suse	kernel-obs-build	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15	suse	kernel-obs-build	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15	suse	kernel-obs-build	< 4.12.14-150000.150.95.1	sles-15	aarch64
Affected	pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15	suse	kernel-macros	< 4.12.14-150000.150.95.1	sles-15	noarch
Affected	pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15	suse	kernel-docs	< 4.12.14-150000.150.95.1	sles-15	noarch
Affected	pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15	suse	kernel-devel	< 4.12.14-150000.150.95.1	sles-15	noarch
Affected	pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15	suse	kernel-default	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15	suse	kernel-default	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15	suse	kernel-default	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15	suse	kernel-default	< 4.12.14-150000.150.95.1	sles-15	aarch64
Affected	pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-15	suse	kernel-default-man	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15	suse	kernel-default-devel	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15	suse	kernel-default-devel	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15	suse	kernel-default-devel	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15	suse	kernel-default-devel	< 4.12.14-150000.150.95.1	sles-15	aarch64
Affected	pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15	suse	kernel-default-base	< 4.12.14-150000.150.95.1	sles-15	x86_64
Affected	pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15	suse	kernel-default-base	< 4.12.14-150000.150.95.1	sles-15	s390x
Affected	pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15	suse	kernel-default-base	< 4.12.14-150000.150.95.1	sles-15	ppc64le
Affected	pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15	suse	kernel-default-base	< 4.12.14-150000.150.95.1	sles-15	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date