[SUSE-SU-2022:3274-1] Security update for the Linux Kernel
Severity
Important
Affected Packages
20
CVEs
15
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative (bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- ID
- SUSE-SU-2022:3274-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223274-1/
- Published
-
2022-09-14T07:59:26
(2 years ago) - Modified
-
2022-09-14T07:59:26
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2022-1577
- ALAS-2022-1591
- ALAS-2022-1636
- ALAS-2022-1645
- ALAS2-2022-1768
- ALAS2-2022-1798
- ALAS2-2022-1833
- ALAS2-2022-1838
- ALAS2-2022-1852
- ALAS2-2022-1888
- ALAS2-2024-2569
- ALSA-2022:1988
- ALSA-2022:7110
- ALSA-2022:7683
- ALSA-2022:8267
- ALSA-2023:2458
- ALSA-2023:2951
- DSA-5096-1
- DSA-5207-1
- ELSA-2022-10065
- ELSA-2022-1988
- ELSA-2022-7110
- ELSA-2022-7337
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9260
- ELSA-2022-9273
- ELSA-2022-9274
- ELSA-2022-9313
- ELSA-2022-9314
- ELSA-2022-9348
- ELSA-2022-9689
- ELSA-2022-9690
- ELSA-2022-9691
- ELSA-2022-9692
- ELSA-2022-9693
- ELSA-2022-9694
- ELSA-2022-9699
- ELSA-2022-9709
- ELSA-2022-9710
- ELSA-2022-9726
- ELSA-2022-9727
- ELSA-2022-9728
- ELSA-2022-9729
- ELSA-2022-9730
- ELSA-2022-9731
- ELSA-2022-9761
- ELSA-2022-9787
- ELSA-2022-9788
- ELSA-2022-9827
- ELSA-2022-9828
- ELSA-2022-9829
- ELSA-2022-9830
- ELSA-2022-9852
- ELSA-2022-9870
- ELSA-2022-9871
- ELSA-2022-9926
- ELSA-2022-9927
- ELSA-2022-9930
- ELSA-2022-9931
- ELSA-2022-9969
- ELSA-2022-9998
- ELSA-2022-9999
- ELSA-2023-2458
- ELSA-2023-2951
- ELSA-2024-2004
- FEDORA-2022-35c14ba5bb
- FEDORA-2022-484e226872
- FEDORA-2022-6835ddb6d8
- FEDORA-2022-9bbb1d9b7b
- FEDORA-2022-ccb0138bb6
- MS:CVE-2021-4203
- MS:CVE-2022-2977
- MS:CVE-2022-3028
- MS:CVE-2022-36879
- MS:CVE-2022-36946
- RHSA-2021:1578
- RHSA-2021:4140
- RHSA-2021:4356
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2022:7110
- RHSA-2022:7134
- RHSA-2022:7137
- RHSA-2022:7337
- RHSA-2022:7338
- RHSA-2022:7344
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:2736
- RHSA-2023:2951
- RHSA-2024:2003
- RHSA-2024:2004
- RLSA-2022:1988
- RLSA-2022:7110
- RLSA-2022:7683
- SSA:2022-031-01
- SSA:2022-237-02
- SSA:2022-333-01
- SUSE-SU-2022:2719-1
- SUSE-SU-2022:2720-1
- SUSE-SU-2022:2721-1
- SUSE-SU-2022:2723-1
- SUSE-SU-2022:2741-1
- SUSE-SU-2022:2803-1
- SUSE-SU-2022:2809-1
- SUSE-SU-2022:2827-1
- SUSE-SU-2022:2840-1
- SUSE-SU-2022:2875-1
- SUSE-SU-2022:2875-2
- SUSE-SU-2022:2892-1
- SUSE-SU-2022:2892-2
- SUSE-SU-2022:2910-1
- SUSE-SU-2022:3061-1
- SUSE-SU-2022:3064-1
- SUSE-SU-2022:3072-1
- SUSE-SU-2022:3088-1
- SUSE-SU-2022:3108-1
- SUSE-SU-2022:3123-1
- SUSE-SU-2022:3263-1
- SUSE-SU-2022:3264-1
- SUSE-SU-2022:3265-1
- SUSE-SU-2022:3282-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3291-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3294-1
- SUSE-SU-2022:3408-1
- SUSE-SU-2022:3422-1
- SUSE-SU-2022:3450-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:4024-1
- SUSE-SU-2022:4027-1
- SUSE-SU-2022:4030-1
- SUSE-SU-2022:4033-1
- SUSE-SU-2022:4034-1
- SUSE-SU-2022:4035-1
- SUSE-SU-2022:4039-1
- SUSE-SU-2022:4100-1
- SUSE-SU-2022:4112-1
- SUSE-SU-2022:4113-1
- SUSE-SU-2022:4129-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:0747-1
- SUSE-SU-2023:0768-1
- SUSE-SU-2023:0852-1
- SUSE-SU-2023:1848-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2929-1
- SUSE-SU-2024:2940-1
- USN-5557-1
- USN-5560-1
- USN-5560-2
- USN-5562-1
- USN-5564-1
- USN-5565-1
- USN-5566-1
- USN-5567-1
- USN-5580-1
- USN-5582-1
- USN-5588-1
- USN-5590-1
- USN-5621-1
- USN-5622-1
- USN-5623-1
- USN-5624-1
- USN-5630-1
- USN-5633-1
- USN-5634-1
- USN-5635-1
- USN-5639-1
- USN-5640-1
- USN-5644-1
- USN-5647-1
- USN-5648-1
- USN-5650-1
- USN-5652-1
- USN-5654-1
- USN-5655-1
- USN-5660-1
- USN-5667-1
- USN-5668-1
- USN-5677-1
- USN-5682-1
- USN-5683-1
- USN-5693-1
- USN-5703-1
- USN-5706-1
- USN-5727-1
- USN-5727-2
- USN-5728-1
- USN-5728-2
- USN-5728-3
- USN-5729-1
- USN-5729-2
- USN-5774-1
- USN-5854-1
- USN-5861-1
- USN-5862-1
- USN-5865-1
- USN-5883-1
- USN-5913-1
- USN-5924-1
- USN-5975-1
- USN-6001-1
- USN-6007-1
- USN-6013-1
- USN-6014-1
- USN-6221-1
- VMSA-2022-0020.2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=4 | suse | kernel-syms | < 4.12.14-95.108.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12&sp=4 | suse | kernel-syms | < 4.12.14-95.108.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12&sp=4 | suse | kernel-syms | < 4.12.14-95.108.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-12&sp=4 | suse | kernel-syms | < 4.12.14-95.108.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=4 | suse | kernel-source | < 4.12.14-95.108.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=4 | suse | kernel-macros | < 4.12.14-95.108.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=4 | suse | kernel-devel | < 4.12.14-95.108.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=4 | suse | kernel-default | < 4.12.14-95.108.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12&sp=4 | suse | kernel-default | < 4.12.14-95.108.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12&sp=4 | suse | kernel-default | < 4.12.14-95.108.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-12&sp=4 | suse | kernel-default | < 4.12.14-95.108.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12&sp=4 | suse | kernel-default-man | < 4.12.14-95.108.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=4 | suse | kernel-default-devel | < 4.12.14-95.108.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12&sp=4 | suse | kernel-default-devel | < 4.12.14-95.108.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12&sp=4 | suse | kernel-default-devel | < 4.12.14-95.108.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-12&sp=4 | suse | kernel-default-devel | < 4.12.14-95.108.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=4 | suse | kernel-default-base | < 4.12.14-95.108.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12&sp=4 | suse | kernel-default-base | < 4.12.14-95.108.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12&sp=4 | suse | kernel-default-base | < 4.12.14-95.108.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-12&sp=4 | suse | kernel-default-base | < 4.12.14-95.108.1 | sles-12 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |