1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2022:3450-1

[SUSE-SU-2022:3450-1] Security update for the Linux Kernel

Severity Important
Affected Packages 32
CVEs 20
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
  • CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
  • CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
  • CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
  • CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
  • CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
  • CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
  • CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
  • CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
  • CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).
  • CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
  • CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
  • CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
  • CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
  • CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
  • CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
  • CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
  • CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015)
  • CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665).
  • CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).

The following non-security bugs were fixed:

  • cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
  • cifs: skip trailing separators of prefix paths (bsc#1188944).
  • config: Update files NVRAM=y (bsc#1201361 bsc#1192968).
  • kernel-obs-build: include qemu_fw_cfg (boo#1201705)
  • lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
  • md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
  • mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
  • mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
  • net_sched: cls_route: disallow handle of 0 (bsc#1202393).
  • objtool: Add support for intra-function calls (bsc#1202396).
  • objtool: Make handle_insn_ops() unconditional (bsc#1202396).
  • objtool: Remove INSN_STACK (bsc#1202396).
  • objtool: Rework allocating stack_ops on decode (bsc#1202396).
  • objtool: Support multiple stack_op per instruction (bsc#1202396).
  • rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
  • tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
  • tcp: change source port randomizarion at connect() time (bsc#1180153).
Package Affected Version
pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-preempt?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-preempt?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-preempt-devel?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-preempt-devel?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1.150200.9.61.1
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1.150200.9.61.1
pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1.150200.9.61.1
pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.129.1.150200.9.61.1
ID
SUSE-SU-2022:3450-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2022/suse-su-20223450-1/
Published
2022-09-28T06:48:59
(23 months ago)
Modified
2022-09-28T06:48:59
(23 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3450-1.json
Suse URL for SUSE-SU-2022:3450-1 https://www.suse.com/support/update/announcement/2022/suse-su-20223450-1/
Suse E-Mail link for SUSE-SU-2022:3450-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012439.html
Bugzilla SUSE Bug 1023051 https://bugzilla.suse.com/1023051
Bugzilla SUSE Bug 1180153 https://bugzilla.suse.com/1180153
Bugzilla SUSE Bug 1188944 https://bugzilla.suse.com/1188944
Bugzilla SUSE Bug 1191881 https://bugzilla.suse.com/1191881
Bugzilla SUSE Bug 1192968 https://bugzilla.suse.com/1192968
Bugzilla SUSE Bug 1194272 https://bugzilla.suse.com/1194272
Bugzilla SUSE Bug 1194535 https://bugzilla.suse.com/1194535
Bugzilla SUSE Bug 1196616 https://bugzilla.suse.com/1196616
Bugzilla SUSE Bug 1197158 https://bugzilla.suse.com/1197158
Bugzilla SUSE Bug 1199482 https://bugzilla.suse.com/1199482
Bugzilla SUSE Bug 1199665 https://bugzilla.suse.com/1199665
Bugzilla SUSE Bug 1201726 https://bugzilla.suse.com/1201726
Bugzilla SUSE Bug 1201948 https://bugzilla.suse.com/1201948
Bugzilla SUSE Bug 1202096 https://bugzilla.suse.com/1202096
Bugzilla SUSE Bug 1202097 https://bugzilla.suse.com/1202097
Bugzilla SUSE Bug 1202154 https://bugzilla.suse.com/1202154
Bugzilla SUSE Bug 1202346 https://bugzilla.suse.com/1202346
Bugzilla SUSE Bug 1202347 https://bugzilla.suse.com/1202347
Bugzilla SUSE Bug 1202393 https://bugzilla.suse.com/1202393
Bugzilla SUSE Bug 1202396 https://bugzilla.suse.com/1202396
Bugzilla SUSE Bug 1202564 https://bugzilla.suse.com/1202564
Bugzilla SUSE Bug 1202672 https://bugzilla.suse.com/1202672
Bugzilla SUSE Bug 1202860 https://bugzilla.suse.com/1202860
Bugzilla SUSE Bug 1202895 https://bugzilla.suse.com/1202895
Bugzilla SUSE Bug 1202898 https://bugzilla.suse.com/1202898
Bugzilla SUSE Bug 1203098 https://bugzilla.suse.com/1203098
Bugzilla SUSE Bug 1203107 https://bugzilla.suse.com/1203107
Bugzilla SUSE Bug 1203159 https://bugzilla.suse.com/1203159
CVE SUSE CVE CVE-2016-3695 page https://www.suse.com/security/cve/CVE-2016-3695/
CVE SUSE CVE CVE-2020-27784 page https://www.suse.com/security/cve/CVE-2020-27784/
CVE SUSE CVE CVE-2020-36516 page https://www.suse.com/security/cve/CVE-2020-36516/
CVE SUSE CVE CVE-2021-4155 page https://www.suse.com/security/cve/CVE-2021-4155/
CVE SUSE CVE CVE-2021-4203 page https://www.suse.com/security/cve/CVE-2021-4203/
CVE SUSE CVE CVE-2022-1012 page https://www.suse.com/security/cve/CVE-2022-1012/
CVE SUSE CVE CVE-2022-20166 page https://www.suse.com/security/cve/CVE-2022-20166/
CVE SUSE CVE CVE-2022-20368 page https://www.suse.com/security/cve/CVE-2022-20368/
CVE SUSE CVE CVE-2022-20369 page https://www.suse.com/security/cve/CVE-2022-20369/
CVE SUSE CVE CVE-2022-2588 page https://www.suse.com/security/cve/CVE-2022-2588/
CVE SUSE CVE CVE-2022-26373 page https://www.suse.com/security/cve/CVE-2022-26373/
CVE SUSE CVE CVE-2022-2639 page https://www.suse.com/security/cve/CVE-2022-2639/
CVE SUSE CVE CVE-2022-2663 page https://www.suse.com/security/cve/CVE-2022-2663/
CVE SUSE CVE CVE-2022-2905 page https://www.suse.com/security/cve/CVE-2022-2905/
CVE SUSE CVE CVE-2022-29581 page https://www.suse.com/security/cve/CVE-2022-29581/
CVE SUSE CVE CVE-2022-2977 page https://www.suse.com/security/cve/CVE-2022-2977/
CVE SUSE CVE CVE-2022-3028 page https://www.suse.com/security/cve/CVE-2022-3028/
CVE SUSE CVE CVE-2022-32250 page https://www.suse.com/security/cve/CVE-2022-32250/
CVE SUSE CVE CVE-2022-36879 page https://www.suse.com/security/cve/CVE-2022-36879/
CVE SUSE CVE CVE-2022-39188 page https://www.suse.com/security/cve/CVE-2022-39188/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.129.1 sles-15 s390x
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.129.1 sles-15 ppc64le
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.129.1 sles-15 s390x
Affected pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.129.1 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15&sp=2 suse kernel-source < 5.3.18-150200.24.129.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-preempt?arch=x86_64&distro=sles-15&sp=2 suse kernel-preempt < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-preempt?arch=aarch64&distro=sles-15&sp=2 suse kernel-preempt < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-preempt-devel?arch=x86_64&distro=sles-15&sp=2 suse kernel-preempt-devel < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-preempt-devel?arch=aarch64&distro=sles-15&sp=2 suse kernel-preempt-devel < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.129.1 sles-15 s390x
Affected pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.129.1 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15&sp=2 suse kernel-macros < 5.3.18-150200.24.129.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15&sp=2 suse kernel-docs < 5.3.18-150200.24.129.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15&sp=2 suse kernel-devel < 5.3.18-150200.24.129.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.129.1 sles-15 s390x
Affected pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.129.1 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.129.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.129.1 sles-15 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.129.1 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.129.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.129.1.150200.9.61.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.129.1.150200.9.61.1 sles-15 s390x
Affected pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.129.1.150200.9.61.1 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.129.1.150200.9.61.1 sles-15 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date