[SUSE-SU-2022:3450-1] Security update for the Linux Kernel
Severity
Important
Affected Packages
32
CVEs
20
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-1012: Fixed a memory leak problem that was found in the TCP source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015)
- CVE-2022-29581: Fixed improper update of reference count vulnerability in net/sched that allowed a local attacker to cause privilege escalation to root (bnc#1199665).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
The following non-security bugs were fixed:
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- config: Update files NVRAM=y (bsc#1201361 bsc#1192968).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- ID
- SUSE-SU-2022:3450-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223450-1/
- Published
-
2022-09-28T06:48:59
(23 months ago) - Modified
-
2022-09-28T06:48:59
(23 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2022-1563
- ALAS-2022-1577
- ALAS-2022-1591
- ALAS-2022-1604
- ALAS-2022-1636
- ALAS-2022-1645
- ALAS-2023-1688
- ALAS2-2022-1749
- ALAS2-2022-1768
- ALAS2-2022-1798
- ALAS2-2022-1813
- ALAS2-2022-1833
- ALAS2-2022-1838
- ALAS2-2022-1852
- ALAS2-2022-1888
- ALAS2-2024-2569
- ALSA-2022:0188
- ALSA-2022:1988
- ALSA-2022:5249
- ALSA-2022:5819
- ALSA-2022:7110
- ALSA-2022:7683
- ALSA-2022:8267
- ALSA-2023:2458
- ALSA-2023:2951
- DSA-5050-1
- DSA-5096-1
- DSA-5161-1
- DSA-5173-1
- DSA-5207-1
- DSA-5257-1
- ELSA-2022-0188
- ELSA-2022-0620
- ELSA-2022-10065
- ELSA-2022-10108
- ELSA-2022-1988
- ELSA-2022-5249
- ELSA-2022-5819
- ELSA-2022-7110
- ELSA-2022-7337
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9010
- ELSA-2022-9011
- ELSA-2022-9012
- ELSA-2022-9013
- ELSA-2022-9014
- ELSA-2022-9088
- ELSA-2022-9147
- ELSA-2022-9148
- ELSA-2022-9260
- ELSA-2022-9273
- ELSA-2022-9274
- ELSA-2022-9313
- ELSA-2022-9314
- ELSA-2022-9348
- ELSA-2022-9667
- ELSA-2022-9689
- ELSA-2022-9690
- ELSA-2022-9691
- ELSA-2022-9692
- ELSA-2022-9693
- ELSA-2022-9694
- ELSA-2022-9699
- ELSA-2022-9709
- ELSA-2022-9710
- ELSA-2022-9761
- ELSA-2022-9781
- ELSA-2022-9787
- ELSA-2022-9788
- ELSA-2022-9827
- ELSA-2022-9830
- ELSA-2022-9852
- ELSA-2022-9870
- ELSA-2022-9871
- ELSA-2022-9926
- ELSA-2022-9927
- ELSA-2022-9930
- ELSA-2022-9931
- ELSA-2022-9998
- ELSA-2022-9999
- ELSA-2023-2458
- ELSA-2023-2951
- FEDORA-2022-35c14ba5bb
- FEDORA-2022-484e226872
- FEDORA-2022-6835ddb6d8
- FEDORA-2022-9bbb1d9b7b
- FEDORA-2022-ccb0138bb6
- MS:CVE-2021-4155
- MS:CVE-2021-4203
- MS:CVE-2022-1012
- MS:CVE-2022-2905
- MS:CVE-2022-29581
- MS:CVE-2022-2977
- MS:CVE-2022-3028
- MS:CVE-2022-32250
- MS:CVE-2022-36879
- MS:CVE-2022-39188
- openSUSE-SU-2022:2177-1
- openSUSE-SU-2022:2549-1
- RHSA-2021:4140
- RHSA-2021:4356
- RHSA-2022:0176
- RHSA-2022:0188
- RHSA-2022:0232
- RHSA-2022:0592
- RHSA-2022:0620
- RHSA-2022:0622
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2022:5214
- RHSA-2022:5216
- RHSA-2022:5232
- RHSA-2022:5236
- RHSA-2022:5249
- RHSA-2022:5267
- RHSA-2022:5819
- RHSA-2022:5834
- RHSA-2022:5839
- RHSA-2022:7110
- RHSA-2022:7134
- RHSA-2022:7137
- RHSA-2022:7337
- RHSA-2022:7338
- RHSA-2022:7344
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:2736
- RHSA-2023:2951
- RLSA-2022:176
- RLSA-2022:1988
- RLSA-2022:5819
- RLSA-2022:7110
- RLSA-2022:7683
- SSA:2022-031-01
- SSA:2022-237-02
- SSA:2022-333-01
- SUSE-SU-2022:0362-1
- SUSE-SU-2022:0477-1
- SUSE-SU-2022:2172-1
- SUSE-SU-2022:2177-1
- SUSE-SU-2022:2214-1
- SUSE-SU-2022:2216-1
- SUSE-SU-2022:2230-1
- SUSE-SU-2022:2239-1
- SUSE-SU-2022:2245-1
- SUSE-SU-2022:2262-1
- SUSE-SU-2022:2268-1
- SUSE-SU-2022:2377-1
- SUSE-SU-2022:2382-1
- SUSE-SU-2022:2424-1
- SUSE-SU-2022:2424-2
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2549-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:2719-1
- SUSE-SU-2022:2720-1
- SUSE-SU-2022:2721-1
- SUSE-SU-2022:2722-1
- SUSE-SU-2022:2723-1
- SUSE-SU-2022:2741-1
- SUSE-SU-2022:2803-1
- SUSE-SU-2022:2827-1
- SUSE-SU-2022:2840-1
- SUSE-SU-2022:2875-1
- SUSE-SU-2022:2875-2
- SUSE-SU-2022:2892-1
- SUSE-SU-2022:2892-2
- SUSE-SU-2022:2910-1
- SUSE-SU-2022:3061-1
- SUSE-SU-2022:3064-1
- SUSE-SU-2022:3072-1
- SUSE-SU-2022:3088-1
- SUSE-SU-2022:3108-1
- SUSE-SU-2022:3123-1
- SUSE-SU-2022:3263-1
- SUSE-SU-2022:3264-1
- SUSE-SU-2022:3265-1
- SUSE-SU-2022:3274-1
- SUSE-SU-2022:3282-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3291-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3294-1
- SUSE-SU-2022:3342-1
- SUSE-SU-2022:3346-1
- SUSE-SU-2022:3350-1
- SUSE-SU-2022:3359-1
- SUSE-SU-2022:3360-1
- SUSE-SU-2022:3362-1
- SUSE-SU-2022:3366-1
- SUSE-SU-2022:3368-1
- SUSE-SU-2022:3369-1
- SUSE-SU-2022:3370-1
- SUSE-SU-2022:3372-1
- SUSE-SU-2022:3373-1
- SUSE-SU-2022:3377-1
- SUSE-SU-2022:3379-1
- SUSE-SU-2022:3406-1
- SUSE-SU-2022:3407-1
- SUSE-SU-2022:3408-1
- SUSE-SU-2022:3409-1
- SUSE-SU-2022:3412-1
- SUSE-SU-2022:3415-1
- SUSE-SU-2022:3422-1
- SUSE-SU-2022:3424-1
- SUSE-SU-2022:3432-1
- SUSE-SU-2022:3433-1
- SUSE-SU-2022:3445-1
- SUSE-SU-2022:3463-1
- SUSE-SU-2022:3464-1
- SUSE-SU-2022:3465-1
- SUSE-SU-2022:3476-1
- SUSE-SU-2022:3584-1
- SUSE-SU-2022:3586-1
- SUSE-SU-2022:3587-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:4024-1
- SUSE-SU-2022:4027-1
- SUSE-SU-2022:4030-1
- SUSE-SU-2022:4033-1
- SUSE-SU-2022:4034-1
- SUSE-SU-2022:4035-1
- SUSE-SU-2022:4039-1
- SUSE-SU-2022:4100-1
- SUSE-SU-2022:4112-1
- SUSE-SU-2022:4113-1
- SUSE-SU-2022:4129-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:0747-1
- SUSE-SU-2023:0768-1
- SUSE-SU-2023:0852-1
- SUSE-SU-2023:1848-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2929-1
- SUSE-SU-2024:2940-1
- USN-5278-1
- USN-5294-1
- USN-5294-2
- USN-5295-1
- USN-5295-2
- USN-5297-1
- USN-5298-1
- USN-5362-1
- USN-5442-1
- USN-5442-2
- USN-5443-1
- USN-5443-2
- USN-5444-1
- USN-5471-1
- USN-5557-1
- USN-5560-1
- USN-5560-2
- USN-5562-1
- USN-5564-1
- USN-5565-1
- USN-5566-1
- USN-5567-1
- USN-5580-1
- USN-5582-1
- USN-5588-1
- USN-5594-1
- USN-5599-1
- USN-5602-1
- USN-5616-1
- USN-5622-1
- USN-5623-1
- USN-5630-1
- USN-5639-1
- USN-5647-1
- USN-5650-1
- USN-5654-1
- USN-5660-1
- USN-5667-1
- USN-5668-1
- USN-5669-1
- USN-5669-2
- USN-5677-1
- USN-5678-1
- USN-5679-1
- USN-5682-1
- USN-5683-1
- USN-5684-1
- USN-5687-1
- USN-5693-1
- USN-5695-1
- USN-5703-1
- USN-5706-1
- USN-5727-1
- USN-5727-2
- USN-5728-1
- USN-5728-2
- USN-5728-3
- USN-5729-1
- USN-5729-2
- USN-5774-1
- USN-5790-1
- USN-5791-1
- USN-5791-2
- USN-5791-3
- USN-5792-1
- USN-5792-2
- USN-5793-1
- USN-5793-2
- USN-5793-3
- USN-5793-4
- USN-5815-1
- USN-5854-1
- USN-5861-1
- USN-5862-1
- USN-5865-1
- USN-5877-1
- USN-5883-1
- USN-5884-1
- USN-5913-1
- USN-5924-1
- USN-5926-1
- USN-5975-1
- USN-6001-1
- USN-6007-1
- USN-6013-1
- USN-6014-1
- USN-6221-1
- USN-6247-1
- VMSA-2022-0020.2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15&sp=2 | suse | reiserfs-kmp-default | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15&sp=2 | suse | reiserfs-kmp-default | < 5.3.18-150200.24.129.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15&sp=2 | suse | reiserfs-kmp-default | < 5.3.18-150200.24.129.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15&sp=2 | suse | reiserfs-kmp-default | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-syms | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15&sp=2 | suse | kernel-syms | < 5.3.18-150200.24.129.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15&sp=2 | suse | kernel-syms | < 5.3.18-150200.24.129.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-syms | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15&sp=2 | suse | kernel-source | < 5.3.18-150200.24.129.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/kernel-preempt?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-preempt | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-preempt?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-preempt | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-preempt-devel?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-preempt-devel | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-preempt-devel?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-preempt-devel | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-obs-build | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15&sp=2 | suse | kernel-obs-build | < 5.3.18-150200.24.129.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15&sp=2 | suse | kernel-obs-build | < 5.3.18-150200.24.129.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-obs-build | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15&sp=2 | suse | kernel-macros | < 5.3.18-150200.24.129.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15&sp=2 | suse | kernel-docs | < 5.3.18-150200.24.129.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15&sp=2 | suse | kernel-devel | < 5.3.18-150200.24.129.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-default | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15&sp=2 | suse | kernel-default | < 5.3.18-150200.24.129.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15&sp=2 | suse | kernel-default | < 5.3.18-150200.24.129.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-default | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-default-devel | < 5.3.18-150200.24.129.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15&sp=2 | suse | kernel-default-devel | < 5.3.18-150200.24.129.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15&sp=2 | suse | kernel-default-devel | < 5.3.18-150200.24.129.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-default-devel | < 5.3.18-150200.24.129.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15&sp=2 | suse | kernel-default-base | < 5.3.18-150200.24.129.1.150200.9.61.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15&sp=2 | suse | kernel-default-base | < 5.3.18-150200.24.129.1.150200.9.61.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15&sp=2 | suse | kernel-default-base | < 5.3.18-150200.24.129.1.150200.9.61.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15&sp=2 | suse | kernel-default-base | < 5.3.18-150200.24.129.1.150200.9.61.1 | sles-15 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |