[SUSE-SU-2022:4273-1] Security update for the Linux Kernel
Severity
Important
Affected Packages
6
CVEs
21
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated.
The following security bugs were fixed:
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
- CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
- CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bnc#1203322).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
- acpi: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802).
- acpi: processor_idle: Skip dummy wait if kernel is in guest (bnc#1203802).
- amd-xgbe: Update DMA coherency values (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
- bnxt_en: reverse order of TX disable and carrier off (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- i40e: Fix flow for IPv6 next header (extension header) (git-fixes).
- i40e: Fix overwriting flow control settings during driver loading (git-fixes).
- i40e: improve locking of mac_filter_hash (git-fixes).
- input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes).
- input: xpad - add supported devices as contributed on github (git-fixes).
- ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972)
- kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
- locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes).
- memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755).
- net/mlx4: Fix EEPROM dump support (git-fixes).
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: dsa: mt7530: add the missing RxUnicast MIB counter (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: vxge: fix use-after-free in vxge_device_unregister (git-fixes).
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified (git-fixes).
- ppp: Fix generating ppp unit id when ifname is not specified (git-fixes).
- quota: widen timestamps for the fs_disk_quota structure (bsc#1203387).
- r8169: fix jumbo packet handling on RTL8168e (git-fixes).
- revert 'niu: fix missing checks of niu_pci_eeprom_read' (git-fixes).
- s390/guarded storage: simplify task exit handling (bsc#1203254 LTC#199911).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203142 LTC#199883).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1203198 LTC#199898).
- s390: fix double free of GS and RI CBs on fork() failure (bsc#1203254 LTC#199911).
- usb: core: Fix RST error in hub.c (git-fixes).
- usb: serial: ch341: add basis for quirk detection (git-fixes).
- usb: serial: ch341: fix lockup of devices with limited prescaler (git-fixes).
- usb: serial: ch341: fix lost character on LCR updates (git-fixes).
- usb: serial: ch341: fix receiver regression (git-fixes).
- usb: serial: ch341: reimplement line-speed handling (git-fixes).
- usb: serial: cp210x: add Decagon UCA device id (git-fixes).
- usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel EM060K modem (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add support for OPPO R11 diag port (git-fixes).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xfs: account finobt blocks properly in perag reservation (bsc#1203387).
- xfs: enable big timestamps (bsc#1203387).
- xfs: enable new inode btree counters feature (bsc#1203387).
- xfs: explicitly define inode timestamp range (bsc#1203387).
- xfs: preserve default grace interval during quotacheck (bsc#1203387).
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- xfs: use a struct timespec64 for the in-core crtime (bsc#1203387).
- xfs: use the finobt block counts to speed up mount times (bsc#1203387).
- xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387).
- xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387).
Package | Affected Version |
---|---|
pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 | < 4.12.14-16.115.1 |
pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 | < 4.12.14-16.115.1 |
pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 | < 4.12.14-16.115.1 |
pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 | < 4.12.14-16.115.1 |
pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 | < 4.12.14-16.115.1 |
pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 | < 4.12.14-16.115.1 |
- ID
- SUSE-SU-2022:4273-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20224273-1/
- Published
-
2022-11-29T14:23:52
(21 months ago) - Modified
-
2022-11-29T14:23:52
(21 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2022-1636
- ALAS-2022-1645
- ALAS-2023-1707
- ALAS2-2022-1838
- ALAS2-2022-1852
- ALAS2-2022-1876
- ALAS2-2022-1903
- ALSA-2022:1988
- ALSA-2023:0101
- ALSA-2023:0334
- ALSA-2023:2458
- ALSA-2023:2951
- ALSA-2023:7077
- ALSA-2024:0897
- ALSA-2024:3138
- DSA-5173-1
- DSA-5257-1
- DSA-5324-1
- ELSA-2022-10065
- ELSA-2022-10072
- ELSA-2022-10073
- ELSA-2022-10079
- ELSA-2022-10081
- ELSA-2022-10108
- ELSA-2022-1988
- ELSA-2022-9709
- ELSA-2022-9710
- ELSA-2022-9852
- ELSA-2023-0101
- ELSA-2023-0334
- ELSA-2023-0399
- ELSA-2023-1091
- ELSA-2023-12109
- ELSA-2023-12116
- ELSA-2023-12117
- ELSA-2023-12118
- ELSA-2023-12120
- ELSA-2023-12199
- ELSA-2023-12200
- ELSA-2023-12375
- ELSA-2023-12565
- ELSA-2023-1987
- ELSA-2023-2458
- ELSA-2023-2951
- ELSA-2023-6583
- ELSA-2023-7077
- ELSA-2024-0461
- ELSA-2024-0897
- ELSA-2024-12094
- ELSA-2024-12169
- ELSA-2024-3138
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-2cfbe17910
- FEDORA-2022-b948fc3cfb
- MS:CVE-2021-4037
- MS:CVE-2022-2153
- MS:CVE-2022-3521
- MS:CVE-2022-3542
- MS:CVE-2022-3545
- MS:CVE-2022-3586
- MS:CVE-2022-3594
- MS:CVE-2022-40307
- MS:CVE-2022-40768
- MS:CVE-2022-42703
- MS:CVE-2022-43750
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RHSA-2023:0101
- RHSA-2023:0114
- RHSA-2023:0123
- RHSA-2023:0300
- RHSA-2023:0334
- RHSA-2023:0348
- RHSA-2023:0399
- RHSA-2023:0400
- RHSA-2023:0404
- RHSA-2023:1091
- RHSA-2023:1092
- RHSA-2023:1987
- RHSA-2023:1988
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:2736
- RHSA-2023:2951
- RHSA-2023:6901
- RHSA-2023:7077
- RHSA-2024:0881
- RHSA-2024:0897
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2022:1988
- RLSA-2023:0101
- RLSA-2023:0334
- RLSA-2024:3138
- SSA:2022-333-01
- SSA:2023-048-01
- SUSE-SU-2022:1257-1
- SUSE-SU-2022:1651-1
- SUSE-SU-2022:1668-1
- SUSE-SU-2022:1669-1
- SUSE-SU-2022:1676-1
- SUSE-SU-2022:1686-1
- SUSE-SU-2022:1687-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3775-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:3810-1
- SUSE-SU-2022:3897-1
- SUSE-SU-2022:3929-1
- SUSE-SU-2022:3930-1
- SUSE-SU-2022:3998-1
- SUSE-SU-2022:4024-1
- SUSE-SU-2022:4027-1
- SUSE-SU-2022:4030-1
- SUSE-SU-2022:4033-1
- SUSE-SU-2022:4034-1
- SUSE-SU-2022:4035-1
- SUSE-SU-2022:4039-1
- SUSE-SU-2022:4053-1
- SUSE-SU-2022:4072-1
- SUSE-SU-2022:4100-1
- SUSE-SU-2022:4112-1
- SUSE-SU-2022:4113-1
- SUSE-SU-2022:4129-1
- SUSE-SU-2022:4272-1
- SUSE-SU-2022:4506-1
- SUSE-SU-2022:4513-1
- SUSE-SU-2022:4515-1
- SUSE-SU-2022:4516-1
- SUSE-SU-2022:4517-1
- SUSE-SU-2022:4518-1
- SUSE-SU-2022:4520-1
- SUSE-SU-2022:4527-1
- SUSE-SU-2022:4528-1
- SUSE-SU-2022:4533-1
- SUSE-SU-2022:4534-1
- SUSE-SU-2022:4539-1
- SUSE-SU-2022:4543-1
- SUSE-SU-2022:4544-1
- SUSE-SU-2022:4545-1
- SUSE-SU-2022:4546-1
- SUSE-SU-2022:4550-1
- SUSE-SU-2022:4551-1
- SUSE-SU-2022:4559-1
- SUSE-SU-2022:4560-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4562-1
- SUSE-SU-2022:4569-1
- SUSE-SU-2022:4573-1
- SUSE-SU-2022:4574-1
- SUSE-SU-2022:4577-1
- SUSE-SU-2022:4580-1
- SUSE-SU-2022:4587-1
- SUSE-SU-2022:4589-1
- SUSE-SU-2022:4595-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2022:4614-1
- SUSE-SU-2022:4615-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0226-1
- SUSE-SU-2023:0227-1
- SUSE-SU-2023:0229-1
- SUSE-SU-2023:0231-1
- SUSE-SU-2023:0235-1
- SUSE-SU-2023:0237-1
- SUSE-SU-2023:0238-1
- SUSE-SU-2023:0240-1
- SUSE-SU-2023:0245-1
- SUSE-SU-2023:0250-1
- SUSE-SU-2023:0262-1
- SUSE-SU-2023:0263-1
- SUSE-SU-2023:0267-1
- SUSE-SU-2023:0270-1
- SUSE-SU-2023:0271-1
- SUSE-SU-2023:0277-1
- SUSE-SU-2023:0281-1
- SUSE-SU-2023:0331-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2929-1
- SUSE-SU-2024:2940-1
- USN-5650-1
- USN-5693-1
- USN-5727-1
- USN-5727-2
- USN-5728-1
- USN-5728-2
- USN-5728-3
- USN-5729-1
- USN-5729-2
- USN-5754-1
- USN-5754-2
- USN-5755-1
- USN-5755-2
- USN-5756-1
- USN-5756-2
- USN-5756-3
- USN-5757-1
- USN-5757-2
- USN-5758-1
- USN-5773-1
- USN-5774-1
- USN-5779-1
- USN-5780-1
- USN-5789-1
- USN-5790-1
- USN-5791-1
- USN-5791-2
- USN-5791-3
- USN-5792-1
- USN-5792-2
- USN-5793-1
- USN-5793-2
- USN-5793-3
- USN-5793-4
- USN-5815-1
- USN-5853-1
- USN-5854-1
- USN-5856-1
- USN-5858-1
- USN-5859-1
- USN-5861-1
- USN-5862-1
- USN-5865-1
- USN-5874-1
- USN-5875-1
- USN-5877-1
- USN-5883-1
- USN-5909-1
- USN-5911-1
- USN-5912-1
- USN-5913-1
- USN-5916-1
- USN-5917-1
- USN-5918-1
- USN-5919-1
- USN-5920-1
- USN-5924-1
- USN-5925-1
- USN-5927-1
- USN-5929-1
- USN-5934-1
- USN-5935-1
- USN-5938-1
- USN-5939-1
- USN-5940-1
- USN-5941-1
- USN-5950-1
- USN-5951-1
- USN-5962-1
- USN-5975-1
- USN-5976-1
- USN-5981-1
- USN-5982-1
- USN-5984-1
- USN-5987-1
- USN-5991-1
- USN-6000-1
- USN-6001-1
- USN-6004-1
- USN-6007-1
- USN-6009-1
- USN-6013-1
- USN-6014-1
- USN-6024-1
- USN-6030-1
- USN-6045-1
- USN-6071-1
- USN-6124-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 | suse | kernel-syms-azure | < 4.12.14-16.115.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 | suse | kernel-source-azure | < 4.12.14-16.115.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 | suse | kernel-devel-azure | < 4.12.14-16.115.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 | suse | kernel-azure | < 4.12.14-16.115.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 | suse | kernel-azure-devel | < 4.12.14-16.115.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 | suse | kernel-azure-base | < 4.12.14-16.115.1 | sles-12 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |