1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2022:4505-1

[SUSE-SU-2022:4505-1] Security update for the Linux Kernel

Severity Important
Affected Packages 6
CVEs 16
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
  • CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114).
  • CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113).
  • CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113).
  • CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
  • CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
  • CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
  • CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
  • CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
  • CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
  • CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
  • CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
  • CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
  • CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
  • CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).

The following non-security bugs were fixed:

  • Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
  • Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617).
  • Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
  • Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
  • Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
  • Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617).
  • Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617).
  • Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617).
  • Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
  • Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
  • Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
  • Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
  • FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
  • FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
  • KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
  • KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
  • KVM: s390: Fix handle_sske page fault handling (git-fixes).
  • KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
  • KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION (git-fixes).
  • KVM: s390: reduce number of IO pins to 1 (git-fixes).
  • KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
  • KVM: s390: split kvm_s390_real_to_abs (git-fixes).
  • KVM: s390x: fix SCK locking (git-fixes).
  • NIU: fix incorrect error return, missed in previous revert (git-fixes).
  • PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
  • PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
  • PCI: hv: Drop msi_controller structure (bsc#1204446).
  • PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
  • PCI: hv: Fix a race condition when removing the device (bsc#1204446).
  • PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
  • PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
  • PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
  • PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
  • PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
  • PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
  • PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
  • PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
  • PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
  • PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
  • PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
  • PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
  • PCI: hv: Support for create interrupt v3 (git-fixes).
  • PCI: hv: Use struct_size() helper (bsc#1204446).
  • PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
  • PM: hibernate: fix sparse warnings (git-fixes).
  • Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
  • add missing bug reference to a hv_netvsc patch file (bsc#1204850).
  • always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
  • arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
  • ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
  • bfq: Update cgroup information before merging bio (git-fixes).
  • blk-mq: add callback of .cleanup_rq (git-fixes).
  • blktrace: Trace remapped requests correctly (git-fixes).
  • block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
  • block: Add a helper to validate the block size (git-fixes).
  • block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes).
  • block: do not delete queue kobject before its children (git-fixes).
  • block: respect queue limit of max discard segment (git-fixes).
  • block: rsxx: select CONFIG_CRC32 (git-fixes).
  • block: use 'unsigned long' for blk_validate_block_size() (git-fixes).
  • bnxt_en: Clean up completion ring page arrays completely (git-fixes).
  • bnxt_en: Do not use static arrays for completion ring pages (git-fixes).
  • bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S (git-fixes).
  • bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
  • bnxt_en: Free context memory after disabling PCI in probe error path (git-fixes).
  • bnxt_en: Increase maximum RX ring size if jumbo ring is not used (git-fixes).
  • brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
  • can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
  • can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
  • can: rcar_can: fix suspend/resume (git-fixes).
  • ceph: check availability of mds cluster on mount after wait timeout (bsc#1205903).
  • ceph: do not skip updating wanted caps when cap is stale (bsc#1205905).
  • ceph: fix fscache invalidation (bsc#1205907).
  • ceph: fix potential race in ceph_check_caps (bsc#1205906).
  • ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908).
  • ceph: return -EINVAL if given fsc mount option on kernel w/o support (bsc#1205902).
  • ceph: return -ERANGE if virtual xattr value didn't fit in buffer (bsc#1205901).
  • ceph: return ceph_mdsc_do_request() errors from __get_parent() (bsc#1205904).
  • cuse: prevent clone (bsc#1206120).
  • cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
  • dm era: commit metadata in postsuspend after worker stops (git-fixes).
  • dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
  • dm mpath: remove harmful bio-based optimization (git-fixes).
  • dm raid: fix accesses beyond end of raid member array (git-fixes).
  • dm raid: fix address sanitizer warning in raid_resume (git-fixes).
  • dm raid: fix address sanitizer warning in raid_status (git-fixes).
  • dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
  • dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
  • e100: fix buffer overrun in e100_get_regs (git-fixes).
  • e100: fix length calculation in e100_get_regs_len (git-fixes).
  • floppy: Fix hang in watchdog when disk is ejected (git-fixes).
  • ftrace: Fix char print issue in print_ip_ins() (git-fixes).
  • ftrace: Fix the possible incorrect kernel message (git-fixes).
  • ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
  • ftrace: Optimize the allocation for mcount entries (git-fixes).
  • fuse: do not check refcount after stealing page (bsc#1206119).
  • fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118).
  • fuse: use READ_ONCE on congestion_threshold and max_background (bsc#1206117).
  • gianfar: Disable EEE autoneg by default (git-fixes).
  • hv_netvsc: Add check for kvmalloc_array (git-fixes).
  • hv_netvsc: Add error handling while switching data path (bsc#1204850).
  • hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
  • hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
  • hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
  • hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
  • hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes).
  • hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
  • hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
  • hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
  • hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
  • hv_netvsc: Sync offloading features to VF NIC (git-fixes).
  • hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
  • hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
  • hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
  • i40e: Fix kernel crash during module removal (git-fixes).
  • i40e: Fix reset path while removing the driver (git-fixes).
  • i40e: fix endless loop under rtnl (git-fixes).
  • ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
  • ice: Increase control queue timeout (git-fixes).
  • igb: Fix position of assignment to *ring (git-fixes).
  • igc: Fix use-after-free error during reset (git-fixes).
  • igc: change default return of igc_read_phy_reg() (git-fixes).
  • ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
  • ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
  • kABI: Fix after adding trace_iterator.wait_index (git-fixes).
  • kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
  • kprobes/x86/xen: blacklist non-attachable xen interrupt functions (git-fixes).
  • macsec: check return value of skb_to_sgvec always (git-fixes).
  • macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
  • md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
  • md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
  • media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
  • media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
  • media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix (git-fixes).
  • media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes).
  • media: mceusb: do not read data parameters unless required (git-fixes).
  • media: mceusb: fix inaccurate debug buffer dumps, and misleading debug messages (git-fixes).
  • media: mceusb: sanity check for prescaler value (git-fixes).
  • media: mceusb: sporadic RX truncation corruption fix (git-fixes).
  • mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes).
  • module: change to print useful messages from elf_validity_check() (git-fixes).
  • module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
  • module: harden ELF info handling (git-fixes).
  • natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes).
  • nbd: do not update block size after device is started (git-fixes).
  • net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes).
  • net/mlx5: Fix flow table chaining (git-fixes).
  • net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
  • net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
  • net: aquantia: Fix actual speed capabilities reporting (git-fixes).
  • net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes).
  • net: ethernet: arc: fix error handling in emac_rockchip_probe (git-fixes).
  • net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes).
  • net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes).
  • net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
  • net: hns3: check vlan id before using it (git-fixes).
  • net: hns3: disable sriov before unload hclge layer (git-fixes).
  • net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
  • net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
  • net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
  • net: hns3: reset DWRR of unused tc to zero (git-fixes).
  • net: hyperv: remove use of bpf_op_t (git-fixes).
  • net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
  • net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
  • net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
  • net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
  • net: moxa: fix UAF in moxart_mac_probe (git-fixes).
  • net: natsemi: Fix missing pci_disable_device() in probe and remove (git-fixes).
  • net: netvsc: remove break after return (git-fixes).
  • net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
  • net: qcom/emac: fix UAF in emac_remove (git-fixes).
  • net: smsc911x: Fix unload crash when link is up (git-fixes).
  • net: ti: fix UAF in tlan_remove_one (git-fixes).
  • net: xen-netback: fix return type of ndo_start_xmit function (git-fixes).
  • nfsd: set the server_scope during service startup (bsc#1203746).
  • null_blk: Fix the null_add_dev() error path (git-fixes).
  • null_blk: fix ida error handling in null_add_dev() (git-fixes).
  • null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
  • panic, kexec: make __crash_kexec() NMI safe (git-fixes).
  • phy: mdio: fix memory leak (git-fixes).
  • ptp: dp83640: do not define PAGE0 (git-fixes).
  • qed: Fix missing error code in qed_slowpath_start() (git-fixes).
  • rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
  • ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
  • ring-buffer: Allow splice to read previous partially read pages (git-fixes).
  • ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes).
  • ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
  • ring-buffer: Fix race between reset page and reading page (git-fixes).
  • ring_buffer: Do not deactivate non-existant pages (git-fixes).
  • s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
  • s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
  • s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
  • s390/cpcmd: fix inline assembly register clobbering (git-fixes).
  • s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
  • s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
  • s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
  • s390/ctcm: fix potential memory leak (git-fixes).
  • s390/ctcm: fix variable dereferenced before check (git-fixes).
  • s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
  • s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (git-fixes).
  • s390/lcs: fix variable dereferenced before check (git-fixes).
  • s390/mcck: fix invalid KVM guest condition check (git-fixes).
  • s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
  • s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
  • s390/module: fix loading modules with a lot of relocations (git-fixes).
  • s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
  • s390/nmi: handle vector validity failures for KVM guests (git-fixes).
  • s390/pci: add missing EX_TABLE entries to pcistg_mio_inuser()/pcilg_mio_inuser() (git-fixes).
  • s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).
  • s390/pv: fix the forcing of the swiotlb (git-fixes).
  • s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
  • s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
  • s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742).
  • s390/qeth: Fix error handling during VNICC initialization (git-fixes).
  • s390/qeth: Fix initialization of vnicc cmd masks during set online (git-fixes).
  • s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
  • s390/qeth: do not defer close_dev work during recovery (bsc#1206213 LTC#200742).
  • s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
  • s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742).
  • s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes).
  • s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
  • s390/qeth: fix notification for pending buffers during teardown (git-fixes).
  • s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742).
  • s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
  • s390/qeth: vnicc Fix init to default (git-fixes).
  • s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (git-fixes).
  • s390/zcore: fix race when reading from hardware system area (git-fixes).
  • s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
  • s390: appldata depends on PROC_SYSCTL (git-fixes).
  • s390: define get_cycles macro for arch-override (git-fixes).
  • s390: fix nospec table alignments (git-fixes).
  • sbitmap: fix possible io hung due to lost wakeup (git-fixes).
  • scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
  • scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
  • scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
  • scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
  • scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
  • scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
  • scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
  • scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
  • scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
  • scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
  • scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
  • scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
  • scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
  • scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
  • scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
  • scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
  • scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
  • scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
  • sfp: fix RX_LOS signal handling (git-fixes).
  • sis900: Fix missing pci_disable_device() in probe and remove (git-fixes).
  • sunrpc: Re-purpose trace_svc_process (bsc#1205006).
  • tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
  • tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
  • tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
  • tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
  • tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
  • tracing: Wake up waiters when tracing is disabled (git-fixes).
  • tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (git-fixes).
  • usb: chipidea: udc: check request status before setting device address (git-fixes).
  • usb: musb: Fix suspend with devices connected for a64 (git-fixes).
  • vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
  • vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
  • virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
  • virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
  • virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
  • virtio_net: move tx vq operation under tx queue lock (git-fixes).
  • vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
  • x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
  • x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
  • x86/hyperv: Output host build info as normal Windows version number (git-fixes).
  • x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes).
  • x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
  • x86/xen: Distribute switch variables for initialization (git-fixes).
  • x86/xen: Return from panic notifier (git-fixes).
  • x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
  • xen-blkback: prevent premature module unload (git-fixes).
  • xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes).
  • xen-netfront: remove warning when unloading module (git-fixes).
  • xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes).
  • xen/balloon: fix balloon kthread freezing (git-fixes).
  • xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes).
  • xen/balloon: fix cancelled balloon action (git-fixes).
  • xen/balloon: use a kernel thread instead a workqueue (git-fixes).
  • xen/blkback: fix memory leaks (git-fixes).
  • xen/efi: Set nonblocking callbacks (git-fixes).
  • xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
  • xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes).
  • xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
  • xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
  • xen/gntdev: Prevent leaking grants (git-fixes).
  • xen/grant-table: Use put_page instead of free_page (git-fixes).
  • xen/pciback: Check dev_data before using it (git-fixes).
  • xen/pciback: remove set but not used variable 'old_state' (git-fixes).
  • xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
  • xen/scsiback: add error handling for xenbus_printf (git-fixes).
  • xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
  • xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes).
  • xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
  • xen: Fix event channel callback via INTX/GSI (git-fixes).
  • xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
  • xen: add error handling for xenbus_printf (git-fixes).
  • xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
  • xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (git-fixes).
  • xen: xenbus: use put_device() instead of kfree() (git-fixes).
  • xenbus: req->body should be updated before req->state (git-fixes).
  • xenbus: req->err should be updated before req->state (git-fixes).
Package Affected Version
pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.120.1
pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 < 4.12.14-16.120.1
pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 < 4.12.14-16.120.1
pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.120.1
pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.120.1
pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.120.1
ID
SUSE-SU-2022:4505-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2022/suse-su-20224505-1/
Published
2022-12-16T12:29:50
(21 months ago)
Modified
2022-12-16T12:29:50
(21 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4505-1.json
Suse URL for SUSE-SU-2022:4505-1 https://www.suse.com/support/update/announcement/2022/suse-su-20224505-1/
Suse E-Mail link for SUSE-SU-2022:4505-1 https://lists.suse.com/pipermail/sle-security-updates/2022-December/013250.html
Bugzilla SUSE Bug 1065729 https://bugzilla.suse.com/1065729
Bugzilla SUSE Bug 1071995 https://bugzilla.suse.com/1071995
Bugzilla SUSE Bug 1106594 https://bugzilla.suse.com/1106594
Bugzilla SUSE Bug 1156395 https://bugzilla.suse.com/1156395
Bugzilla SUSE Bug 1164051 https://bugzilla.suse.com/1164051
Bugzilla SUSE Bug 1184350 https://bugzilla.suse.com/1184350
Bugzilla SUSE Bug 1199365 https://bugzilla.suse.com/1199365
Bugzilla SUSE Bug 1200845 https://bugzilla.suse.com/1200845
Bugzilla SUSE Bug 1201455 https://bugzilla.suse.com/1201455
Bugzilla SUSE Bug 1203183 https://bugzilla.suse.com/1203183
Bugzilla SUSE Bug 1203746 https://bugzilla.suse.com/1203746
Bugzilla SUSE Bug 1203860 https://bugzilla.suse.com/1203860
Bugzilla SUSE Bug 1203960 https://bugzilla.suse.com/1203960
Bugzilla SUSE Bug 1204017 https://bugzilla.suse.com/1204017
Bugzilla SUSE Bug 1204142 https://bugzilla.suse.com/1204142
Bugzilla SUSE Bug 1204414 https://bugzilla.suse.com/1204414
Bugzilla SUSE Bug 1204446 https://bugzilla.suse.com/1204446
Bugzilla SUSE Bug 1204631 https://bugzilla.suse.com/1204631
Bugzilla SUSE Bug 1204636 https://bugzilla.suse.com/1204636
Bugzilla SUSE Bug 1204810 https://bugzilla.suse.com/1204810
Bugzilla SUSE Bug 1204850 https://bugzilla.suse.com/1204850
Bugzilla SUSE Bug 1204868 https://bugzilla.suse.com/1204868
Bugzilla SUSE Bug 1204963 https://bugzilla.suse.com/1204963
Bugzilla SUSE Bug 1205006 https://bugzilla.suse.com/1205006
Bugzilla SUSE Bug 1205128 https://bugzilla.suse.com/1205128
Bugzilla SUSE Bug 1205130 https://bugzilla.suse.com/1205130
Bugzilla SUSE Bug 1205220 https://bugzilla.suse.com/1205220
Bugzilla SUSE Bug 1205234 https://bugzilla.suse.com/1205234
Bugzilla SUSE Bug 1205264 https://bugzilla.suse.com/1205264
Bugzilla SUSE Bug 1205473 https://bugzilla.suse.com/1205473
Bugzilla SUSE Bug 1205514 https://bugzilla.suse.com/1205514
Bugzilla SUSE Bug 1205617 https://bugzilla.suse.com/1205617
Bugzilla SUSE Bug 1205671 https://bugzilla.suse.com/1205671
Bugzilla SUSE Bug 1205705 https://bugzilla.suse.com/1205705
Bugzilla SUSE Bug 1205709 https://bugzilla.suse.com/1205709
Bugzilla SUSE Bug 1205796 https://bugzilla.suse.com/1205796
Bugzilla SUSE Bug 1205901 https://bugzilla.suse.com/1205901
Bugzilla SUSE Bug 1205902 https://bugzilla.suse.com/1205902
Bugzilla SUSE Bug 1205903 https://bugzilla.suse.com/1205903
Bugzilla SUSE Bug 1205904 https://bugzilla.suse.com/1205904
Bugzilla SUSE Bug 1205905 https://bugzilla.suse.com/1205905
Bugzilla SUSE Bug 1205906 https://bugzilla.suse.com/1205906
Bugzilla SUSE Bug 1205907 https://bugzilla.suse.com/1205907
Bugzilla SUSE Bug 1205908 https://bugzilla.suse.com/1205908
Bugzilla SUSE Bug 1206032 https://bugzilla.suse.com/1206032
Bugzilla SUSE Bug 1206037 https://bugzilla.suse.com/1206037
Bugzilla SUSE Bug 1206113 https://bugzilla.suse.com/1206113
Bugzilla SUSE Bug 1206114 https://bugzilla.suse.com/1206114
Bugzilla SUSE Bug 1206117 https://bugzilla.suse.com/1206117
Bugzilla SUSE Bug 1206118 https://bugzilla.suse.com/1206118
Bugzilla SUSE Bug 1206119 https://bugzilla.suse.com/1206119
Bugzilla SUSE Bug 1206120 https://bugzilla.suse.com/1206120
Bugzilla SUSE Bug 1206207 https://bugzilla.suse.com/1206207
Bugzilla SUSE Bug 1206213 https://bugzilla.suse.com/1206213
CVE SUSE CVE CVE-2022-28693 page https://www.suse.com/security/cve/CVE-2022-28693/
CVE SUSE CVE CVE-2022-3567 page https://www.suse.com/security/cve/CVE-2022-3567/
CVE SUSE CVE CVE-2022-3628 page https://www.suse.com/security/cve/CVE-2022-3628/
CVE SUSE CVE CVE-2022-3635 page https://www.suse.com/security/cve/CVE-2022-3635/
CVE SUSE CVE CVE-2022-3643 page https://www.suse.com/security/cve/CVE-2022-3643/
CVE SUSE CVE CVE-2022-3903 page https://www.suse.com/security/cve/CVE-2022-3903/
CVE SUSE CVE CVE-2022-4095 page https://www.suse.com/security/cve/CVE-2022-4095/
CVE SUSE CVE CVE-2022-41850 page https://www.suse.com/security/cve/CVE-2022-41850/
CVE SUSE CVE CVE-2022-41858 page https://www.suse.com/security/cve/CVE-2022-41858/
CVE SUSE CVE CVE-2022-42328 page https://www.suse.com/security/cve/CVE-2022-42328/
CVE SUSE CVE CVE-2022-42329 page https://www.suse.com/security/cve/CVE-2022-42329/
CVE SUSE CVE CVE-2022-42895 page https://www.suse.com/security/cve/CVE-2022-42895/
CVE SUSE CVE CVE-2022-42896 page https://www.suse.com/security/cve/CVE-2022-42896/
CVE SUSE CVE CVE-2022-4378 page https://www.suse.com/security/cve/CVE-2022-4378/
CVE SUSE CVE CVE-2022-43945 page https://www.suse.com/security/cve/CVE-2022-43945/
CVE SUSE CVE CVE-2022-45934 page https://www.suse.com/security/cve/CVE-2022-45934/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 suse kernel-syms-azure < 4.12.14-16.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 suse kernel-source-azure < 4.12.14-16.120.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 suse kernel-devel-azure < 4.12.14-16.120.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure < 4.12.14-16.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure-devel < 4.12.14-16.120.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure-base < 4.12.14-16.120.1 sles-12 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date