Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605).
The following non-security bugs were fixed:
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- net: ena: A typo fix in the file ena_com.h (bsc#1198777).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777).
- net: ena: Add debug prints for invalid req_id resets (bsc#1198777).
- net: ena: add device distinct log prefix to files (bsc#1198777).
- net: ena: add jiffies of last napi call to stats (bsc#1198777).
- net: ena: aggregate doorbell common operations into a function (bsc#1198777).
- net: ena: aggregate stats increase into a function (bsc#1198777).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1198777).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777).
- net: ena: Change the name of bad_csum variable (bsc#1198777).
- net: ena: Extract recurring driver reset code into a function (bsc#1198777).
- net: ena: fix coding style nits (bsc#1198777).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198777).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1198777).
- net: ena: fix inaccurate print type (bsc#1198777).
- net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777).
- net: ena: Fix wrong rx request id by resetting device (bsc#1198777).
- net: ena: Improve error logging in driver (bsc#1198777).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777).
- net: ena: introduce XDP redirect implementation (bsc#1198777).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777).
- net: ena: Move reset completion print to the reset function (bsc#1198777).
- net: ena: optimize data access in fast-path code (bsc#1198777).
- net: ena: re-organize code to improve readability (bsc#1198777).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777).
- net: ena: remove extra words from comments (bsc#1198777).
- net: ena: Remove module param and change message severity (bsc#1198777).
- net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777).
- net: ena: Remove redundant return code check (bsc#1198777).
- net: ena: Remove unused code (bsc#1198777).
- net: ena: store values in their appropriate variables types (bsc#1198777).
- net: ena: Update XDP verdict upon failure (bsc#1198777).
- net: ena: use build_skb() in RX path (bsc#1198777).
- net: ena: use constant value for net_device allocation (bsc#1198777).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777).
- net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198777).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes).
- powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- x86/pm: Save the MSR validity status at context setup (bsc#1114648).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).
Список пакетов
Image SLES15-SP1-CHOST-BYOS-Azure
Image SLES15-SP1-CHOST-BYOS-EC2
Image SLES15-SP1-CHOST-BYOS-GCE
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP1-SAPCAL-Azure
Image SLES15-SP1-SAPCAL-EC2-HVM
Image SLES15-SP1-SAPCAL-GCE
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Live Patching 15 SP1
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:2111-1
- E-Mail link for SUSE-SU-2022:2111-1
- SUSE Security Ratings
- SUSE Bug 1028340
- SUSE Bug 1055710
- SUSE Bug 1065729
- SUSE Bug 1071995
- SUSE Bug 1084513
- SUSE Bug 1087082
- SUSE Bug 1114648
- SUSE Bug 1158266
- SUSE Bug 1172456
- SUSE Bug 1177282
- SUSE Bug 1182171
- SUSE Bug 1183723
- SUSE Bug 1187055
- SUSE Bug 1191647
- SUSE Bug 1191958
- SUSE Bug 1195065
- SUSE Bug 1195651
Описание
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
Затронутые продукты
Ссылки
- CVE-2017-13695
- SUSE Bug 1055710
- SUSE Bug 1087082
Описание
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
Затронутые продукты
Ссылки
- CVE-2018-7755
- SUSE Bug 1084513
Описание
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
Затронутые продукты
Ссылки
- CVE-2019-19377
- SUSE Bug 1158266
- SUSE Bug 1162338
- SUSE Bug 1162369
- SUSE Bug 1173871
- SUSE Bug 1211495
Описание
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
Затронутые продукты
Ссылки
- CVE-2019-20811
- SUSE Bug 1172456
Описание
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Затронутые продукты
Ссылки
- CVE-2020-26541
- SUSE Bug 1177282
Описание
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
Затронутые продукты
Ссылки
- CVE-2021-20292
- SUSE Bug 1183723
Описание
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
Затронутые продукты
Ссылки
- CVE-2021-20321
- SUSE Bug 1191647
Описание
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
Затронутые продукты
Ссылки
- CVE-2021-33061
- SUSE Bug 1196426
Описание
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
Затронутые продукты
Ссылки
- CVE-2021-38208
- SUSE Bug 1187055
Описание
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2021-39711
- SUSE Bug 1197219
Описание
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
Затронутые продукты
Ссылки
- CVE-2021-43389
- SUSE Bug 1191958
Описание
A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
Затронутые продукты
Ссылки
- CVE-2022-1011
- SUSE Bug 1197343
- SUSE Bug 1197344
- SUSE Bug 1198687
- SUSE Bug 1204132
- SUSE Bug 1212322
Описание
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2022-1184
- SUSE Bug 1198577
- SUSE Bug 1210859
Описание
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
Затронутые продукты
Ссылки
- CVE-2022-1353
- SUSE Bug 1198516
- SUSE Bug 1212293
Описание
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
Затронутые продукты
Ссылки
- CVE-2022-1419
- SUSE Bug 1198742
- SUSE Bug 1201655
- SUSE Bug 1203034
Описание
A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.
Затронутые продукты
Ссылки
- CVE-2022-1516
- SUSE Bug 1199012
Описание
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Затронутые продукты
Ссылки
- CVE-2022-1652
- SUSE Bug 1199063
- SUSE Bug 1200057
- SUSE Bug 1200751
- SUSE Bug 1201034
- SUSE Bug 1201832
- SUSE Bug 1204132
- SUSE Bug 1212307
Описание
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
Затронутые продукты
Ссылки
- CVE-2022-1729
- SUSE Bug 1199507
- SUSE Bug 1199697
- SUSE Bug 1201832
Описание
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
Затронутые продукты
Ссылки
- CVE-2022-1734
- SUSE Bug 1199605
- SUSE Bug 1199606
- SUSE Bug 1201832
Описание
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
Затронутые продукты
Ссылки
- CVE-2022-1974
- SUSE Bug 1200144
- SUSE Bug 1200265
Описание
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
Затронутые продукты
Ссылки
- CVE-2022-1975
- SUSE Bug 1200143
Описание
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-21123
- SUSE Bug 1199650
- SUSE Bug 1200549
- SUSE Bug 1209075
Описание
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-21125
- SUSE Bug 1199650
- SUSE Bug 1200549
- SUSE Bug 1209074
Описание
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-21127
- SUSE Bug 1199650
- SUSE Bug 1200549
Описание
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-21166
- SUSE Bug 1199650
- SUSE Bug 1200549
- SUSE Bug 1209073
Описание
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
Затронутые продукты
Ссылки
- CVE-2022-21180
- SUSE Bug 1199650
- SUSE Bug 1200549
- SUSE Bug 1212313
Описание
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Затронутые продукты
Ссылки
- CVE-2022-21499
- SUSE Bug 1199426
- SUSE Bug 1200059
- SUSE Bug 1203034
- SUSE Bug 1204132
- SUSE Bug 1212315
Описание
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
Затронутые продукты
Ссылки
- CVE-2022-22942
- SUSE Bug 1195065
- SUSE Bug 1195951
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2022-28748
- SUSE Bug 1196018
Описание
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
Затронутые продукты
Ссылки
- CVE-2022-30594
- SUSE Bug 1199505
- SUSE Bug 1199602
- SUSE Bug 1201549
- SUSE Bug 1204132