Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
NOTE: This update was retracted due to regressions with the RETBLEED security fixes on Intel x86.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
The following non-security bugs were fixed:
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- exec: Force single empty string when argv is empty (bsc#1200571).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
Список пакетов
Image SLES15-SP2-BYOS-Azure
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Azure
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-EC2
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-GCE
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-HPC-BYOS-Azure
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-Azure
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-BYOS-Azure
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-BYOS-GCE
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-EC2-HVM
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
Image SLES15-SP2-SAP-GCE
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
kernel-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
SUSE Enterprise Storage 7
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
reiserfs-kmp-default-5.3.18-150200.24.120.1
SUSE Linux Enterprise High Availability Extension 15 SP2
cluster-md-kmp-default-5.3.18-150200.24.120.1
dlm-kmp-default-5.3.18-150200.24.120.1
gfs2-kmp-default-5.3.18-150200.24.120.1
ocfs2-kmp-default-5.3.18-150200.24.120.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise Live Patching 15 SP2
kernel-default-livepatch-5.3.18-150200.24.120.1
kernel-default-livepatch-devel-5.3.18-150200.24.120.1
kernel-livepatch-5_3_18-150200_24_120-default-1-150200.5.5.1
SUSE Linux Enterprise Server 15 SP2-BCL
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
SUSE Linux Enterprise Server 15 SP2-LTSS
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
reiserfs-kmp-default-5.3.18-150200.24.120.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
reiserfs-kmp-default-5.3.18-150200.24.120.1
SUSE Manager Proxy 4.1
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
reiserfs-kmp-default-5.3.18-150200.24.120.1
SUSE Manager Retail Branch Server 4.1
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
reiserfs-kmp-default-5.3.18-150200.24.120.1
SUSE Manager Server 4.1
kernel-default-5.3.18-150200.24.120.1
kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2
kernel-default-devel-5.3.18-150200.24.120.1
kernel-devel-5.3.18-150200.24.120.1
kernel-docs-5.3.18-150200.24.120.1
kernel-macros-5.3.18-150200.24.120.1
kernel-obs-build-5.3.18-150200.24.120.1
kernel-preempt-5.3.18-150200.24.120.1
kernel-preempt-devel-5.3.18-150200.24.120.1
kernel-source-5.3.18-150200.24.120.1
kernel-syms-5.3.18-150200.24.120.1
reiserfs-kmp-default-5.3.18-150200.24.120.1
Ссылки
- Link for SUSE-SU-2022:2423-1
- E-Mail link for SUSE-SU-2022:2423-1
- SUSE Security Ratings
- SUSE Bug 1194013
- SUSE Bug 1195775
- SUSE Bug 1196901
- SUSE Bug 1197362
- SUSE Bug 1199487
- SUSE Bug 1199489
- SUSE Bug 1199657
- SUSE Bug 1200263
- SUSE Bug 1200442
- SUSE Bug 1200571
- SUSE Bug 1200599
- SUSE Bug 1200604
- SUSE Bug 1200605
- SUSE Bug 1200608
- SUSE Bug 1200619
- SUSE Bug 1200692
- SUSE Bug 1201050
Описание
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2021-26341
- SUSE Bug 1196901
- SUSE Bug 1201050
Описание
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2021-4157
- SUSE Bug 1194013
Описание
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-1679
- SUSE Bug 1199487
- SUSE Bug 1201080
- SUSE Bug 1201832
- SUSE Bug 1204132
- SUSE Bug 1212316
Описание
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-20132
- SUSE Bug 1200619
- SUSE Bug 1212287
Описание
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-20141
- SUSE Bug 1200604
- SUSE Bug 1200605
- SUSE Bug 1203034
Описание
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-20154
- SUSE Bug 1200599
- SUSE Bug 1200608
Описание
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-29900
- SUSE Bug 1199657
- SUSE Bug 1201469
- SUSE Bug 1207894
Описание
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-29901
- SUSE Bug 1201469
- SUSE Bug 1207894
Описание
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-EC2-HVM:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-BYOS-GCE:kernel-default-5.3.18-150200.24.120.1
Image SLES15-SP2-CHOST-BYOS-Aliyun:kernel-default-5.3.18-150200.24.120.1
Ссылки
- CVE-2022-33981
- SUSE Bug 1200692