SUSE-SU-2022:0068-1

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) The following non-security bugs were fixed: - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1190317). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1190317). - cifs: convert list_for_each to entry variant (jsc#SLE-20656). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1190317). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1190317). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317). - cifs: Fix a potencially linear read overflow (git-fixes). - cifs: fix a sign extension bug (git-fixes). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1190317). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317). - cifs: fix missed refcounting of ipc tcon (git-fixes). - cifs: fix potential use-after-free bugs (jsc#SLE-20656). - cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317). - cifs: for compound requests, use open handle if possible (bsc#1190317). - cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656). - cifs: move to generic async completion (bsc#1190317). - cifs: nosharesock should be set on new server (git-fixes). - cifs: nosharesock should not share socket with future sessions (bsc#1190317). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317). - cifs: properly invalidate cached root handle when closing it (bsc#1190317). - cifs: release lock earlier in dequeue_mid error case (bsc#1190317). - cifs: set a minimum of 120s for next dns resolution (bsc#1190317). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317). - cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656). - cifs: support nested dfs links over reconnect (jsc#SLE-20656). - cifs: support share failover when remounting (jsc#SLE-20656). - cifs: To match file servers, make sure the server hostname matches (bsc#1190317). - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - cred: allow get_cred() and put_cred() to be given NULL (git-fixes). - EDAC/amd64: Handle three rank interleaving mode (bsc#1114648). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - fuse: release pipe buf after last use (bsc#1193318). - genirq: Move initial affinity setup to irq_startup() (bsc#1193231). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231). - genirq: Remove mask argument from setup_affinity() (bsc#1193231). - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231). - genirq: Split out irq_startup() code (bsc#1193231). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: fix a lock order reversal in md_alloc (git-fixes). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185727). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185727). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (bsc#1183678). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc1192145). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc1192145). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc1192145). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Fix NPIV port deletion crash (bsc1192145). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc1192145). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - smb3: add additional null check in SMB2_ioctl (bsc#1190317). - smb3: add additional null check in SMB2_open (bsc#1190317). - smb3: add additional null check in SMB2_tcon (bsc#1190317). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1190317). - smb3: correct smb3 ACL security descriptor (bsc#1190317). - smb3: do not error on fsync when readonly (bsc#1190317). - smb3: remove trivial dfs compile warning (jsc#SLE-20656). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add prod. id for Quectel EG91 (git-fixes). - usb: serial: option: add Quectel EC200S-CN module support (git-fixes). - usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: serial: qcserial: add EM9191 QDL support (git-fixes). - x86/msi: Force affinity setup before startup (bsc#1193231). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes).

Affected Systems

• suse•kernel-default&distro=SUSE Linux Enterprise High Availability Extension 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-default&distro=SUSE Linux Enterprise Server 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-default&distro=SUSE Linux Enterprise Workstation Extension 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-docs&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-obs-build&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-source&distro=SUSE Linux Enterprise Server 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Server 12 SP5

  < 4.12.14-122.106.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

  < 4.12.14-122.106.1

• suse•kgraft-patch-SLE12-SP5_Update_27&distro=SUSE Linux Enterprise Live Patching 12 SP5

  < 1-8.3.1

References (59)

• https://www.suse.com/support/update/announcement/2022/suse-su-20220068-1/
• https://bugzilla.suse.com/1114648
• https://bugzilla.suse.com/1124431
• https://bugzilla.suse.com/1167162
• https://bugzilla.suse.com/1169514
• https://bugzilla.suse.com/1172073
• https://bugzilla.suse.com/1179599
• https://bugzilla.suse.com/1183678
• https://bugzilla.suse.com/1183897
• https://bugzilla.suse.com/1184804
• https://bugzilla.suse.com/1185727
• https://bugzilla.suse.com/1185762
• https://bugzilla.suse.com/1187167
• https://bugzilla.suse.com/1189126
• https://bugzilla.suse.com/1189158
• https://bugzilla.suse.com/1189305
• https://bugzilla.suse.com/1189841
• https://bugzilla.suse.com/1190317
• https://bugzilla.suse.com/1190358
• https://bugzilla.suse.com/1190428
• https://bugzilla.suse.com/1191229
• https://bugzilla.suse.com/1191384
• https://bugzilla.suse.com/1191731
• https://bugzilla.suse.com/1191876
• https://bugzilla.suse.com/1192032
• https://bugzilla.suse.com/1192145
• https://bugzilla.suse.com/1192267
• https://bugzilla.suse.com/1192740
• https://bugzilla.suse.com/1192845
• https://bugzilla.suse.com/1192847
• https://bugzilla.suse.com/1192866
• https://bugzilla.suse.com/1192877
• https://bugzilla.suse.com/1192946
• https://bugzilla.suse.com/1192974
• https://bugzilla.suse.com/1193231
• https://bugzilla.suse.com/1193306
• https://bugzilla.suse.com/1193318
• https://bugzilla.suse.com/1193440
• https://bugzilla.suse.com/1193442
• https://bugzilla.suse.com/1193575
• https://bugzilla.suse.com/1193731
• https://bugzilla.suse.com/1194087
• https://bugzilla.suse.com/1194094
• https://www.suse.com/security/cve/CVE-2018-25020
• https://www.suse.com/security/cve/CVE-2019-15126
• https://www.suse.com/security/cve/CVE-2020-27820
• https://www.suse.com/security/cve/CVE-2021-0920
• https://www.suse.com/security/cve/CVE-2021-0935
• https://www.suse.com/security/cve/CVE-2021-28711
• https://www.suse.com/security/cve/CVE-2021-28712
• https://www.suse.com/security/cve/CVE-2021-28713
• https://www.suse.com/security/cve/CVE-2021-28714
• https://www.suse.com/security/cve/CVE-2021-28715
• https://www.suse.com/security/cve/CVE-2021-33098
• https://www.suse.com/security/cve/CVE-2021-4002
• https://www.suse.com/security/cve/CVE-2021-43975
• https://www.suse.com/security/cve/CVE-2021-43976
• https://www.suse.com/security/cve/CVE-2021-45485
• https://www.suse.com/security/cve/CVE-2021-45486