Overview

File _patchinfo of Package patchinfo.23126

<patchinfo incident="23126">
  <issue id="1194516" tracker="bnc">VUL-0: CVE-2022-0487: kernel: moxart-mmc: use-after-free in moxart_remove</issue>
  <issue id="1195254" tracker="bnc">VUL-0: CVE-2022-0435: kernel-source: tipc: Remote Stack Overflow in Linux Kernel</issue>
  <issue id="1195516" tracker="bnc">VUL-0: CVE-2022-0516: kernel-source: KVM: s390: missing check in ioctl allows kernel memory read/write</issue>
  <issue id="1195543" tracker="bnc">VUL-0: CVE-2022-0492: kernel-source: cgroups v1 release_agent missing capabilities check</issue>
  <issue id="1195612" tracker="bnc">VUL-0: CVE-2022-24448: kernel-source,kernel-source-rt,kernel-source-azure: nfs_atomic_open() returns uninitialized data instead of ENOTDIR</issue>
  <issue id="1195897" tracker="bnc">VUL-0: CVE-2022-24959: kernel-source-azure,kernel-source,kernel-source-rt: memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c</issue>
  <issue id="1195905" tracker="bnc">VUL-0: CVE-2022-24958: kernel-source,kernel-source-rt,kernel-source-azure: use-after-free in dev-&gt;buf release in drivers/usb/gadget/legacy/inode.c</issue>
  <issue id="1195908" tracker="bnc">VUL-0: CVE-2022-0492: kernel live patch: cgroups v1 release_agent missing capabilities check</issue>
  <issue id="1195947" tracker="bnc">VUL-0: CVE-2022-0516: kernel live patch: KVM: s390: missing check in ioctl allows kernel memory read/write</issue>
  <issue id="1195949" tracker="bnc">VUL-0: CVE-2022-0487: kernel live patch: moxart-mmc: use-after-free in moxart_remove</issue>
  <issue id="1195987" tracker="bnc">VUL-0: CVE-2021-44879: kernel-source-azure,kernel-source,kernel-source-rt: NULL pointer dereference in folio_mark_dirty() via a crafted f2fs image</issue>
  <issue id="1196079" tracker="bnc">VUL-0: CVE-2022-0617: kernel-source,kernel-source-rt,kernel-source-azure: udf: Null pointer dereference can be triggered when writing to an ICB inode</issue>
  <issue id="1196095" tracker="bnc">VUL-0: CVE-2022-25258: kernel-source-azure,kernel-source,kernel-source-rt: security issues in the OS descriptor handling section of composite_setup function (composite.c)</issue>
  <issue id="1196132" tracker="bnc">VUL-0: CVE-2022-25258: kernel live patch: security issues in the OS descriptor handling section of composite_setup function (composite.c)</issue>
  <issue id="1196155" tracker="bnc">VUL-0: CVE-2022-0644: kernel-source-azure,kernel-source,kernel-source-rt: Assertion failure can happen if users trigger kernel_read_file_from_fd()</issue>
  <issue id="1196235" tracker="bnc">VUL-0: CVE-2022-25375: kernel-source-rt,kernel-source,kernel-source-azure: information leak due to a lack of validation in the RNDIS_MSG_SET command</issue>
  <issue id="1196612" tracker="bnc">L3: [EAR - NOT FOR USA Citizens]  PTF request to fix kernel for CVE-2022-0492 for sles12sp2 ref:_00D1igLOd._5001iqBMTa:ref</issue>
  <issue id="1196776" tracker="bnc">L3: [EAR - NOT FOR USA Citizens] Request PTF to fix CVE-2022-0492 for kernel on sles12sp5.</issue>
  <issue id="2022-0617" tracker="cve" />
  <issue id="2022-25375" tracker="cve" />
  <issue id="2022-0644" tracker="cve" />
  <issue id="2022-25258" tracker="cve" />
  <issue id="2021-44879" tracker="cve" />
  <issue id="2022-24959" tracker="cve" />
  <issue id="2022-24958" tracker="cve" />
  <issue id="2022-0487" tracker="cve" />
  <issue id="2022-0516" tracker="cve" />
  <issue id="2022-24448" tracker="cve" />
  <issue id="2022-0492" tracker="cve" />
  <issue id="1189126" tracker="bnc">L3: 15 sp2 lpfc only discovering targets on one port of one of two adapters</issue>
  <issue id="1191580" tracker="bnc">VUL-0: EMBARGOED: CVE-2022-0001, CVE-2022-0002: kernel: BHB speculation issues</issue>
  <issue id="1192483" tracker="bnc">L3-Question: Can't umount an nfs 4 formerly-exported file systems until another file system is unexported</issue>
  <issue id="1195286" tracker="bnc">L3: iSCSI target permanently down via all paths after temporary network outage — ref:_00D1igLOd._5001ioe4AN:ref</issue>
  <issue id="1195701" tracker="bnc">fstrim triggers kernel panic when booted with only one disk from RAID1 BTRFS array</issue>
  <issue id="1195995" tracker="bnc">ISST-LTE:DENALI:SLES15.4:donalp53:mkfs.xfs over nvmf hung and does not return</issue>
  <issue id="1196584" tracker="bnc">VUL-0: EMBARGOED kernel-source: overwrite data in arbitrary (read-only) files until 5.16.11</issue>
  <issue id="2022-0001" tracker="cve" />
  <issue id="2022-0002" tracker="cve" />
  <issue id="SLE-23652" tracker="jsc" />
  <issue id="1196584" tracker="bnc">VUL-0: EMBARGOED: CVE-2022-0847: kernel-source: overwrite data in arbitrary (read-only) files until 5.16.11</issue>
  <issue id="1196601" tracker="bnc">VUL-0: EMBARGOED: CVE-2022-0847: kernel live patch: overwrite data in arbitrary (read-only) files until 5.16.11</issue>
  <issue id="2022-0847" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated.

The following security bugs were fixed:

- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).

The following non-security bugs were fixed:

- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- gve: Add RX context (jsc#SLE-23652).
- gve: Add a jumbo-frame device option (jsc#SLE-23652).
- gve: Add consumed counts to ethtool stats (jsc#SLE-23652).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652).
- gve: Correct order of processing device options (jsc#SLE-23652).
- gve: Fix GFP flags when allocing pages (jsc#SLE-23652).
- gve: Implement packet continuation for RX (jsc#SLE-23652).
- gve: Implement suspend/resume/shutdown (jsc#SLE-23652).
- gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652).
- gve: Recording rx queue before sending to napi (jsc#SLE-23652).
- gve: Update gve_free_queue_page_list signature (jsc#SLE-23652).
- gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652).
- gve: fix for null pointer dereference (jsc#SLE-23652).
- gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652).
- gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652).
- gve: remove memory barrier around seqno (jsc#SLE-23652).
- lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
- net: tipc: validate domain record count on input (bsc#1195254).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places