Lucene search

HistoryApr 19, 2022 - 12:00 a.m.

Security update for the Linux Kernel (important)






An update that solves 19 vulnerabilities, contains two
features and has 6 fixes is now available.


The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c
  • CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
    netfilter subsystem. This vulnerability gives an attacker a powerful
    primitive that can be used to both read from and write to relative stack
    data, which can lead to arbitrary code execution (bsc#1197227).
  • CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
    vulnerability in the Linux kernel (bnc#1198032).
  • CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
    vulnerability in the Linux kernel (bnc#1198033).
  • CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
    vulnerability in the Linux kernel (bnc#1198031).
  • CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma
  • CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
    use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock
  • CVE-2022-0850: Fixed a kernel information leak vulnerability in
    iov_iter.c (bsc#1196761).
  • CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which
    allowed attackers to obtain sensitive information from the memory via
    crafted frame lengths from a USB device (bsc#1196836).
  • CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
    which could lead to an use-after-free if there is a corrupted quota file
  • CVE-2021-39713: Fixed a race condition in the network scheduling
    subsystem which could lead to a use-after-free (bsc#1196973).

CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have
lead to read/write access to memory pages or denial of service. These
issues are related to the Xen PV device frontend drivers (bsc#1196488).

  • CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
    attacker with adjacent NFC access could trigger crash the system or
    corrupt system memory (bsc#1196830).

The following non-security bugs were fixed:

  • ax88179_178a: Fixed memory issues that could be triggered by malicious
    USB devices (bsc#1196018).
  • genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
  • gve/net: Fixed multiple bugfixes (jsc#SLE-23652).
  • net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
  • net: tipc: validate domain record count on input (bsc#1195254).
  • powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-1256=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-1256=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1

  • SUSE Linux Enterprise Module for Live Patching 15-SP1:

    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1

  • SUSE Linux Enterprise High Availability 15-SP1:

    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-1256=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

Rows per page:
1-10 of 441