Security update for the Linux Kernel (important)

An update that solves 19 vulnerabilities, contains two
features and has 6 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c
  (bnc#1197391).
• CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
  netfilter subsystem. This vulnerability gives an attacker a powerful
  primitive that can be used to both read from and write to relative stack
  data, which can lead to arbitrary code execution (bsc#1197227).
• CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
  vulnerability in the Linux kernel (bnc#1198032).
• CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
  vulnerability in the Linux kernel (bnc#1198033).
• CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
  vulnerability in the Linux kernel (bnc#1198031).
• CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma
  (bsc#1196639).
• CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
  use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock
  (bsc#1197331).
• CVE-2022-0850: Fixed a kernel information leak vulnerability in
  iov_iter.c (bsc#1196761).
• CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which
  allowed attackers to obtain sensitive information from the memory via
  crafted frame lengths from a USB device (bsc#1196836).
• CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
  which could lead to an use-after-free if there is a corrupted quota file
  (bnc#1197366).
• CVE-2021-39713: Fixed a race condition in the network scheduling
  subsystem which could lead to a use-after-free (bsc#1196973).

CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,
CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have
lead to read/write access to memory pages or denial of service. These
issues are related to the Xen PV device frontend drivers (bsc#1196488).

• CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
  attacker with adjacent NFC access could trigger crash the system or
  corrupt system memory (bsc#1196830).

The following non-security bugs were fixed:

• ax88179_178a: Fixed memory issues that could be triggered by malicious
  USB devices (bsc#1196018).
• genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
• gve/net: Fixed multiple bugfixes (jsc#SLE-23652).
• net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
• net: tipc: validate domain record count on input (bsc#1195254).
• powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4:

  zypper in -t patch openSUSE-SLE-15.4-2022-1256=1

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2022-1256=1

• SUSE Linux Enterprise Server for SAP 15-SP1:

  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1

• SUSE Linux Enterprise Server 15-SP1-LTSS:

  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1

• SUSE Linux Enterprise Server 15-SP1-BCL:

  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1

• SUSE Linux Enterprise Module for Live Patching 15-SP1:

  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1

• SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1

• SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1

• SUSE Linux Enterprise High Availability 15-SP1:

  zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1

• SUSE Enterprise Storage 6:

  zypper in -t patch SUSE-Storage-6-2022-1256=1

• SUSE CaaS Platform 4.0:

  To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
  will inform you if it detects new updates and let you then trigger
  updating of the complete cluster in a controlled way.