Security update for the Linux Kernel (important)

An update that solves 30 vulnerabilities and has 14 fixes
is now available.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated.

The following security bugs were fixed:

• CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
  to speculatively/transiently disclose information via spectre like
  attacks. (bsc#1199650)
• CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
  to speculatively/transiently disclose information via spectre like
  attacks. (bsc#1199650)
• CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
  to speculatively/transiently disclose information via spectre like
  attacks. (bsc#1199650)
• CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
  to speculatively/transiently disclose information via spectre like
  attacks. (bsc#1199650)
• CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
  to speculatively/transiently disclose information via spectre like
  attacks. (bsc#1199650)
• CVE-2019-19377: Fixed an user-after-free that could be triggered when an
  attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
• CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
  mounting and operating on a corrupted image. (bsc#1198577)
• CVE-2017-13695: Fixed a bug that caused a stack dump allowing local
  users to obtain sensitive information from kernel memory and bypass the
  KASLR protection mechanism via a crafted ACPI table. (bnc#1055710)
• CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
  (bsc#1199507).
• CVE-2022-1652: Fixed a statically allocated error counter inside the
  floppy kernel module (bsc#1199063).
• CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a
  possible out of bounds read due to Incorrect Size Value. This could lead
  to local information disclosure with System execution privileges needed.
  User interaction is not needed for exploitation (bnc#1197219).
• CVE-2022-30594: Fixed restriction bypass on setting the
  PT_SUSPEND_SECCOMP flag (bnc#1199505).
• CVE-2021-33061: Fixed insufficient control flow management for the
  Intel® 82599 Ethernet Controllers and Adapters that may have allowed
  an authenticated user to potentially enable denial of service via local
  access (bnc#1196426).
• CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
  (bsc#1199012).
• CVE-2021-20321: Fixed a race condition accessing file object in the
  OverlayFS subsystem in the way users do rename in specific way with
  OverlayFS. A local user could have used this flaw to crash the system
  (bnc#1191647).
• CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
  netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference
  count is mishandled (bnc#1172456).
• CVE-2022-28748: Fixed memory lead over the network by ax88179_178a
  devices (bsc#1196018).
• CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in
  drivers/block/floppy.c. The floppy driver will copy a kernel pointer to
  user memory in response to the FDGETPRM ioctl. An attacker can send the
  FDGETPRM ioctl and use the obtained kernel pointer to discover the
  location of kernel code and data and bypass kernel security protections
  such as KASLR (bnc#1084513).
• CVE-2022-22942: Fixed stale file descriptors on failed usercopy
  (bsc#1195065).
• CVE-2022-1419: Fixed a concurrency use-after-free in
  vgem_gem_dumb_create (bsc#1198742).
• CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
  detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
• CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
  BUG) by making a getsockname call after a certain type of failure of a
  bind call (bnc#1187055).
• CVE-2022-1353: Fixed access controll to kernel memory in the
  pfkey_register function in net/key/af_key.c (bnc#1198516).
• CVE-2021-20292: Fixed object validation prior to performing operations
  on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
  (bnc#1183723).
• CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
  local attacker to retireve (partial) /etc/shadow hashes or any other
  data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
• CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
  simulating an nfc device from user-space. (bsc#1200144).
• CVE-2020-26541: Enforce the secure boot forbidden signature database
  (aka dbx) protection mechanism. (bnc#1177282)
• CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
  kernel by simulating nfc device from user-space. (bsc#1200143)
• CVE-2022-21499: Reinforce the kernel lockdown feature, until now it’s
  been trivial to break out of it with kgdb or kdb. (bsc#1199426)
• CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
  cleanup routine and firmware download routine. (bnc#1199605).

The following non-security bugs were fixed:

• btrfs: relocation: Only remove reloc rb_trees if reloc control has been
  initialized (bsc#1199399).
• btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
• net: ena: A typo fix in the file ena_com.h (bsc#1198777).
• net: ena: Add capabilities field with support for ENI stats capability
  (bsc#1198777).
• net: ena: Add debug prints for invalid req_id resets (bsc#1198777).
• net: ena: add device distinct log prefix to files (bsc#1198777).
• net: ena: add jiffies of last napi call to stats (bsc#1198777).
• net: ena: aggregate doorbell common operations into a function
  (bsc#1198777).
• net: ena: aggregate stats increase into a function (bsc#1198777).
• net: ena: Change ENI stats support check to use capabilities field
  (bsc#1198777).
• net: ena: Change return value of ena_calc_io_queue_size() to void
  (bsc#1198777).
• net: ena: Change the name of bad_csum variable (bsc#1198777).
• net: ena: Extract recurring driver reset code into a function
  (bsc#1198777).
• net: ena: fix coding style nits (bsc#1198777).
• net: ena: fix DMA mapping function issues in XDP (bsc#1198777).
• net: ena: Fix error handling when calculating max IO queues number
  (bsc#1198777).
• net: ena: fix inaccurate print type (bsc#1198777).
• net: ena: Fix undefined state when tx request id is out of bounds
  (bsc#1198777).
• net: ena: Fix wrong rx request id by resetting device (bsc#1198777).
• net: ena: Improve error logging in driver (bsc#1198777).
• net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
  (bsc#1198777).
• net: ena: introduce XDP redirect implementation (bsc#1198777).
• net: ena: make symbol ‘ena_alloc_map_page’ static (bsc#1198777).
• net: ena: Move reset completion print to the reset function
  (bsc#1198777).
• net: ena: optimize data access in fast-path code (bsc#1198777).
• net: ena: re-organize code to improve readability (bsc#1198777).
• net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777).
• net: ena: remove extra words from comments (bsc#1198777).
• net: ena: Remove module param and change message severity (bsc#1198777).
• net: ena: Remove rcu_read_lock() around XDP program invocation
  (bsc#1198777).
• net: ena: Remove redundant return code check (bsc#1198777).
• net: ena: Remove unused code (bsc#1198777).
• net: ena: store values in their appropriate variables types
  (bsc#1198777).
• net: ena: Update XDP verdict upon failure (bsc#1198777).
• net: ena: use build_skb() in RX path (bsc#1198777).
• net: ena: use constant value for net_device allocation (bsc#1198777).
• net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777).
• net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777).
• net: ena: use xdp_frame in XDP TX flow (bsc#1198777).
• net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777).
• net: mana: Add counter for packet dropped by XDP (bsc#1195651).
• net: mana: Add counter for XDP_TX (bsc#1195651).
• net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
• net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
  (bsc#1195651).
• net: mana: Reuse XDP dropped page (bsc#1195651).
• net: mana: Use struct_size() helper in mana_gd_create_dma_region()
  (bsc#1195651).
• PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
  (bsc#1199314).
• powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S
  git-fixes).
• powerpc/64: Interrupts save PPR on stack rather than thread_struct
  (bsc#1196999 ltc#196609).
• powerpc/pseries: extract host bridge from pci_bus prior to bus removal
  (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
• powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729
  bsc#1198660 ltc#197803).
• scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
  bsc#1198825).
• SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
• x86/pm: Save the MSR validity status at context setup (bsc#1114648).
• x86/speculation: Restore speculation related MSRs during S3 resume
  (bsc#1114648).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4:

  zypper in -t patch openSUSE-SLE-15.4-2022-2111=1

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2022-2111=1

• SUSE Linux Enterprise Server for SAP 15-SP1:

  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2111=1

• SUSE Linux Enterprise Server 15-SP1-LTSS:

  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2111=1

• SUSE Linux Enterprise Server 15-SP1-BCL:

  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2111=1

• SUSE Linux Enterprise Module for Live Patching 15-SP1:

  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2111=1

• SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2111=1

• SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2111=1

• SUSE Linux Enterprise High Availability 15-SP1:

  zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2111=1

• SUSE Enterprise Storage 6:

  zypper in -t patch SUSE-Storage-6-2022-2111=1

• SUSE CaaS Platform 4.0:

  To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
  will inform you if it detects new updates and let you then trigger
  updating of the complete cluster in a controlled way.