Lucene search

K
suseSuseSUSE-SU-2022:3693-1
HistoryOct 22, 2022 - 12:00 a.m.

Security update for the Linux Kernel (important)

2022-10-2200:00:00
lists.opensuse.org
27
linux kernel
security update
vulnerabilities
bugfixes
root bypass
information disclosure
tcp servers
video4linux
sound subsystem
race condition
linux mana pf driver
retbleed mitigation
reboot required
suse linux enterprise
opensuse leap
live patching
high performance computing
high availability
enterprise storage
caas platform

EPSS

0.001

Percentile

30.8%

An update that solves 7 vulnerabilities, contains one
feature and has one errata is now available.

Description:

The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-20008: Fixed local information disclosure due to possibility to
    read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564).
  • CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin
    and load untrusted and unverified kernel modules and firmware
    (bnc#1202677).
  • CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to
    identify clients by observing what source ports are used (bnc#1200288).
  • CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
    could lead a local user to able to crash the system or escalate their
    privileges (bnc#1203552).
  • CVE-2022-3303: Fixed a race condition in the sound subsystem due to
    improper locking (bnc#1203769).
  • CVE-2022-41218: Fixed an use-after-free caused by refcount races in
    drivers/media/dvb-core/dmxdev.c (bnc#1202960).
  • CVE-2022-41848: Fixed a race condition in
    drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach
    (bnc#1203987).

The following non-security bugs were fixed:

  • dtb: Do not include sources in src.rpm - refer to kernel-source Same as
    other kernel binary packages there is no need to carry duplicate sources
    in dtb packages.
  • mkspec: eliminate @NOSOURCE@ macro This should be alsways used with
    @SOURCES@, just include the content there.
  • net: mana: Add rmb after checking owner bits (git-fixes).
  • net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529).
  • x86/bugs: Reenable retbleed=off While for older kernels the return
    thunks are statically built in and cannot be dynamically patched out,
    retbleed=off should still be possible to do so that the mitigation can
    still be disabled on Intel who do not use the return thunks but IBRS.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3693=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3693=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3693=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3693=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3693=1

  • SUSE Linux Enterprise Module for Live Patching 15-SP1:

    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3693=1

    Please note that this is the initial kernel livepatch without fixes
    itself, this livepatch package is later updated by seperate standalone
    livepatch updates.

  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3693=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3693=1

  • SUSE Linux Enterprise High Availability 15-SP1:

    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3693=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-3693=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

Rows per page:
1-10 of 441