Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.4041
Security update for the Linux Kernel
15 August 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29581 CVE-2022-26373 CVE-2022-21505
CVE-2022-2585 CVE-2021-33655
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20222803-1
Comment: CVSS (Max): 8.4 CVE-2022-2585 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2803-1
Rating: important
References: #1190256 #1190497 #1199291 #1199356 #1199665 #1201258
#1201323 #1201391 #1201458 #1201592 #1201593 #1201595
#1201596 #1201635 #1201651 #1201691 #1201705 #1201726
#1201846 #1201930 #1202094
Cross-References: CVE-2021-33655 CVE-2022-21505 CVE-2022-2585 CVE-2022-26373
CVE-2022-29581
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 5 vulnerabilities, contains 7 features and has 16 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
(bnc#1201635).
o CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094).
o CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
o CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#
1201726).
o CVE-2022-29581: Fixed improper update of Reference Count in net/sched that
could cause root privilege escalation (bnc#1199665).
The following non-security bugs were fixed:
o ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
o ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes).
o ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
o ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
(git-fixes).
o ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
o ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
(git-fixes).
o ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
o ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
o ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
o ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes).
o ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
o ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
(git-fixes).
o ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes).
o ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of
idle (git-fixes).
o ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes).
o ARM: 9213/1: Print message about disabled Spectre workarounds only once
(git-fixes).
o ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
(git-fixes).
o ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
o ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
o ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
(git-fixes).
o ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes).
o ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
(git-fixes).
o ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
(git-fixes).
o ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem
(git-fixes).
o ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes).
o ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove
(git-fixes).
o ASoC: Remove unused hw_write_t type (git-fixes).
o ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes).
o ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe
(git-fixes).
o ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect
(git-fixes).
o ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
o ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes).
o ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
o ASoC: madera: Fix event generation for rate controls (git-fixes).
o ASoC: ops: Fix off by one in range control validation (git-fixes).
o ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend
(git-fixes).
o ASoC: rt5682: Fix deadlock on resume (git-fixes).
o ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes).
o ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes).
o ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes).
o ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
o ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes).
o ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver
(git-fixes).
o ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
(git-fixes).
o ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes).
o ASoC: rt711: fix calibrate mutex initialization (git-fixes).
o ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
o ASoC: tas2764: Add post reset delays (git-fixes).
o ASoC: tas2764: Correct playback volume range (git-fixes).
o ASoC: tas2764: Fix amp gain register offset & default (git-fixes).
o ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes).
o ASoC: wcd938x: Fix event generation for some controls (git-fixes).
o ASoC: wm5110: Fix DRE control (git-fixes).
o Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes).
o Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes).
o Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256).
o NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
o VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
o VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#
SLE-24635).
o VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#
1199291, jsc#SLE-24635).
o VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#
SLE-24635).
o VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
o VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#
SLE-24635).
o VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#
SLE-24635).
o VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#
1199291, jsc#SLE-24635).
o VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
o VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291,
jsc#SLE-24635).
o VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
o VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#
1199291, jsc#SLE-24635).
o arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
o arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682).
o arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
o arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes).
o arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
o arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes).
o arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
o arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer
(git-fixes)
o batman-adv: Use netif_rx() (git-fixes).
o bcmgenet: add WOL IRQ check (git-fixes).
o be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323).
o blk-mq: add one API for waiting until quiesce is done (bsc#1201651).
o blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651).
o blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651).
o can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes).
o can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes).
o can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
o can: m_can: m_can_chip_config(): actually enable internal timestamping
(git-fixes).
o can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling
for mcp2517fd (git-fixes).
o can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC
on TBC register (git-fixes).
o ceph: fix up non-directory creation in SGID directories (bsc#1201595).
o cpufreq: mediatek: Unregister platform device on exit (git-fixes).
o cpufreq: mediatek: Use module_init and add module_exit (git-fixes).
o cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
o cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
o crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
o crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682).
o crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
o crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682).
o crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682).
o crypto: octeontx2 - add synchronization between mailbox accesses (jsc#
SLE-24682).
o crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
o crypto: octeontx2 - increase CPT HW instruction queue length (jsc#
SLE-24682).
o crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete
() (jsc#SLE-24682).
o crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682).
o crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
o crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682).
o crypto: qat - fix memory leak in RSA (git-fixes).
o crypto: qat - remove dma_free_coherent() for DH (git-fixes).
o crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
o crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
o crypto: qat - set to zero DH parameters before free (git-fixes).
o crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#
1201258).
o device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
o dm: do not stop request queue after the dm device is suspended (bsc#
1201651).
o dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
(git-fixes).
o dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
o dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
(git-fixes).
o dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
o dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
o dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
(git-fixes).
o dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
o docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
o docs: net: dsa: add more info about the other arguments to get_tag_protocol
(git-fixes).
o docs: net: dsa: delete port_mdb_dump (git-fixes).
o docs: net: dsa: document change_tag_protocol (git-fixes).
o docs: net: dsa: document port_fast_age (git-fixes).
o docs: net: dsa: document port_setup and port_teardown (git-fixes).
o docs: net: dsa: document the shutdown behavior (git-fixes).
o docs: net: dsa: document the teardown method (git-fixes).
o docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes).
o docs: net: dsa: remove port_vlan_dump (git-fixes).
o docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes).
o docs: net: dsa: update probing documentation (git-fixes).
o dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes).
o dpaa2-eth: destroy workqueue at the end of remove function (git-fixes).
o dpaa2-eth: unregister the netdev before disconnecting from the PHY
(git-fixes).
o drbd: fix potential silent data corruption (git-fixes).
o drivers: net: smc911x: Check for error irq (git-fixes).
o drm/amd/display: Fix by adding FPU protection for
dcn30_internal_validate_bw (git-fixes).
o drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines
(git-fixes).
o drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
o drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
o drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
o drm/i915/dg2: Add Wa_22011100796 (git-fixes).
o drm/i915/gt: Serialize GRDOM access between multiple engine resets
(git-fixes).
o drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
o drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
(git-fixes).
o drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
o drm/i915/uc: correctly track uc_fw init failure (git-fixes).
o drm/i915: Fix a race between vma / object destruction and unbinding
(git-fixes).
o drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
o drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
(git-fixes).
o drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes).
o drm/mediatek: Detect CMDQ execution timeout (git-fixes).
o drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes).
o drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes).
o drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
o drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
o drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
o dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes).
o dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
o dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
(git-fixes).
o dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
(git-fixes).
o e1000e: Enable GPT clock before sending message to CSME (git-fixes).
o efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
o ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
o ethtool: Fix get module eeprom fallback (bsc#1201323).
o fbcon: Disallow setting font bigger than screen size (git-fixes).
o fbcon: Prevent that screen size is smaller than font size (git-fixes).
o fbdev: fbmem: Fix logo center image dx issue (git-fixes).
o fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
o fjes: Check for error irq (git-fixes).
o fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
o fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes).
o fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
o fuse: make sure reclaim does not write the inode (bsc#1201592).
o gpio: gpio-xilinx: Fix integer overflow (git-fixes).
o gpio: pca953x: only use single read/write for No AI mode (git-fixes).
o gpio: pca953x: use the correct range when do regmap sync (git-fixes).
o gpio: pca953x: use the correct register address when regcache sync during
init (git-fixes).
o gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
o gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
o gve: Recording rx queue before sending to napi (git-fixes).
o hwmon: (occ) Prevent power cap command overwriting poll response
(git-fixes).
o hwmon: (occ) Remove sequence numbering and checksum calculation
(git-fixes).
o hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682).
o i2c: cadence: Change large transfer count reset logic to be unconditional
(git-fixes).
o i2c: cadence: Unregister the clk notifier in error path (git-fixes).
o i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes).
o i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes).
o i2c: smbus: Check for parent device before dereference (git-fixes).
o i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
o i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
o i2c: tegra: Add the ACPI support (jsc#SLE-24569)
o i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
o ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes).
o ice: Fix error with handling of bonding MTU (git-fixes).
o ice: Fix race condition during interface enslave (git-fixes).
o ice: stop disabling VFs due to PF error responses (git-fixes).
o ida: do not use BUG_ON() for debugging (git-fixes).
o ima: Fix a potential integer overflow in ima_appraise_measurement
(git-fixes).
o ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
o ima: force signature verification when CONFIG_KEXEC_SIG is configured
(git-fixes).
o irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#
SLE-24682).
o irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
(git-fixes).
o ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
o kABI workaround for phy_device changes (git-fixes).
o kABI workaround for rtsx_usb (git-fixes).
o kABI workaround for snd-soc-rt5682-* (git-fixes).
o kABI: fix adding field to scsi_device (git-fixes).
o kABI: fix adding field to ufs_hba (git-fixes).
o kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for
"i2c: smbus: Use device_*() functions instead of of_*()"
o kabi/severities: add intel ice
o kabi/severities: add stmmac network driver local symbols
o kabi/severities: ignore dropped symbol rt5682_headset_detect
o kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/
kasan)).
o kernel-obs-build: include qemu_fw_cfg (boo#1201705)
o kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#
1201930).
o kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
o libceph: fix potential use-after-free on linger ping and resends (bsc#
1201596).
o md: bcache: check the return value of kzalloc() in detached_dev_do_request
() (git-fixes).
o memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/
pgalloc)).
o memregion: Fix memregion_free() fallback definition (git-fixes).
o misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
(git-fixes).
o misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
o misc: rtsx_usb: use separate command and response buffers (git-fixes).
o mm/large system hash: avoid possible NULL deref in alloc_large_system_hash
(git fixes (mm/pgalloc)).
o mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/
secretmem)).
o mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/
vmalloc)).
o mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git
fixes (mm/vmalloc)).
o mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/
vmalloc)).
o mm: do not try to NUMA-migrate COW pages that have other uses (git fixes
(mm/numa)).
o mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)).
o mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes).
o natsemi: xtensa: fix section mismatch warnings (git-fixes).
o nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
o net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes).
o net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
(git-fixes).
o net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
o net: ag71xx: Fix a potential double free in error handling paths
(git-fixes).
o net: altera: set a couple error code in probe() (git-fixes).
o net: amd-xgbe: Fix skb data length underflow (git-fixes).
o net: amd-xgbe: disable interrupts during pci removal (git-fixes).
o net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes).
o net: annotate data-races on txq->xmit_lock_owner (git-fixes).
o net: axienet: Fix TX ring slot available check (git-fixes).
o net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
o net: axienet: add missing memory barriers (git-fixes).
o net: axienet: fix for TX busy handling (git-fixes).
o net: axienet: fix number of TX ring slots for available check (git-fixes).
o net: axienet: increase default TX ring size to 128 (git-fixes).
o net: axienet: increase reset timeout (git-fixes).
o net: axienet: limit minimum TX ring size (git-fixes).
o net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes).
o net: bcmgenet: Do not claim WOL when its not available (git-fixes).
o net: bcmgenet: skip invalid partial checksums (git-fixes).
o net: chelsio: cxgb3: check the return value of pci_find_capability()
(git-fixes).
o net: cpsw: Properly initialise struct page_pool_params (git-fixes).
o net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account
(git-fixes).
o net: dsa: ar9331: register the mdiobus under devres (git-fixes).
o net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes).
o net: dsa: felix: do not use devres for mdiobus (git-fixes).
o net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
o net: dsa: lan9303: fix reset on probe (git-fixes).
o net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes).
o net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate()
(git-fixes).
o net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding
(git-fixes).
o net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes).
o net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes).
o net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
(git-fixes).
o net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN
(git-fixes).
o net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
o net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
(git-fixes).
o net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
(git-fixes).
o net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes).
o net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
(git-fixes).
o net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
o net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
o net: ieee802154: hwsim: Ensure proper channel selection at probe time
(git-fixes).
o net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
o net: ipa: add an interconnect dependency (git-fixes).
o net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes).
o net: ipa: prevent concurrent replenish (git-fixes).
o net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes).
o net: ks8851: Check for error irq (git-fixes).
o net: lantiq_xrx200: fix statistics of received bytes (git-fixes).
o net: ll_temac: check the return value of devm_kmalloc() (git-fixes).
o net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
o net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes).
o net: macsec: Verify that send_sci is on when setting Tx sci explicitly
(git-fixes).
o net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes).
o net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (git-fixes).
o net: marvell: prestera: fix incorrect return of port_find (git-fixes).
o net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
o net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower
offload (git-fixes).
o net: mscc: ocelot: fix mutex lock error during ethtool stats read
(git-fixes).
o net: mscc: ocelot: fix using match before it is set (git-fixes).
o net: mv643xx_eth: process retval from of_get_mac_address (git-fixes).
o net: mvpp2: fix XDP rx queues registering (git-fixes).
o net: phy: Do not trigger state machine while in suspend (git-fixes).
o net: phylink: Force link down and retrigger resolve on interface change
(git-fixes).
o net: phylink: Force retrigger in case of latched link-fail indicator
(git-fixes).
o net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
o net: sfp: fix high power modules without diagnostic monitoring (git-fixes).
o net: sfp: ignore disabled SFP node (git-fixes).
o net: sparx5: Fix add vlan when invalid operation (git-fixes).
o net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
o net: stmmac: Add platform level debug register dump feature (git-fixes).
o net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support
(git-fixes).
o net: stmmac: configure PTP clock source prior to PTP initialization
(git-fixes).
o net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
o net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes).
o net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL
(git-fixes).
o net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode
(git-fixes).
o net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M
(git-fixes).
o net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected
speed request (git-fixes).
o net: stmmac: ensure PTP time register reads are consistent (git-fixes).
o net: stmmac: fix return value of __setup handler (git-fixes).
o net: stmmac: fix tc flower deletion for VLAN priority Rx steering
(git-fixes).
o net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
(git-fixes).
o net: stmmac: ptp: fix potentially overflowing expression (git-fixes).
o net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes).
o net: stmmac: skip only stmmac_ptp_register when resume from suspend
(git-fixes).
o net: sxgbe: fix return value of __setup handler (git-fixes).
o net: systemport: Add global locking for descriptor lifecycle (git-fixes).
o net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
o net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
o netdevsim: do not overwrite read only ethtool parms (git-fixes).
o nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
o nvme: add APIs for stopping/starting admin queue (bsc#1201651).
o nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651).
o nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is
reallocated (bsc#1201651).
o nvme: paring quiesce/unquiesce (bsc#1201651).
o nvme: prepare for pairing quiescing and unquiescing (bsc#1201651).
o nvme: wait until quiesce is done (bsc#1201651).
o octeontx2-af: Do not fixup all VF action entries (git-fixes).
o octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
o octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces
(git-fixes).
o octeontx2-pf: Forward error codes to VF (git-fixes).
o page_alloc: fix invalid watemark check on a negative value (git fixes (mm/
pgalloc)).
o perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
o perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute
(jsc#SLE-24578).
o perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578).
o perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#
SLE-24578).
o pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
(git-fixes).
o pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
o pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
o platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
o posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers
(git-fixes).
o power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
(git-fixes).
o powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#
198761).
o powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#
1201846 ltc#198761).
o powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#
198761).
o ppp: ensure minimum packet size in ppp_write() (git-fixes).
o qede: validate non LSO skb length (git-fixes).
o r8152: fix a WOL issue (git-fixes).
o r8169: fix accessing unset transport header (git-fixes).
o random: document add_hwgenerator_randomness() with other input functions
(git-fixes).
o random: fix typo in comments (git-fixes).
o raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
o reset: Fix devm bulk optional exclusive control getter (git-fixes).
o rocker: fix a sleeping in atomic bug (git-fixes).
o rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
o sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#
1199356).
o scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651).
o scsi: core: sd: Add silence_suspend flag to suppress some PM messages
(git-fixes).
o scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes).
o scsi: lpfc: Fix mailbox command failure during driver initialization
(git-fixes).
o scsi: make sure that request queue queiesce and unquiesce balanced (bsc#
1201651).
o scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes).
o scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes).
o scsi: scsi_debug: Fix zone transition to full condition (git-fixes).
o scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select
() (git-fixes).
o scsi: sd: Fix potential NULL pointer dereference (git-fixes).
o scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes).
o scsi: ufs: Fix a deadlock in the error handler (git-fixes).
o scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes).
o scsi: ufs: Remove dead code (git-fixes).
o scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
o serial: 8250: Fix PM usage_count for console handover (git-fixes).
o serial: 8250: fix return error code in serial8250_request_std_resource()
(git-fixes).
o serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
o serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
o serial: stm32: Clear prev values before setting RTS delays (git-fixes).
o soc: ixp4xx/npe: Fix unused match warning (git-fixes).
o spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
o spi: amd: Limit max transfer and message size (git-fixes).
o spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
transfers (git-fixes).
o spi: tegra210-quad: add acpi support (jsc#SLE-24570)
o spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
o spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
o spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
o spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
o supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#
SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
o supported.conf: rvu_mbox as supported (jsc#SLE-24682)
o sysctl: Fix data races in proc_dointvec() (git-fixes).
o sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
o sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
o sysctl: Fix data races in proc_douintvec() (git-fixes).
o sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
o sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
o sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
o sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
o tee: fix put order in teedev_close_context() (git-fixes).
o tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
o tun: fix bonding active backup with arp monitoring (git-fixes).
o usb: dwc3: gadget: Fix event pending check (git-fixes).
o usb: serial: ftdi_sio: add Belimo device ids (git-fixes).
o usb: typec: add missing uevent when partner support PD (git-fixes).
o usbnet: fix memory leak in error case (git-fixes).
o veth: Do not record rx queue hint in veth_xmit (git-fixes).
o veth: ensure skb entering GRO are not cloned (git-fixes).
o video: of_display_timing.h: include errno.h (git-fixes).
o virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
o virtio_mmio: Restore guest page size on resume (git-fixes).
o vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
(git-fixes).
o vt: fix memory overlapping when deleting chars in the buffer (git-fixes).
o watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
o wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
o wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes).
o x86/bugs: Remove apostrophe typo (bsc#1190497).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2803=1
o SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2803=1
o SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2803=1
Please note that this is the initial kernel livepatch without fixes itself,
this package is later updated by seperate standalone kernel livepatch
updates.
o SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2803=1
o SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2803=1
o SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2803=1
o SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2803=1
Package List:
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.14.21-150400.24.18.1
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.18.1
dlm-kmp-default-5.14.21-150400.24.18.1
dlm-kmp-default-debuginfo-5.14.21-150400.24.18.1
gfs2-kmp-default-5.14.21-150400.24.18.1
gfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-5.14.21-150400.24.18.1
kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4
kernel-default-base-rebuild-5.14.21-150400.24.18.1.150400.24.5.4
kernel-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debugsource-5.14.21-150400.24.18.1
kernel-default-devel-5.14.21-150400.24.18.1
kernel-default-devel-debuginfo-5.14.21-150400.24.18.1
kernel-default-extra-5.14.21-150400.24.18.1
kernel-default-extra-debuginfo-5.14.21-150400.24.18.1
kernel-default-livepatch-5.14.21-150400.24.18.1
kernel-default-livepatch-devel-5.14.21-150400.24.18.1
kernel-default-optional-5.14.21-150400.24.18.1
kernel-default-optional-debuginfo-5.14.21-150400.24.18.1
kernel-obs-build-5.14.21-150400.24.18.1
kernel-obs-build-debugsource-5.14.21-150400.24.18.1
kernel-obs-qa-5.14.21-150400.24.18.1
kernel-syms-5.14.21-150400.24.18.1
kselftests-kmp-default-5.14.21-150400.24.18.1
kselftests-kmp-default-debuginfo-5.14.21-150400.24.18.1
ocfs2-kmp-default-5.14.21-150400.24.18.1
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1
reiserfs-kmp-default-5.14.21-150400.24.18.1
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.18.1
o openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
kernel-kvmsmall-5.14.21-150400.24.18.1
kernel-kvmsmall-debuginfo-5.14.21-150400.24.18.1
kernel-kvmsmall-debugsource-5.14.21-150400.24.18.1
kernel-kvmsmall-devel-5.14.21-150400.24.18.1
kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.18.1
kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.18.1
o openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-5.14.21-150400.24.18.1
kernel-debug-debuginfo-5.14.21-150400.24.18.1
kernel-debug-debugsource-5.14.21-150400.24.18.1
kernel-debug-devel-5.14.21-150400.24.18.1
kernel-debug-devel-debuginfo-5.14.21-150400.24.18.1
kernel-debug-livepatch-devel-5.14.21-150400.24.18.1
o openSUSE Leap 15.4 (aarch64):
cluster-md-kmp-64kb-5.14.21-150400.24.18.1
cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.18.1
dlm-kmp-64kb-5.14.21-150400.24.18.1
dlm-kmp-64kb-debuginfo-5.14.21-150400.24.18.1
dtb-allwinner-5.14.21-150400.24.18.1
dtb-altera-5.14.21-150400.24.18.1
dtb-amazon-5.14.21-150400.24.18.1
dtb-amd-5.14.21-150400.24.18.1
dtb-amlogic-5.14.21-150400.24.18.1
dtb-apm-5.14.21-150400.24.18.1
dtb-apple-5.14.21-150400.24.18.1
dtb-arm-5.14.21-150400.24.18.1
dtb-broadcom-5.14.21-150400.24.18.1
dtb-cavium-5.14.21-150400.24.18.1
dtb-exynos-5.14.21-150400.24.18.1
dtb-freescale-5.14.21-150400.24.18.1
dtb-hisilicon-5.14.21-150400.24.18.1
dtb-lg-5.14.21-150400.24.18.1
dtb-marvell-5.14.21-150400.24.18.1
dtb-mediatek-5.14.21-150400.24.18.1
dtb-nvidia-5.14.21-150400.24.18.1
dtb-qcom-5.14.21-150400.24.18.1
dtb-renesas-5.14.21-150400.24.18.1
dtb-rockchip-5.14.21-150400.24.18.1
dtb-socionext-5.14.21-150400.24.18.1
dtb-sprd-5.14.21-150400.24.18.1
dtb-xilinx-5.14.21-150400.24.18.1
gfs2-kmp-64kb-5.14.21-150400.24.18.1
gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.18.1
kernel-64kb-5.14.21-150400.24.18.1
kernel-64kb-debuginfo-5.14.21-150400.24.18.1
kernel-64kb-debugsource-5.14.21-150400.24.18.1
kernel-64kb-devel-5.14.21-150400.24.18.1
kernel-64kb-devel-debuginfo-5.14.21-150400.24.18.1
kernel-64kb-extra-5.14.21-150400.24.18.1
kernel-64kb-extra-debuginfo-5.14.21-150400.24.18.1
kernel-64kb-livepatch-devel-5.14.21-150400.24.18.1
kernel-64kb-optional-5.14.21-150400.24.18.1
kernel-64kb-optional-debuginfo-5.14.21-150400.24.18.1
kselftests-kmp-64kb-5.14.21-150400.24.18.1
kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.18.1
ocfs2-kmp-64kb-5.14.21-150400.24.18.1
ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.18.1
reiserfs-kmp-64kb-5.14.21-150400.24.18.1
reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.18.1
o openSUSE Leap 15.4 (noarch):
kernel-devel-5.14.21-150400.24.18.1
kernel-docs-5.14.21-150400.24.18.1
kernel-docs-html-5.14.21-150400.24.18.1
kernel-macros-5.14.21-150400.24.18.1
kernel-source-5.14.21-150400.24.18.1
kernel-source-vanilla-5.14.21-150400.24.18.1
o openSUSE Leap 15.4 (s390x):
kernel-zfcpdump-5.14.21-150400.24.18.1
kernel-zfcpdump-debuginfo-5.14.21-150400.24.18.1
kernel-zfcpdump-debugsource-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
kernel-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debugsource-5.14.21-150400.24.18.1
kernel-default-extra-5.14.21-150400.24.18.1
kernel-default-extra-debuginfo-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debugsource-5.14.21-150400.24.18.1
kernel-default-livepatch-5.14.21-150400.24.18.1
kernel-default-livepatch-devel-5.14.21-150400.24.18.1
kernel-livepatch-5_14_21-150400_24_18-default-1-150400.9.5.2
kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-1-150400.9.5.2
kernel-livepatch-SLE15-SP4_Update_2-debugsource-1-150400.9.5.2
o SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debugsource-5.14.21-150400.24.18.1
reiserfs-kmp-default-5.14.21-150400.24.18.1
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.14.21-150400.24.18.1
kernel-obs-build-debugsource-5.14.21-150400.24.18.1
kernel-syms-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
kernel-docs-5.14.21-150400.24.18.1
kernel-source-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.14.21-150400.24.18.1
kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4
kernel-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debugsource-5.14.21-150400.24.18.1
kernel-default-devel-5.14.21-150400.24.18.1
kernel-default-devel-debuginfo-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64):
kernel-64kb-5.14.21-150400.24.18.1
kernel-64kb-debuginfo-5.14.21-150400.24.18.1
kernel-64kb-debugsource-5.14.21-150400.24.18.1
kernel-64kb-devel-5.14.21-150400.24.18.1
kernel-64kb-devel-debuginfo-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
kernel-devel-5.14.21-150400.24.18.1
kernel-macros-5.14.21-150400.24.18.1
o SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x):
kernel-zfcpdump-5.14.21-150400.24.18.1
kernel-zfcpdump-debuginfo-5.14.21-150400.24.18.1
kernel-zfcpdump-debugsource-5.14.21-150400.24.18.1
o SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.14.21-150400.24.18.1
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.18.1
dlm-kmp-default-5.14.21-150400.24.18.1
dlm-kmp-default-debuginfo-5.14.21-150400.24.18.1
gfs2-kmp-default-5.14.21-150400.24.18.1
gfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debuginfo-5.14.21-150400.24.18.1
kernel-default-debugsource-5.14.21-150400.24.18.1
ocfs2-kmp-default-5.14.21-150400.24.18.1
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1
References:
o https://www.suse.com/security/cve/CVE-2021-33655.html
o https://www.suse.com/security/cve/CVE-2022-21505.html
o https://www.suse.com/security/cve/CVE-2022-2585.html
o https://www.suse.com/security/cve/CVE-2022-26373.html
o https://www.suse.com/security/cve/CVE-2022-29581.html
o https://bugzilla.suse.com/1190256
o https://bugzilla.suse.com/1190497
o https://bugzilla.suse.com/1199291
o https://bugzilla.suse.com/1199356
o https://bugzilla.suse.com/1199665
o https://bugzilla.suse.com/1201258
o https://bugzilla.suse.com/1201323
o https://bugzilla.suse.com/1201391
o https://bugzilla.suse.com/1201458
o https://bugzilla.suse.com/1201592
o https://bugzilla.suse.com/1201593
o https://bugzilla.suse.com/1201595
o https://bugzilla.suse.com/1201596
o https://bugzilla.suse.com/1201635
o https://bugzilla.suse.com/1201651
o https://bugzilla.suse.com/1201691
o https://bugzilla.suse.com/1201705
o https://bugzilla.suse.com/1201726
o https://bugzilla.suse.com/1201846
o https://bugzilla.suse.com/1201930
o https://bugzilla.suse.com/1202094
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYvmjGckNZI30y1K9AQiskhAAkd0/bKBnGfDsiplBpCB/tfrzVsOxXzW6
EVzJlP2GrEE6gg82pxrrD/OZKnuy7AHqds1cgYescYHBOmHMeb7eFo6XPTN7kKtX
99wHtwUnZsyn/BLZJbl8gIUKN2sFlWOhKKoiVRmzOWHC7ZPHz6FIS1fZ55UyYmE8
TCBU6wuvdyMTMmK3O2LmKsCT5TGNttF9d0CvX3JG7HpXItWXJX4n4nu7Q+dOxZpO
3sih+tyl7T9En6Hr6BQaPTAhvr3HsGtwKJZSdWgk9//gpFwQ/I4Az3r8M4JO9La8
PPJ4pzrluIj1EIIA2DCdCtka2AZ7MloRz84ot0AGsrcEXLv2QC+8J0O+RDBxiyk3
MU7jDvzASpigqoy8bNk5sDAJMrqQfe4RhNHGscQ/vsVC04qPYUhlvrpPMYCS8hiY
NEB7s2oxrsR4hKAX/DPvOO6myfq5u4WYnlIQWi/lsOUGrtyEjEe6sX8tHs3ltWUy
G/kRxilzRhe2PdBstk6JYIbbj7QOXQflyJdXSSCnsdpIACnsYWl2ogrpDPMGJRW9
9ZCspRHHISQD9W5D3nhMovXPdb7Pvw1Wc6qDANFE45zW9OUSDjDZODUk49xlVq5I
8zfP/rYFalrOSBYLWVHmu8vXjqGCNMnJQV89ifKMUvQwiyzrBeg6pHvmigpHKyIr
5v265W8Ymlw=
=PUfx
-----END PGP SIGNATURE-----