-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.1005
                   Security update for the Linux Kernel
                               10 March 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-25375 CVE-2022-0847 CVE-2022-0516
                   CVE-2022-0492 CVE-2022-0002 CVE-2022-0001

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2022/suse-su-20220760-1

Comment: CVSS (Max):  7.8 CVE-2022-0847 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2022:0760-1
Rating:            important
References:        #1089644 #1154353 #1157038 #1157923 #1176447 #1176940
                   #1178134 #1181147 #1181588 #1183872 #1187716 #1188404
                   #1189126 #1190812 #1190972 #1191580 #1191655 #1191741
                   #1192210 #1192483 #1193096 #1193233 #1193243 #1193787
                   #1194163 #1194967 #1195012 #1195081 #1195286 #1195352
                   #1195378 #1195506 #1195516 #1195543 #1195668 #1195701
                   #1195798 #1195799 #1195823 #1195908 #1195928 #1195947
                   #1195957 #1195995 #1196195 #1196235 #1196339 #1196373
                   #1196400 #1196403 #1196516 #1196584 #1196585 #1196601
                   #1196612 #1196776
Cross-References:  CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0516
                   CVE-2022-0847 CVE-2022-25375
Affected Products:
                   SUSE Linux Enterprise Desktop 15-SP3
                   SUSE Linux Enterprise High Availability 15-SP3
                   SUSE Linux Enterprise High Performance Computing
                   SUSE Linux Enterprise High Performance Computing 15-SP3
                   SUSE Linux Enterprise Micro 5.1
                   SUSE Linux Enterprise Module for Basesystem 15-SP3
                   SUSE Linux Enterprise Module for Development Tools 15-SP3
                   SUSE Linux Enterprise Module for Legacy Software 15-SP3
                   SUSE Linux Enterprise Module for Live Patching 15-SP3
                   SUSE Linux Enterprise Server
                   SUSE Linux Enterprise Server 15-SP3
                   SUSE Linux Enterprise Server for SAP Applications
                   SUSE Linux Enterprise Server for SAP Applications 15-SP3
                   SUSE Linux Enterprise Workstation Extension 15-SP3
                   SUSE Manager Proxy 4.2
                   SUSE Manager Server 4.2
______________________________________________________________________________

An update that solves 6 vulnerabilities, contains three features and has 50
fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.

Transient execution side-channel attacks attacking the Branch History Buffer
(BHB), named "Branch Target Injection" and "Intra-Mode Branch History
Injection" are now mitigated.
The following security bugs were fixed:

  o CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
  o CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#
    1191580).
  o CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite
    data in arbitrary (read-only) files (bsc#1196584).
  o CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the
    RNDIS_MSG_SET command. Attackers can obtain sensitive information from
    kernel memory (bnc#1196235 ).
  o CVE-2022-0492: Fixed a privilege escalation related to cgroups v1
    release_agent feature, which allowed bypassing namespace isolation
    unexpectedly (bsc#1195543).
  o CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows
    kernel memory read/write (bsc#1195516).


The following non-security bugs were fixed:

  o ACPI/IORT: Check node revision for PMCG resources (git-fixes).
  o ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
    quirks (git-fixes).
  o ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
  o ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
    reboot from Windows (git-fixes).
  o ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
    chipset) (git-fixes).
  o ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
  o ALSA: hda: Fix regression on forced probe mask option (git-fixes).
  o ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes).
  o ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
    (git-fixes).
  o ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
    (git-fixes).
  o ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).
  o ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
    (git-fixes).
  o ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).
  o Align s390 NVME target options with other architectures (bsc#1188404, jsc#
    SLE-22494).
  o Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
  o EDAC/xgene: Fix deferred probing (bsc#1178134).
  o HID:Add support for UGTABLET WP5540 (git-fixes).
  o IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes).
  o IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
  o KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
  o NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
  o PM: hibernate: Remove register_nosave_region_late() (git-fixes).
  o PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
  o RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
  o RDMA/core: Always release restrack object (git-fixes)
  o RDMA/cxgb4: check for ipv6 address properly while destroying listener
    (git-fixes)
  o RDMA/siw: Release xarray entry (git-fixes)
  o RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
  o USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
    (git-fixes).
  o USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
  o USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
  o USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
    (git-fixes).
  o USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
  o USB: serial: option: add ZTE MF286D modem (git-fixes).
  o ata: libata-core: Disable TRIM on M88V29 (git-fixes).
  o ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
  o blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
  o blk-mq: avoid to iterate over stale request (bsc#1193787).
  o blk-mq: clear stale request in tags->rq before freeing one request pool
    (bsc#1193787).
  o blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
  o blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787
    git-fixes).
  o blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
  o blk-mq: fix kernel panic during iterating over flush request (bsc#1193787
    git-fixes).
  o blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
    (bsc#1193787).
  o blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
  o blk-tag: Hide spin_lock (bsc#1193787).
  o block: avoid double io accounting for flush request (bsc#1193787).
  o block: do not send a rezise udev event for hidden block device (bsc#
    1193096).
  o block: mark flush request as IDLE when it is really finished (bsc#1193787).
  o bonding: pair enable_port with slave_arr_updates (git-fixes).
  o bpf: Adjust BTF log size limit (git-fixes).
  o bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes).
  o btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
  o btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
  o btrfs: do not do preemptive flushing if the majority is global rsv (bsc#
    1196195).
  o btrfs: do not include the global rsv size in the preemptive used amount
    (bsc#1196195).
  o btrfs: handle preemptive delalloc flushing slightly differently (bsc#
    1196195).
  o btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210).
  o btrfs: only clamp the first time we have to start flushing (bsc#1196195).
  o btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#
    1196195).
  o btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
  o btrfs: take into account global rsv in need_preemptive_reclaim (bsc#
    1196195).
  o btrfs: use the global rsv size in the preemptive thresh calculation (bsc#
    1196195).
  o ceph: properly put ceph_string reference after async create attempt (bsc#
    1195798).
  o ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
  o drm/amdgpu: fix logic inversion in check (git-fixes).
  o drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
  o drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
  o drm/i915/opregion: check port number bounds for SWSCI display power state
    (git-fixes).
  o drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
  o drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
    (git-fixes).
  o drm/panel: simple: Assign data from panel_dpi_probe() correctly
    (git-fixes).
  o drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
  o drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
    (git-fixes).
  o drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
  o drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
  o drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
    (git-fixes).
  o ext4: check for inconsistent extents between index and leaf block (bsc#
    1194163 bsc#1196339).
  o ext4: check for out-of-order index extents in ext4_valid_extent_entries()
    (bsc#1194163 bsc#1196339).
  o ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#
    1196339).
  o gve: Add RX context (bsc#1191655).
  o gve: Add a jumbo-frame device option (bsc#1191655).
  o gve: Add consumed counts to ethtool stats (bsc#1191655).
  o gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
  o gve: Correct order of processing device options (bsc#1191655).
  o gve: Fix GFP flags when allocing pages (git-fixes).
  o gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
  o gve: Implement packet continuation for RX (bsc#1191655).
  o gve: Implement suspend/resume/shutdown (bsc#1191655).
  o gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
  o gve: Recording rx queue before sending to napi (bsc#1191655).
  o gve: Recover from queue stall due to missed IRQ (bsc#1191655).
  o gve: Update gve_free_queue_page_list signature (bsc#1191655).
  o gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
  o gve: fix for null pointer dereference (bsc#1191655).
  o gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
  o gve: fix unmatched u64_stats_update_end() (bsc#1191655).
  o gve: remove memory barrier around seqno (bsc#1191655).
  o i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
  o i40e: Fix for failed to init adminq while VF reset (git-fixes).
  o i40e: Fix issue when maximum queues is exceeded (git-fixes).
  o i40e: Fix queues reservation for XDP (git-fixes).
  o i40e: Increase delay to 1 s after global EMP reset (git-fixes).
  o i40e: fix unsigned stat widths (git-fixes).
  o ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
  o ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
  o ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
  o ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
  o ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).
  o ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
  o ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
  o ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
  o ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
  o ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
  o ice: fix IPIP and SIT TSO offload (git-fixes).
  o ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
  o ima: Allow template selection with ima_template[_fmt]= after ima_hash=
    (git-fixes).
  o ima: Do not print policy rule with inactive LSM labels (git-fixes).
  o ima: Remove ima_policy file before directory (git-fixes).
  o integrity: Make function integrity_add_key() static (git-fixes).
  o integrity: check the return value of audit_log_start() (git-fixes).
  o integrity: double check iint_cache was initialized (git-fixes).
  o iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
  o iommu/amd: Remove useless irq affinity notifier (git-fixes).
  o iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
  o iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
    (git-fixes).
  o iommu/amd: X2apic mode: re-enable after resume (git-fixes).
  o iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
    (git-fixes).
  o iommu/io-pgtable-arm-v7s: Add error handle for page table allocation
    failure (git-fixes).
  o iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
  o iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
  o iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
    (git-fixes).
  o iwlwifi: fix use-after-free (git-fixes).
  o iwlwifi: pcie: fix locking when "HW not ready" (git-fixes).
  o iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes).
  o ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
  o kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#
    194674).
  o kABI: Fix kABI for AMD IOMMU driver (git-fixes).
  o kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
  o lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584).
  o libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
  o md/raid5: fix oops during stripe resizing (bsc#1181588).
  o misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
  o mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
  o mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
  o mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
  o mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).
  o net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc
    #1089644 ltc#166495 ltc#165544 git-fixes).
  o net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#
    SLE-15172).
  o net: macb: Align the dma and coherent dma masks (git-fixes).
  o net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
  o net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
    (git-fixes).
  o net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible
    PHYs (git-fixes).
  o net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
  o net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
  o nfp: flower: fix ida_idx not being released (bsc#1154353).
  o nfsd: allow delegation state ids to be revoked and then freed (bsc#
    1192483).
  o nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
  o nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
  o nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
  o nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
  o nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#
    1195012).
  o nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
    (git-fixes).
  o nvme: do not return an error from nvme_configure_metadata (git-fixes).
  o nvme: let namespace probing continue for unsupported features (git-fixes).
  o powerpc/64: Move paca allocation later in boot (bsc#1190812).
  o powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#
    1157923 ltc#182612 git-fixes).
  o powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
    persistent memory" (bsc#1195995 ltc#196394).
  o powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#
    193451).
  o powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
  o powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc
    #1157923 ltc#182612 git-fixes).
  o s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
  o s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
  o s390/bpf: Fix optimizing out zero-extensions (git-fixes).
  o s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
  o s390/cio: verify the driver availability for path_event call (bsc#1195928
    LTC#196418).
  o s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#
    196088).
  o s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#
    1195081 LTC#196088).
  o s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#
    195540).
  o s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028).
  o s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
  o s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
  o s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
  o s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
  o scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#
    1195506).
  o scsi: core: Add limitless cmd retry support (bsc#1195506).
  o scsi: core: No retries on abort success (bsc#1195506).
  o scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
  o scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
  o scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
  o scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
  o scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
  o scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe
    queues (bsc#1195823).
  o scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
  o scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
  o scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
  o scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters
    (bsc#1195823).
  o scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
  o scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
  o scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
  o scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
  o scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
  o scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
  o scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#
    1195823).
  o scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
  o scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
  o scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
  o scsi: qla2xxx: Remove a declaration (bsc#1195823).
  o scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc
    #1195823).
  o scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
  o scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#
    1195823).
  o scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
  o scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
  o scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
  o scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
  o scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
  o scsi: qla2xxx: edif: Replace list_for_each_safe with
    list_for_each_entry_safe (bsc#1195823).
  o scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
  o scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#
    1195506).
  o scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs
    (bsc#1195506).
  o scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
  o scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
    devices (bsc#1195378 LTC#196244).
  o scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506).
  o staging/fbtft: Fix backlight (git-fixes).
  o staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
  o tracing: Do not inc err_log entry count if entry allocation fails
    (git-fixes).
  o tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
  o tracing: Fix smatch warning for null glob in event_hist_trigger_parse()
    (git-fixes).
  o tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
  o tracing: Propagate is_signed to expression (git-fixes).
  o usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
  o usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend
    (git-fixes).
  o usb: dwc3: do not set gadget->is_otg flag (git-fixes).
  o usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
  o usb: f_fs: Fix use-after-free for epfile (git-fixes).
  o usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
  o usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
  o usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
  o usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
    (git-fixes).
  o usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
    (git-fixes).
  o usb: ulpi: Call of_node_put correctly (git-fixes).
  o usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Workstation Extension 15-SP3:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-760=1
  o SUSE Linux Enterprise Module for Live Patching 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-760=1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-760=1
  o SUSE Linux Enterprise Module for Development Tools 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-760=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-760=1
  o SUSE Linux Enterprise Micro 5.1:
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-760=1
  o SUSE Linux Enterprise High Availability 15-SP3:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-760=1

Package List:

  o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
       kernel-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debugsource-5.3.18-150300.59.54.1
       kernel-default-extra-5.3.18-150300.59.54.1
       kernel-default-extra-debuginfo-5.3.18-150300.59.54.1
       kernel-preempt-debuginfo-5.3.18-150300.59.54.1
       kernel-preempt-debugsource-5.3.18-150300.59.54.1
       kernel-preempt-extra-5.3.18-150300.59.54.1
       kernel-preempt-extra-debuginfo-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x
    x86_64):
       kernel-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debugsource-5.3.18-150300.59.54.1
       kernel-default-livepatch-5.3.18-150300.59.54.1
       kernel-default-livepatch-devel-5.3.18-150300.59.54.1
       kernel-livepatch-5_3_18-150300_59_54-default-1-150300.7.5.1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le
    s390x x86_64):
       kernel-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debugsource-5.3.18-150300.59.54.1
       reiserfs-kmp-default-5.3.18-150300.59.54.1
       reiserfs-kmp-default-debuginfo-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
    s390x x86_64):
       kernel-obs-build-5.3.18-150300.59.54.1
       kernel-obs-build-debugsource-5.3.18-150300.59.54.1
       kernel-syms-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
       kernel-preempt-debuginfo-5.3.18-150300.59.54.1
       kernel-preempt-debugsource-5.3.18-150300.59.54.1
       kernel-preempt-devel-5.3.18-150300.59.54.1
       kernel-preempt-devel-debuginfo-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
       kernel-docs-5.3.18-150300.59.54.1
       kernel-source-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
    x86_64):
       kernel-default-5.3.18-150300.59.54.1
       kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3
       kernel-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debugsource-5.3.18-150300.59.54.1
       kernel-default-devel-5.3.18-150300.59.54.1
       kernel-default-devel-debuginfo-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
       kernel-preempt-5.3.18-150300.59.54.1
       kernel-preempt-debuginfo-5.3.18-150300.59.54.1
       kernel-preempt-debugsource-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
       kernel-64kb-5.3.18-150300.59.54.1
       kernel-64kb-debuginfo-5.3.18-150300.59.54.1
       kernel-64kb-debugsource-5.3.18-150300.59.54.1
       kernel-64kb-devel-5.3.18-150300.59.54.1
       kernel-64kb-devel-debuginfo-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
       kernel-devel-5.3.18-150300.59.54.1
       kernel-macros-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
       kernel-zfcpdump-5.3.18-150300.59.54.1
       kernel-zfcpdump-debuginfo-5.3.18-150300.59.54.1
       kernel-zfcpdump-debugsource-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
       kernel-default-5.3.18-150300.59.54.1
       kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3
       kernel-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debugsource-5.3.18-150300.59.54.1
  o SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x
    x86_64):
       cluster-md-kmp-default-5.3.18-150300.59.54.1
       cluster-md-kmp-default-debuginfo-5.3.18-150300.59.54.1
       dlm-kmp-default-5.3.18-150300.59.54.1
       dlm-kmp-default-debuginfo-5.3.18-150300.59.54.1
       gfs2-kmp-default-5.3.18-150300.59.54.1
       gfs2-kmp-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debuginfo-5.3.18-150300.59.54.1
       kernel-default-debugsource-5.3.18-150300.59.54.1
       ocfs2-kmp-default-5.3.18-150300.59.54.1
       ocfs2-kmp-default-debuginfo-5.3.18-150300.59.54.1


References:

  o https://www.suse.com/security/cve/CVE-2022-0001.html
  o https://www.suse.com/security/cve/CVE-2022-0002.html
  o https://www.suse.com/security/cve/CVE-2022-0492.html
  o https://www.suse.com/security/cve/CVE-2022-0516.html
  o https://www.suse.com/security/cve/CVE-2022-0847.html
  o https://www.suse.com/security/cve/CVE-2022-25375.html
  o https://bugzilla.suse.com/1089644
  o https://bugzilla.suse.com/1154353
  o https://bugzilla.suse.com/1157038
  o https://bugzilla.suse.com/1157923
  o https://bugzilla.suse.com/1176447
  o https://bugzilla.suse.com/1176940
  o https://bugzilla.suse.com/1178134
  o https://bugzilla.suse.com/1181147
  o https://bugzilla.suse.com/1181588
  o https://bugzilla.suse.com/1183872
  o https://bugzilla.suse.com/1187716
  o https://bugzilla.suse.com/1188404
  o https://bugzilla.suse.com/1189126
  o https://bugzilla.suse.com/1190812
  o https://bugzilla.suse.com/1190972
  o https://bugzilla.suse.com/1191580
  o https://bugzilla.suse.com/1191655
  o https://bugzilla.suse.com/1191741
  o https://bugzilla.suse.com/1192210
  o https://bugzilla.suse.com/1192483
  o https://bugzilla.suse.com/1193096
  o https://bugzilla.suse.com/1193233
  o https://bugzilla.suse.com/1193243
  o https://bugzilla.suse.com/1193787
  o https://bugzilla.suse.com/1194163
  o https://bugzilla.suse.com/1194967
  o https://bugzilla.suse.com/1195012
  o https://bugzilla.suse.com/1195081
  o https://bugzilla.suse.com/1195286
  o https://bugzilla.suse.com/1195352
  o https://bugzilla.suse.com/1195378
  o https://bugzilla.suse.com/1195506
  o https://bugzilla.suse.com/1195516
  o https://bugzilla.suse.com/1195543
  o https://bugzilla.suse.com/1195668
  o https://bugzilla.suse.com/1195701
  o https://bugzilla.suse.com/1195798
  o https://bugzilla.suse.com/1195799
  o https://bugzilla.suse.com/1195823
  o https://bugzilla.suse.com/1195908
  o https://bugzilla.suse.com/1195928
  o https://bugzilla.suse.com/1195947
  o https://bugzilla.suse.com/1195957
  o https://bugzilla.suse.com/1195995
  o https://bugzilla.suse.com/1196195
  o https://bugzilla.suse.com/1196235
  o https://bugzilla.suse.com/1196339
  o https://bugzilla.suse.com/1196373
  o https://bugzilla.suse.com/1196400
  o https://bugzilla.suse.com/1196403
  o https://bugzilla.suse.com/1196516
  o https://bugzilla.suse.com/1196584
  o https://bugzilla.suse.com/1196585
  o https://bugzilla.suse.com/1196601
  o https://bugzilla.suse.com/1196612
  o https://bugzilla.suse.com/1196776

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYiluwONLKJtyKPYoAQiMOQ//bE0EK5HYXTBmc5FfyOftWz20ZMG+N51H
VMzbOVH5eXhWmRQR74zD/YM2XAiKqEoX1qu66TDgXS2+BJ7tqjVehy4ide2nCl4e
MKKhahnsLNvDJe/C42PoLWIDDZFQfyGPq6xw6vadL0oYyMIr8w+MKxfE4Ls6CO5H
tntRkVAYgauIIP8uFQSYzSrdyXqQK1bDJ1XFVo2f00uJm4WyiRJ2y+EuoLYIlvF5
wD63ClUZebhGQhgQHLTE9fL41zWZvJbsvToQPRq73TGgMI27krpGYotkqNRyqA0Q
CZRDZ+lF+wVe9fWBytbtakHiK3fuqMilbDri7n253umzeRTdW6hOHF3PUT/esYAl
mTB20CCd9+Oja7Kzwry6x8lrE0mSwp1BAaQXH58kN4VcqetunQGzPhMXabG/3iIt
nYeLTj48yujPu3NJH0YwwO0D4VLqqp/I14czpCeokVvNlK3tAxxY/dkPIo33of2A
ZYU87FLdkg1/6JROJNZ1oRHIu0RcNyn+P7I2fJ6XPUGZ246crdgNy+FH024+i2wF
x/nUYMK/rhu983P/l+SLI9ARTMVKJzwkWOSkTkqrd51qGUpIJcFx0XlyqsLTf9QU
IrnoCDIsXXLcVqMGWTVjfNzmtBWSXcDz7t5afC6qTpYf9hVCl9lXbBqR6EDdCqkl
VFwv4xE5o6g=
=Dho7
-----END PGP SIGNATURE-----