-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.4015
                   Security update for the Linux Kernel
                              12 August 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-36946 CVE-2022-33742 CVE-2022-33741
                   CVE-2022-33740 CVE-2022-32250 CVE-2022-29581
                   CVE-2022-26365 CVE-2022-21505 CVE-2022-20166
                   CVE-2022-2318 CVE-2022-1462 CVE-2022-1116
                   CVE-2021-33656 CVE-2021-33655 CVE-2020-36558
                   CVE-2020-36557  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2022/suse-su-20222741-1

Comment: CVSS (Max):  7.8 CVE-2022-32250 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2022:2741-1
Rating:            important
References:        #1178134 #1198829 #1199364 #1199647 #1199665 #1199670
                   #1200521 #1200598 #1200644 #1200651 #1200762 #1200910
                   #1201196 #1201206 #1201251 #1201381 #1201429 #1201458
                   #1201635 #1201636 #1201644 #1201664 #1201672 #1201673
                   #1201676 #1201846 #1201930 #1201940 #1201954 #1201956
                   #1201958
Cross-References:  CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656
                   CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505
                   CVE-2022-2318 CVE-2022-26365 CVE-2022-29581 CVE-2022-32250
                   CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946
Affected Products:
                   SUSE Linux Enterprise High Performance Computing 15-SP3
                   SUSE Linux Enterprise Module for Public Cloud 15-SP3
                   SUSE Linux Enterprise Server 15-SP3
                   SUSE Linux Enterprise Server for SAP Applications 15-SP3
                   SUSE Linux Enterprise Storage 7.1
                   SUSE Manager Proxy 4.2
                   SUSE Manager Retail Branch Server 4.2
                   SUSE Manager Server 4.2
                   openSUSE Leap 15.3
______________________________________________________________________________

An update that solves 16 vulnerabilities, contains one feature and has 15 fixes
is now available.

Description:


The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.
The following security bugs were fixed:

  o CVE-2022-36946: Fixed an incorrect packet trucation operation which could
    lead to denial of service (bnc#1201940).
  o CVE-2022-29581: Fixed improper update of reference count in net/sched that
    could cause root privilege escalation (bnc#1199665).
  o CVE-2022-20166: Fixed several possible memory safety issues due to unsafe
    operations (bsc#1200598).
  o CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could
    lead to a NULL pointer dereference and general protection fault (bnc#
    1200910).
  o CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and
    closing/opening of TTYs that could lead to a use-after-free (bnc#1201429).
  o CVE-2021-33655: Fixed an out of bounds write by ioctl cmd
    FBIOPUT_VSCREENINFO (bnc#1201635).
  o CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT
    (bnc#1201636).
  o CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#
    1201458).
  o CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#
    1198829).
  o CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which
    allowed a local attacker to escalate privileges to root (bnc#1199647).-
    CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in
    Rose subsystem that allowed unprivileged attackers to crash the system (bsc
    #1201251).
  o CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
    multiple potential data leaks with Block and Network devices when using
    untrusted backends (bsc#1200762).


The following non-security bugs were fixed:

  o Fixed a system crash related to the recent RETBLEED mitigation (bsc#
    1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
  o qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#
    1200644 bsc#1201954 bsc#1201958).
  o kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#
    1201930).
  o bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#
    1199364).
  o bpf: enable BPF type format (BTF) (jsc#SLE-24559).
  o nfs: avoid NULL pointer dereference when there is unflushed data (bsc#
    1201196).
  o hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#
    1199364).
  o hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
  o hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
  o hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#
    1199364).
  o hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
  o kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
  o lkdtm: Disable return thunks in rodata.c (bsc#1178134).
  o net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#
    1199364).
  o net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
  o nvme: consider also host_iface when checking ip options (bsc#1199670).
  o powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#
    198761).
  o powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#
    1201846 ltc#198761).
  o powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#
    198761).
  o scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
  o scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#
    1201956).
  o scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956
    bsc#1200521).
  o scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#
    1201956).
  o scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#
    1201956).
  o scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user
    input (bsc#1201956).
  o scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
    lpfc_sli_prep_abort_xri() (bsc#1201956).
  o scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
  o scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
    VMID (bsc#1201956).
  o scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
    (bsc#1201956).
  o scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc
    #1201956).
  o scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
  o scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#
    1201958).
  o scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
  o scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
  o scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
  o scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#
    1201958).
  o scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
  o scsi: qla2xxx: Update manufacturer details (bsc#1201958).
  o scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
  o scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
  o scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
  o watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
  o x86/bugs: Remove apostrophe typo (bsc#1178134).
  o x86/entry: Remove skip_r11rcx (bsc#1201644).
  o x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
  o xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    (bsc#1201381).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o openSUSE Leap 15.3:
    zypper in -t patch openSUSE-SLE-15.3-2022-2741=1
  o SUSE Linux Enterprise Module for Public Cloud 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1

Package List:

  o openSUSE Leap 15.3 (noarch):
       kernel-devel-azure-5.3.18-150300.38.75.1
       kernel-source-azure-5.3.18-150300.38.75.1
  o openSUSE Leap 15.3 (x86_64):
       cluster-md-kmp-azure-5.3.18-150300.38.75.1
       cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1
       dlm-kmp-azure-5.3.18-150300.38.75.1
       dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1
       gfs2-kmp-azure-5.3.18-150300.38.75.1
       gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
       kernel-azure-5.3.18-150300.38.75.1
       kernel-azure-debuginfo-5.3.18-150300.38.75.1
       kernel-azure-debugsource-5.3.18-150300.38.75.1
       kernel-azure-devel-5.3.18-150300.38.75.1
       kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
       kernel-azure-extra-5.3.18-150300.38.75.1
       kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1
       kernel-azure-livepatch-devel-5.3.18-150300.38.75.1
       kernel-azure-optional-5.3.18-150300.38.75.1
       kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1
       kernel-syms-azure-5.3.18-150300.38.75.1
       kselftests-kmp-azure-5.3.18-150300.38.75.1
       kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1
       ocfs2-kmp-azure-5.3.18-150300.38.75.1
       ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1
       reiserfs-kmp-azure-5.3.18-150300.38.75.1
       reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1
  o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
       kernel-azure-5.3.18-150300.38.75.1
       kernel-azure-debuginfo-5.3.18-150300.38.75.1
       kernel-azure-debugsource-5.3.18-150300.38.75.1
       kernel-azure-devel-5.3.18-150300.38.75.1
       kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1
       kernel-syms-azure-5.3.18-150300.38.75.1
  o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
       kernel-devel-azure-5.3.18-150300.38.75.1
       kernel-source-azure-5.3.18-150300.38.75.1


References:

  o https://www.suse.com/security/cve/CVE-2020-36557.html
  o https://www.suse.com/security/cve/CVE-2020-36558.html
  o https://www.suse.com/security/cve/CVE-2021-33655.html
  o https://www.suse.com/security/cve/CVE-2021-33656.html
  o https://www.suse.com/security/cve/CVE-2022-1116.html
  o https://www.suse.com/security/cve/CVE-2022-1462.html
  o https://www.suse.com/security/cve/CVE-2022-20166.html
  o https://www.suse.com/security/cve/CVE-2022-21505.html
  o https://www.suse.com/security/cve/CVE-2022-2318.html
  o https://www.suse.com/security/cve/CVE-2022-26365.html
  o https://www.suse.com/security/cve/CVE-2022-29581.html
  o https://www.suse.com/security/cve/CVE-2022-32250.html
  o https://www.suse.com/security/cve/CVE-2022-33740.html
  o https://www.suse.com/security/cve/CVE-2022-33741.html
  o https://www.suse.com/security/cve/CVE-2022-33742.html
  o https://www.suse.com/security/cve/CVE-2022-36946.html
  o https://bugzilla.suse.com/1178134
  o https://bugzilla.suse.com/1198829
  o https://bugzilla.suse.com/1199364
  o https://bugzilla.suse.com/1199647
  o https://bugzilla.suse.com/1199665
  o https://bugzilla.suse.com/1199670
  o https://bugzilla.suse.com/1200521
  o https://bugzilla.suse.com/1200598
  o https://bugzilla.suse.com/1200644
  o https://bugzilla.suse.com/1200651
  o https://bugzilla.suse.com/1200762
  o https://bugzilla.suse.com/1200910
  o https://bugzilla.suse.com/1201196
  o https://bugzilla.suse.com/1201206
  o https://bugzilla.suse.com/1201251
  o https://bugzilla.suse.com/1201381
  o https://bugzilla.suse.com/1201429
  o https://bugzilla.suse.com/1201458
  o https://bugzilla.suse.com/1201635
  o https://bugzilla.suse.com/1201636
  o https://bugzilla.suse.com/1201644
  o https://bugzilla.suse.com/1201664
  o https://bugzilla.suse.com/1201672
  o https://bugzilla.suse.com/1201673
  o https://bugzilla.suse.com/1201676
  o https://bugzilla.suse.com/1201846
  o https://bugzilla.suse.com/1201930
  o https://bugzilla.suse.com/1201940
  o https://bugzilla.suse.com/1201954
  o https://bugzilla.suse.com/1201956
  o https://bugzilla.suse.com/1201958

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYvWykMkNZI30y1K9AQgfuw//SWcv6ty/jTj6bCdcG3QWHZHop7zlP+AB
cmqDEWz+54/RrXoMs1vIFN5DbDJILWk8KDyHbXXYLRmb1CCTmN8cgF0F5vzht5pX
uFjQkAzF7IpMfBkWXYE4/BKdDoxievxoV3O8eWXdnAMRINISsI8cqtMXvhNA6CG/
MY0Vbonhj9pQzxN7Muyy87jbWNKJTuUnY3PI/XZEvbQ5D5wneLSQeFPM3w8L2LYI
eyqoBTvzUmSzXCpeuF/UJ9LWMRqkOwn/WPredf/eDqiR7bEXGqxhWrh74Riolvxo
+77cw3op9uhD/mycpzqlTtPx3vqG/U0InMTH20CEe6j4+MA0MpXOoiZzsl5ShPVk
DcH5hIPqvAMT1zExo3ZT4Da/6ICVbicLrIrbqZ7F1wa3ZpQ7A7yaALKuOe4x9+0C
oWhSPQIKhHzVymLDkH0CpVbsMCCJBoo2dUaEMUkXzy2lSePLmEWf3fwK0yb4j0UX
4qPJlPw3jSE7yeWkkJstof4Nyj9OoRclAdSY1tWSA/kSdH2D/1q/ZUyEJn/L3c8s
QlIyDotg8sBpKXQ8ET4KMS1OcloSPuIYEJleibrq3SOHvwvaX/os/o4obVFY6P4a
GckMO7dgEijekRUBHg9EHMfnc4XBjAdVqRPxxWM5bBdNtB+ruYNU02dRt/IsA/AK
88mUmULC+Yo=
=0iWh
-----END PGP SIGNATURE-----