SUSE-SU-2022:2173-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jun 24 13:20:19 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2173-1
Rating:             important
References:         #1177282 #1199365 #1200015 #1200143 #1200144 
                    #1200206 #1200207 #1200249 #1200259 #1200263 
                    #1200268 #1200529 
Cross-References:   CVE-2020-26541 CVE-2022-1966 CVE-2022-1974
                    CVE-2022-1975
CVSS scores:
                    CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
                    SUSE Linux Enterprise High Performance Computing
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Server
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Workstation Extension 15-SP3
                    SUSE Manager Proxy 4.2
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Server 4.2
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that solves four vulnerabilities and has 8 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
     This flaw allowed a local attacker with user access to cause a privilege
     escalation issue. (bnc#1200015)
   - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
     linux kernel by simulating nfc device from user-space. (bsc#1200143)
   - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
     simulating an nfc device from user-space. (bsc#1200144)
   - CVE-2020-26541: Enforce the secure boot forbidden signature database
     (aka dbx) protection mechanism. (bnc#1177282)
   - The following non-security bugs were fixed:

   - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
     (git-fixes).
   - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
   - ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
   - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
   - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
   - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
   - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
   - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
   - ASoC: dapm: Do not fold register value changes into notifications
     (git-fixes).
   - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
   - ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
   - ASoC: tscs454: Add endianness flag in snd_soc_component_driver
     (git-fixes).
   - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
   - ath9k: fix QCA9561 PA bias level (git-fixes).
   - b43: Fix assigning negative value to unsigned variable (git-fixes).
   - b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
   - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
   - blk-mq: Fix wrong wakeup batch configuration which will cause hang
     (bsc#1200263).
   - block: fix bio_clone_blkg_association() to associate with proper
     blkcg_gq (bsc#1200259).
   - btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
   - cfg80211: set custom regdomain after wiphy registration (git-fixes).
   - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
     (git-fixes).
   - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
   - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
   - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
     (git-fixes).
   - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
     controllers (git-fixes).
   - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
     (git-fixes).
   - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
     (git-fixes).
   - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
   - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
   - drm: imx: fix compiler warning with gcc-12 (git-fixes).
   - drm: msm: fix error check return value of irq_of_parse_and_map()
     (git-fixes).
   - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
   - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
   - drm/amdgpu/ucode: Remove firmware load type check in
     amdgpu_ucode_free_bo (git-fixes).
   - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
   - drm/bridge: analogix_dp: Support PSR-exit to disable transition
     (git-fixes).
   - drm/i915: Fix -Wstringop-overflow warning in call to
     intel_read_wm_latency() (git-fixes).
   - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
   - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
   - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
   - drm/plane: Move range check for format_count earlier (git-fixes).
   - drm/radeon: fix a possible null pointer dereference (git-fixes).
   - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
     (git-fixes).
   - efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
   - efi: Do not import certificates from UEFI Secure Boot for T2 Macs
     (git-fixes).
   - fbcon: Consistently protect deferred_takeover with console_lock()
     (git-fixes).
   - ftrace: Clean up hash direct_functions on register failures (git-fixes).
   - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
   - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
   - hwmon: Make chip parameter for with_info API mandatory (git-fixes).
   - i2c: cadence: Increase timeout per message if necessary (git-fixes).
   - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
   - iio: dummy: iio_simple_dummy: check the return value of kstrdup()
     (git-fixes).
   - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
     (git-fixes).
   - Input: goodix - fix spurious key release events (git-fixes).
   - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
   - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
   - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on
     A375, A38x, A39x (git-fixes).
   - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
     (git-fixes).
   - irqchip/exiu: Fix acknowledgment of edge triggered interrupts
     (git-fixes).
   - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
   - KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
   - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT
     (git-fixes).
   - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
     (git-fixes).
   - KVM: nVMX: Set LDTR to its architecturally defined value on nested
     VM-Exit (git-fixes).
   - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
     (git-fixes).
   - KVM: s390: pv: add macros for UVC CC values (git-fixes).
   - KVM: s390: pv: avoid double free of sida page (git-fixes).
   - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
   - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
   - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
   - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
     (git-fixes).
   - KVM: x86: clflushopt should be treated as a no-op by emulation
     (git-fixes).
   - KVM: x86: Do not force set BSP bit when local APIC is managed by
     userspace (git-fixes).
   - KVM: x86: Fix emulation in writing cr8 (git-fixes).
   - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
     (git-fixes).
   - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
     (git-fixes).
   - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
     (git-fixes).
   - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
   - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP
     (git-fixes).
   - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
   - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
   - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural
     PMU (git-fixes).
   - KVM: x86/emulator: Defer not-present segment check in
     __load_segment_descriptor() (git-fixes).
   - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
     intel_arch_events[] (git-fixes).
   - mac80211: upgrade passive scan to active scan on DFS channels after
     beacon rx (git-fixes).
   - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
   - md: fix an incorrect NULL check in md_reload_sb (git-fixes).
   - media: cx25821: Fix the warning when removing the module (git-fixes).
   - media: netup_unidvb: Do not leak SPI master in probe error path
     (git-fixes).
   - media: pci: cx23885: Fix the error handling in cx23885_initdev()
     (git-fixes).
   - media: venus: hfi: avoid null dereference in deinit (git-fixes).
   - misc: rtsx: set NULL intfdata when probe fails (git-fixes).
   - mmc: block: Fix CQE recovery reset success (git-fixes).
   - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
   - modpost: fix removing numeric suffixes (git-fixes).
   - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
   - mt76: check return value of mt76_txq_send_burst in
     mt76_txq_schedule_list (git-fixes).
   - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
     (git-fixes).
   - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
   - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
     (git-fixes).
   - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
     (git-fixes).
   - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
   - NFS: Do not report ENOSPC write errors twice (git-fixes).
   - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
   - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
     topology (bsc#1199365).
   - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
   - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
   - platform/chrome: cros_ec_proto: Send command again when timeout occurs
     (git-fixes).
   - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
   - platform/x86: wmi: Replace read_takes_no_args with a flags field
     (git-fixes).
   - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
   - raid5: introduce MD_BROKEN (git-fixes).
   - rtl818x: Prevent using not initialized queues (git-fixes).
   - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
   - s390: fix detection of vector enhancements facility 1 vs. vector packed
     decimal facility (git-fixes).
   - s390: fix strrchr() implementation (git-fixes).
   - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
   - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes).
   - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
   - s390/ctcm: fix potential memory leak (git-fixes).
   - s390/ctcm: fix variable dereferenced before check (git-fixes).
   - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
   - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
   - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206
     LTC#198455).
   - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207
     LTC#198454).
   - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
   - s390/lcs: fix variable dereferenced before check (git-fixes).
   - s390/mcck: fix invalid KVM guest condition check (git-fixes).
   - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
     (git-fixes).
   - s390/nmi: handle guarded storage validity failures for KVM guests
     (git-fixes).
   - s390/nmi: handle vector validity failures for KVM guests (git-fixes).
   - s390/pv: fix the forcing of the swiotlb (git-fixes).
   - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
   - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
   - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks
     (git-fixes).
   - serial: msm_serial: disable interrupts in __msm_console_write()
     (git-fixes).
   - spi: Introduce device-managed SPI controller allocation (git-fixes).
   - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA
     direction (git-fixes).
   - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
   - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
   - staging: rtl8712: fix uninit-value in usb_read8() and friends
     (git-fixes).
   - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
     (git-fixes).
   - tty: Fix a possible resource leak in icom_probe (git-fixes).
   - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
     (git-fixes).
   - usb: core: hcd: Add support for deferring roothub registration
     (git-fixes).
   - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
   - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
   - usb: host: isp116x: check return value after calling
     platform_get_resource() (git-fixes).
   - usb: new quirk for Dell Gen 2 devices (git-fixes).
   - usb: serial: option: add Quectel BG95 modem (git-fixes).
   - vfio-ccw: Check initialized flag in cp_init() (git-fixes).
   - vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
   - video: fbdev: pxa3xx-gcu: release the resources correctly in
     pxa3xx_gcu_probe/remove() (git-fixes).
   - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
   - vringh: Fix loop descriptors check in the indirect cases (git-fixes).
   - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-2173=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-2173=1

   - SUSE Linux Enterprise Workstation Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2173=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2173=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2173=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2173=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2173=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2173=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2173=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2173=1



Package List:

   - openSUSE Leap 15.4 (aarch64 x86_64):

      cluster-md-kmp-preempt-5.3.18-150300.59.76.1
      cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      dlm-kmp-preempt-5.3.18-150300.59.76.1
      dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      gfs2-kmp-preempt-5.3.18-150300.59.76.1
      gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-5.3.18-150300.59.76.1
      kernel-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-debugsource-5.3.18-150300.59.76.1
      kernel-preempt-devel-5.3.18-150300.59.76.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-extra-5.3.18-150300.59.76.1
      kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1
      kernel-preempt-optional-5.3.18-150300.59.76.1
      kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1
      kselftests-kmp-preempt-5.3.18-150300.59.76.1
      kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      ocfs2-kmp-preempt-5.3.18-150300.59.76.1
      ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      reiserfs-kmp-preempt-5.3.18-150300.59.76.1
      reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1

   - openSUSE Leap 15.4 (aarch64):

      dtb-al-5.3.18-150300.59.76.1
      dtb-zte-5.3.18-150300.59.76.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150300.59.76.1
      cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1
      dlm-kmp-default-5.3.18-150300.59.76.1
      dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1
      gfs2-kmp-default-5.3.18-150300.59.76.1
      gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-5.3.18-150300.59.76.1
      kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
      kernel-default-base-rebuild-5.3.18-150300.59.76.1.150300.18.45.2
      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1
      kernel-default-devel-5.3.18-150300.59.76.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.76.1
      kernel-default-extra-5.3.18-150300.59.76.1
      kernel-default-extra-debuginfo-5.3.18-150300.59.76.1
      kernel-default-livepatch-5.3.18-150300.59.76.1
      kernel-default-livepatch-devel-5.3.18-150300.59.76.1
      kernel-default-optional-5.3.18-150300.59.76.1
      kernel-default-optional-debuginfo-5.3.18-150300.59.76.1
      kernel-obs-build-5.3.18-150300.59.76.1
      kernel-obs-build-debugsource-5.3.18-150300.59.76.1
      kernel-obs-qa-5.3.18-150300.59.76.1
      kernel-syms-5.3.18-150300.59.76.1
      kselftests-kmp-default-5.3.18-150300.59.76.1
      kselftests-kmp-default-debuginfo-5.3.18-150300.59.76.1
      ocfs2-kmp-default-5.3.18-150300.59.76.1
      ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
      reiserfs-kmp-default-5.3.18-150300.59.76.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1

   - openSUSE Leap 15.3 (aarch64 x86_64):

      cluster-md-kmp-preempt-5.3.18-150300.59.76.1
      cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      dlm-kmp-preempt-5.3.18-150300.59.76.1
      dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      gfs2-kmp-preempt-5.3.18-150300.59.76.1
      gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-5.3.18-150300.59.76.1
      kernel-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-debugsource-5.3.18-150300.59.76.1
      kernel-preempt-devel-5.3.18-150300.59.76.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-extra-5.3.18-150300.59.76.1
      kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1
      kernel-preempt-optional-5.3.18-150300.59.76.1
      kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1
      kselftests-kmp-preempt-5.3.18-150300.59.76.1
      kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      ocfs2-kmp-preempt-5.3.18-150300.59.76.1
      ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1
      reiserfs-kmp-preempt-5.3.18-150300.59.76.1
      reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1

   - openSUSE Leap 15.3 (ppc64le x86_64):

      kernel-debug-5.3.18-150300.59.76.1
      kernel-debug-debuginfo-5.3.18-150300.59.76.1
      kernel-debug-debugsource-5.3.18-150300.59.76.1
      kernel-debug-devel-5.3.18-150300.59.76.1
      kernel-debug-devel-debuginfo-5.3.18-150300.59.76.1
      kernel-debug-livepatch-devel-5.3.18-150300.59.76.1
      kernel-kvmsmall-5.3.18-150300.59.76.1
      kernel-kvmsmall-debuginfo-5.3.18-150300.59.76.1
      kernel-kvmsmall-debugsource-5.3.18-150300.59.76.1
      kernel-kvmsmall-devel-5.3.18-150300.59.76.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.76.1
      kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.76.1

   - openSUSE Leap 15.3 (aarch64):

      cluster-md-kmp-64kb-5.3.18-150300.59.76.1
      cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
      dlm-kmp-64kb-5.3.18-150300.59.76.1
      dlm-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
      dtb-al-5.3.18-150300.59.76.1
      dtb-allwinner-5.3.18-150300.59.76.1
      dtb-altera-5.3.18-150300.59.76.1
      dtb-amd-5.3.18-150300.59.76.1
      dtb-amlogic-5.3.18-150300.59.76.1
      dtb-apm-5.3.18-150300.59.76.1
      dtb-arm-5.3.18-150300.59.76.1
      dtb-broadcom-5.3.18-150300.59.76.1
      dtb-cavium-5.3.18-150300.59.76.1
      dtb-exynos-5.3.18-150300.59.76.1
      dtb-freescale-5.3.18-150300.59.76.1
      dtb-hisilicon-5.3.18-150300.59.76.1
      dtb-lg-5.3.18-150300.59.76.1
      dtb-marvell-5.3.18-150300.59.76.1
      dtb-mediatek-5.3.18-150300.59.76.1
      dtb-nvidia-5.3.18-150300.59.76.1
      dtb-qcom-5.3.18-150300.59.76.1
      dtb-renesas-5.3.18-150300.59.76.1
      dtb-rockchip-5.3.18-150300.59.76.1
      dtb-socionext-5.3.18-150300.59.76.1
      dtb-sprd-5.3.18-150300.59.76.1
      dtb-xilinx-5.3.18-150300.59.76.1
      dtb-zte-5.3.18-150300.59.76.1
      gfs2-kmp-64kb-5.3.18-150300.59.76.1
      gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
      kernel-64kb-5.3.18-150300.59.76.1
      kernel-64kb-debuginfo-5.3.18-150300.59.76.1
      kernel-64kb-debugsource-5.3.18-150300.59.76.1
      kernel-64kb-devel-5.3.18-150300.59.76.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1
      kernel-64kb-extra-5.3.18-150300.59.76.1
      kernel-64kb-extra-debuginfo-5.3.18-150300.59.76.1
      kernel-64kb-livepatch-devel-5.3.18-150300.59.76.1
      kernel-64kb-optional-5.3.18-150300.59.76.1
      kernel-64kb-optional-debuginfo-5.3.18-150300.59.76.1
      kselftests-kmp-64kb-5.3.18-150300.59.76.1
      kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
      ocfs2-kmp-64kb-5.3.18-150300.59.76.1
      ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1
      reiserfs-kmp-64kb-5.3.18-150300.59.76.1
      reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.76.1

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-5.3.18-150300.59.76.1
      kernel-docs-5.3.18-150300.59.76.1
      kernel-docs-html-5.3.18-150300.59.76.1
      kernel-macros-5.3.18-150300.59.76.1
      kernel-source-5.3.18-150300.59.76.1
      kernel-source-vanilla-5.3.18-150300.59.76.1

   - openSUSE Leap 15.3 (s390x):

      kernel-zfcpdump-5.3.18-150300.59.76.1
      kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1
      kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1
      kernel-default-extra-5.3.18-150300.59.76.1
      kernel-default-extra-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-debugsource-5.3.18-150300.59.76.1
      kernel-preempt-extra-5.3.18-150300.59.76.1
      kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1
      kernel-default-livepatch-5.3.18-150300.59.76.1
      kernel-default-livepatch-devel-5.3.18-150300.59.76.1
      kernel-livepatch-5_3_18-150300_59_76-default-1-150300.7.5.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1
      reiserfs-kmp-default-5.3.18-150300.59.76.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-150300.59.76.1
      kernel-obs-build-debugsource-5.3.18-150300.59.76.1
      kernel-syms-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-debugsource-5.3.18-150300.59.76.1
      kernel-preempt-devel-5.3.18-150300.59.76.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      kernel-docs-5.3.18-150300.59.76.1
      kernel-source-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-150300.59.76.1
      kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1
      kernel-default-devel-5.3.18-150300.59.76.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      kernel-preempt-5.3.18-150300.59.76.1
      kernel-preempt-debuginfo-5.3.18-150300.59.76.1
      kernel-preempt-debugsource-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      kernel-64kb-5.3.18-150300.59.76.1
      kernel-64kb-debuginfo-5.3.18-150300.59.76.1
      kernel-64kb-debugsource-5.3.18-150300.59.76.1
      kernel-64kb-devel-5.3.18-150300.59.76.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      kernel-devel-5.3.18-150300.59.76.1
      kernel-macros-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):

      kernel-zfcpdump-5.3.18-150300.59.76.1
      kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1
      kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):

      kernel-default-5.3.18-150300.59.76.1
      kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):

      kernel-default-5.3.18-150300.59.76.1
      kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2
      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150300.59.76.1
      cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1
      dlm-kmp-default-5.3.18-150300.59.76.1
      dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1
      gfs2-kmp-default-5.3.18-150300.59.76.1
      gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debuginfo-5.3.18-150300.59.76.1
      kernel-default-debugsource-5.3.18-150300.59.76.1
      ocfs2-kmp-default-5.3.18-150300.59.76.1
      ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1


References:

   https://www.suse.com/security/cve/CVE-2020-26541.html
   https://www.suse.com/security/cve/CVE-2022-1966.html
   https://www.suse.com/security/cve/CVE-2022-1974.html
   https://www.suse.com/security/cve/CVE-2022-1975.html
   https://bugzilla.suse.com/1177282
   https://bugzilla.suse.com/1199365
   https://bugzilla.suse.com/1200015
   https://bugzilla.suse.com/1200143
   https://bugzilla.suse.com/1200144
   https://bugzilla.suse.com/1200206
   https://bugzilla.suse.com/1200207
   https://bugzilla.suse.com/1200249
   https://bugzilla.suse.com/1200259
   https://bugzilla.suse.com/1200263
   https://bugzilla.suse.com/1200268
   https://bugzilla.suse.com/1200529



More information about the sle-security-updates mailing list