SUSE-SU-2022:2103-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jun 16 19:16:48 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2103-1
Rating:             important
References:         #1028340 #1055710 #1071995 #1087082 #1114648 
                    #1158266 #1172456 #1183723 #1187055 #1191647 
                    #1191958 #1195651 #1196367 #1196426 #1197219 
                    #1197343 #1198400 #1198516 #1198577 #1198687 
                    #1198742 #1198776 #1198825 #1199012 #1199063 
                    #1199314 #1199399 #1199426 #1199505 #1199507 
                    #1199605 #1199650 #1200143 #1200144 #1200249 
                    
Cross-References:   CVE-2017-13695 CVE-2019-19377 CVE-2019-20811
                    CVE-2021-20292 CVE-2021-20321 CVE-2021-33061
                    CVE-2021-38208 CVE-2021-39711 CVE-2021-43389
                    CVE-2022-1011 CVE-2022-1184 CVE-2022-1353
                    CVE-2022-1419 CVE-2022-1516 CVE-2022-1652
                    CVE-2022-1729 CVE-2022-1734 CVE-2022-1974
                    CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
                    CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
                    CVE-2022-21499 CVE-2022-30594
CVSS scores:
                    CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
                    CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise High Availability 15
                    SUSE Linux Enterprise High Performance Computing 15
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise Server 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________

   An update that solves 26 vulnerabilities and has 9 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 15 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
     to speculatively/transiently disclose information via spectre like
     attacks. (bsc#1199650)
   - CVE-2019-19377: Fixed an user-after-free that could be triggered when an
     attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
   - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
     mounting and operating on a corrupted image. (bsc#1198577)
   - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local
     users to obtain sensitive information from kernel memory and bypass the
     KASLR protection mechanism via a crafted ACPI table. (bnc#1055710)
   - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
     (bsc#1199507).
   - CVE-2022-1652: Fixed a statically allocated error counter inside the
     floppy kernel module (bsc#1199063).
   - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a
     possible out of bounds read due to Incorrect Size Value. This could lead
     to local information disclosure with System execution privileges needed.
     User interaction is not needed for exploitation (bnc#1197219).
   - CVE-2022-1419: Fixed a concurrency use-after-free in
     vgem_gem_dumb_create (bsc#1198742).
   - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (bnc#1191958)
   - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and
     BUG) by making a getsockname call after a certain type of failure of a
     bind call (bnc#1187055).
   - CVE-2022-1353: Fixed access controll to kernel memory in the
     pfkey_register function in net/key/af_key.c. (bnc#1198516)
   - CVE-2021-20292: Fixed object validation prior to performing operations
     on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem
     (bnc#1183723).
   - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
     local attacker to retireve (partial) /etc/shadow hashes or any other
     data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
   - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
     simulating an nfc device from user-space. (bsc#1200144)
   - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
     kernel by simulating nfc device from user-space. (bsc#1200143)
   - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's
     been trivial to break out of it with kgdb or kdb. (bsc#1199426)
   - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
     cleanup routine and firmware download routine. (bnc#1199605)
   - CVE-2022-30594: Fixed restriction bypass on setting the
     PT_SUSPEND_SECCOMP flag (bnc#1199505).
   - CVE-2021-33061: Fixed insufficient control flow management for the
     Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
     an authenticated user to potentially enable denial of service via local
     access (bnc#1196426).
   - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect
     (bsc#1199012).
   - CVE-2021-20321: Fixed a race condition accessing file object in the
     OverlayFS subsystem in the way users do rename in specific way with
     OverlayFS. A local user could have used this flaw to crash the system
     (bnc#1191647).
   - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and
     netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference
     count is mishandled (bnc#1172456).

   The following non-security bugs were fixed:

   - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
     initialized (bsc#1199399).
   - btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
   - lib: dimlib: fix help text typos (bsc#1198776).
   - lib: dimlib: make DIMLIB a hidden symbol (bsc#1198776).
   - linux/dim: Add completions count to dim_sample (bsc#1198776).
   - linux/dim: Fix -Wunused-const-variable warnings (bsc#1198776).
   - linux/dim: Fix overflow in dim calculation (bsc#1198776).
   - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1198776).
   - linux/dim: Move implementation to .c files (bsc#1198776).
   - linux/dim: Move logic to dim.h (bsc#1198776).
   - linux/dim: Remove "net" prefix from internal DIM members (bsc#1198776).
   - linux/dim: Rename externally exposed macros (bsc#1198776).
   - linux/dim: Rename externally used net_dim members (bsc#1198776).
   - linux/dim: Rename net_dim_sample() to net_dim_update_sample()
     (bsc#1198776).
   - net: ena: A typo fix in the file ena_com.h (bsc#1198776).
   - net: ena: Add capabilities field with support for ENI stats capability
     (bsc#1198776).
   - net: ena: add device distinct log prefix to files (bsc#1198776).
   - net: ena: Add first_interrupt field to napi struct (bsc#1198776).
   - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
     (bsc#1198776).
   - net: ena: add jiffies of last napi call to stats (bsc#1198776).
   - net: ena: add missing ethtool TX timestamping indication (bsc#1198776).
   - net: ena: add reserved PCI device ID (bsc#1198776).
   - net: ena: add support for reporting of packet drops (bsc#1198776).
   - net: ena: add support for the rx offset feature (bsc#1198776).
   - net: ena: add support for traffic mirroring (bsc#1198776).
   - net: ena: add unmask interrupts statistics to ethtool (bsc#1198776).
   - net: ena: aggregate stats increase into a function (bsc#1198776).
   - net: ena: allow setting the hash function without changing the key
     (bsc#1198776).
   - net: ena: avoid memory access violation by validating req_id properly
     (bsc#1198776).
   - net: ena: avoid unnecessary admin command when RSS function set fails
     (bsc#1198776).
   - net: ena: avoid unnecessary rearming of interrupt vector when
     busy-polling (bsc#1198776).
   - net: ena: Capitalize all log strings and improve code readability
     (bsc#1198776).
   - net: ena: change default RSS hash function to Toeplitz (bsc#1198776).
   - net: ena: Change ENI stats support check to use capabilities field
     (bsc#1198776).
   - net: ena: Change license into format to SPDX in all files (bsc#1198776).
   - net: ena: Change log message to netif/dev function (bsc#1198776).
   - net: ena: change num_queues to num_io_queues for clarity and consistency
     (bsc#1198776).
   - net: ena: Change return value of ena_calc_io_queue_size() to void
     (bsc#1198776).
   - net: ena: Change RSS related macros and variables names (bsc#1198776).
   - net: ena: Change the name of bad_csum variable (bsc#1198776).
   - net: ena: changes to RSS hash key allocation (bsc#1198776).
   - net: ena: clean up indentation issue (bsc#1198776).
   - net: ena: cosmetic: change ena_com_stats_admin stats to u64
     (bsc#1198776).
   - net: ena: cosmetic: code reorderings (bsc#1198776).
   - net: ena: cosmetic: extract code to ena_indirection_table_set()
     (bsc#1198776).
   - net: ena: cosmetic: fix line break issues (bsc#1198776).
   - net: ena: cosmetic: fix spacing issues (bsc#1198776).
   - net: ena: cosmetic: fix spelling and grammar mistakes in comments
     (bsc#1198776).
   - net: ena: cosmetic: minor code changes (bsc#1198776).
   - net: ena: cosmetic: remove unnecessary code (bsc#1198776).
   - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h
     macros (bsc#1198776).
   - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation()
     (bsc#1198776).
   - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1198776).
   - net: ena: do not wake up tx queue when down (bsc#1198776).
   - net: ena: drop superfluous prototype (bsc#1198776).
   - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1198776).
   - net: ena: enable support of rss hash key and function changes
     (bsc#1198776).
   - net: ena: enable the interrupt_moderation in driver_supported_features
     (bsc#1198776).
   - net: ena: ethtool: Add new device statistics (bsc#1198776).
   - net: ena: ethtool: clean up minor indentation issue (bsc#1198776).
   - net: ena: ethtool: convert stat_offset to 64 bit resolution
     (bsc#1198776).
   - net: ena: ethtool: get_channels: use combined only (bsc#1198776).
   - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1198776).
   - net: ena: ethtool: support set_channels callback (bsc#1198776).
   - net: ena: ethtool: use correct value for crc32 hash (bsc#1198776).
   - net: ena: Fix all static chekers' warnings (bsc#1198776).
   - net: ena: Fix build warning in ena_xdp_set() (bsc#1198776).
   - net: ena: fix coding style nits (bsc#1198776).
   - net: ena: fix continuous keep-alive resets (bsc#1198776).
   - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1198776).
   - net: ena: fix default tx interrupt moderation interval (bsc#1198776).
   - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1198776).
   - net: ena: Fix error handling when calculating max IO queues number
     (bsc#1198776).
   - net: ena: fix error returning in ena_com_get_hash_function()
     (bsc#1198776).
   - net: ena: fix inaccurate print type (bsc#1198776).
   - net: ena: fix incorrect default RSS key (bsc#1198776).
   - net: ena: fix incorrect setting of the number of msix vectors
     (bsc#1198776).
   - net: ena: fix incorrect update of intr_delay_resolution (bsc#1198776).
   - net: ena: fix incorrectly saving queue numbers when setting RSS
     indirection table (bsc#1198776).
   - net: ena: fix issues in setting interrupt moderation params in ethtool
     (bsc#1198776).
   - net: ena: fix napi handler misbehavior when the napi budget is zero
     (bsc#1198776).
   - net: ena: fix packet's addresses for rx_offset feature (bsc#1198776).
   - net: ena: fix potential crash when rxfh key is NULL (bsc#1198776).
   - net: ena: fix request of incorrect number of IRQ vectors (bsc#1198776).
   - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
     (bsc#1198776).
   - net: ena: fix update of interrupt moderation register (bsc#1198776).
   - net: ena: fix uses of round_jiffies() (bsc#1198776).
   - net: ena: Fix using plain integer as NULL pointer in
     ena_init_napi_in_range (bsc#1198776).
   - net: ena: Fix wrong rx request id by resetting device (bsc#1198776).
   - net: ena: handle bad request id in ena_netdev (bsc#1198776).
   - net: ena: Improve error logging in driver (bsc#1198776).
   - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1198776).
   - net: ena: make ethtool -l show correct max number of queues
     (bsc#1198776).
   - net: ena: Make missed_tx stat incremental (bsc#1198776).
   - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198776).
   - net: ena: move llq configuration from ena_probe to ena_device_init()
     (bsc#1198776).
   - net: ena: Move reset completion print to the reset function
     (bsc#1198776).
   - net: ena: multiple queue creation related cleanups (bsc#1198776).
   - net: ena: Prevent reset after device destruction (bsc#1198776).
   - net: ena: re-organize code to improve readability (bsc#1198776).
   - net: ena: reduce driver load time (bsc#1198776).
   - net: ena: reimplement set/get_coalesce() (bsc#1198776).
   - net: ena: remove all old adaptive rx interrupt moderation code from
     ena_com (bsc#1198776).
   - net: ena: remove code duplication in
     ena_com_update_nonadaptive_moderation_interval _*() (bsc#1198776).
   - net: ena: remove code that does nothing (bsc#1198776).
   - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198776).
   - net: ena: remove ena_restore_ethtool_params() and relevant fields
     (bsc#1198776).
   - net: ena: remove extra words from comments (bsc#1198776).
   - net: ena: Remove module param and change message severity (bsc#1198776).
   - net: ena: remove old adaptive interrupt moderation code from ena_netdev
     (bsc#1198776).
   - net: ena: remove redundant print of number of queues (bsc#1198776).
   - net: ena: Remove redundant print of placement policy (bsc#1198776).
   - net: ena: Remove redundant return code check (bsc#1198776).
   - net: ena: remove set but not used variable 'hash_key' (bsc#1198776).
   - net: ena: Remove unused code (bsc#1198776).
   - net: ena: rename ena_com_free_desc to make API more uniform
     (bsc#1198776).
   - net: ena: rss: do not allocate key when not supported (bsc#1198776).
   - net: ena: rss: fix failure to get indirection table (bsc#1198776).
   - net: ena: rss: store hash function as values and not bits (bsc#1198776).
   - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1198776).
   - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1198776).
   - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1198776).
   - net: ena: store values in their appropriate variables types
     (bsc#1198776).
   - net: ena: support new LLQ acceleration mode (bsc#1198776).
   - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
     (bsc#1198776).
   - net: ena: use constant value for net_device allocation (bsc#1198776).
   - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198776).
   - net: ena: use explicit variable size for clarity (bsc#1198776).
   - net: ena: use SHUTDOWN as reset reason when closing interface
     (bsc#1198776).
   - net: mana: Add counter for packet dropped by XDP (bsc#1195651).
   - net: mana: Add counter for XDP_TX (bsc#1195651).
   - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
   - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
     (bsc#1195651).
   - net: mana: Reuse XDP dropped page (bsc#1195651).
   - net: update net_dim documentation after rename (bsc#1198776).
   - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
     (bsc#1199314).
   - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340
     bsc#1198825).
   - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
   - x86/pm: Save the MSR validity status at context setup (bsc#1114648).
   - x86/speculation: Restore speculation related MSRs during S3 resume
     (bsc#1114648).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2103=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2103=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2103=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2103=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2103=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2022-2103=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      kernel-default-4.12.14-150000.150.92.2
      kernel-default-base-4.12.14-150000.150.92.2
      kernel-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debugsource-4.12.14-150000.150.92.2
      kernel-default-devel-4.12.14-150000.150.92.2
      kernel-default-devel-debuginfo-4.12.14-150000.150.92.2
      kernel-obs-build-4.12.14-150000.150.92.2
      kernel-obs-build-debugsource-4.12.14-150000.150.92.2
      kernel-syms-4.12.14-150000.150.92.2
      kernel-vanilla-base-4.12.14-150000.150.92.2
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debugsource-4.12.14-150000.150.92.2
      reiserfs-kmp-default-4.12.14-150000.150.92.2
      reiserfs-kmp-default-debuginfo-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      kernel-devel-4.12.14-150000.150.92.2
      kernel-docs-4.12.14-150000.150.92.2
      kernel-macros-4.12.14-150000.150.92.2
      kernel-source-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      kernel-default-4.12.14-150000.150.92.2
      kernel-default-base-4.12.14-150000.150.92.2
      kernel-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debugsource-4.12.14-150000.150.92.2
      kernel-default-devel-4.12.14-150000.150.92.2
      kernel-default-devel-debuginfo-4.12.14-150000.150.92.2
      kernel-obs-build-4.12.14-150000.150.92.2
      kernel-obs-build-debugsource-4.12.14-150000.150.92.2
      kernel-syms-4.12.14-150000.150.92.2
      kernel-vanilla-base-4.12.14-150000.150.92.2
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debugsource-4.12.14-150000.150.92.2
      reiserfs-kmp-default-4.12.14-150000.150.92.2
      reiserfs-kmp-default-debuginfo-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      kernel-devel-4.12.14-150000.150.92.2
      kernel-docs-4.12.14-150000.150.92.2
      kernel-macros-4.12.14-150000.150.92.2
      kernel-source-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      kernel-default-man-4.12.14-150000.150.92.2
      kernel-zfcpdump-debuginfo-4.12.14-150000.150.92.2
      kernel-zfcpdump-debugsource-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debugsource-4.12.14-150000.150.92.2
      kernel-default-livepatch-4.12.14-150000.150.92.2
      kernel-livepatch-4_12_14-150000_150_92-default-1-150000.1.3.2
      kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-1-150000.1.3.2

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-150000.150.92.2
      kernel-default-base-4.12.14-150000.150.92.2
      kernel-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debugsource-4.12.14-150000.150.92.2
      kernel-default-devel-4.12.14-150000.150.92.2
      kernel-default-devel-debuginfo-4.12.14-150000.150.92.2
      kernel-obs-build-4.12.14-150000.150.92.2
      kernel-obs-build-debugsource-4.12.14-150000.150.92.2
      kernel-syms-4.12.14-150000.150.92.2
      kernel-vanilla-base-4.12.14-150000.150.92.2
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debugsource-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      kernel-devel-4.12.14-150000.150.92.2
      kernel-docs-4.12.14-150000.150.92.2
      kernel-macros-4.12.14-150000.150.92.2
      kernel-source-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-150000.150.92.2
      kernel-default-base-4.12.14-150000.150.92.2
      kernel-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debugsource-4.12.14-150000.150.92.2
      kernel-default-devel-4.12.14-150000.150.92.2
      kernel-default-devel-debuginfo-4.12.14-150000.150.92.2
      kernel-obs-build-4.12.14-150000.150.92.2
      kernel-obs-build-debugsource-4.12.14-150000.150.92.2
      kernel-syms-4.12.14-150000.150.92.2
      kernel-vanilla-base-4.12.14-150000.150.92.2
      kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debuginfo-4.12.14-150000.150.92.2
      kernel-vanilla-debugsource-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      kernel-devel-4.12.14-150000.150.92.2
      kernel-docs-4.12.14-150000.150.92.2
      kernel-macros-4.12.14-150000.150.92.2
      kernel-source-4.12.14-150000.150.92.2

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150000.150.92.2
      cluster-md-kmp-default-debuginfo-4.12.14-150000.150.92.2
      dlm-kmp-default-4.12.14-150000.150.92.2
      dlm-kmp-default-debuginfo-4.12.14-150000.150.92.2
      gfs2-kmp-default-4.12.14-150000.150.92.2
      gfs2-kmp-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debuginfo-4.12.14-150000.150.92.2
      kernel-default-debugsource-4.12.14-150000.150.92.2
      ocfs2-kmp-default-4.12.14-150000.150.92.2
      ocfs2-kmp-default-debuginfo-4.12.14-150000.150.92.2


References:

   https://www.suse.com/security/cve/CVE-2017-13695.html
   https://www.suse.com/security/cve/CVE-2019-19377.html
   https://www.suse.com/security/cve/CVE-2019-20811.html
   https://www.suse.com/security/cve/CVE-2021-20292.html
   https://www.suse.com/security/cve/CVE-2021-20321.html
   https://www.suse.com/security/cve/CVE-2021-33061.html
   https://www.suse.com/security/cve/CVE-2021-38208.html
   https://www.suse.com/security/cve/CVE-2021-39711.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://www.suse.com/security/cve/CVE-2022-1011.html
   https://www.suse.com/security/cve/CVE-2022-1184.html
   https://www.suse.com/security/cve/CVE-2022-1353.html
   https://www.suse.com/security/cve/CVE-2022-1419.html
   https://www.suse.com/security/cve/CVE-2022-1516.html
   https://www.suse.com/security/cve/CVE-2022-1652.html
   https://www.suse.com/security/cve/CVE-2022-1729.html
   https://www.suse.com/security/cve/CVE-2022-1734.html
   https://www.suse.com/security/cve/CVE-2022-1974.html
   https://www.suse.com/security/cve/CVE-2022-1975.html
   https://www.suse.com/security/cve/CVE-2022-21123.html
   https://www.suse.com/security/cve/CVE-2022-21125.html
   https://www.suse.com/security/cve/CVE-2022-21127.html
   https://www.suse.com/security/cve/CVE-2022-21166.html
   https://www.suse.com/security/cve/CVE-2022-21180.html
   https://www.suse.com/security/cve/CVE-2022-21499.html
   https://www.suse.com/security/cve/CVE-2022-30594.html
   https://bugzilla.suse.com/1028340
   https://bugzilla.suse.com/1055710
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1158266
   https://bugzilla.suse.com/1172456
   https://bugzilla.suse.com/1183723
   https://bugzilla.suse.com/1187055
   https://bugzilla.suse.com/1191647
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1195651
   https://bugzilla.suse.com/1196367
   https://bugzilla.suse.com/1196426
   https://bugzilla.suse.com/1197219
   https://bugzilla.suse.com/1197343
   https://bugzilla.suse.com/1198400
   https://bugzilla.suse.com/1198516
   https://bugzilla.suse.com/1198577
   https://bugzilla.suse.com/1198687
   https://bugzilla.suse.com/1198742
   https://bugzilla.suse.com/1198776
   https://bugzilla.suse.com/1198825
   https://bugzilla.suse.com/1199012
   https://bugzilla.suse.com/1199063
   https://bugzilla.suse.com/1199314
   https://bugzilla.suse.com/1199399
   https://bugzilla.suse.com/1199426
   https://bugzilla.suse.com/1199505
   https://bugzilla.suse.com/1199507
   https://bugzilla.suse.com/1199605
   https://bugzilla.suse.com/1199650
   https://bugzilla.suse.com/1200143
   https://bugzilla.suse.com/1200144
   https://bugzilla.suse.com/1200249



More information about the sle-security-updates mailing list