openSUSE-SU-2022:0755-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0755-1 Rating: important References: #1089644 #1154353 #1156395 #1157038 #1157923 #1176447 #1176940 #1178134 #1181147 #1181588 #1183872 #1187716 #1188404 #1189126 #1190812 #1190972 #1191580 #1191655 #1191741 #1192210 #1192483 #1193096 #1193233 #1193243 #1193787 #1194163 #1194967 #1195012 #1195081 #1195142 #1195352 #1195378 #1195476 #1195477 #1195478 #1195479 #1195480 #1195481 #1195482 #1195506 #1195516 #1195543 #1195668 #1195701 #1195798 #1195799 #1195823 #1195908 #1195928 #1195947 #1195957 #1195995 #1196195 #1196235 #1196339 #1196400 #1196403 #1196516 #1196584 #1196601 #1196612 #1196776 SLE-20807 SLE-22135 SLE-22494 Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-25375 CVSS scores: CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named “Branch Target Injection” and “Intra-Mode Branch History Injection” are now mitigated. The following security bugs were fixed: - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: Revert “ASoC: mediatek: Check for error clk pointer” (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Bluetooth: refactor malicious adv data check (git-fixes). - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq’s refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when “HW not ready” (git-fixes). - iwlwifi: pcie: gen2: fix locking when “HW not ready” (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize “flags” in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(…, 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-multipath: fix ANA state updates when a namespace is not present (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/pseries/ddw: Revert “Extend upper limit for huge DMA window for persistent memory” (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for ‘eh_should_retry_cmd’ (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tty: Add support for Brainboxes UC cards (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused ‘udc’ variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-755=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.47.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.47.1 dlm-kmp-azure-5.3.18-150300.38.47.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.47.1 gfs2-kmp-azure-5.3.18-150300.38.47.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.47.1 kernel-azure-5.3.18-150300.38.47.1 kernel-azure-debuginfo-5.3.18-150300.38.47.1 kernel-azure-debugsource-5.3.18-150300.38.47.1 kernel-azure-devel-5.3.18-150300.38.47.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.47.1 kernel-azure-extra-5.3.18-150300.38.47.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.47.1 kernel-azure-livepatch-devel-5.3.18-150300.38.47.1 kernel-azure-optional-5.3.18-150300.38.47.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.47.1 kernel-syms-azure-5.3.18-150300.38.47.1 kselftests-kmp-azure-5.3.18-150300.38.47.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.47.1 ocfs2-kmp-azure-5.3.18-150300.38.47.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.47.1 reiserfs-kmp-azure-5.3.18-150300.38.47.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.47.1 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.47.1 kernel-source-azure-5.3.18-150300.38.47.1 References: https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0516.html https://www.suse.com/security/cve/CVE-2022-0847.html https://www.suse.com/security/cve/CVE-2022-25375.html https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1181147 https://bugzilla.suse.com/1181588 https://bugzilla.suse.com/1183872 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1188404 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1190972 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1191741 https://bugzilla.suse.com/1192210 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193233 https://bugzilla.suse.com/1193243 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194967 https://bugzilla.suse.com/1195012 https://bugzilla.suse.com/1195081 https://bugzilla.suse.com/1195142 https://bugzilla.suse.com/1195352 https://bugzilla.suse.com/1195378 https://bugzilla.suse.com/1195476 https://bugzilla.suse.com/1195477 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195479 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195481 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1195506 https://bugzilla.suse.com/1195516 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195668 https://bugzilla.suse.com/1195701 https://bugzilla.suse.com/1195798 https://bugzilla.suse.com/1195799 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195928 https://bugzilla.suse.com/1195947 https://bugzilla.suse.com/1195957 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196195 https://bugzilla.suse.com/1196235 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196403 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196601 https://bugzilla.suse.com/1196612 https://bugzilla.suse.com/1196776

More…