openSUSE-SU-2022:0370-1: critical: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0370-1 Rating: critical References: #1154353 #1154488 #1156395 #1160634 #1176447 #1177599 #1183405 #1185377 #1187428 #1187723 #1188605 #1191881 #1193096 #1193506 #1193767 #1193802 #1193861 #1193864 #1193867 #1194048 #1194227 #1194291 #1194880 #1195009 #1195062 #1195065 #1195073 #1195183 #1195184 #1195254 #1195267 #1195293 #1195371 #1195476 #1195477 #1195478 #1195479 #1195480 #1195481 #1195482 Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-370=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-370=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.49.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 dlm-kmp-preempt-5.3.18-150300.59.49.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 gfs2-kmp-preempt-5.3.18-150300.59.49.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-5.3.18-150300.59.49.1 kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 kernel-preempt-devel-5.3.18-150300.59.49.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-extra-5.3.18-150300.59.49.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.49.1 kernel-preempt-optional-5.3.18-150300.59.49.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.49.1 kselftests-kmp-preempt-5.3.18-150300.59.49.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 ocfs2-kmp-preempt-5.3.18-150300.59.49.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 reiserfs-kmp-preempt-5.3.18-150300.59.49.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.49.1 dtb-zte-5.3.18-150300.59.49.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.49.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.49.1 dlm-kmp-default-5.3.18-150300.59.49.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.49.1 gfs2-kmp-default-5.3.18-150300.59.49.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-5.3.18-150300.59.49.1 kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 kernel-default-base-rebuild-5.3.18-150300.59.49.1.150300.18.31.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-devel-5.3.18-150300.59.49.1 kernel-default-devel-debuginfo-5.3.18-150300.59.49.1 kernel-default-extra-5.3.18-150300.59.49.1 kernel-default-extra-debuginfo-5.3.18-150300.59.49.1 kernel-default-livepatch-5.3.18-150300.59.49.1 kernel-default-livepatch-devel-5.3.18-150300.59.49.1 kernel-default-optional-5.3.18-150300.59.49.1 kernel-default-optional-debuginfo-5.3.18-150300.59.49.1 kernel-obs-build-5.3.18-150300.59.49.1 kernel-obs-build-debugsource-5.3.18-150300.59.49.1 kernel-obs-qa-5.3.18-150300.59.49.1 kernel-syms-5.3.18-150300.59.49.1 kselftests-kmp-default-5.3.18-150300.59.49.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.49.1 ocfs2-kmp-default-5.3.18-150300.59.49.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1 reiserfs-kmp-default-5.3.18-150300.59.49.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.49.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.49.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 dlm-kmp-preempt-5.3.18-150300.59.49.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 gfs2-kmp-preempt-5.3.18-150300.59.49.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-5.3.18-150300.59.49.1 kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 kernel-preempt-devel-5.3.18-150300.59.49.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-extra-5.3.18-150300.59.49.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.49.1 kernel-preempt-optional-5.3.18-150300.59.49.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.49.1 kselftests-kmp-preempt-5.3.18-150300.59.49.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 ocfs2-kmp-preempt-5.3.18-150300.59.49.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 reiserfs-kmp-preempt-5.3.18-150300.59.49.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.49.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.49.1 kernel-debug-debuginfo-5.3.18-150300.59.49.1 kernel-debug-debugsource-5.3.18-150300.59.49.1 kernel-debug-devel-5.3.18-150300.59.49.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.49.1 kernel-debug-livepatch-devel-5.3.18-150300.59.49.1 kernel-kvmsmall-5.3.18-150300.59.49.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.49.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.49.1 kernel-kvmsmall-devel-5.3.18-150300.59.49.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.49.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.49.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.49.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.49.1 dlm-kmp-64kb-5.3.18-150300.59.49.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.49.1 dtb-al-5.3.18-150300.59.49.1 dtb-allwinner-5.3.18-150300.59.49.1 dtb-altera-5.3.18-150300.59.49.1 dtb-amd-5.3.18-150300.59.49.1 dtb-amlogic-5.3.18-150300.59.49.1 dtb-apm-5.3.18-150300.59.49.1 dtb-arm-5.3.18-150300.59.49.1 dtb-broadcom-5.3.18-150300.59.49.1 dtb-cavium-5.3.18-150300.59.49.1 dtb-exynos-5.3.18-150300.59.49.1 dtb-freescale-5.3.18-150300.59.49.1 dtb-hisilicon-5.3.18-150300.59.49.1 dtb-lg-5.3.18-150300.59.49.1 dtb-marvell-5.3.18-150300.59.49.1 dtb-mediatek-5.3.18-150300.59.49.1 dtb-nvidia-5.3.18-150300.59.49.1 dtb-qcom-5.3.18-150300.59.49.1 dtb-renesas-5.3.18-150300.59.49.1 dtb-rockchip-5.3.18-150300.59.49.1 dtb-socionext-5.3.18-150300.59.49.1 dtb-sprd-5.3.18-150300.59.49.1 dtb-xilinx-5.3.18-150300.59.49.1 dtb-zte-5.3.18-150300.59.49.1 gfs2-kmp-64kb-5.3.18-150300.59.49.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.49.1 kernel-64kb-5.3.18-150300.59.49.1 kernel-64kb-debuginfo-5.3.18-150300.59.49.1 kernel-64kb-debugsource-5.3.18-150300.59.49.1 kernel-64kb-devel-5.3.18-150300.59.49.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.49.1 kernel-64kb-extra-5.3.18-150300.59.49.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.49.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.49.1 kernel-64kb-optional-5.3.18-150300.59.49.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.49.1 kselftests-kmp-64kb-5.3.18-150300.59.49.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.49.1 ocfs2-kmp-64kb-5.3.18-150300.59.49.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.49.1 reiserfs-kmp-64kb-5.3.18-150300.59.49.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.49.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.49.1 kernel-docs-5.3.18-150300.59.49.1 kernel-docs-html-5.3.18-150300.59.49.1 kernel-macros-5.3.18-150300.59.49.1 kernel-source-5.3.18-150300.59.49.1 kernel-source-vanilla-5.3.18-150300.59.49.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.49.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.49.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.49.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-39685.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0286.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193802 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194291 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195062 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195183 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195267 https://bugzilla.suse.com/1195293 https://bugzilla.suse.com/1195371 https://bugzilla.suse.com/1195476 https://bugzilla.suse.com/1195477 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195479 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195481 https://bugzilla.suse.com/1195482