The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. - CVE-2022-0001,CVE-2022-0002,CVE-2022-23960: Fixed a new kind of speculation issues, exploitable via JITed eBPF for instance. - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. The following non-security bugs were fixed: - asix: Add rx-ax_skb = NULL after usbnet_skb_return . - asix: Ensure asix_rx_fixup_info members are all reset . - asix: Fix small memory leak in ax88772_unbind . - asix: fix uninit-value in asix_mdio_read . - asix: fix wrong return value in asix_check_host_enable . - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 . - block: bfq: fix bfq_set_next_ioprio_data . - block: fix ioprio_get vs setuid . - can: dev: can_restart: fix use after free bug . - cgroup: Correct privileges check in release_agent writes . - cgroup: Allocate cgroup_file_ctx for kernfs_open_file-priv . - cgroup: Use open-time cgroup namespace for process migration perm checks . - dax: update to new mmu_notifier semantic . - drm: add a locked version of drm_is_current_master . - drm: drm_file struct kABI compatibility workaround . - drm: protect drm_master pointers in drm_lease.c . - drm: serialize drm_file.master with a new spinlock . - drm: use the lookup lock in drm_is_current_master . - EDAC: Fix calculation of returned address and next offset in edac_align_ptr . - ena_netdev: use generic power management . - ena: Remove rcu_read_lock around XDP program invocation . - ethernet: amazon: ena: A typo fix in the file ena_com.h . - ext4: add check to prevent attempting to resize an fs with sparse_super2 . - ext4: check for inconsistent extents between index and leaf block . - ext4: check for out-of-order index extents in ext4_valid_extent_entries . - ext4: do not use the orphan list when migrating an inode . - ext4: fix an use-after-free issue about data=journal writeback mode . - ext4: Fix BUG_ON in ext4_bread when write quota data . - ext4: fix error handling in ext4_restore_inline_data . - ext4: fix lazy initialization next schedule time computation in more granular unit . - ext4: make sure quota gets properly shutdown on error . - ext4: prevent partial update of the extent blocks . - ext4: update i_disksize if direct write past ondisk size . - genirq: Use rcu in kstat_irqs_usr . - gtp: fix an use-before-init in gtp_newlink . - IB/core: Fix ODP get user pages flow - IB/hfi1: Acquire lock to release TID entries when user file is closed - IB/hfi1: Adjust pkey entry in index 0 - IB/hfi1: Correct guard on eager buffer deallocation - IB/hfi1: Ensure pq is not left on waitlist - IB/hfi1: Fix another case where pq is left on waitlist - IB/hfi1: Fix error return code in parse_platform_config - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs - IB/hfi1: Insure use of smp_processor_id is preempt disabled - IB/hfi1: Use kzalloc for mmu_rb_handler allocation - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - IB/qib: Use struct_size helper - IB/sa: Resolv use-after-free in ib_nl_make_request - IB/umad: Return EIO in case of when device disassociated - IB/umad: Return EPOLLERR in case of when device disassociated - isofs: Fix out of bound access for corrupted isofs image . - llc: fix netdevice reference leaks in llc_ui_bind . - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 - mdio: fix mdio-thunder.c dependency build error . - mm: bdi: initialize bdi_min_ratio when bdi is unregistered . - mm: drop NULL return check of pte_offset_map_lock . - mm/rmap: always do TTU_IGNORE_ACCESS . - mm/rmap: update to new mmu_notifier semantic v2 . - net: arc_emac: Fix memleak in arc_mdio_probe . - net: asix: add proper error handling of usb read errors . - net: asix: fix uninit value bugs . - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin . - net: dp83867: Fix OF_MDIO config check . - net: dsa: bcm_sf2: put device node before return . - net: ena: Add capabilities field with support for ENI stats capability . - net: ena: Add debug prints for invalid req_id resets . - net: ena: add device distinct log prefix to files . - net: ena: add jiffies of last napi call to stats . - net: ena: aggregate doorbell common operations into a function . - net: ena: aggregate stats increase into a function . - net: ena: Change ENI stats support check to use capabilities field . - net: ena: Change return value of ena_calc_io_queue_size to void . - net: ena: Change the name of bad_csum variable . - net: ena: Extract recurring driver reset code into a function . - net: ena: fix coding style nits . - net: ena: fix DMA mapping function issues in XDP . - net: ena: fix inaccurate print type . - net: ena: Fix wrong rx request id by resetting device . - net: ena: Improve error logging in driver . - net: ena: introduce ndo_xdp_xmit function for XDP_REDIRECT . - net: ena: introduce XDP redirect implementation . - net: ena: make symbol "ena_alloc_map_page" static . - net: ena: Move reset completion print to the reset function . - net: ena: optimize data access in fast-path code . - net: ena: re-organize code to improve readability . - net: ena: Remove ena_calc_queue_size_ctx struct . - net: ena: remove extra words from comments . - net: ena: Remove module param and change message severity . - net: ena: Remove redundant return code check . - net: ena: Remove unused code . - net: ena: store values in their appropriate variables types . - net: ena: Update XDP verdict upon failure . - net: ena: use build_skb in RX path . - net: ena: use constant value for net_device allocation . - net: ena: Use dev_alloc in RX buffer allocation . - net: ena: Use pci_sriov_configure_simple to enable VFs . - net: ena: use xdp_frame in XDP TX flow . - net: ena: use xdp_return_frame to free xdp frames . - net: ethernet: Fix memleak in ethoc_probe . - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered . - net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set . - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running . - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup . - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device . - net: hns: fix return value check in __lb_other_process . - net: marvell: Fix OF_MDIO config check . - net: mcs7830: handle usb read errors properly . - net: usb: asix: add error handling for asix_mdio_* functions . - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup . - net: usb: ax88179_178a: fix packet alignment padding . - net/mlx5e: Fix page DMA map/unmap attributes . - netxen_nic: fix MSI/MSI-x interrupts . - NFS: Avoid duplicate uncached readdir calls on eof . - NFS: Do not report writeback errors in nfs_getattr . - NFS: Do not skip directory entries when doing uncached readdir . - NFS: Fix initialisation of nfs_client cl_flags field . - NFS: Return valid errors from nfs2/3_decode_dirent . - NFS: Clamp WRITE offsets . - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client . - NFS: do not retry BIND_CONN_TO_SESSION on session error . - NFS: Fix another issue with a list iterator pointing to the head . - ocfs2: mount fails with buffer overflow in strlen . - ocfs2: remove ocfs2_is_o2cb_active . - powercap: intel_rapl: add support for Sapphire Rapids . - powerpc/64: Fix kernel stack 16-byte alignment . - powerpc/64: Interrupts save PPR on stack rather than thread_struct . - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h . - powerpc/pseries: Fix use after free in remove_phb_dynamic . - powerpc/pseries: Fix use after free in remove_phb_dynamic . - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score . - powerpc/sysdev: fix incorrect use to determine if list is empty . - powerpc/tm: Fix more userspace r13 corruption . - powerpc/tm: Fix more userspace r13 corruption . - powerpc/xive: fix return value of __setup handler . - printk: Add panic_in_progress helper . - printk: disable optimistic spin during panic . - qed: select CONFIG_CRC32 . - quota: correct error number in free_dqentry . - RDMA/addr: Be strict with gid size - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal - RDMA/bnxt_re: Scan the whole bitmap when checking if disabling RCFW with pending cmd-bit - RDMA/bnxt_re: Set queue pair state when being queried - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait - RDMA/cma: Ensure rdma_addr_cancel happens before issuing more requests - RDMA/cma: Let cma_resolve_ib_dev continue search even after empty entry - RDMA/core: Do not infoleak GRH fields - RDMA/core: Let ib_find_gid continue search even after empty entry - RDMA/cxgb4: add missing qpid increment - RDMA/cxgb4: check for ipv6 address properly while destroying listener - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server - RDMA/cxgb4: Fix the reported max_recv_sge value - RDMA/cxgb4: Set queue pair state when being queried - RDMA/cxgb4: Validate the number of CQEs - RDMA/hns: Add a check for current state before modifying QP - RDMA/hns: Encapsulate some lines for setting sq size in user mode - RDMA/hns: Optimize hns_roce_modify_qp function - RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size - RDMA/hns: Validate the pkey index - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails - RDMA/ib_srp: Fix a deadlock - RDMA/iwcm: Release resources if iw_cm module initialization fails - RDMA/mlx4: Do not continue event handler after memory allocation failure - RDMA/mlx4: Return missed an error if device does not support steering - RDMA/mlx5: Do not allow rereg of a ODP MR - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr - RDMA/mlx5: Fix potential race between destroy and CQE poll - RDMA/mlx5: Fix udata response upon SRQ creation - RDMA/mlx5: Put live in the correct place for ODP MRs - RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - RDMA/qib: Remove superfluous fallthrough statements - RDMA/rxe: Clear all QP fields if creation failed - RDMA/rxe: Compute PSN windows correctly - RDMA/rxe: Correct skb on loopback path - RDMA/rxe: Do not overwrite errno from ib_umem_get - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt - RDMA/rxe: Fix coding error in rxe_recv.c - RDMA/rxe: Fix extra copy in prepare_ack_packet - RDMA/rxe: Fix failure during driver load - RDMA/rxe: Fix missing kconfig dependency on CRYPTO - RDMA/rxe: Fix over copying in get_srq_wqe - RDMA/rxe: Fix panic when calling kmem_cache_create - RDMA/rxe: Fix redundant call to ip_send_check - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt - RDMA/rxe: Fix wrong port_cap_flags - RDMA/rxe: Handle skb_clone failure in rxe_recv.c - RDMA/rxe: Remove rxe_link_layer - RDMA/rxe: Return CQE error if invalid lkey was supplied - RDMA/ucma: Fix locking for ctx-events_reported - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp - RDMA/uverbs: Fix create WQ to use the given user handle - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr - s390/bpf: Perform r1 range checking before accessing jit-seen_reg . - s390/disassembler: increase ebpf disasm buffer size . - scsi: lpfc: Copyright updates for 14.2.0.0 patches . - scsi: lpfc: Drop lpfc_no_handler . - scsi: lpfc: Fix broken SLI4 abort path . - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup . - scsi: lpfc: Fix queue failures when recovering from PCI parity error . - scsi: lpfc: Fix typos in comments . - scsi: lpfc: Fix unload hang after back to back PCI EEH faults . - scsi: lpfc: Improve PCI EEH Error and Recovery Handling . - scsi: lpfc: Kill lpfc_bus_reset_handler . - scsi: lpfc: Reduce log messages seen after firmware download . - scsi: lpfc: Remove failing soft_wwn support . - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled . - scsi: lpfc: Remove redundant flush_workqueue call . - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe . - scsi: lpfc: SLI path split: Refactor Abort paths . - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path . - scsi: lpfc: SLI path split: Refactor BSG paths . - scsi: lpfc: SLI path split: Refactor CT paths . - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 . - scsi: lpfc: SLI path split: Refactor FDISC paths . - scsi: lpfc: SLI path split: Refactor lpfc_iocbq . - scsi: lpfc: SLI path split: Refactor LS_ACC paths . - scsi: lpfc: SLI path split: Refactor LS_RJT paths . - scsi: lpfc: SLI path split: Refactor misc ELS paths . - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths . - scsi: lpfc: SLI path split: Refactor SCSI paths . - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths . - scsi: lpfc: Update lpfc version to 14.2.0.0 . - scsi: lpfc: Update lpfc version to 14.2.0.1 . - scsi: lpfc: Use fc_block_rport . - scsi: lpfc: Use kcalloc . - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped . - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt . - scsi: qla2xxx: Fix crash during module load unload test . - scsi: qla2xxx: Fix disk failure to rediscover . - scsi: qla2xxx: Fix hang due to session stuck . - scsi: qla2xxx: Fix incorrect reporting of task management failure . - scsi: qla2xxx: Fix laggy FC remote port session recovery . - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test . - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests . - scsi: qla2xxx: Fix N2N inconsistent PLOGI . - scsi: qla2xxx: Fix stuck session of PRLI reject . - scsi: qla2xxx: Fix typos in comments . - scsi: qla2xxx: Increase max limit of ql2xnvme_queues . - scsi: qla2xxx: Reduce false trigger to login . - scsi: qla2xxx: Stop using the SCSI pointer . - scsi: qla2xxx: Update version to 10.02.07.400-k . - scsi: qla2xxx: Use correct feature type field during RFF_ID processing . - scsi: qla2xxx: Use named initializers for port_state_str . - scsi: qla2xxx: Use named initializers for q_dev_state . - sr9700: sanity check for packet length . - SUNRPC: avoid race between mod_timer and del_timer_sync . - SUNRPC: change locking for xs_swap_enable/disable . - SUNRPC: Fix transport accounting when caller specifies an rpc_xprt . - tcp: add some entropy in __inet_hash_connect . - tcp: change source port randomizarion at connect time . - tcp: Export tcp_{sendpage,sendmsg}_locked for ipv6 . - tracing: Fix return value of __setup handlers . - USB: Add unusual-devs entry for VL817 USB-SATA bridge . - USB: chipidea: fix interrupt deadlock . - USB: core: Fix hang in usb_kill_urb by adding memory barriers . - USB: ftdi-elan: fix memory leak on device disconnect . - USB: host: xen-hcd: add missing unlock in error path . - USB: host: xhci-rcar: Do not reload firmware after the completion . - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices . - USB: serial: cp210x: add CPI Bulk Coin Recycler id . - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 . - USB: serial: option: add support for DW5829e . - USB: serial: option: add Telit LE910R1 compositions . - USB: serial: option: add ZTE MF286D modem . - USB: storage: ums-realtek: fix error code in rts51x_read_mem . - USB: zaurus: support another broken Zaurus . - virtio_net: Fix recursive call to cpus_read_lock . - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT . - x86/speculation: Warn about Spectre v2 LFENCE mitigation . - xen/gntdev: update to new mmu_notifier semantic . - xen/usb: do not use gnttab_end_foreign_access in xenhcd_gnttab_done . - xhci: Enable trust tx length quirk for Fresco FL11 USB controller . - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set . - xhci: Prevent futile URB re-submissions due to incorrect return value . - xhci: re-initialize the HC during resume if HCE was set . Special Instructions and Notes: Please reboot the system after installing this update.