suse-su-2022:0763-1
Vulnerability from csaf_suse
Published
2022-03-09 13:37
Modified
2022-03-09 13:37
Summary
Security update for the Linux Kernel

Notes

Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
Patchnames
SUSE-2022-763,SUSE-SLE-Module-RT-15-SP3-2022-763,SUSE-SUSE-MicroOS-5.1-2022-763
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.\n\n\nTransient execution side-channel attacks attacking the Branch History Buffer (BHB),\nnamed \u0027Branch Target Injection\u0027 and \u0027Intra-Mode Branch History Injection\u0027 are now mitigated.\n\nThe following security bugs were fixed:\n\n- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).\n- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).\n- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).\n- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ).\n\nThe following non-security bugs were fixed:\n\n- ACPI/IORT: Check node revision for PMCG resources (git-fixes).\n- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes).\n- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).\n- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes).\n- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes).\n- ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).\n- ALSA: hda: Fix regression on forced probe mask option (git-fixes).\n- ASoC: Revert \u0027ASoC: mediatek: Check for error clk pointer\u0027 (git-fixes).\n- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes).\n- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes).\n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).\n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes).\n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).\n- Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m\n- EDAC/xgene: Fix deferred probing (bsc#1178134).\n- HID:Add support for UGTABLET WP5540 (git-fixes).\n- IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes).\n- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).\n- KVM: remember position in kvm-\u003evcpus array (bsc#1190972 LTC#194674).\n- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).\n- PM: hibernate: Remove register_nosave_region_late() (git-fixes).\n- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).\n- RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).\n- RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).\n- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).\n- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).\n- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).\n- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).\n- USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).\n- USB: serial: option: add ZTE MF286D modem (git-fixes).\n- ata: libata-core: Disable TRIM on M88V29 (git-fixes).\n- ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).\n- blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).\n- blk-mq: avoid to iterate over stale request (bsc#1193787).\n- blk-mq: clear stale request in tags-\u003erq before freeing one request pool (bsc#1193787).\n- blk-mq: clearing flush request reference in tags-\u003erqs (bsc#1193787).\n- blk-mq: do not grab rq\u0027s refcount in blk_mq_check_expired() (bsc#1193787 git-fixes).\n- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).\n- blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes).\n- blk-mq: grab rq-\u003erefcount before calling -\u003efn in blk_mq_tagset_busy_iter (bsc#1193787).\n- blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).\n- blk-tag: Hide spin_lock (bsc#1193787).\n- block: avoid double io accounting for flush request (bsc#1193787).\n- block: do not send a rezise udev event for hidden block device (bsc#1193096).\n- block: mark flush request as IDLE when it is really finished (bsc#1193787).\n- bonding: pair enable_port with slave_arr_updates (git-fixes).\n- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).\n- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).\n- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).\n- btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195).\n- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).\n- btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210).\n- btrfs: only clamp the first time we have to start flushing (bsc#1196195).\n- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).\n- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).\n- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).\n- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).\n- ceph: properly put ceph_string reference after async create attempt (bsc#1195798).\n- ceph: set pool_ns in new inode layout for async creates (bsc#1195799).\n- drm/amdgpu: fix logic inversion in check (git-fixes).\n- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).\n- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).\n- drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes).\n- drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).\n- drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes).\n- drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes).\n- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).\n- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes).\n- drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).\n- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).\n- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes).\n- ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).\n- ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).\n- ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).\n- gve: Add RX context (bsc#1191655).\n- gve: Add a jumbo-frame device option (bsc#1191655).\n- gve: Add consumed counts to ethtool stats (bsc#1191655).\n- gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).\n- gve: Correct order of processing device options (bsc#1191655).\n- gve: Fix GFP flags when allocing pages (git-fixes).\n- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).\n- gve: Implement packet continuation for RX (bsc#1191655).\n- gve: Implement suspend/resume/shutdown (bsc#1191655).\n- gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).\n- gve: Recording rx queue before sending to napi (bsc#1191655).\n- gve: Recover from queue stall due to missed IRQ (bsc#1191655).\n- gve: Update gve_free_queue_page_list signature (bsc#1191655).\n- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).\n- gve: fix for null pointer dereference (bsc#1191655).\n- gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).\n- gve: fix unmatched u64_stats_update_end() (bsc#1191655).\n- gve: remove memory barrier around seqno (bsc#1191655).\n- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).\n- i40e: Fix for failed to init adminq while VF reset (git-fixes).\n- i40e: Fix issue when maximum queues is exceeded (git-fixes).\n- i40e: Fix queues reservation for XDP (git-fixes).\n- i40e: Increase delay to 1 s after global EMP reset (git-fixes).\n- i40e: fix unsigned stat widths (git-fixes).\n- ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).\n- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).\n- ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).\n- ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).\n- ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).\n- ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).\n- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).\n- ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).\n- ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).\n- ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).\n- ice: fix IPIP and SIT TSO offload (git-fixes).\n- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).\n- ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes).\n- ima: Do not print policy rule with inactive LSM labels (git-fixes).\n- ima: Remove ima_policy file before directory (git-fixes).\n- integrity: Make function integrity_add_key() static (git-fixes).\n- integrity: check the return value of audit_log_start() (git-fixes).\n- integrity: double check iint_cache was initialized (git-fixes).\n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).\n- iommu/amd: Remove useless irq affinity notifier (git-fixes).\n- iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).\n- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes).\n- iommu/amd: X2apic mode: re-enable after resume (git-fixes).\n- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes).\n- iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes).\n- iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).\n- iommu/iova: Fix race between FQ timeout and teardown (git-fixes).\n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes).\n- iwlwifi: fix use-after-free (git-fixes).\n- iwlwifi: pcie: fix locking when \u0027HW not ready\u0027 (git-fixes).\n- iwlwifi: pcie: gen2: fix locking when \u0027HW not ready\u0027 (git-fixes).\n- ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).\n- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674).\n- kABI: Fix kABI for AMD IOMMU driver (git-fixes).\n- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).\n- lib/iov_iter: initialize \u0027flags\u0027 in new pipe_buffer (bsc#1196584).\n- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).\n- md/raid5: fix oops during stripe resizing (bsc#1181588).\n- misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).\n- mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).\n- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).\n- mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).\n- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).\n- net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).\n- net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172).\n- net: macb: Align the dma and coherent dma masks (git-fixes).\n- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).\n- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes).\n- net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes).\n- net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).\n- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).\n- nfp: flower: fix ida_idx not being released (bsc#1154353).\n- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).\n- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).\n- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).\n- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).\n- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).\n- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012).\n- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes).\n- nvme: do not return an error from nvme_configure_metadata (git-fixes).\n- nvme: let namespace probing continue for unsupported features (git-fixes).\n- powerpc/64: Move paca allocation later in boot (bsc#1190812).\n- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).\n- powerpc/pseries/ddw: Revert \u0027Extend upper limit for huge DMA window for persistent memory\u0027 (bsc#1195995 ltc#196394).\n- powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).\n- powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).\n- powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).\n- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).\n- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).\n- s390/bpf: Fix optimizing out zero-extensions (git-fixes).\n- s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).\n- s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418).\n- s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088).\n- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088).\n- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540).\n- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028).\n- s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).\n- s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).\n- s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).\n- s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).\n- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).\n- scsi: core: Add limitless cmd retry support (bsc#1195506).\n- scsi: core: No retries on abort success (bsc#1195506).\n- scsi: kABI fix for \u0027eh_should_retry_cmd\u0027 (bsc#1195506).\n- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).\n- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).\n- scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).\n- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).\n- scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).\n- scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).\n- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).\n- scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).\n- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).\n- scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).\n- scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).\n- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).\n- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).\n- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).\n- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).\n- scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).\n- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).\n- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).\n- scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).\n- scsi: qla2xxx: Remove a declaration (bsc#1195823).\n- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).\n- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).\n- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).\n- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).\n- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).\n- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).\n- scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).\n- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).\n- scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).\n- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).\n- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).\n- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).\n- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).\n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244).\n- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506).\n- staging/fbtft: Fix backlight (git-fixes).\n- staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).\n- tracing: Do not inc err_log entry count if entry allocation fails (git-fixes).\n- tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).\n- tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes).\n- tracing: Have traceon and traceoff trigger honor the instance (git-fixes).\n- tracing: Propagate is_signed to expression (git-fixes).\n- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).\n- usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes).\n- usb: dwc3: do not set gadget-\u003eis_otg flag (git-fixes).\n- usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).\n- usb: f_fs: Fix use-after-free for epfile (git-fixes).\n- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).\n- usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).\n- usb: gadget: s3c: remove unused \u0027udc\u0027 variable (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes).\n- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).\n- usb: ulpi: Call of_node_put correctly (git-fixes).\n- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-763,SUSE-SLE-Module-RT-15-SP3-2022-763,SUSE-SUSE-MicroOS-5.1-2022-763",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0763-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:0763-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220763-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:0763-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010391.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1089644",
        "url": "https://bugzilla.suse.com/1089644"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154353",
        "url": "https://bugzilla.suse.com/1154353"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157038",
        "url": "https://bugzilla.suse.com/1157038"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157923",
        "url": "https://bugzilla.suse.com/1157923"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176447",
        "url": "https://bugzilla.suse.com/1176447"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176940",
        "url": "https://bugzilla.suse.com/1176940"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178134",
        "url": "https://bugzilla.suse.com/1178134"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181147",
        "url": "https://bugzilla.suse.com/1181147"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181588",
        "url": "https://bugzilla.suse.com/1181588"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183872",
        "url": "https://bugzilla.suse.com/1183872"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1187716",
        "url": "https://bugzilla.suse.com/1187716"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188404",
        "url": "https://bugzilla.suse.com/1188404"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189126",
        "url": "https://bugzilla.suse.com/1189126"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1190812",
        "url": "https://bugzilla.suse.com/1190812"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1190972",
        "url": "https://bugzilla.suse.com/1190972"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191580",
        "url": "https://bugzilla.suse.com/1191580"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191655",
        "url": "https://bugzilla.suse.com/1191655"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191741",
        "url": "https://bugzilla.suse.com/1191741"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192210",
        "url": "https://bugzilla.suse.com/1192210"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192483",
        "url": "https://bugzilla.suse.com/1192483"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193096",
        "url": "https://bugzilla.suse.com/1193096"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193233",
        "url": "https://bugzilla.suse.com/1193233"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193243",
        "url": "https://bugzilla.suse.com/1193243"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193787",
        "url": "https://bugzilla.suse.com/1193787"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194163",
        "url": "https://bugzilla.suse.com/1194163"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1194967",
        "url": "https://bugzilla.suse.com/1194967"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195012",
        "url": "https://bugzilla.suse.com/1195012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195081",
        "url": "https://bugzilla.suse.com/1195081"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195286",
        "url": "https://bugzilla.suse.com/1195286"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195352",
        "url": "https://bugzilla.suse.com/1195352"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195378",
        "url": "https://bugzilla.suse.com/1195378"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195506",
        "url": "https://bugzilla.suse.com/1195506"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195668",
        "url": "https://bugzilla.suse.com/1195668"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195701",
        "url": "https://bugzilla.suse.com/1195701"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195798",
        "url": "https://bugzilla.suse.com/1195798"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195799",
        "url": "https://bugzilla.suse.com/1195799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195823",
        "url": "https://bugzilla.suse.com/1195823"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195928",
        "url": "https://bugzilla.suse.com/1195928"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195957",
        "url": "https://bugzilla.suse.com/1195957"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195995",
        "url": "https://bugzilla.suse.com/1195995"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196195",
        "url": "https://bugzilla.suse.com/1196195"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196235",
        "url": "https://bugzilla.suse.com/1196235"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196339",
        "url": "https://bugzilla.suse.com/1196339"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196400",
        "url": "https://bugzilla.suse.com/1196400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196516",
        "url": "https://bugzilla.suse.com/1196516"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196584",
        "url": "https://bugzilla.suse.com/1196584"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0001 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0001/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0002 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0002/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0847 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0847/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-25375 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-25375/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2022-03-09T13:37:57Z",
      "generator": {
        "date": "2022-03-09T13:37:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:0763-1",
      "initial_release_date": "2022-03-09T13:37:57Z",
      "revision_history": [
        {
          "date": "2022-03-09T13:37:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-5.3.18-150300.79.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-5.3.18-150300.79.1.noarch",
                  "product_id": "kernel-devel-rt-5.3.18-150300.79.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-5.3.18-150300.79.1.noarch",
                "product": {
                  "name": "kernel-source-rt-5.3.18-150300.79.1.noarch",
                  "product_id": "kernel-source-rt-5.3.18-150300.79.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "dlm-kmp-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "dlm-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "dlm-kmp-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "gfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "gfs2-kmp-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt-devel-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-extra-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt-extra-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt-extra-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-devel-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-devel-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt-livepatch-devel-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-optional-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt-optional-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt-optional-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-extra-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-extra-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt_debug-extra-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-optional-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-optional-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-rt_debug-optional-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "kernel-syms-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "kselftests-kmp-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "kselftests-kmp-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-rt-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "reiserfs-kmp-rt-5.3.18-150300.79.1.x86_64",
                  "product_id": "reiserfs-kmp-rt-5.3.18-150300.79.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                "product": {
                  "name": "reiserfs-kmp-rt_debug-5.3.18-150300.79.1.x86_64",
                  "product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.79.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Real Time Module 15 SP3",
                "product": {
                  "name": "SUSE Real Time Module 15 SP3",
                  "product_id": "SUSE Real Time Module 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-rt:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.1",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.1",
                  "product_id": "SUSE Linux Enterprise Micro 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dlm-kmp-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gfs2-kmp-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-rt-5.3.18-150300.79.1.noarch as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch"
        },
        "product_reference": "kernel-devel-rt-5.3.18-150300.79.1.noarch",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "kernel-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-5.3.18-150300.79.1.noarch as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch"
        },
        "product_reference": "kernel-source-rt-5.3.18-150300.79.1.noarch",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "kernel-syms-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Real Time Module 15 SP3",
          "product_id": "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-5.3.18-150300.79.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64"
        },
        "product_reference": "kernel-rt-5.3.18-150300.79.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-0001",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0001"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0001",
          "url": "https://www.suse.com/security/cve/CVE-2022-0001"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191580 for CVE-2022-0001",
          "url": "https://bugzilla.suse.com/1191580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196901 for CVE-2022-0001",
          "url": "https://bugzilla.suse.com/1196901"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-03-09T13:37:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-0001"
    },
    {
      "cve": "CVE-2022-0002",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0002"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0002",
          "url": "https://www.suse.com/security/cve/CVE-2022-0002"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191580 for CVE-2022-0002",
          "url": "https://bugzilla.suse.com/1191580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196901 for CVE-2022-0002",
          "url": "https://bugzilla.suse.com/1196901"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-03-09T13:37:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-0002"
    },
    {
      "cve": "CVE-2022-0847",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0847"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0847",
          "url": "https://www.suse.com/security/cve/CVE-2022-0847"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196584 for CVE-2022-0847",
          "url": "https://bugzilla.suse.com/1196584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196601 for CVE-2022-0847",
          "url": "https://bugzilla.suse.com/1196601"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-03-09T13:37:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0847"
    },
    {
      "cve": "CVE-2022-25375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-25375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
          "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
          "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-25375",
          "url": "https://www.suse.com/security/cve/CVE-2022-25375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196235 for CVE-2022-25375",
          "url": "https://bugzilla.suse.com/1196235"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.79.1.noarch",
            "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.79.1.x86_64",
            "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.79.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-03-09T13:37:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-25375"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…