Bug 1203992 - (CVE-2022-41849) VUL-0: CVE-2022-41849: kernel-source,kernel-source-azure,kernel-source-rt: use after free during USB removal in smscufx driver
(CVE-2022-41849)
VUL-0: CVE-2022-41849: kernel-source,kernel-source-azure,kernel-source-rt: us...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/344089/
CVSSv3.1:SUSE:CVE-2022-41849:6.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-04 08:21 UTC by Carlos López
Modified: 2023-01-18 17:55 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-10-04 08:21:01 UTC
CVE-2022-41849

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race
condition and resultant use-after-free if a physically proximate attacker
removes a USB device while calling open(), aka a race condition between
ufx_ops_open and ufx_usb_disconnect.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41849
https://www.cve.org/CVERecord?id=CVE-2022-41849
https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
Comment 1 Carlos López 2022-10-04 08:25:18 UTC
(In reply to Carlos López from comment #0)
> https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/

This has not been merged upstream yet.

CONFIG_FB_SMSCUFX is only enabled in the SLE15-SP{3,4} branches for the default armv7hl configuration.
Comment 3 Takashi Iwai 2022-10-04 10:45:03 UTC
It's in fbdev subsystem tree, commit 6a7bca685c93fd18133d313716e141faac3bddc3.
Will backport it to relevant branches.
Comment 4 Takashi Iwai 2022-10-04 10:52:30 UTC
The fix backported to SLE15-SP4 and cve/linux-5.3 branches.

Reassigned back to security team.
Comment 17 Swamp Workflow Management 2022-10-14 13:25:34 UTC
SUSE-SU-2022:3585-1: An update that solves 9 vulnerabilities, contains 12 features and has 38 fixes is now available.

Category: security (important)
Bug References: 1152472,1152489,1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203701,1203767,1203769,1203794,1203798,1203893,1203902,1203906,1203908,1203933,1203935,1203939,1203969,1203987,1203992
CVE References: CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41848,CVE-2022-41849
JIRA References: PED-387,PED-529,PED-652,PED-664,PED-682,PED-688,PED-720,PED-729,PED-755,PED-763,SLE-19924,SLE-24814
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.16.1, kernel-source-azure-5.14.21-150400.14.16.1, kernel-syms-azure-5.14.21-150400.14.16.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.16.1, kernel-source-azure-5.14.21-150400.14.16.1, kernel-syms-azure-5.14.21-150400.14.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2022-10-18 13:30:55 UTC
SUSE-SU-2022:3609-1: An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1196616,1196867,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199255,1199291,1200084,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201442,1201489,1201610,1201645,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202154,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,1203159,1203313,1203389,1203410,1203424,1203552,1203622,1203737,1203769,1203906,1203909,1203933,1203935,1203939,1203987,1203992
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-41218,CVE-2022-41222,CVE-2022-41848,CVE-2022-41849
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2022-10-24 16:22:24 UTC
SUSE-SU-2022:3704-1: An update that solves 15 vulnerabilities, contains one feature and has three fixes is now available.

Category: security (important)
Bug References: 1177471,1199564,1200288,1201309,1201310,1202095,1202385,1202677,1202960,1203552,1203622,1203769,1203770,1203987,1203992,1204051,1204059,1204060
CVE References: CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721
JIRA References: PED-529
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-livepatch-SLE15-SP2_Update_31-1-150200.5.3.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-150200.24.134.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-150200.24.134.1, kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2, kernel-docs-5.3.18-150200.24.134.1, kernel-obs-build-5.3.18-150200.24.134.1, kernel-preempt-5.3.18-150200.24.134.1, kernel-source-5.3.18-150200.24.134.1, kernel-syms-5.3.18-150200.24.134.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-10-26 14:15:58 UTC
SUSE-SU-2022:3775-1: An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available.

Category: security (important)
Bug References: 1177471,1185032,1194023,1196444,1197659,1199564,1200313,1200622,1201309,1201310,1201489,1201645,1201865,1201990,1202095,1202341,1202385,1202677,1202960,1202984,1203159,1203290,1203313,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,1204289,1204290,1204291,1204292
CVE References: CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.98.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.98.1, kernel-64kb-5.3.18-150300.59.98.1, kernel-debug-5.3.18-150300.59.98.1, kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3, kernel-docs-5.3.18-150300.59.98.1, kernel-kvmsmall-5.3.18-150300.59.98.1, kernel-obs-build-5.3.18-150300.59.98.1, kernel-obs-qa-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-syms-5.3.18-150300.59.98.1, kernel-zfcpdump-5.3.18-150300.59.98.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-livepatch-SLE15-SP3_Update_25-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.98.1, kernel-obs-build-5.3.18-150300.59.98.1, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-syms-5.3.18-150300.59.98.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.98.1, kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3, kernel-preempt-5.3.18-150300.59.98.1, kernel-source-5.3.18-150300.59.98.1, kernel-zfcpdump-5.3.18-150300.59.98.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.98.1, kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-10-31 14:33:49 UTC
SUSE-SU-2022:3809-1: An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available.

Category: security (important)
Bug References: 1023051,1065729,1152489,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200288,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201489,1201610,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202638,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203117,1203135,1203136,1203137,1203159,1203290,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203802,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3169,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-529,SLE-24635
Sources used:
openSUSE Leap Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.106.1, kernel-rt_debug-5.3.18-150300.106.1, kernel-source-rt-5.3.18-150300.106.1, kernel-syms-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.106.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-11-01 23:24:56 UTC
SUSE-SU-2022:3844-1: An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available.

Category: security (important)
Bug References: 1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125
CVE References: CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722
JIRA References: PED-387,PED-529,PED-652,PED-664,PED-682,PED-688,PED-720,PED-729,PED-755,PED-763,SLE-19924,SLE-24814
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.28.1, kernel-64kb-5.14.21-150400.24.28.1, kernel-debug-5.14.21-150400.24.28.1, kernel-default-5.14.21-150400.24.28.1, kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5, kernel-docs-5.14.21-150400.24.28.1, kernel-kvmsmall-5.14.21-150400.24.28.1, kernel-obs-build-5.14.21-150400.24.28.1, kernel-obs-qa-5.14.21-150400.24.28.1, kernel-source-5.14.21-150400.24.28.1, kernel-syms-5.14.21-150400.24.28.1, kernel-zfcpdump-5.14.21-150400.24.28.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1, kernel-livepatch-SLE15-SP4_Update_4-1-150400.9.3.5
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.28.1, kernel-obs-build-5.14.21-150400.24.28.1, kernel-source-5.14.21-150400.24.28.1, kernel-syms-5.14.21-150400.24.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.28.1, kernel-default-5.14.21-150400.24.28.1, kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5, kernel-source-5.14.21-150400.24.28.1, kernel-zfcpdump-5.14.21-150400.24.28.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-default-5.14.21-150400.24.28.1, kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Jean Delvare 2022-12-08 16:37:30 UTC
I'm reopening this bug after finding something fishy in our kernel repository.

There are actually 2 recent security fixes to the smscufx driver. The first fix is:

commit 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c
Author: Hyunwoo Kim
Date:   Sun Sep 25 06:32:43 2022 -0700

    fbdev: smscufx: Fix use-after-free in ufx_ops_open()

It was merged upstream in kernel v6.1-rc1, and is associated with CVE-2022-41849.

The second fix is:

commit cc67482c9e5f2c80d62f623bcc347c29f9f648e1
Author: Hyunwoo Kim
Date:   Thu Oct 20 18:15:44 2022 -0700

    fbdev: smscufx: Fix several use-after-free bugs

It was merged upstream in kernel v6.1-rc3. I could not find a CVE number associated with this fix, however, considering that it has the same author and addresses UAFs in the same driver just one month after the first one, I would be tempted to consider that the CVE number actually covers both fixes. While this isn't strictly true, customers may also understand it that way and expect both commits to be backported before we claim that CVE-2022-41849 is fixed.

The current fix situation in our trees is as follows:

* The first bug is fixed in all relevant branches (SLE15-SP2-LTSS, SLE15-SP3, SLE15-SP4, SLE15-SP5). However, the Git-commit and Patch-mainline tags are incorrect in all branches except SLE15-SP3. The SLE15-SP2-LTSS branch still refers to the subsystem maintainer repository commit ID (which is different), while the SLE15-SP4 and SLE15-SP5 branches use the commit ID of the second fix listed above, together with its Patch-mainline information (so v6.1-rc3 instead of v6.1-rc1).

* The second fix is only present in the SLE15-SP3 branch (patches.suse/fbdev-smscufx-Fix-several-use-after-free-bugs.patch, tags are correct).

So we need to fix the incorrect tags of the first patch, and add the second patch, in SLE15-SP2-LTSS, SLE15-SP4 and SLE15-SP5. I'll take care of that if there are no objections.

I'm unsure if this justifies resubmitting these kernels for the upcoming maintenance update, I'll let the Security Team decide.
Comment 30 Takashi Iwai 2022-12-08 17:09:07 UTC
Note that the person has been reporting many UAF issues in various areas, often several times for the same device driver.  So, the fact that multiple fixes are seen by the same author for the same driver doesn't mean that the CVE mentions for both.

The bug is only for armv7hl and only with the specific hardware, so maybe not worth for MU resubmission.
Comment 31 Jean Delvare 2022-12-08 19:50:07 UTC
Correcting myself: SLE15-SP2-LTSS is not actually relevant here, as we don't build the smscufx driver in any config. I'll still update the first patch for consistency (if it is there, it should have the right commit ID) but there's no point in spending time backporting the second patch, especially when it doesn't apply cleanly.
Comment 32 Jean Delvare 2022-12-10 12:30:44 UTC
The problem described in comment #29 is now fixed in SLE15-SP2-LTSS, SLE15-SP4 and SLE15-SP5, therefore we can close this bug again.
Comment 37 Swamp Workflow Management 2022-12-23 15:20:32 UTC
SUSE-SU-2022:4617-1: An update that solves 96 vulnerabilities, contains 50 features and has 246 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1071995,1152472,1152489,1156395,1164051,1177471,1184350,1185032,1188238,1189297,1189999,1190256,1190497,1190969,1192968,1193629,1194023,1194592,1194869,1194904,1195480,1195917,1196018,1196444,1196616,1196632,1196867,1196869,1197158,1197391,1197659,1197755,1197756,1197757,1197763,1198189,1198410,1198577,1198702,1198971,1199086,1199364,1199515,1199670,1199904,1200015,1200058,1200268,1200288,1200301,1200313,1200431,1200465,1200494,1200544,1200567,1200622,1200644,1200651,1200692,1200788,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201309,1201310,1201361,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201726,1201768,1201865,1201940,1201941,1201948,1201954,1201956,1201958,1202095,1202096,1202097,1202113,1202131,1202154,1202187,1202262,1202265,1202312,1202341,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202623,1202636,1202672,1202681,1202685,1202686,1202700,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202874,1202898,1202914,1202960,1202989,1202992,1202993,1203002,1203008,1203036,1203039,1203041,1203063,1203066,1203067,1203098,1203101,1203107,1203116,1203117,1203138,1203139,1203159,1203183,1203197,1203208,1203229,1203263,1203290,1203338,1203360,1203361,1203389,1203391,1203410,1203435,1203505,1203511,1203514,1203552,1203606,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203802,1203829,1203893,1203902,1203906,1203908,1203922,1203935,1203939,1203960,1203969,1203987,1203992,1203994,1204017,1204051,1204059,1204060,1204092,1204125,1204132,1204142,1204166,1204168,1204170,1204171,1204183,1204228,1204241,1204289,1204290,1204291,1204292,1204353,1204354,1204355,1204402,1204405,1204413,1204414,1204415,1204417,1204424,1204428,1204431,1204432,1204439,1204470,1204479,1204486,1204498,1204533,1204569,1204574,1204575,1204576,1204619,1204624,1204631,1204635,1204636,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204745,1204753,1204780,1204810,1204850,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205257,1205264,1205282,1205313,1205331,1205332,1205427,1205428,1205473,1205496,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,1206391
CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-1263,CVE-2022-1882,CVE-2022-20368,CVE-2022-20369,CVE-2022-2153,CVE-2022-2586,CVE-2022-2588,CVE-2022-2602,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-28748,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-3028,CVE-2022-3078,CVE-2022-3114,CVE-2022-3169,CVE-2022-3176,CVE-2022-3202,CVE-2022-32250,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3566,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3635,CVE-2022-3640,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3707,CVE-2022-3903,CVE-2022-39188,CVE-2022-39189,CVE-2022-39190,CVE-2022-40476,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-4129,CVE-2022-4139,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934
JIRA References: PED-1082,PED-1084,PED-1085,PED-1096,PED-1211,PED-1573,PED-1649,PED-1706,PED-1936,PED-2684,PED-387,PED-529,PED-611,PED-634,PED-652,PED-664,PED-676,PED-678,PED-679,PED-682,PED-688,PED-707,PED-720,PED-729,PED-732,PED-755,PED-763,PED-813,PED-817,PED-822,PED-824,PED-825,PED-833,PED-842,PED-846,PED-849,PED-850,PED-851,PED-856,PED-857,SLE-13847,SLE-18130,SLE-19359,SLE-19924,SLE-20183,SLE-23766,SLE-24572,SLE-24682,SLE-24814,SLE-9246
Sources used:
openSUSE Leap Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1
openSUSE Leap 15.4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Realtime 15-SP4 (src):    kernel-rt-5.14.21-150400.15.5.1, kernel-rt_debug-5.14.21-150400.15.5.1, kernel-source-rt-5.14.21-150400.15.5.1, kernel-syms-rt-5.14.21-150400.15.5.1
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-livepatch-SLE15-SP4-RT_Update_1-1-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):    kernel-rt-5.14.21-150400.15.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.