The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release . - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem . - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices . - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c . - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect . - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create . - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c . - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c . - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address . - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA . - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system . - CVE-2021-38208: Fixed a denial of service by making a getsockname call after a certain type of failure of a bind call . - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system . - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem . - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c . - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system . The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI . - ACPI/APEI: Limit printable size of BERT table data . - ACPICA: Avoid walking the ACPI Namespace if it is not there . - adm8211: fix error return code in adm8211_probe . - ALSA: cs4236: fix an incorrect NULL check on list iterator . - ALSA: hda/hdmi: fix warning about PCM count when used with SOF . - ALSA: hda/realtek: Add alc256-samsung-headphone fixup . - ALSA: hda/realtek: Add quirk for Clevo PD50PNT . - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 . - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' . - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb . - ALSA: usb-audio: Increase max buffer size . - ALSA: usb-audio: Limit max buffer and period sizes per time . - arm64: clear_page shouldn"t use DC ZVA when DCZID_EL0.DZP == 1 - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode - arm64: dts: exynos: correct GIC CPU interfaces address range on - arm64: dts: ls1028a: fix memory node - arm64: dts: ls1028a: fix node name for the sysclk - arm64: dts: lx2160a: fix scl-gpios property name - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 - arm64: dts: rockchip: Fix GPU register width for RK3328 - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from - arm64: dts: zii-ultra: fix 12V_MAIN voltage - arm64: head: avoid over-mapping in map_memory - arm64: Update config files; arm LIBNVDIMM y-greater than m ppc64le ND_BLK -greater than m . - arm64/sve: Use correct size when reinitialising SVE state - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek . - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use . - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs . - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component . - ASoC: soc-compress: Change the check for codec_dai . - ASoC: soc-compress: prevent the potentially use of null pointer . - ASoC: soc-core: skip zero num_dai component in searching dai name . - ASoC: soc-dapm: fix two incorrect uses of list iterator . - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs . - ata: sata_dwc_460ex: Fix crash due to OOB write . - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern . - ath5k: fix building with LEDS=m . - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 . - ath9k_htc: fix uninit value bugs . - ath9k: Fix usage of driver-private space in tx_info . - ath9k: Properly clear TX status area before reporting to mac80211 . - backlight: qcom-wled: Respect enabled-strings in set_brightness - bareudp: use ipv6_mod_enabled to check if IPv6 enabled . - bfq: Avoid merging queues with different parents . - bfq: Drop pointless unlock-lock pair . - bfq: Get rid of __bio_blkcg usage . - bfq: Make sure bfqg for which we are queueing requests is online . - bfq: Remove pointless bfq_init_rq calls . - bfq: Split shared queues on move between cgroups . - bfq: Track whether bfq_group is still online . - bfq: Update cgroup information before merging bio . - block: Drop leftover references to RQF_SORTED . - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt . - Bluetooth: Fix use after free in hci_send_acl . - Bluetooth: hci_serdev: call init_rwsem before p-greater than open . - bnx2x: fix napi API usage sequence . - bpf: Resolve to prog-greater than aux-greater than dst_prog-greater than type only for BPF_PROG_TYPE_EXT . - brcmfmac: firmware: Allocate space for default boardrev in nvram . - brcmfmac: pcie: Fix crashes due to early IRQs . - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path . - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio . - carl9170: fix missing bit-wise or operator for tx_params . - cfg80211: hold bss_lock while updating nontrans_list . - cifs: do not skip link targets when an I/O fails . - cifs: fix bad fids sent over wire . - clk: Enforce that disjoints limits are invalid . - clk: si5341: fix reported clk_rate when output divider is 2 . - direct-io: clean up error paths of do_blockdev_direct_IO . - direct-io: defer alignment check until after the EOF check . - direct-io: do not force writeback for reads beyond EOF . - dma-debug: fix return value of __setup handlers . - dma: at_xdmac: fix a missing check on list iterator . - dmaengine: idxd: add RO check for wq max_batch_size write . - dmaengine: idxd: add RO check for wq max_transfer_size write . - dmaengine: imx-sdma: Fix error checking in sdma_event_remap . - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources . - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' . - Documentation: add link to stable release candidate tree . - drm: add a locked version of drm_is_current_master . - drm: Add orientation quirk for GPD Win Max . - drm: drm_file struct kABI compatibility workaround . - drm: protect drm_master pointers in drm_lease.c . - drm: serialize drm_file.master with a new spinlock . - drm: use the lookup lock in drm_is_current_master . - drm/amd: Add USBC connector ID . - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj . - drm/amd/display: do not ignore alpha property on pre-multiplied mode . - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes . - drm/amd/display: Fix allocate_mst_payload assert on resume . - drm/amd/display: Fix memory leak in dcn21_clock_source_create - drm/amdgpu: fix amdgpu_ras_block_late_init error handler - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire . - drm/amdgpu: Fix recursive locking warning . - drm/amdkfd: Check for potential null return of kmalloc_array . - drm/amdkfd: Fix Incorrect VMIDs passed to HWS . - drm/amdkfd: make CRAT table missing message informational only . - drm/bridge: Add missing pm_runtime_disable in __dw_mipi_dsi_probe . - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt . - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev . - drm/cma-helper: Set VM_DONTEXPAND for mmap - drm/edid: check basic audio support on CEA extension block . - drm/edid: Do not clear formats if using deep color . - drm/fb-helper: Mark screen buffers in system memory with - drm/i915: Call i915_globals_exit if pci_register_device fails . - drm/i915: Drop all references to DRM IRQ midlayer - drm/i915: Keep gem ctx-greater than vm alive until the final put - drm/i915: s/JSP2/ICP2/ PCH - drm/i915/gem: Flush coherency domains on first set-domain-ioctl . - drm/imx: Fix memory leak in imx_pd_connector_get_modes . - drm/mediatek: Add AAL output size configuration . - drm/mediatek: Fix aal size config . - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init . - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised . - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare . - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe . - drm/vc4: crtc: Lookup the encoder from the register at boot - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync usage . - drm/vmwgfx: Remove unused compile options - e1000e: Fix possible overflow in LTR decoding . - fibmap: Reject negative block numbers . - fibmap: Use bmap instead of -greater than bmap method in ioctl_fibmap . - firmware: arm_scmi: Fix sorting of retrieved clock rates . - gpiolib: acpi: use correct format characters . - gpu: ipu-v3: Fix dev_dbg frequency output . - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports . - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER . - i2c: dev: Force case user pointers in compat_i2cdev_ioctl . - IB/hfi1: Allow larger MTU without AIP . - Input: omap4-keypad - fix pm_runtime_get_sync error checking . - ipmi: bail out if init_srcu_struct fails . - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module . - ipmi: Move remove_work to dedicated workqueue . - iwlwifi: Fix -EIO error code that is never returned . - iwlwifi: mvm: Fix an error code in iwl_mvm_up . - KEYS: fix length validation in keyctl_pkey_params_get_2 . - livepatch: Do not block removal of patches that are safe to unload . - lz4: fix LZ4_decompress_safe_partial read out of bound . - media: cx88-mpeg: clear interrupt status register before streaming video . - media: hdpvr: initialize dev-greater than worker at hdpvr_register_videodev . - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe . - mfd: asic3: Add missing iounmap on error asic3_mfd_probe . - mfd: mc13xxx: Add check for mc13xxx_irq_request . - mmc: host: Return an error when -greater than enable_sdio_irq ops is missing . - mmc: mmci_sdmmc: Replace sg_dma_xxx macros . - mmc: mmci: stm32: correctly check all elements of sg list . - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete . - mtd: onenand: Check for error irq . - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init . - mtd: rawnand: gpmi: fix controller timings setting . - mwl8k: Fix a double Free in mwl8k_probe_hw . - net: asix: add proper error handling of usb read errors . - net: mana: Add counter for packet dropped by XDP . - net: mana: Add counter for XDP_TX . - net: mana: Add handling of CQE_RX_TRUNCATED . - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe . - net: mana: Reuse XDP dropped page . - net: mana: Use struct_size helper in mana_gd_create_dma_region . - net: mcs7830: handle usb read errors properly . - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup . - nfc: nci: add flush_workqueue to prevent uaf . - NFSv4: fix open failure with O_ACCMODE flag . - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge . - PCI: aardvark: Fix support for MSI interrupts . - PCI: imx6: Allow to probe when dw_pcie_wait_for_link fails . - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum . - PCI: pciehp: Clear cmd_busy bit in polling mode . - PM: core: keep irq flags in device_pm_check_callbacks . - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe . - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init . - power: supply: axp20x_battery: properly report current when discharging . - power: supply: axp288-charger: Set Vhold to 4.4V . - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled wrong false return . - power: supply: wm8350-power: Add missing free in free_charger_irq . - power: supply: wm8350-power: Handle error for wm8350_register_irq . - powerpc/perf: Expose Performance Monitor Counter SPR"s as part of extended regs . - powerpc/perf: Fix power10 event alternatives . - powerpc/perf: Fix power9 event alternatives . - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct . - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE . - random: check for signal_pending outside of need_resched check . - ray_cs: Check ioremap return value . - RDMA/core: Set MR type in ib_reg_user_mr . - RDMA/mlx5: Add a missing update of cache-greater than last_add . - RDMA/mlx5: Do not remove cache MRs when a delay is needed . - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR . - regulator: wm8994: Add an off-on delay for WM8994 variant . - rpm: Run external scriptlets on uninstall only when available . - rpm: Use bash for % expansion . - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules - rtc: check if __rtc_read_time was successful . - rtc: wm8350: Handle error for wm8350_register_irq . - s390/tape: fix timer initialization in tape_std_assign . - scsi: libsas: Fix sas_ata_qc_issue handling of NCQ NON DATA commands . - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove . - scsi: mpt3sas: Page fault in reply q processing . - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach . - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller . - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op . - spi: Fix erroneous sgs value with min_t . - spi: Fix invalid sgs value . - spi: mxic: Fix the transmit path . - spi: tegra20: Use of_device_get_match_data . - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree . - SUNRPC: change locking for xs_swap_enable/disable . - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free . - SUNRPC: Fix the svc_deferred_event trace class . - SUNRPC: Handle ENOMEM in call_transmit_status . - SUNRPC: Handle low memory situations in call_status . - USB: dwc3: core: Fix tx/rx threshold settings . - USB: dwc3: core: Only handle soft-reset in DCTL . - USB: dwc3: gadget: Return proper request status . - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm . - USB: gadget: uvc: Fix crash when encoding data for usb request . - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs - USB: serial: pl2303: add IBM device IDs . - USB: serial: simple: add Nokia phone driver . - USB: storage: ums-realtek: fix error code in rts51x_read_mem . - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c . - vgacon: Propagate console boot parameters before calling `vc_resize" - video: fbdev: atari: Atari 2 bpp palette bugfix . - video: fbdev: cirrusfb: check pixclock to avoid divide by zero . - video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow . - video: fbdev: sm712fb: Fix crash in smtcfb_read . - video: fbdev: sm712fb: Fix crash in smtcfb_write . - video: fbdev: udlfb: properly check endpoint type - video: fbdev: w100fb: Reset global state . - virtio_console: break out of buf poll on remove . - virtio_console: eliminate anonymous module_init module_exit . - w1: w1_therm: fixes w1_seq for ds28ea00 sensors . - x86/pm: Save the MSR validity status at context setup . - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO . - x86/speculation: Restore speculation related MSRs during S3 resume . - xen: fix is_xen_pmu . - xen/blkfront: fix comment for need_copy . - xen/x86: obtain full video frame buffer address for Dom0 also under EFI . - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 . - xhci: fix runtime PM imbalance in USB2 resume . - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx . Special Instructions and Notes: Please reboot the system after installing this update.