The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem . - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address . - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. - CVE-2020-26541: Enforce the secure boot forbidden signature database protection mechanism. - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. - CVE-2022-1729: Fixed a sys_perf_event_open race condition against self . - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module . - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag . - CVE-2021-33061: Fixed insufficient control flow management for the Intel 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access . - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect . - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system . - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format . - cifs: fix bad fids sent over wire . - direct-io: clean up error paths of do_blockdev_direct_IO . - direct-io: defer alignment check until after the EOF check . - direct-io: do not force writeback for reads beyond EOF . - net: ena: A typo fix in the file ena_com.h . - net: ena: Add capabilities field with support for ENI stats capability . - net: ena: Add debug prints for invalid req_id resets . - net: ena: add device distinct log prefix to files . - net: ena: add jiffies of last napi call to stats . - net: ena: aggregate doorbell common operations into a function . - net: ena: aggregate stats increase into a function . - net: ena: Change ENI stats support check to use capabilities field . - net: ena: Change return value of ena_calc_io_queue_size to void . - net: ena: Change the name of bad_csum variable . - net: ena: Extract recurring driver reset code into a function . - net: ena: fix coding style nits . - net: ena: fix DMA mapping function issues in XDP . - net: ena: Fix error handling when calculating max IO queues number . - net: ena: fix inaccurate print type . - net: ena: Fix undefined state when tx request id is out of bounds . - net: ena: Fix wrong rx request id by resetting device . - net: ena: Improve error logging in driver . - net: ena: introduce ndo_xdp_xmit function for XDP_REDIRECT . - net: ena: introduce XDP redirect implementation . - net: ena: make symbol "ena_alloc_map_page" static . - net: ena: Move reset completion print to the reset function . - net: ena: optimize data access in fast-path code . - net: ena: re-organize code to improve readability . - net: ena: Remove ena_calc_queue_size_ctx struct . - net: ena: remove extra words from comments . - net: ena: Remove module param and change message severity . - net: ena: Remove rcu_read_lock around XDP program invocation . - net: ena: Remove redundant return code check . - net: ena: Remove unused code . - net: ena: store values in their appropriate variables types . - net: ena: Update XDP verdict upon failure . - net: ena: use build_skb in RX path . - net: ena: use constant value for net_device allocation . - net: ena: Use dev_alloc in RX buffer allocation . - net: ena: use xdp_frame in XDP TX flow . - net: ena: use xdp_return_frame to free xdp frames . - net: mana: Add counter for packet dropped by XDP . - net: mana: Add counter for XDP_TX . - net: mana: Add handling of CQE_RX_TRUNCATED . - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe . - net: mana: Reuse XDP dropped page . - net: mana: Use struct_size helper in mana_gd_create_dma_region . - NFS: limit use of ACCESS cache for negative responses . - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time . - ping: fix the sk_bound_dev_if match in ping_lookup . - ping: remove pr_err from ping_lookup . - powerpc/mm: Remove dcache flush from memory remove . - powerpc/powernv/memtrace: Fix dcache flushing . - powerpc/pseries: Fix use after free in remove_phb_dynamic . - sched/rt: Disable RT_RUNTIME_SHARE by default . - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach . - SUNRPC: change locking for xs_swap_enable/disable . - video: hyperv_fb: Fix validation of screen resolution . - x86/pm: Save the MSR validity status at context setup . - x86/speculation: Restore speculation related MSRs during S3 resume . Special Instructions and Notes: Please reboot the system after installing this update.