Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0289-1 Final 1 1 2022-02-02T09:02:15Z current 2022-02-02T09:02:15Z 2022-02-02T09:02:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses (bsc#1194094). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). The following non-security bugs were fixed: - ext4: Avoid trim error on fs with small groups (bsc#1191271). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - kabi/severities: Add a kabi exception for drivers/tee/tee - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - moxart: fix potential use-after-free on remove path (bsc#1194516). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209, bsc#1193660). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-289,SUSE-SLE-Module-RT-15-SP2-2022-289,SUSE-SUSE-MicroOS-5.0-2022-289 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ Link for SUSE-SU-2022:0289-1 https://lists.suse.com/pipermail/sle-updates/2022-February/021587.html E-Mail link for SUSE-SU-2022:0289-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1071995 SUSE Bug 1071995 https://bugzilla.suse.com/1184209 SUSE Bug 1184209 https://bugzilla.suse.com/1191271 SUSE Bug 1191271 https://bugzilla.suse.com/1193255 SUSE Bug 1193255 https://bugzilla.suse.com/1193660 SUSE Bug 1193660 https://bugzilla.suse.com/1193669 SUSE Bug 1193669 https://bugzilla.suse.com/1193727 SUSE Bug 1193727 https://bugzilla.suse.com/1193767 SUSE Bug 1193767 https://bugzilla.suse.com/1193901 SUSE Bug 1193901 https://bugzilla.suse.com/1193927 SUSE Bug 1193927 https://bugzilla.suse.com/1194001 SUSE Bug 1194001 https://bugzilla.suse.com/1194087 SUSE Bug 1194087 https://bugzilla.suse.com/1194094 SUSE Bug 1194094 https://bugzilla.suse.com/1194302 SUSE Bug 1194302 https://bugzilla.suse.com/1194516 SUSE Bug 1194516 https://bugzilla.suse.com/1194517 SUSE Bug 1194517 https://bugzilla.suse.com/1194529 SUSE Bug 1194529 https://bugzilla.suse.com/1194888 SUSE Bug 1194888 https://bugzilla.suse.com/1194985 SUSE Bug 1194985 https://www.suse.com/security/cve/CVE-2021-4083/ SUSE CVE CVE-2021-4083 page https://www.suse.com/security/cve/CVE-2021-4135/ SUSE CVE CVE-2021-4135 page https://www.suse.com/security/cve/CVE-2021-4149/ SUSE CVE CVE-2021-4149 page https://www.suse.com/security/cve/CVE-2021-4197/ SUSE CVE CVE-2021-4197 page https://www.suse.com/security/cve/CVE-2021-4202/ SUSE CVE CVE-2021-4202 page https://www.suse.com/security/cve/CVE-2021-44733/ SUSE CVE CVE-2021-44733 page https://www.suse.com/security/cve/CVE-2021-45485/ SUSE CVE CVE-2021-45485 page https://www.suse.com/security/cve/CVE-2021-45486/ SUSE CVE CVE-2021-45486 page https://www.suse.com/security/cve/CVE-2022-0185/ SUSE CVE CVE-2022-0185 page https://www.suse.com/security/cve/CVE-2022-0322/ SUSE CVE CVE-2022-0322 page SUSE Linux Enterprise Micro 5.0 SUSE Real Time Module 15 SP2 cluster-md-kmp-rt-5.3.18-68.1 cluster-md-kmp-rt_debug-5.3.18-68.1 dlm-kmp-rt-5.3.18-68.1 dlm-kmp-rt_debug-5.3.18-68.1 gfs2-kmp-rt-5.3.18-68.1 gfs2-kmp-rt_debug-5.3.18-68.1 kernel-devel-rt-5.3.18-68.1 kernel-rt-5.3.18-68.1 kernel-rt-devel-5.3.18-68.1 kernel-rt-extra-5.3.18-68.1 kernel-rt-livepatch-devel-5.3.18-68.1 kernel-rt_debug-5.3.18-68.1 kernel-rt_debug-devel-5.3.18-68.1 kernel-rt_debug-extra-5.3.18-68.1 kernel-rt_debug-livepatch-devel-5.3.18-68.1 kernel-source-rt-5.3.18-68.1 kernel-syms-rt-5.3.18-68.1 kselftests-kmp-rt-5.3.18-68.1 kselftests-kmp-rt_debug-5.3.18-68.1 ocfs2-kmp-rt-5.3.18-68.1 ocfs2-kmp-rt_debug-5.3.18-68.1 reiserfs-kmp-rt-5.3.18-68.1 reiserfs-kmp-rt_debug-5.3.18-68.1 kernel-rt-5.3.18-68.1 as a component of SUSE Linux Enterprise Micro 5.0 cluster-md-kmp-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 dlm-kmp-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 gfs2-kmp-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-devel-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-rt-devel-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-rt_debug-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-rt_debug-devel-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-source-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 kernel-syms-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 ocfs2-kmp-rt-5.3.18-68.1 as a component of SUSE Real Time Module 15 SP2 A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. CVE-2021-4083 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-4083.html CVE-2021-4083 https://bugzilla.suse.com/1193727 SUSE Bug 1193727 https://bugzilla.suse.com/1194460 SUSE Bug 1194460 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. CVE-2021-4135 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-4135.html CVE-2021-4135 https://bugzilla.suse.com/1193927 SUSE Bug 1193927 A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. CVE-2021-4149 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-4149.html CVE-2021-4149 https://bugzilla.suse.com/1194001 SUSE Bug 1194001 An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. CVE-2021-4197 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-4197.html CVE-2021-4197 https://bugzilla.suse.com/1194302 SUSE Bug 1194302 A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. CVE-2021-4202 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-4202.html CVE-2021-4202 https://bugzilla.suse.com/1194529 SUSE Bug 1194529 https://bugzilla.suse.com/1194533 SUSE Bug 1194533 A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. CVE-2021-44733 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-44733.html CVE-2021-44733 https://bugzilla.suse.com/1193767 SUSE Bug 1193767 In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. CVE-2021-45485 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 low 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-45485.html CVE-2021-45485 https://bugzilla.suse.com/1194094 SUSE Bug 1194094 In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. CVE-2021-45486 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 low 2.7 AV:A/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2021-45486.html CVE-2021-45486 https://bugzilla.suse.com/1194087 SUSE Bug 1194087 A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. CVE-2022-0185 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2022-0185.html CVE-2022-0185 https://bugzilla.suse.com/1194517 SUSE Bug 1194517 https://bugzilla.suse.com/1194737 SUSE Bug 1194737 A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). CVE-2022-0322 SUSE Linux Enterprise Micro 5.0:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-68.1 SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-68.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ https://www.suse.com/security/cve/CVE-2022-0322.html CVE-2022-0322 https://bugzilla.suse.com/1194985 SUSE Bug 1194985