Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3586-1 Final 1 1 2022-10-14T07:54:18Z current 2022-10-14T07:54:18Z 2022-10-14T07:54:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3586,SUSE-OpenStack-Cloud-9-2022-3586,SUSE-OpenStack-Cloud-Crowbar-9-2022-3586,SUSE-SLE-HA-12-SP4-2022-3586,SUSE-SLE-Live-Patching-12-SP4-2022-3586,SUSE-SLE-SAP-12-SP4-2022-3586,SUSE-SLE-SERVER-12-SP4-LTSS-2022-3586 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/ Link for SUSE-SU-2022:3586-1 https://lists.suse.com/pipermail/sle-security-updates/2022-October/012538.html E-Mail link for SUSE-SU-2022:3586-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1201309 SUSE Bug 1201309 https://bugzilla.suse.com/1202097 SUSE Bug 1202097 https://bugzilla.suse.com/1202385 SUSE Bug 1202385 https://bugzilla.suse.com/1202677 SUSE Bug 1202677 https://bugzilla.suse.com/1202960 SUSE Bug 1202960 https://bugzilla.suse.com/1203107 SUSE Bug 1203107 https://bugzilla.suse.com/1203552 SUSE Bug 1203552 https://www.suse.com/security/cve/CVE-2022-2503/ SUSE CVE CVE-2022-2503 page https://www.suse.com/security/cve/CVE-2022-2663/ SUSE CVE CVE-2022-2663 page https://www.suse.com/security/cve/CVE-2022-3239/ SUSE CVE CVE-2022-3239 page https://www.suse.com/security/cve/CVE-2022-39188/ SUSE CVE CVE-2022-39188 page https://www.suse.com/security/cve/CVE-2022-41218/ SUSE CVE CVE-2022-41218 page SUSE Linux Enterprise High Availability Extension 12 SP4 SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 cluster-md-kmp-default-4.12.14-95.111.1 dlm-kmp-default-4.12.14-95.111.1 gfs2-kmp-default-4.12.14-95.111.1 kernel-debug-4.12.14-95.111.1 kernel-debug-base-4.12.14-95.111.1 kernel-debug-devel-4.12.14-95.111.1 kernel-debug-kgraft-devel-4.12.14-95.111.1 kernel-default-4.12.14-95.111.1 kernel-default-base-4.12.14-95.111.1 kernel-default-devel-4.12.14-95.111.1 kernel-default-extra-4.12.14-95.111.1 kernel-default-kgraft-4.12.14-95.111.1 kernel-default-kgraft-devel-4.12.14-95.111.1 kernel-default-man-4.12.14-95.111.1 kernel-devel-4.12.14-95.111.1 kernel-docs-4.12.14-95.111.1 kernel-docs-html-4.12.14-95.111.1 kernel-kvmsmall-4.12.14-95.111.1 kernel-kvmsmall-base-4.12.14-95.111.1 kernel-kvmsmall-devel-4.12.14-95.111.1 kernel-kvmsmall-kgraft-devel-4.12.14-95.111.1 kernel-macros-4.12.14-95.111.1 kernel-obs-build-4.12.14-95.111.1 kernel-obs-qa-4.12.14-95.111.1 kernel-source-4.12.14-95.111.1 kernel-source-vanilla-4.12.14-95.111.1 kernel-syms-4.12.14-95.111.1 kernel-vanilla-4.12.14-95.111.1 kernel-vanilla-base-4.12.14-95.111.1 kernel-vanilla-devel-4.12.14-95.111.1 kernel-vanilla-kgraft-devel-4.12.14-95.111.1 kernel-zfcpdump-4.12.14-95.111.1 kernel-zfcpdump-man-4.12.14-95.111.1 kgraft-patch-4_12_14-95_111-default-1-6.3.1 kselftests-kmp-default-4.12.14-95.111.1 ocfs2-kmp-default-4.12.14-95.111.1 cluster-md-kmp-default-4.12.14-95.111.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 dlm-kmp-default-4.12.14-95.111.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 gfs2-kmp-default-4.12.14-95.111.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 ocfs2-kmp-default-4.12.14-95.111.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 kernel-default-kgraft-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kernel-default-kgraft-devel-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kgraft-patch-4_12_14-95_111-default-1-6.3.1 as a component of SUSE Linux Enterprise Live Patching 12 SP4 kernel-default-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-default-base-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-default-devel-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-default-man-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-devel-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-macros-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-source-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-syms-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS kernel-default-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-default-base-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-default-devel-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-devel-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-macros-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-source-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-syms-4.12.14-95.111.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-default-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-default-base-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-default-devel-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-devel-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-macros-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-source-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-syms-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud 9 kernel-default-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 kernel-default-base-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 kernel-default-devel-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 kernel-devel-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 kernel-macros-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 kernel-source-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 kernel-syms-4.12.14-95.111.1 as a component of SUSE OpenStack Cloud Crowbar 9 Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 CVE-2022-2503 SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-devel-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_111-default-1-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-man-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-syms-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-syms-4.12.14-95.111.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/ https://www.suse.com/security/cve/CVE-2022-2503.html CVE-2022-2503 https://bugzilla.suse.com/1202677 SUSE Bug 1202677 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. CVE-2022-2663 SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-devel-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_111-default-1-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-man-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-syms-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-syms-4.12.14-95.111.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/ https://www.suse.com/security/cve/CVE-2022-2663.html CVE-2022-2663 https://bugzilla.suse.com/1202097 SUSE Bug 1202097 https://bugzilla.suse.com/1212299 SUSE Bug 1212299 A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2022-3239 SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-devel-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_111-default-1-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-man-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-syms-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-syms-4.12.14-95.111.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/ https://www.suse.com/security/cve/CVE-2022-3239.html CVE-2022-3239 https://bugzilla.suse.com/1203552 SUSE Bug 1203552 An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. CVE-2022-39188 SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-devel-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_111-default-1-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-man-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-syms-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-syms-4.12.14-95.111.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/ https://www.suse.com/security/cve/CVE-2022-39188.html CVE-2022-39188 https://bugzilla.suse.com/1203107 SUSE Bug 1203107 https://bugzilla.suse.com/1203116 SUSE Bug 1203116 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 https://bugzilla.suse.com/1212326 SUSE Bug 1212326 In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. CVE-2022-41218 SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kernel-default-kgraft-devel-4.12.14-95.111.1 SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_111-default-1-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-default-man-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server 12 SP4-LTSS:kernel-syms-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.111.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud 9:kernel-syms-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-base-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-default-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-devel-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-macros-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-source-4.12.14-95.111.1 SUSE OpenStack Cloud Crowbar 9:kernel-syms-4.12.14-95.111.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/ https://www.suse.com/security/cve/CVE-2022-41218.html CVE-2022-41218 https://bugzilla.suse.com/1202960 SUSE Bug 1202960 https://bugzilla.suse.com/1203606 SUSE Bug 1203606 https://bugzilla.suse.com/1205313 SUSE Bug 1205313 https://bugzilla.suse.com/1209225 SUSE Bug 1209225