{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255577).\n- CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255845).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2026-707,SUSE-SLE-Live-Patching-12-SP5-2026-707","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0707-1.json"},{"category":"self","summary":"URL for SUSE-SU-2026:0707-1","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260707-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2026:0707-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-March/024515.html"},{"category":"self","summary":"SUSE Bug 1255577","url":"https://bugzilla.suse.com/1255577"},{"category":"self","summary":"SUSE Bug 1255845","url":"https://bugzilla.suse.com/1255845"},{"category":"self","summary":"SUSE CVE CVE-2022-50700 page","url":"https://www.suse.com/security/cve/CVE-2022-50700/"},{"category":"self","summary":"SUSE CVE CVE-2022-50717 page","url":"https://www.suse.com/security/cve/CVE-2022-50717/"}],"title":"Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)","tracking":{"current_release_date":"2026-02-28T13:03:47Z","generator":{"date":"2026-02-28T13:03:47Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2026:0707-1","initial_release_date":"2026-02-28T13:03:47Z","revision_history":[{"date":"2026-02-28T13:03:47Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","product":{"name":"kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","product_id":"kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","product":{"name":"kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","product_id":"kgraft-patch-4_12_14-122_275-default-4-2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64","product":{"name":"kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64","product_id":"kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 12 SP5","product":{"name":"SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-live-patching:12:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le"},"product_reference":"kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_275-default-4-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x"},"product_reference":"kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"},"product_reference":"kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"}]},"vulnerabilities":[{"cve":"CVE-2022-50700","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-50700"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Delay the unmapping of the buffer\n\nOn WCN3990, we are seeing a rare scenario where copy engine hardware is\nsending a copy complete interrupt to the host driver while still\nprocessing the buffer that the driver has sent, this is leading into an\nSMMU fault triggering kernel panic. This is happening on copy engine\nchannel 3 (CE3) where the driver normally enqueues WMI commands to the\nfirmware. Upon receiving a copy complete interrupt, host driver will\nimmediately unmap and frees the buffer presuming that hardware has\nprocessed the buffer. In the issue case, upon receiving copy complete\ninterrupt, host driver will unmap and free the buffer but since hardware\nis still accessing the buffer (which in this case got unmapped in\nparallel), SMMU hardware will trigger an SMMU fault resulting in a\nkernel panic.\n\nIn order to avoid this, as a work around, add a delay before unmapping\nthe copy engine source DMA buffer. This is conditionally done for\nWCN3990 and only for the CE3 channel where issue is seen.\n\nBelow is the crash signature:\n\nwifi smmu error: kernel: [ 10.120965] arm-smmu 15000000.iommu: Unhandled\ncontext fault: fsr=0x402, iova=0x7fdfd8ac0,\nfsynr=0x500003,cbfrsynra=0xc1, cb=6 arm-smmu 15000000.iommu: Unhandled\ncontext fault:fsr=0x402, iova=0x7fe06fdc0, fsynr=0x710003,\ncbfrsynra=0xc1, cb=6 qcom-q6v5-mss 4080000.remoteproc: fatal error\nreceived: err_qdi.c:1040:EF:wlan_process:0x1:WLAN RT:0x2091:\ncmnos_thread.c:3998:Asserted in copy_engine.c:AXI_ERROR_DETECTED:2149\nremoteproc remoteproc0: crash detected in\n4080000.remoteproc: type fatal error <3> remoteproc remoteproc0:\nhandling crash #1 in 4080000.remoteproc\n\npc : __arm_lpae_unmap+0x500/0x514\nlr : __arm_lpae_unmap+0x4bc/0x514\nsp : ffffffc011ffb530\nx29: ffffffc011ffb590 x28: 0000000000000000\nx27: 0000000000000000 x26: 0000000000000004\nx25: 0000000000000003 x24: ffffffc011ffb890\nx23: ffffffa762ef9be0 x22: ffffffa77244ef00\nx21: 0000000000000009 x20: 00000007fff7c000\nx19: 0000000000000003 x18: 0000000000000000\nx17: 0000000000000004 x16: ffffffd7a357d9f0\nx15: 0000000000000000 x14: 00fd5d4fa7ffffff\nx13: 000000000000000e x12: 0000000000000000\nx11: 00000000ffffffff x10: 00000000fffffe00\nx9 : 000000000000017c x8 : 000000000000000c\nx7 : 0000000000000000 x6 : ffffffa762ef9000\nx5 : 0000000000000003 x4 : 0000000000000004\nx3 : 0000000000001000 x2 : 00000007fff7c000\nx1 : ffffffc011ffb890 x0 : 0000000000000000 Call trace:\n__arm_lpae_unmap+0x500/0x514\n__arm_lpae_unmap+0x4bc/0x514\n__arm_lpae_unmap+0x4bc/0x514\narm_lpae_unmap_pages+0x78/0xa4\narm_smmu_unmap_pages+0x78/0x104\n__iommu_unmap+0xc8/0x1e4\niommu_unmap_fast+0x38/0x48\n__iommu_dma_unmap+0x84/0x104\niommu_dma_free+0x34/0x50\ndma_free_attrs+0xa4/0xd0\nath10k_htt_rx_free+0xc4/0xf4 [ath10k_core] ath10k_core_stop+0x64/0x7c\n[ath10k_core]\nath10k_halt+0x11c/0x180 [ath10k_core]\nath10k_stop+0x54/0x94 [ath10k_core]\ndrv_stop+0x48/0x1c8 [mac80211]\nieee80211_do_open+0x638/0x77c [mac80211] ieee80211_open+0x48/0x5c\n[mac80211]\n__dev_open+0xb4/0x174\n__dev_change_flags+0xc4/0x1dc\ndev_change_flags+0x3c/0x7c\ndevinet_ioctl+0x2b4/0x580\ninet_ioctl+0xb0/0x1b4\nsock_do_ioctl+0x4c/0x16c\ncompat_ifreq_ioctl+0x1cc/0x35c\ncompat_sock_ioctl+0x110/0x2ac\n__arm64_compat_sys_ioctl+0xf4/0x3e0\nel0_svc_common+0xb4/0x17c\nel0_svc_compat_handler+0x2c/0x58\nel0_svc_compat+0x8/0x2c\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-50700","url":"https://www.suse.com/security/cve/CVE-2022-50700"},{"category":"external","summary":"SUSE Bug 1255576 for CVE-2022-50700","url":"https://bugzilla.suse.com/1255576"},{"category":"external","summary":"SUSE Bug 1255577 for CVE-2022-50700","url":"https://bugzilla.suse.com/1255577"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-28T13:03:47Z","details":"important"}],"title":"CVE-2022-50700"},{"cve":"CVE-2022-50717","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-50717"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: add bounds check on Transfer Tag\n\nttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(),\nadd a bounds check to avoid out-of-bounds access.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-50717","url":"https://www.suse.com/security/cve/CVE-2022-50717"},{"category":"external","summary":"SUSE Bug 1255844 for CVE-2022-50717","url":"https://bugzilla.suse.com/1255844"},{"category":"external","summary":"SUSE Bug 1255845 for CVE-2022-50717","url":"https://bugzilla.suse.com/1255845"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-4-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-28T13:03:47Z","details":"important"}],"title":"CVE-2022-50717"}]}