The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bsc#1187038 ).
The following non-security bugs were fixed:
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: move many drivers to use DEVICE_ATTR_WO (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188750). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - crypto: do not free algorithm before using (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e100: handle eeprom as little endian (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add NULL pointer checks when freeing irqs (bsc#1176940). - gve: Add basic driver framework for Compute Engine Virtual NIC (jsc#SLE-10538). - gve: Add dqo descriptors (bsc#1176940). - gve: Add ethtool support (jsc#SLE-10538). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Add workqueue and reset support (jsc#SLE-10538). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538). - gve: Correct SKB queue index validation (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (bsc#1176940). - gve: Fix case where desc_cnt and data_cnt can get out of sync (jsc#SLE-10538). - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538). - gve: Fix the queue page list allocated pages count (bsc#1176940). - gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Fixes DMA synchronization (jsc#SLE-10538). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Remove the exporting of gve_probe (jsc#SLE-10538). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940). - gve: Upgrade memory barrier in poll routine (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538). - gve: fix dma sync bug where not all pages synced (bsc#1176940). - gve: fix unused variable/label warnings (jsc#SLE-10538). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: replace kfree with kvfree (jsc#SLE-10538). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161). - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1181161). - nvme-multipath: fix double initialization of ANA state (bsc#1181161). - nvme-rdma: add clean action for failed reconnection (bsc#1181161). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1181161). - nvme-rdma: use cancel tagset helper for tear down (bsc#1181161). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161). - nvmet: use new ana_log_size instead the old one (bsc#1181161). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries/scm: Use a specific endian format for storing uuid from the device tree (bsc#1113295, git-fixes). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - scripts/git_sort/git_sort.py: add bpf git repo - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes).
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 11 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 12 SP5 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Live Patching 12 SP4 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Package Hub for SUSE Linux Enterprise 12 SP1