SUSE-SU-2021:2678-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Aug 12 16:19:05 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:2678-1
Rating:             important
References:         #1065729 #1085224 #1094840 #1113295 #1153274 
                    #1154353 #1156395 #1176940 #1179243 #1183871 
                    #1184114 #1184350 #1184631 #1185377 #1186194 
                    #1186482 #1186483 #1187476 #1188062 #1188063 
                    #1188101 #1188257 #1188405 #1188445 #1188504 
                    #1188620 #1188683 #1188746 #1188747 #1188748 
                    #1188770 #1188771 #1188772 #1188773 #1188774 
                    #1188777 #1188838 #1188842 #1188876 #1188885 
                    #1188973 
Cross-References:   CVE-2021-21781 CVE-2021-22543 CVE-2021-33909
                    CVE-2021-3659 CVE-2021-37576
CVSS scores:
                    CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 36 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in
     net/mac802154/llsec.c (bsc#1188876).
   - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM
     SIGPAGE (bsc#1188445).
   - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM,
     which could bypass RO checks and can lead to pages being freed while
     still accessible by the VMM and guest. This allowed users with the
     ability to start and control a VM to read/write random pages of memory
     and can result in local privilege escalation (bsc#1186482).
   - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM
     guest OS user could cause host OS memory corruption via rtas_args.nargs
     (bsc#1188838).
   - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer
     that allows to obtain full root privileges. (bsc#1188062)

   The following non-security bugs were fixed:

   - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
   - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
   - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes).
   - ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
   - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
   - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
   - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
   - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
   - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
   - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
     (git-fixes).
   - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes).
   - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
     (git-fixes).
   - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
   - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
     (git-fixes).
   - ALSA: usx2y: Do not call free_pages_exact() with NULL address
     (git-fixes).
   - ARM: ensure the signal page contains defined contents (bsc#1188445).
   - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20
     characters (git-fixes).
   - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes).
   - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
   - ASoC: soc-core: Fix the error return code in
     snd_soc_of_parse_audio_routing() (git-fixes).
   - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
   - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
   - Bluetooth: Shutdown controller after workqueues are flushed or cancelled
     (git-fixes).
   - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip
     (git-fixes).
   - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc
     (git-fixes).
   - Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
     (git-fixes).
   - Input: ili210x - add missing negation for touch indication on ili210x
     (git-fixes).
   - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw
     disabled (bsc#1188771).
   - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
     (bsc#1188773).
   - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774).
   - KVM: nVMX: Preserve exception priority irrespective of exiting behavior
     (bsc#1188777).
   - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
   - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
     (git-fixes).
   - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
     (git-fixes).
   - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
   - PCI: aardvark: Implement workaround for the readback value of VEND_ID
     (git-fixes).
   - PCI: aardvark: Implement workaround for the readback value of VEND_ID
     (git-fixes).
   - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
   - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
   - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes).
   - PCI: quirks: fix false kABI positive (git-fixes).
   - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449).
   - RDMA/cma: Protect RMW with qp_mutex (git-fixes).
   - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes).
   - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
     (git-fixes).
   - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes).
   - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
   - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
   - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
   - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
   - backlight: lm3630a: Fix return code of .update_status() callback
     (git-fixes).
   - bcache: avoid oversized read request in cache missing code path
     (bsc#1184631).
   - bcache: remove bcache device self-defined readahead (bsc#1184631).
   - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
     bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: do not disable an already disabled PCI device (git-fixes).
   - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
     (bsc#1154353).
   - cadence: force nonlinear buffers to be cloned (git-fixes).
   - can: ems_usb: fix memory leak (git-fixes).
   - can: esd_usb2: fix memory leak (git-fixes).
   - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
   - can: mcba_usb_start(): add missing urb->transfer_dma initialization
     (git-fixes).
   - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
   - can: usb_8dev: fix memory leak (git-fixes).
   - ceph: do not WARN if we're still opening a session to an MDS
     (bsc#1188748).
   - cifs: Fix preauth hash corruption (git-fixes).
   - cifs: Return correct error code from smb2_get_enc_key (git-fixes).
   - cifs: do not fail __smb_send_rqst if non-fatal signals are pending
     (git-fixes).
   - cifs: fix interrupted close commands (git-fixes).
   - cifs: fix memory leak in smb2_copychunk_range (git-fixes).
   - clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
   - clk: tegra: Ensure that PLLU configuration is applied properly
     (git-fixes).
   - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
     (git-fixes).
   - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)).
   - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes).
   - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes).
   - crypto: sun4i-ss - initialize need_fallback (git-fixes).
   - crypto: virtio: Fix dest length calculation in
     __virtio_crypto_skcipher_do_req() (git-fixes).
   - crypto: virtio: Fix src/dst scatterlist calculation in
     __virtio_crypto_skcipher_do_req() (git-fixes).
   - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
   - cxgb4: fix IRQ free race during driver unload (git-fixes).
   - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes).
   - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
   - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
   - drm/amd/display: Update scaling settings on modeset (git-fixes).
   - drm/amd/display: Verify Gamma & Degamma LUT sizes in
     amdgpu_dm_atomic_check (git-fixes).
   - drm/amd/display: fix incorrrect valid irq check (git-fixes).
   - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes).
   - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
   - drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
   - drm/arm/malidp: Always list modifiers (git-fixes).
   - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
     (git-fixes).
   - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
     (git-fixes).
   - drm/msm/mdp4: Fix modifier support enabling (git-fixes).
   - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes).
   - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
   - drm/radeon: Add the missed drm_gem_object_put() in
     radeon_user_framebuffer_create() (git-fixes).
   - drm/sched: Avoid data corruptions (git-fixes).
   - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes).
   - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes).
   - drm/virtio: Fix double free on probe failure (git-fixes).
   - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes).
   - drm: Return -ENOTTY for non-drm ioctls (git-fixes).
   - e1000e: Check the PCIm state (git-fixes).
   - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes).
   - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes).
   - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
     (git-fixes).
   - firmware: arm_scmi: Fix range check for the maximum number of pending
     messages (git-fixes).
   - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
   - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
   - gtp: fix an use-before-init in gtp_newlink() (git-fixes).
   - gve: Add DQO fields for core data structures (bsc#1176940).
   - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
     (bsc#1176940).
   - gve: Add dqo descriptors (bsc#1176940).
   - gve: Add stats for gve (bsc#1176940).
   - gve: Add support for DQO RX PTYPE map (bsc#1176940).
   - gve: Add support for raw addressing device option (bsc#1176940).
   - gve: Add support for raw addressing in the tx path (bsc#1176940).
   - gve: Add support for raw addressing to the rx path (bsc#1176940).
   - gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
   - gve: Check TX QPL was actually assigned (bsc#1176940).
   - gve: DQO: Add RX path (bsc#1176940).
   - gve: DQO: Add TX path (bsc#1176940).
   - gve: DQO: Add core netdev features (bsc#1176940).
   - gve: DQO: Add ring allocation and initialization (bsc#1176940).
   - gve: DQO: Configure interrupts on device up (bsc#1176940).
   - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
   - gve: DQO: Remove incorrect prefetch (bsc#1176940).
   - gve: Enable Link Speed Reporting in the driver (bsc#1176940).
   - gve: Fix warnings reported for DQO patchset (bsc#1176940).
   - gve: Get and set Rx copybreak via ethtool (bsc#1176940).
   - gve: Introduce a new model for device options (bsc#1176940).
   - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
   - gve: Make gve_rx_slot_page_info.page_offset an absolute offset
     (bsc#1176940).
   - gve: Move some static functions to a common file (bsc#1176940).
   - gve: NIC stats for report-stats and for ethtool (bsc#1176940).
   - gve: Propagate error codes to caller (bsc#1176940).
   - gve: Replace zero-length array with flexible-array member (bsc#1176940).
   - gve: Rx Buffer Recycling (bsc#1176940).
   - gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
   - gve: Update adminq commands to support DQO queues (bsc#1176940).
   - gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
   - gve: Use link status register to report link status (bsc#1176940).
   - gve: adminq: DQO specific device descriptor logic (bsc#1176940).
   - gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
   - i2c: core: Disable client irq on reboot/shutdown (git-fixes).
   - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
   - i40e: Fix error handling in i40e_vsi_open (git-fixes).
   - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
   - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
   - ibmvnic: retry reset if there are no other resets (bsc#1184350
     ltc#191533).
   - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency
     (jsc#SLE-7926).
   - igb: Check if num of q_vectors is smaller than max before array access
     (git-fixes).
   - igb: Fix an error handling path in 'igb_probe()' (git-fixes).
   - igb: Fix position of assignment to *ring (git-fixes).
   - igb: Fix use-after-free error during reset (git-fixes).
   - igc: Fix an error handling path in 'igc_probe()' (git-fixes).
   - igc: Fix use-after-free error during reset (git-fixes).
   - igc: change default return of igc_read_phy_reg() (git-fixes).
   - iio: accel: bma180: Use explicit member assignment (git-fixes).
   - iio: gyro: fxa21002c: Balance runtime pm + use
     pm_runtime_resume_and_get() (git-fixes).
   - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
     (git-fixes).
   - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
   - iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
   - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes).
   - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
   - kABI workaround for pci/quirks.c (git-fixes).
   - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes).
   - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
     (git-fixes).
   - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes).
   - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
     (git-fixes).
   - kprobes: fix kill kprobe which has been marked as gone (git-fixes).
   - kvm: LAPIC: Restore guard to prevent illegal APIC register access
     (bsc#1188772).
   - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770).
   - lib/decompress_unlz4.c: correctly handle zero-padding around initrds
     (git-fixes).
   - liquidio: Fix unintentional sign extension issue on left shift of u16
     (git-fixes).
   - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
   - media, bpf: Do not copy more entries than user space requested
     (git-fixes).
   - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
     (git-fixes).
   - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
     (git-fixes).
   - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
   - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
   - misc/libmasm/module: Fix two use after free in ibmasm_init_one
     (git-fixes).
   - misc: alcor_pci: fix inverted branch condition (git-fixes).
   - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
     (git-fixes).
   - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
     (git-fixes).
   - mt76: mt7603: set 0 as min coverage_class value (git-fixes).
   - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes).
   - mt76: mt7615: increase MCU command timeout (git-fixes).
   - mt76: set dma-done flag for flushed descriptors (git-fixes).
   - mvpp2: suppress warning (git-fixes).
   - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes).
   - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes).
   - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
   - net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
   - net: dp83867: Fix OF_MDIO config check (git-fixes).
   - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
   - net: gve: convert strlcpy to strscpy (bsc#1176940).
   - net: gve: remove duplicated allowed (bsc#1176940).
   - net: hns3: Clear the CMDQ registers before unmapping BAR region
     (git-fixes).
   - net: marvell: Fix OF_MDIO config check (git-fixes).
   - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
   - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx
     phy (git-fixes).
   - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
   - net: wilc1000: clean up resource in error path of init mon interface
     (git-fixes).
   - nfc: nfcsim: fix use after free during module unload (git-fixes).
   - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes).
   - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
     (git-fixes).
   - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes).
   - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
   - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when
     using s2idle (git-fixes).
   - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip
     (git-fixes).
   - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after
     platform_get_irq() (git-fixes).
   - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes).
   - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
   - power: supply: ab8500: Avoid NULL pointers (git-fixes).
   - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
   - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
     (git-fixes).
   - power: supply: max17042: Do not enforce (incorrect) interrupt trigger
     type (git-fixes).
   - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
     (git-fixes).
   - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h
     (bsc#1188885 ltc#193722).
   - powerpc/64s: rename pnv|pseries_setup_rfi_flush to
     _setup_security_mitigations (bsc#1188885 ltc#193722).
   - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
   - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295,
     git-fixes).
   - powerpc/pesries: Get STF barrier requirement from
     H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
   - powerpc/pseries: Get entry and uaccess flush required bits from
     H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
   - powerpc/pseries: add new branch prediction security bits for link stack
     (bsc#1188885 ltc#193722).
   - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885
     ltc#193722).
   - powerpc/security: Add a security feature for STF barrier (bsc#1188885
     ltc#193722).
   - powerpc/security: Allow for processors that flush the link stack using
     the special bcctr (bsc#1188885 ltc#193722).
   - powerpc/security: Fix link stack flush instruction (bsc#1188885
     ltc#193722).
   - powerpc/security: change link stack flush state to the flush type enum
     (bsc#1188885 ltc#193722).
   - powerpc/security: make display of branch cache flush more consistent
     (bsc#1188885 ltc#193722).
   - powerpc/security: re-name count cache flush to branch cache flush
     (bsc#1188885 ltc#193722).
   - powerpc/security: split branch cache flush toggle from code patching
     (bsc#1188885 ltc#193722).
   - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
     (bsc#1156395).
   - powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
   - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
   - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
   - pwm: imx1: Do not disable clocks at device remove time (git-fixes).
   - pwm: spear: Do not modify HW state in .remove callback (git-fixes).
   - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes).
   - r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
   - r8152: Fix potential PM refcount imbalance (bsc#1186194).
   - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM
     (git-fixes).
   - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes).
   - rbd: always kick acquire on "acquired" and "released" notifications
     (bsc#1188746).
   - rbd: do not hold lock_rwsem while running_list is being drained
     (bsc#1188747).
   - regulator: hi6421: Fix getting wrong drvdata (git-fixes).
   - regulator: hi6421: Use correct variable type for regmap api val argument
     (git-fixes).
   - replaced with upstream security mitigation cleanup
   - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
   - rtc: max77686: Do not enforce (incorrect) interrupt trigger type
     (git-fixes).
   - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
   - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
   - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
   - sfp: Fix error handing in sfp_probe() (git-fixes).
   - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
   - spi: cadence: Correct initialisation of runtime PM again (git-fixes).
   - spi: imx: add a check for speed_hz before calculating the clock
     (git-fixes).
   - spi: mediatek: fix fifo rx mode (git-fixes).
   - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes).
   - thermal/core: Correct function name thermal_zone_device_unregister()
     (git-fixes).
   - tpm: efi: Use local variable for calculating final log size (git-fixes).
   - tracing: Do not reference char * as a string in histograms (git-fixes).
   - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
     (git-fixes).
   - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
     zero (git-fixes).
   - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
     (git-fixes).
   - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes).
   - usb: gadget: hid: fix error return code in hid_bind() (git-fixes).
   - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
     (git-fixes).
   - usb: hub: Fix link power management max exit latency (MEL) calculations
     (git-fixes).
   - usb: max-3421: Prevent corruption of freed memory (git-fixes).
   - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
     (git-fixes).
   - uuid: Add inline helpers to import / export UUIDs (bsc#1113295,
     git-fixes).
   - virtio_console: Assure used length from device is limited (git-fixes).
   - virtio_net: move tx vq operation under tx queue lock (git-fixes).
   - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
   - w1: ds2438: fixing bug that would always get page0 (git-fixes).
   - watchdog: Fix possible use-after-free by calling del_timer_sync()
     (git-fixes).
   - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
   - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
   - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
     (git-fixes).
   - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
   - wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
   - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
   - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
   - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
   - xen/events: reset active flag for lateeoi events later (git-fixes).
   - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
   - xhci: Fix lost USB 2 remote wake (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2678=1

   - SUSE Linux Enterprise Module for Realtime 15-SP2:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-2678=1



Package List:

   - SUSE MicroOS 5.0 (x86_64):

      kernel-rt-5.3.18-48.1
      kernel-rt-debuginfo-5.3.18-48.1
      kernel-rt-debugsource-5.3.18-48.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):

      cluster-md-kmp-rt-5.3.18-48.1
      cluster-md-kmp-rt-debuginfo-5.3.18-48.1
      dlm-kmp-rt-5.3.18-48.1
      dlm-kmp-rt-debuginfo-5.3.18-48.1
      gfs2-kmp-rt-5.3.18-48.1
      gfs2-kmp-rt-debuginfo-5.3.18-48.1
      kernel-rt-5.3.18-48.1
      kernel-rt-debuginfo-5.3.18-48.1
      kernel-rt-debugsource-5.3.18-48.1
      kernel-rt-devel-5.3.18-48.1
      kernel-rt-devel-debuginfo-5.3.18-48.1
      kernel-rt_debug-5.3.18-48.1
      kernel-rt_debug-debuginfo-5.3.18-48.1
      kernel-rt_debug-debugsource-5.3.18-48.1
      kernel-rt_debug-devel-5.3.18-48.1
      kernel-rt_debug-devel-debuginfo-5.3.18-48.1
      kernel-syms-rt-5.3.18-48.1
      ocfs2-kmp-rt-5.3.18-48.1
      ocfs2-kmp-rt-debuginfo-5.3.18-48.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):

      kernel-devel-rt-5.3.18-48.1
      kernel-source-rt-5.3.18-48.1


References:

   https://www.suse.com/security/cve/CVE-2021-21781.html
   https://www.suse.com/security/cve/CVE-2021-22543.html
   https://www.suse.com/security/cve/CVE-2021-33909.html
   https://www.suse.com/security/cve/CVE-2021-3659.html
   https://www.suse.com/security/cve/CVE-2021-37576.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085224
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1113295
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1179243
   https://bugzilla.suse.com/1183871
   https://bugzilla.suse.com/1184114
   https://bugzilla.suse.com/1184350
   https://bugzilla.suse.com/1184631
   https://bugzilla.suse.com/1185377
   https://bugzilla.suse.com/1186194
   https://bugzilla.suse.com/1186482
   https://bugzilla.suse.com/1186483
   https://bugzilla.suse.com/1187476
   https://bugzilla.suse.com/1188062
   https://bugzilla.suse.com/1188063
   https://bugzilla.suse.com/1188101
   https://bugzilla.suse.com/1188257
   https://bugzilla.suse.com/1188405
   https://bugzilla.suse.com/1188445
   https://bugzilla.suse.com/1188504
   https://bugzilla.suse.com/1188620
   https://bugzilla.suse.com/1188683
   https://bugzilla.suse.com/1188746
   https://bugzilla.suse.com/1188747
   https://bugzilla.suse.com/1188748
   https://bugzilla.suse.com/1188770
   https://bugzilla.suse.com/1188771
   https://bugzilla.suse.com/1188772
   https://bugzilla.suse.com/1188773
   https://bugzilla.suse.com/1188774
   https://bugzilla.suse.com/1188777
   https://bugzilla.suse.com/1188838
   https://bugzilla.suse.com/1188842
   https://bugzilla.suse.com/1188876
   https://bugzilla.suse.com/1188885
   https://bugzilla.suse.com/1188973



More information about the sle-security-updates mailing list