SUSE-SU-2021:3655-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Nov 11 14:37:50 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3655-1
Rating:             important
References:         #1065729 #1085030 #1152472 #1152489 #1156395 
                    #1172073 #1173604 #1176447 #1176774 #1176914 
                    #1178134 #1180100 #1181147 #1184673 #1185762 
                    #1186063 #1186109 #1187167 #1188563 #1189841 
                    #1190006 #1190067 #1190349 #1190351 #1190479 
                    #1190620 #1190642 #1190795 #1190801 #1190941 
                    #1191229 #1191240 #1191241 #1191315 #1191317 
                    #1191349 #1191384 #1191449 #1191450 #1191451 
                    #1191452 #1191455 #1191456 #1191628 #1191645 
                    #1191663 #1191731 #1191800 #1191867 #1191934 
                    #1191958 #1192040 #1192041 #1192074 #1192107 
                    #1192145 
Cross-References:   CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
                    CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
                    CVE-2021-3772 CVE-2021-3896 CVE-2021-41864
                    CVE-2021-42008 CVE-2021-42252 CVE-2021-42739
                    CVE-2021-43056
CVSS scores:
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Workstation Extension 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 43 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
   security and bugfixes.

   NOTE: This update was retracted due to a NFS regression.

   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
     Vulnerability (bsc#1191645).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: NFIT: Use fallback node id when numa info in NFIT table is
     incorrect (git-fixes).
   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
     (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
     laptop (git-fixes).
   - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
     13s Gen2 (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
     15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
     (bsc#1190801).
   - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
     (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
     (git-fixes).
   - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
     the matching in-/output (git-fixes).
   - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
   - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
     (git-fixes).
   - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
   - ASoC: dapm: use component prefix when checking widget names (git-fixes).
   - ASoC: fsl_spdif: register platform component before registering cpu dai
     (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - Configure mpi3mr as currently unsupported (jsc#SLE-18120)
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
     git-fixes).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
   - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
   - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
   - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
   - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
     (bsc#1181147).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
     (jsc#SLE-16649).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: correct bridge/4addr mode check (git-fixes).
   - cfg80211: fix management registrations locking (git-fixes).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
     bsc#1176914 ltc#186394 git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
     (git-fixes).
   - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	*
     context changes in intel_timeline_fini()
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
     (git-fixes).
   - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - drm/panfrost: Make sure MMU context lifetime is not bound to
     (bsc#1152472)
   - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
   - e1000e: Drop patch to avoid regressions until real fix is available
     (bsc#1191663).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - ice: fix getting UDP tunnel entry (jsc#SLE-12878).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kABI workaround for HD-audio probe retry changes (bsc#1190801).
   - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
     bsc#1191240 ltc#194716).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/mlx5: E-Switch, Fix double allocation of acl flow counter
     (jsc#SLE-15172).
   - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
   - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
     LRO combined (jsc#SLE-15172).
   - net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
     (bsc#1176774).
   - net: batman-adv: fix error handling (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: check queue id range before using (jsc#SLE-14777).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
     garbage value (bsc#1176447).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
   - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
     git-fixes).
   - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
     (jsc#SLE-13847 git-fixes).
   - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
     (jsc#SLE-9246 git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
     code in tests (jsc#SLE-13847 git-fixes).
   - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
     (jsc#SLE-13847 git-fixes).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
     (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
     code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
   - powerpc: Do not use 'struct ppc_inst' to reference instruction location
     (jsc#SLE-13847 git-fixes).
   - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
     ltc#194757).
   - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
     (git-fixes).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
   - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
   - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
   - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
   - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for device add/remove event handling
     (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for timestamp sync with firmware
     (jsc#SLE-18120).
   - scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Allow certain commands during pci-remove hook
     (jsc#SLE-18120).
   - scsi: mpi3mr: Base driver code (jsc#SLE-18120).
   - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
   - scsi: mpi3mr: Create operational request and reply queue pair
     (jsc#SLE-18120).
   - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
   - scsi: mpi3mr: Fix missing unlock on error (git-fixes).
   - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
     (jsc#SLE-18120).
   - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
   - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
   - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (jsc#SLE-18120).
   - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
     (jsc#SLE-18120).
   - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
     timeout (jsc#SLE-18120).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
     (bsc#1178134).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix I_DONTCACHE (bsc#1192074).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3655=1

   - SUSE Linux Enterprise Workstation Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3655=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3655=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      kernel-default-5.3.18-59.30.1
      kernel-default-base-5.3.18-59.30.1.18.17.1
      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1

   - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):

      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      kernel-default-extra-5.3.18-59.30.1
      kernel-default-extra-debuginfo-5.3.18-59.30.1
      kernel-preempt-debuginfo-5.3.18-59.30.1
      kernel-preempt-debugsource-5.3.18-59.30.1
      kernel-preempt-extra-5.3.18-59.30.1
      kernel-preempt-extra-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      kernel-default-livepatch-5.3.18-59.30.1
      kernel-default-livepatch-devel-5.3.18-59.30.1
      kernel-livepatch-5_3_18-59_30-default-1-7.3.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      reiserfs-kmp-default-5.3.18-59.30.1
      reiserfs-kmp-default-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-59.30.1
      kernel-obs-build-debugsource-5.3.18-59.30.1
      kernel-syms-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-59.30.1
      kernel-preempt-debugsource-5.3.18-59.30.1
      kernel-preempt-devel-5.3.18-59.30.1
      kernel-preempt-devel-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      kernel-docs-5.3.18-59.30.1
      kernel-source-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-59.30.1
      kernel-default-base-5.3.18-59.30.1.18.17.1
      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      kernel-default-devel-5.3.18-59.30.1
      kernel-default-devel-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      kernel-preempt-5.3.18-59.30.1
      kernel-preempt-debuginfo-5.3.18-59.30.1
      kernel-preempt-debugsource-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      kernel-64kb-5.3.18-59.30.1
      kernel-64kb-debuginfo-5.3.18-59.30.1
      kernel-64kb-debugsource-5.3.18-59.30.1
      kernel-64kb-devel-5.3.18-59.30.1
      kernel-64kb-devel-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      kernel-devel-5.3.18-59.30.1
      kernel-macros-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):

      kernel-zfcpdump-5.3.18-59.30.1
      kernel-zfcpdump-debuginfo-5.3.18-59.30.1
      kernel-zfcpdump-debugsource-5.3.18-59.30.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-59.30.1
      cluster-md-kmp-default-debuginfo-5.3.18-59.30.1
      dlm-kmp-default-5.3.18-59.30.1
      dlm-kmp-default-debuginfo-5.3.18-59.30.1
      gfs2-kmp-default-5.3.18-59.30.1
      gfs2-kmp-default-debuginfo-5.3.18-59.30.1
      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      ocfs2-kmp-default-5.3.18-59.30.1
      ocfs2-kmp-default-debuginfo-5.3.18-59.30.1


References:

   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176914
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1180100
   https://bugzilla.suse.com/1181147
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190801
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191240
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191645
   https://bugzilla.suse.com/1191663
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191867
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192074
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145



More information about the sle-security-updates mailing list