SUSE-SU-2021:3754-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri Nov 19 23:19:24 UTC 2021

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2021:3754-1
Rating:             important
References:         #1065729 #1085030 #1152489 #1154353 #1156395 
                    #1157177 #1167773 #1172073 #1173604 #1176940 
                    #1184673 #1185762 #1186063 #1187167 #1188563 
                    #1189841 #1190006 #1190067 #1190349 #1190351 
                    #1190479 #1190620 #1190642 #1190795 #1190941 
                    #1191229 #1191241 #1191315 #1191317 #1191349 
                    #1191384 #1191449 #1191450 #1191451 #1191452 
                    #1191455 #1191456 #1191628 #1191731 #1191800 
                    #1191934 #1191958 #1192040 #1192041 #1192107 
                    #1192145 #1192267 #1192549 
Cross-References:   CVE-2021-3542 CVE-2021-3655 CVE-2021-3715
                    CVE-2021-3760 CVE-2021-3772 CVE-2021-3896
                    CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
                    CVE-2021-42739 CVE-2021-43056
CVSS scores:
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Workstation Extension 15-SP2
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP2

   An update that solves 11 vulnerabilities and has 37 fixes
   is now available.


   The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access

   The following non-security bugs were fixed:

   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
   - NFS: dir_cookie is a pointer to the cookie in older kernels, not the
     cookie itself (bsc#1191628 bsc#1192549).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
   - audit: fix possible null-pointer dereference in audit_filter_rules
   - bfq: Remove merged request already in bfq_requests_merged()
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: fix pin_count leak (git-fixes).
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
   - ftrace: Fix scripts/ due to new binutils (bsc#1192267).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - gve: Avoid freeing NULL pointer (git-fixes).
   - gve: Correct available tx qpl check (git-fixes).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
   - gve: fix gve_get_stats() (git-fixes).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
   - i40e: Fix ATR queue selection (git-fixes).
   - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - iavf: fix double unlock of crit_lock (git-fixes).
   - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
   - ipv6/netfilter: Discard first fragment not including all headers
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mlx5: count all link events (git-fixes).
   - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
   - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
   - net/mlx4_en: Resolve bad operstate value (git-fixes).
   - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
   - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
   - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
   - net: batman-adv: fix error handling (git-fixes).
   - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
   - scsi: qla2xxx: Check for firmware capability before creating QPair
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to (bsc#1190941).
   - scsi: qla2xxx: Update version to (bsc#1190941).
   - scsi: qla2xxx: Update version to (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - sctp: check asoc peer.asconf_capable before processing asconf
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
   - xhci: Fix command ring pointer corruption while aborting a command
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3754=1

   - SUSE Linux Enterprise Workstation Extension 15-SP2:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3754=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3754=1

Package List:

   - SUSE MicroOS 5.0 (aarch64 x86_64):


   - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):


   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):


   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):


   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):


   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):



More information about the sle-security-updates mailing list