The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
CVE-2021-3348: Fixed a use-after-free in nbdaddsocket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504).
CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).
CVE-2021-0342: In tungetuser of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812)
CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlinkparsetuple_filter (bnc#1176395).
CVE-2020-36158: Fixed an issue wich might have allowed a remote attackers to execute arbitrary code via a long SSID value in mwifiexcmd80211adhocstart() (bnc#1180559).
CVE-2020-28374: Fixed a vulnerability caused by insufficient identifier checking in the LIO SCSI target code. This could have been used by a remote attackers to read or write files via directory traversal in an XCOPY request (bnc#1178372).
The following non-security bugs were fixed:
ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).
ACPI: scan: add stub acpicreateplatformdevice() for !CONFIGACPI (git-fixes).
ACPI: scan: Harden acpideviceadd() against device ID overflows (git-fixes).
ACPI: scan: Make acpibusget_device() clear return pointer on error (git-fixes).