The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially
enable an escalation of privilege via local access (bsc#1181720).
CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially
enable a denial of service via local access (bsc#1181735).
CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially
enable a denial of service via local access (bsc#1181736 ).
CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user
to potentially enable a denial of service via local access (bsc#1181738).
CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
ACPI: configfs: add missing check after configfsregisterdefault_group() (git-fixes).
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes).
kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995).
kABI: Fix kABI after modifying struct _callsingle_data (bsc#1180846).
kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191).
kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvmx86ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine.
kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
kernel/smp: add more data to CSD lock debugging (bsc#1180846).
kernel/smp: prepare more CSD lock debugging (bsc#1180846).
kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818).
KVM: arm64: Remove S1PTW check from kvmvcpudabt_iswrite() (bsc#1181818).
KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489).
KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380).
KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380).
KVM: SVM: Update cr3lmrsvd_bits for AMD SEV guests (bsc#1178995).
KVM: tracing: Fix unmatched kvmentry and kvmexit events (bsc#1182770).
KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798).
KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800).
KVM: x86: allow KVMSTATENESTEDMTFPENDING in kvm_state flags (bsc#1182490).
KVM: x86: clear stale x86emulatectxt->intercept value (bsc#1182381).
KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374).
KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801).
KVM: x86: Introduce cr3lmrsvdbits in kvmvcpu_arch (bsc#1178995).
KVM: x86: remove stale comment from struct x86emulatectxt (bsc#1182406).
libnvdimm/dimm: Avoid race between probe and availableslotsshow() (bsc#1170442).
lib/vsprintf: nohashpointers prints all addresses as unhashed (bsc#1182599).
linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes).
mac80211: 160MHz with extended NSS BW in CSA (git-fixes).