The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
CVE-2021-3428: Fixed an integer overflow in ext4escache_extent (bsc#1173485).
CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
CVE-2021-29265: Fixed an issue in usbipsockfdstore which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
CVE-2021-28971: Fixed an issue in intelpmudrainpebsnhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
CVE-2021-28964: Fixed a race condition in getoldroot which could have allowed attackers to cause a denial of service (bsc#1184193).
CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
CVE-2021-28660: Fixed an out of bounds write in rtwwxset_scan (bsc#1183593 ).
CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).
The following non-security bugs were fixed:
ACPI: scan: Rearrange memory allocation in acpideviceadd() (git-fixes).
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
amba: Fix resource leak for drivers without .remove (git-fixes).
bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455).
bfq: update internal depth state when queue depth changes (bsc#1172455).
block: rsxx: fix error return code of rsxxpciprobe() (git-fixes).
Bluetooth: Fix null pointer dereference in ampreadlocassocfinal_data (git-fixes).
Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
Bluetooth: hciuart: Fix a race for writework scheduling (git-fixes).
bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170).
bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163).
bpflrulist: Read double-checked variable once without lock (git-fixes).
bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
bus: omapl3noc: mark l3 irqs as IRQFNOTHREAD (git-fixes).
can: ccan: move runtime PM enable/disable to ccan_platform (git-fixes).
drm/amdgpu: Fix macro name AMDGPUTRACEH in preprocessor if (bsc#1129770) Backporting notes: * context changes
drm/atomic: Create _drmatomichelpercrtcreset() for subclassing (bsc#1142635) Backporting notes: * taken for 427c4a0680a2 ('drm/vc4: crtc: Rework a bit the CRTC state code') * renamed drmatomicstatehelper.{c,h} to drmatomichelper.{c,h} * context changes
drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770) Backporting notes: * context changes