The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2020-36312: Fixed an issue within virt/kvm/kvmmain.c that had a kvmiobusunregister_dev memory leak upon a kmalloc failure (bnc#1184509).
CVE-2021-29650: Fixed an issue within the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/xtables.c and include/linux/netfilter/xtables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).
CVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that allowed a setmemoryregion_test infinite loop for certain nested page faults (bnc#1184512).
CVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
CVE-2020-36322: Fixed an issue within the FUSE filesystem implementation where fusedogetattr() calls makebadinode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211, bnc#1184952).
Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113).
rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)
rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).