The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
CVE-2021-3428: Fixed an integer overflow in ext4escache_extent (bsc#1173485).
CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
CVE-2021-29265: Fixed an issue in usbipsockfdstore which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
CVE-2021-28971: Fixed an issue in intelpmudrainpebsnhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
CVE-2021-28964: Fixed a race condition in getoldroot which could have allowed attackers to cause a denial of service (bsc#1184193).
CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
CVE-2021-28660: Fixed an out of bounds write in rtwwxset_scan (bsc#1183593 ).
CVE-2021-28375: Fixed an issue in fastrpcinternalinvoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
CVE-2019-19769: Fixed a use-after-free in the perftracelock_acquire function (bsc#1159280 ).
CVE-2019-18814: Fixed a use-after-free when aalabelparse() fails in aaauditrule_init() (bsc#1156256).
KVM: x86: Add RIP to the kvmentry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvmentry and kvm_exit events', bsc#1182770).
KVM: x86: Allow guests to see MSRIA32TSX_CTRL even if tsx=off (bsc#1183287).
KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
KVM: x86: list MSRIA32UCODE_REV as an emulated MSR (bsc#1183369).
KVM: x86: Return -E2BIG when KVMGETSUPPORTED_CPUID hits max entries (bsc#1183428).
KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
libbpf: Clear mapinfo before each bpfobjgetinfobyfd (bsc#1155518).
libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
libbpf: Fix INSTALL flag order (bsc#1155518).
libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
locking/mutex: Fix non debug version of mutexlockio_nested() (git-fixes).
qlcnic: fix error return code in qlcnic83xxrestart_hw() (git-fixes).
qxl: Fix uninitialised struct field head.surface_id (git-fixes).
random: fix the RNDRESEEDCRNG ioctl (git-fixes).
RAS/CEC: Correct ceaddelem()'s returned values (bsc#1152489).
RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
RDMA/hns: Fix type of sqsignalbits (jsc#SLE-8449).
RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
Revert 'net: bonding: fix error return code of bondneighinit()' (bsc#1154353).
rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
rpm/check-for-config-changes: comment on the list To explain what it actually is.
rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNOREDCONFIGSRE array which can be easily extended.
rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.
rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
rsi: Move card interrupt handling to RX thread (git-fixes).
rsxx: Return -EFAULT if copytouser() fails (git-fixes).
s390/cio: return -EFAULT if copytouser() fails (git-fixes).
s390/cio: return -EFAULT if copytouser() fails (git-fixes).
s390/crypto: return -EFAULT if copytouser() fails (git-fixes).
s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
s390/qeth: fix notification for pending buffers during teardown (git-fixes).
s390/qeth: improve completion of pending TX buffers (git-fixes).
s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
s390/vtime: fix increased steal time accounting (bsc#1183859).
samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).