The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116).
CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062).
CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215).
CVE-2021-3612: An out-of-bounds memory write flaw was found in the joystick devices subsystem in the way the user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1187585 ).
CVE-2021-35039: kernel/module.c mishandled Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, did not occur for a module.sigenforce=1 command-line argument (bnc#1188080). NOTE that SUSE kernels are configured with CONFIGMODULESIG=y, so are not affected.
The following non-security bugs were fixed:
ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes).
ACPI: bus: Call kobjectput() in acpiinit() error path (git-fixes).
ACPICA: Fix memory leak caused by _CID repair function (git-fixes).
ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes).
ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
ACPI: resources: Add checks for ACPI IRQ override (git-fixes).
ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes).
ALSA: hda/realtek: Add another ALC236 variant support (git-fixes).
ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes).
ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes).
ALSA: isa: Fix error return code in sndcmi8330probe() (git-fixes).
ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).