The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
The following non-security bugs were fixed:
ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
ionic: count csum_none when offload enabled (bsc#1167773).
ionic: drop useless check of PCI driver data validity (bsc#1167773).
ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
ipc/util.c: use binary search for max_idx (bsc#1159886).
ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
ipvs: avoid expiring many connections from timer (bsc#1190467).
ipvs: Fix up kabi for expirenodestconn_work addition (bsc#1190467).
ipvs: queue delayed work to expire no destination connections if expirenodestconn=1 (bsc#1190467).
iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
iwlwifi: mvm: fix a memory leak in iwlmvmmacctxtbeacon_changed (git-fixes).
kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
libata: fix atahoststart() (git-fixes).
libbpf: Fix removal of inner map in bpfobjectcreatemap (git-fixes).
libbpf: Fix the possible memory leak on error (git-fixes).
mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
regmap: fix page selection for noinc reads (git-fixes).
regmap: fix page selection for noinc writes (git-fixes).
regmap: fix the offset of register error log (git-fixes).
Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
rpm/kernel-binary.spec: Use only non-empty certificates.
rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
rtc: rx8010: select REGMAP_I2C (git-fixes).
rtc: tps65910: Correct driver module alias (git-fixes).
s390/unwind: use currentframeaddress() to unwind current task (bsc#1185677).