The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-3772: Fixed sctp vtag check in sctpsfootb (bsc#1190351).
CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
CVE-2021-3896: Fixed a array-index-out-bounds in detachcapictr in drivers/isdn/capi/kcapi.c (bsc#1191958).
CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rfconninfo object (bsc#1190067).
CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avccapmt mishandled bounds checking (bsc#1184673).
CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
CVE-2021-33033: Fixed a use-after-free in cipsov4genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109).
CVE-2021-3715: Fixed a use-after-free in route4change() in net/sched/clsroute.c (bsc#1190349).
CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645).
CVE-2021-42252: Fixed an issue inside aspeedlpcctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
CVE-2021-41864: Fixed preallocelemsand_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
CVE-2021-42008: Fixed a slab out-of-bounds write in the decodedata function in drivers/net/hamradio/6pack.c. Input from a process that had the CAPNET_ADMIN capability could have lead to root access (bsc#1191315).
The following non-security bugs were fixed:
ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes).
ACPI: bgrt: Fix CFI violation (git-fixes).
ACPI: fix NULL pointer dereference (git-fixes).
ACPI: fix NULL pointer dereference (git-fixes).
ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes).
ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).