The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087).
CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990)
CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404)
CVE-2021-43975: Fixed a flaw in hwatlutilsfwrpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845)
CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599)
CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bnc#1192877)
The following non-security bugs were fixed:
ACPI: battery: Accept charges over the design capacity as full (git-fixes).
net: mana: Fix the netdeverr()'s vPort argument in manainit_port() (jsc#SLE-18779, bsc#1185726).
net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
net: pegasus: fix uninit-value in getinterruptinterval (git-fixes).
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic83xxadd_rings() (git-fixes).
net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691).
net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691).
net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691).
net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691).
net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691).
net: usb: lan78xx: lan78xxphyinit(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
net: usb: lan78xx: lan78xxphyinit(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
net: usb: Merge cputole32s + memcpy to putunalignedle32 (git-fixes).
net/mlx4en: Fix an use-after-free bug in mlx4entryalloc_resources() (git-fixes).
net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172).
net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774).
netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447).
netfilter: ctnetlink: fix filtering with CTATUPLEREPLY (bsc#1176447).
netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447).
NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
NFC: pn533: Fix double free when pn533fillfragment_skbs() fails (git-fixes).
NFC: reorder the logic in nfc{un,}registerdevice (git-fixes).
NFC: reorganize the functions in nci_request (git-fixes).
nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
nfp: Fix memory leak in nfpcppareacacheadd() (git-fixes).
NFS: do not alloc under spinlock in rpcparsescope_id (git-fixes).
NFS: Do not set NFSINODATAINVALDEFER and NFSINOINVALID_DATA (git-fixes).
NFS: do not take i_rwsem for swap IO (bsc#1191876).
NFS: Fix a regression in nfssetopenstateidlocked() (git-fixes).
NFS: Fix deadlocks in nfsscancommit_list() (git-fixes).
NFS: fix error handling of registerpernetsubsys() in init_nfsd() (git-fixes).
NFS: Fix up commit deadlocks (git-fixes).
NFS: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
NFS: move genericwritechecks() call from nfsfiledirectwrite() to nfsfile_write() (bsc#1191876).
nvme: add NO APST quirk for Kioxia device (git-fixes).
nvme: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
Pass consistent param->type to fsparse() (bsc#1192606). [ ematsumiya: - drop the case fsparamisfd - leave .hasvalue in fsparseresult so it does not break kabi - still set .hasvalue in fs_parse() for real kabi compatibility ]
PCI: Add PCIEXPDEVCTLPAYLOAD* macros (git-fixes).
PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes).
printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
qede: validate non LSO skb length (git-fixes).
r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649).
recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
ring-buffer: Protect ringbufferreset() from reentrancy (bsc#1179960).
rpm/*.spec.in: use buildroot macro instead of env variable The RPMBUILDROOT variable is considered deprecated over a buildroot macro. future proof the spec files.
rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIPKEEPSYMTAB we set. So fix this by removing the dash...
rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well.
rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
rxrpc: Fix rxrpclocal leak in rxrpclookup_peer() (bsc#1154353 bnc#1151927 5.3.9).