SUSE-SU-2022:0080-1

The SUSE Linux Enterprise 12 SP5 kernel was updated.

The following security bugs were fixed:

• CVE-2021-4083: Fixed a race condition with Unix domain socket garbage collection that can lead to read memory after free. (bsc#1193727)
• CVE-2021-4149: Fixed an improper lock operation in btrfs which allows users to crash the kernel or deadlock the system. (bsc#1194001)
• CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
• CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087)
• CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731)
• CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
• CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
• CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
• CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
• CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
• CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575)
• CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
• CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032)
• CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162)
• CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
• CVE-2021-43975: Fixed a flaw in hwatlutilsfwrpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
• CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847)
• CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)

The following non-security bugs were fixed:

• blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
• bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913)
• bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
• cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1190317).
• cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1190317).
• cifs: convert listforeach to entry variant (jsc#SLE-20656).
• cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1190317).
• cifs: Do not leak EDEADLK to dgetents64 for STATUSUSERSESSION_DELETED (bsc#1190317).
• cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317).
• cifs: Fix a potencially linear read overflow (git-fixes).
• cifs: fix a sign extension bug (git-fixes).
• cifs: fix incorrect check for null pointer in header_assemble (bsc#1190317).
• cifs: fix memory leak of smb3fscontextdup::serverhostname (bsc#1190317).
• cifs: fix missed refcounting of ipc tcon (git-fixes).
• cifs: fix potential use-after-free bugs (jsc#SLE-20656).
• cifs: fix print of hdrflags in dfscacheproc_show() (jsc#SLE-20656).
• cifs: fix wrong release in sessallocbuffer() failed path (bsc#1190317).
• cifs: for compound requests, use open handle if possible (bsc#1190317).
• cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656).
• cifs: move to generic async completion (bsc#1190317).
• cifs: nosharesock should be set on new server (git-fixes).
• cifs: nosharesock should not share socket with future sessions (bsc#1190317).
• cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317).
• cifs: properly invalidate cached root handle when closing it (bsc#1190317).
• cifs: release lock earlier in dequeue_mid error case (bsc#1190317).
• cifs: set a minimum of 120s for next dns resolution (bsc#1190317).
• cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317).
• cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656).
• cifs: support nested dfs links over reconnect (jsc#SLE-20656).
• cifs: support share failover when remounting (jsc#SLE-20656).
• cifs: To match file servers, make sure the server hostname matches (bsc#1190317).
• config: disable unprivileged BPF by default (jsc#SLE-22913) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default.
• config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64.
• constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder.
• cred: allow getcred() and putcred() to be given NULL (git-fixes).
• EDAC/amd64: Handle three rank interleaving mode (bsc#1114648).
• elfcore: correct reference to CONFIG_UML (git-fixes).
• elfcore: fix building with clang (bsc#1169514).
• fuse: release pipe buf after last use (bsc#1193318).
• genirq: Move initial affinity setup to irq_startup() (bsc#1193231).
• genirq: Provide IRQCHIPAFFINITYPRE_STARTUP (bsc#1193231).
• genirq: Remove mask argument from setup_affinity() (bsc#1193231).
• genirq: Rename setupaffinity() to irqsetup_affinity() (bsc#1193231).
• genirq: Split out irq_startup() code (bsc#1193231).
• kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
• lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
• md: fix a lock order reversal in md_alloc (git-fixes).
• net: hso: fix control-request directions (git-fixes).
• net: hso: fix muxed tty registration (git-fixes).
• net: lan78xx: fix division by zero in send path (git-fixes).
• net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727).
• net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185727).
• net: mana: Fix the netdeverr()'s vPort argument in manainit_port() (jsc#SLE-18779, bsc#1185727).
• net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727).
• net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727).
• net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727).
• net: pegasus: fix uninit-value in getinterruptinterval (git-fixes).
• net: usb: lan78xx: lan78xxphyinit(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
• nfsd: do not alloc under spinlock in rpcparsescope_id (git-fixes).
• nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
• nvme-fc: avoid race between time out and tear down (bsc#1185762).
• nvme-fc: remove freeze/unfreeze around updatenrhw_queues (bsc#1185762).
• nvme-fc: update hardware queues before using them (bsc#1185762).
• nvme-fc: wait for queues to freeze before calling updatehrhw_queues (bsc#1183678).
• nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
• objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
• platform/x86: hpaccel: Fix an error handling path in 'lis3lv02dprobe()' (git-fixes).
• platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
• pnfs/flexfiles: Fix misplaced barrier in nfs4fflayoutprepareds (git-fixes).
• printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
• rndishost: set proper input size for OIDGENPHYSICALMEDIUM request (git-fixes).
• scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes).
• scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
• scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
• scsi: lpfc: Add additional debugfs support for CMF (bsc1192145).
• scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145).
• scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145).
• scsi: lpfc: Change return code on I/Os received during link bounce (bsc1192145).
• scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc1192145).
• scsi: lpfc: Fix lpfcforcerscn ndlp kref imbalance (bsc1192145).
• scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
• scsi: lpfc: Fix NPIV port deletion crash (bsc1192145).
• scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc1192145).
• scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145).
• scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
• scsi: qla2xxx: edif: Fix app start delay (git-fixes).
• scsi: qla2xxx: edif: Fix app start fail (git-fixes).
• scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
• scsi: qla2xxx: edif: Fix off by one bug in qlaedifapp_getfcinfo() (git-fixes).
• scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes).
• scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
• scsi: qla2xxx: Fix gnl list corruption (git-fixes).
• scsi: qla2xxx: Fix mailbox direction flags in qla2xxxgetadapter_id() (git-fixes).
• scsi: qla2xxx: Format log strings only if needed (git-fixes).
• scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
• smb3: add additional null check in SMB2_ioctl (bsc#1190317).
• smb3: add additional null check in SMB2_open (bsc#1190317).
• smb3: add additional null check in SMB2_tcon (bsc#1190317).
• smb3: correct server pointer dereferencing check to be more consistent (bsc#1190317).
• smb3: correct smb3 ACL security descriptor (bsc#1190317).
• smb3: do not error on fsync when readonly (bsc#1190317).
• smb3: remove trivial dfs compile warning (jsc#SLE-20656).
• SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866).
• SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866).
• SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866).
• SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866).
• swiotlb-xen: avoid double free (git-fixes).
• tracing: Check pid filtering when creating events (git-fixes).
• tracing: Fix pid filtering when triggers are attached (git-fixes).
• tracing: use %ps format string to print symbols (git-fixes).
• tty: hvc: replace BUG_ON() with negative return value (git-fixes).
• USB: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
• USB: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
• USB: serial: option: add Fibocom FM101-GL variants (git-fixes).
• USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
• USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
• USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
• USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
• USB: serial: qcserial: add EM9191 QDL support (git-fixes).
• x86/msi: Force affinity setup before startup (bsc#1193231).
• x86/pkey: Fix undefined behaviour with PKRUWDBIT (bsc#1114648).
• x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648).
• x86/xen: Add xenpvrestoreregsandreturntousermode() (bsc#1114648).
• x86/xen: Mark cpubringupandidle() as deadend_function (bsc#1169514).
• x86/xen: swap NX determination and GDT setup on BSP (git-fixes).
• xen-pciback: redo VF placement in the virtual topology (git-fixes).
• xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
• xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
• xen/blkfront: do not trust the backend response data blindly (git-fixes).
• xen/blkfront: read response from backend only once (git-fixes).
• xen/netfront: disentangle txskbfreelist (git-fixes).
• xen/netfront: do not read data from request on the ring page (git-fixes).
• xen/netfront: do not trust the backend response data blindly (git-fixes).
• xen/netfront: read response from backend only once (git-fixes).
• xen/x86: fix PV trap handling on secondary processors (git-fixes).