The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2022-0185: Incorrect param length parsing in legacyparseparam which could have led to a local privilege escalation (bsc#1194517).
CVE-2022-0322: Fixed a denial of service in SCTP sctpaddtochunk (bsc#1194985).
CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
CVE-2021-46283: nftablesnewset in net/netfilter/nftablesapi.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nftsetelemexpralloc. A local user can set a netfilter table expression in their own namespace (bnc#1194518).
CVE-2021-4135: Fixed an information leak in the nsimbpfmap_alloc function (bsc#1193927).
CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529)
CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727).
CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001).
CVE-2021-45485: In the IPv6 implementation net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094).
CVE-2021-45486: In the IPv4 implementation net/ipv4/route.c has an information leak because the hash table is very small (bnc#1194087).
The following non-security bugs were fixed:
ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes).
ACPI: Add stubs for wakeup handler functions (git-fixes).
ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes).
ALSA: PCM: Add missing rwsem around sndctlremove() calls (git-fixes).
ALSA: ctl: Fix copy of updated id with element read/write (git-fixes).
ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes).
ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes).
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes).
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes).
ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes).
ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes).
ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes).
ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes).
ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes).
ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes).
ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes).
ALSA: hda: Add missing rwsem around sndctlremove() calls (git-fixes).
ALSA: hda: Make proper use of timecounter (git-fixes).
ALSA: jack: Add missing rwsem around sndctlremove() calls (git-fixes).
ALSA: jack: Check the return value of kstrdup() (git-fixes).
ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes).