The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207).
CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).
CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/teeshm.c in the TEE subsystem, that could have occured because of a race condition in teeshmgetfrom_id during an attempt to free a shared memory object (bnc#1193767).
CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985).
CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsimbpfmap_alloc (bsc#1193927).
CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcdehdeviceresethandler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadgetdevdescUDCshow of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302).
CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529).
CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727).
CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerceregto_size (bsc#1194227).
The following non-security bugs were fixed:
KVM: remember position in kvm->vcpus array (bsc#1190973).
KVM: s390: index kvm->arch.idlemask by vcpuidx (bsc#1190973).
SUNRPC: Add basic load balancing to the transport switch - kabi fix. (bnc#1192729).
SUNRPC: Add basic load balancing to the transport switch. (bnc#1192729)
SUNRPC: Fix initialisation of struct rpcxprtswitch (bnc#1192729).
SUNRPC: Optimise transport balancing code (bnc#1192729).
SUNRPC: Replace division by multiplication in calculation of queue length (bnc#1192729).