The SUSE Linux Enterprise 15 SP2 kernel was updated.
The following security bugs were fixed:
CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
The following non-security bugs were fixed:
ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
ionic: count csum_none when offload enabled (bsc#1167773).
ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
ipc/util.c: use binary search for max_idx (bsc#1159886).
ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
ipvs: avoid expiring many connections from timer (bsc#1190467).
ipvs: Fix up kabi for expirenodestconn_work addition (bsc#1190467).
ipvs: queue delayed work to expire no destination connections if expirenodestconn=1 (bsc#1190467).
iwlwifi: mvm: fix a memory leak in iwlmvmmacctxtbeacon_changed (git-fixes).
kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
libata: fix atahoststart() (git-fixes).
mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
power: supply: max17042battery: fix typo in MAx17042TOFF (git-fixes).
powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
powerpc/perf: Fix crash in perfinstructionpointer() when ppmu is not set (bsc#1065729).
powerpc/perf: Fix the check for SIAR value (bsc#1065729).
powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
powerpc/pseries/dlpar: use rtasgetsensor() (bsc#1065729).
pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
pwm: img: Do not modify HW state in .remove() callback (git-fixes).
pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
qlcnic: Remove redundant unlock in qlcnicpinitfrom_rom (git-fixes).
RDMA/bnxtre: Remove unpaired rtnl unlock in bnxtredevinit() (bsc#1170774).
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
regmap: fix page selection for noinc reads (git-fixes).
regmap: fix page selection for noinc writes (git-fixes).
regmap: fix the offset of register error log (git-fixes).
Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
rpm/kernel-binary.spec: Use only non-empty certificates.
rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
rtc: rx8010: select REGMAP_I2C (git-fixes).
rtc: tps65910: Correct driver module alias (git-fixes).
s390/unwind: use currentframeaddress() to unwind current task (bsc#1185677).
sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
scsi: core: Introduce the scsicmdto_rq() function (bsc#1190576).