The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivilegedbpfdisabled to 0. (kernel.unprivilegedbpfdisabled = 0)
CVE-2021-0941: In bpfskbchange_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
virt_ext
VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).The following non-security bugs were fixed:
{ "binaries": [ { "kernel-default-man": "4.12.14-197.102.2", "kernel-debug-base": "4.12.14-197.102.2", "kernel-kvmsmall-base": "4.12.14-197.102.2", "kernel-vanilla-livepatch-devel": "4.12.14-197.102.2", "kernel-vanilla-devel": "4.12.14-197.102.2", "kernel-zfcpdump-man": "4.12.14-197.102.2", "kernel-vanilla-base": "4.12.14-197.102.2", "kernel-vanilla": "4.12.14-197.102.2" } ] }
{ "binaries": [ { "kernel-default-man": "4.12.14-197.102.2", "kernel-debug-base": "4.12.14-197.102.2", "kernel-kvmsmall-base": "4.12.14-197.102.2", "kernel-vanilla-livepatch-devel": "4.12.14-197.102.2", "kernel-vanilla-devel": "4.12.14-197.102.2", "kernel-zfcpdump-man": "4.12.14-197.102.2", "kernel-vanilla-base": "4.12.14-197.102.2", "kernel-vanilla": "4.12.14-197.102.2" } ] }
{ "binaries": [ { "kernel-default-man": "4.12.14-197.102.2", "kernel-debug-base": "4.12.14-197.102.2", "kernel-kvmsmall-base": "4.12.14-197.102.2", "kernel-vanilla-livepatch-devel": "4.12.14-197.102.2", "kernel-vanilla-devel": "4.12.14-197.102.2", "kernel-zfcpdump-man": "4.12.14-197.102.2", "kernel-vanilla-base": "4.12.14-197.102.2", "kernel-vanilla": "4.12.14-197.102.2" } ] }
{ "binaries": [ { "kernel-default-man": "4.12.14-197.102.2", "kernel-debug-base": "4.12.14-197.102.2", "kernel-kvmsmall-base": "4.12.14-197.102.2", "kernel-vanilla-livepatch-devel": "4.12.14-197.102.2", "kernel-vanilla-devel": "4.12.14-197.102.2", "kernel-zfcpdump-man": "4.12.14-197.102.2", "kernel-vanilla-base": "4.12.14-197.102.2", "kernel-vanilla": "4.12.14-197.102.2" } ] }
{ "binaries": [ { "kernel-default-man": "4.12.14-197.102.2", "kernel-debug-base": "4.12.14-197.102.2", "kernel-kvmsmall-base": "4.12.14-197.102.2", "kernel-vanilla-livepatch-devel": "4.12.14-197.102.2", "kernel-vanilla-devel": "4.12.14-197.102.2", "kernel-zfcpdump-man": "4.12.14-197.102.2", "kernel-vanilla-base": "4.12.14-197.102.2", "kernel-vanilla": "4.12.14-197.102.2" } ] }