-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3206
                   Security updates for the Linux Kernel
                             24 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-38204 CVE-2021-38198 CVE-2021-38160
                   CVE-2021-3759 CVE-2021-3753 CVE-2021-3732
                   CVE-2021-3679 CVE-2021-3656 CVE-2021-3653
                   CVE-2021-3640 CVE-2019-3900 CVE-2019-3874
                   CVE-2018-9517  

Reference:         ESB-2021.3185
                   ESB-2021.3034

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20213192-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20213196-1

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3192-1
Rating:            important
References:        #1040364 #1108488 #1114648 #1127650 #1129898 #1133374
                   #1183050 #1183983 #1185902 #1185973 #1187076 #1188000
                   #1188172 #1188439 #1188616 #1188885 #1188982 #1189057
                   #1189262 #1189268 #1189269 #1189270 #1189271 #1189272
                   #1189291 #1189301 #1189384 #1189385 #1189392 #1189399
                   #1189400 #1189505 #1189506 #1189562 #1189564 #1189565
                   #1189566 #1189567 #1189568 #1189569 #1189573 #1189577
                   #1189579 #1189581 #1189582 #1189639 #1189640 #1189706
                   #1189846 #1190025 #1190115 #1190117
Cross-References:  CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2021-3640
                   CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732
                   CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198
                   CVE-2021-38204
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that solves 13 vulnerabilities and has 39 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  o CVE-2018-9517: Fixed possible memory corruption due to a use after free in
    pppol2tp_connect (bsc#1108488).
  o CVE-2019-3874: Fixed possible denial of service attack via SCTP socket
    buffer used by a userspace applications (bnc#1129898).
  o CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets
    in handle_rx() (bnc#1133374).
  o CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
    sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
  o CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a
    malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
  o CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and
    allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
    VLS for the L2 guest (bsc#1189400).
  o CVE-2021-3679: A lack of CPU resource in tracing module functionality was
    found in the way user uses trace ring buffer in a specific way. Only
    privileged local users (with CAP_SYS_ADMIN capability) could use this flaw
    to starve the resources causing denial of service (bnc#1189057).
  o CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can
    reveal files (bsc#1189706).
  o CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#
    1190025).
  o CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to
    breaking memcg limits and DoS attacks (bsc#1190115).
  o CVE-2021-38160: Data corruption or loss could be triggered by an untrusted
    device that supplies a buf->len value exceeding the buffer size in drivers/
    char/virtio_console.c (bsc#1190117)
  o CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
    access permissions of a shadow page, leading to a missing guest protection
    page fault (bnc#1189262).
  o CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate
    attackers to cause a denial of service (use-after-free and panic) by
    removing a MAX-3421 USB device in certain situations (bnc#1189291).


The following non-security bugs were fixed:

  o ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
  o ALSA: seq: Fix racy deletion of subscriber (git-fixes).
  o ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
  o ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
  o ASoC: cs42l42: Remove duplicate control for WNF filter frequency
    (git-fixes).
  o Bluetooth: Move shutdown callback before flushing tx and rx queue
    (git-fixes).
  o Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
  o Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
  o Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
    (git-fixes).
  o Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
    (git-fixes).
  o KVM: SVM: Call SEV Guest Decommission if ASID binding fails (12sp5).
  o Move upstreamed BT fixes into sorted section
  o NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times
    (git-fixes).
  o NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#
    1040364).
  o PCI/MSI: Correct misleading comments (git-fixes).
  o PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
  o PCI/MSI: Enable and mask MSI-X early (git-fixes).
  o PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
  o PCI: Add Intel VMD devices to pci ids (bsc#1183983).
  o PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
  o PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
  o PCI: vmd: Add an additional VMD device id to driver device id table (bsc#
    1183983).
  o PCI: vmd: Add offset to bus numbers if necessary (bsc#1183983).
  o PCI: vmd: Assign membar addresses from shadow registers (bsc#1183983).
  o PCI: vmd: Filter resource type bits from shadow register (bsc#1183983).
  o PCI: vmd: Fix config addressing when using bus offsets (bsc#1183983).
  o PCI: vmd: Fix shadow offsets to reflect spec changes (bsc#1183983).
  o SUNRPC: Fix the batch tasks count wraparound (git-fixes).
  o SUNRPC: Should wake up the privileged task firstly (git-fixes).
  o USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
  o USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
  o USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
  o USB: usbtmc: Fix RCU stall warning (git-fixes).
  o USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
  o ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
  o ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
    (git-fixes).
  o bcma: Fix memory leak for internally-handled cores (git-fixes).
  o bdi: Do not use freezable workqueue (bsc#1189573).
  o blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
  o block: fix trace completion for chained bio (bsc#1189505).
  o can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
    and TX error counters (git-fixes).
  o cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
  o cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
  o cifs: constify get_normalized_path() properly (bsc#1185902).
  o cifs: do not cargo-cult strndup() (bsc#1185902).
  o cifs: do not send tree disconnect to ipc shares (bsc#1185902).
  o cifs: do not share tcp servers with dfs mounts (bsc#1185902).
  o cifs: do not share tcp sessions of dfs connections (bsc#1185902).
  o cifs: fix check of dfs interlinks (bsc#1185902).
  o cifs: fix path comparison and hash calc (bsc#1185902).
  o cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
  o cifs: handle different charsets in dfs cache (bsc#1185902).
  o cifs: keep referral server sessions alive (bsc#1185902).
  o cifs: missing null pointer check in cifs_mount (bsc#1185902).
  o cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
  o cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
  o clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
  o crypto: ccp - Annotate SEV Firmware file names (bsc#1189268).
  o crypto: nx - Fix RCU warning in nx842_OF_upd_status (git-fixes).
  o crypto: nx - Fix memcpy() over-reading in nonce (git-fixes).
  o crypto: talitos - Do not modify req->cryptlen on decryption (git-fixes).
  o crypto: talitos - fix ECB algs ivsize (git-fixes).
  o crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes).
  o dm btree remove: assign new_root only when removal succeeds (git fixes).
  o dm cache metadata: Avoid returning cmd->bm wild pointer on error (git
    fixes).
  o dm era: Fix bitset memory leaks (git fixes).
  o dm era: Recover committed writeset after crash (git fixes).
  o dm era: Reinitialize bitset cache before digesting a new writeset (git
    fixes).
  o dm era: Use correct value size in equality function of writeset tree (git
    fixes).
  o dm era: Verify the data block size hasn't changed (git fixes).
  o dm era: only resize metadata in preresume (git fixes).
  o dm ioctl: fix error return code in target_message (git fixes).
  o dm ioctl: fix out of bounds array access when no devices (git fixes).
  o dm persistent data: packed struct should have an aligned() attribute too
    (git fixes).
  o dm rq: fix double free of blk_mq_tag_set in dev remove after table load
    fails (git fixes).
  o dm snapshot: fix crash with transient storage and zero chunk size (git
    fixes).
  o dm snapshot: flush merged data before committing metadata (git fixes).
  o dm snapshot: properly fix a crash when an origin has no snapshots (git
    fixes).
  o dm space map common: fix division bug in sm_ll_find_free_block() (git
    fixes).
  o dm table: fix iterate_devices based device capability checks (git fixes).
  o dm thin metadata: Avoid returning cmd->bm wild pointer on error (git
    fixes).
  o dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
  o dm writecache: fix the maximum number of arguments (git-fixes).
  o dm writecache: handle DAX to partitions on persistent memory correctly
    (git-fixes).
  o dm writecache: remove BUG() and fail gracefully instead (git-fixes).
  o dm zoned: select CONFIG_CRC32 (git-fixes).
  o dm: eliminate potential source of excessive kernel log noise (git fixes).
  o dm: remove invalid sparse __acquires and __releases annotations
    (git-fixes).
  o ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
    transaction handle (bsc#1189568).
  o ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
  o ext4: fix avefreec in find_group_orlov (bsc#1189566).
  o ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
  o ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
  o ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
  o ftgmac100: Restart MAC HW once (git-fixes).
  o i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
  o i2c: highlander: add IRQ check (git-fixes).
  o i2c: iop3xx: fix deferred probing (git-fixes).
  o i2c: mt65xx: fix IRQ check (git-fixes).
  o i2c: s3c2410: fix IRQ check (git-fixes).
  o i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).
  o iio: adc: Fix incorrect exit of for-loop (git-fixes).
  o iio: humidity: hdc100x: Add margin to the conversion time (git-fixes).
  o iommu/amd: Fix extended features logging (bsc#1189269).
  o iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189270).
  o iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189271).
  o iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189272).
  o kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
  o kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982
    LTC#193818).
  o mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
  o md/raid10: properly indicate failure when ending a failed write request
    (git-fixes).
  o media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
  o media: rtl28xxu: fix zero-length control request (git-fixes).
  o memcg: enable accounting for file lock caches (bsc#1190115).
  o mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#
    1189301).
  o mm/memory-failure: unnecessary amount of unmapping (bsc#1189640).
  o mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes).
  o mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#
    1189569).
  o mm/vmscan: fix infinite loop in drop_slab_node (VM Performance, bsc#
    1189301).
  o mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#
    1183050).
  o mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
  o mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
  o net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
  o net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes).
  o net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes).
  o net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
  o net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
  o net: usb: ax88179_178a: remove redundant assignment to variable ret
    (git-fixes).
  o nfs: fix acl memory leak of posix_acl_create() (git-fixes).
  o nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt
    context (bsc#1187076).
  o nvme-fc: convert assoc_active flag to bit op (bsc#1187076).
  o nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#
    1187076).
  o nvme-fc: fix double-free scenarios on hw queues (bsc#1187076).
  o nvme-fc: fix io timeout to abort I/O (bsc#1187076).
  o nvme-fc: fix racing controller reset and create association (bsc#1187076).
  o nvme-fc: remove err_work work item (bsc#1187076).
  o nvme-fc: remove nvme_fc_terminate_io() (bsc#1187076).
  o nvme-fc: track error_recovery while connecting (bsc#1187076).
  o ocfs2: fix snprintf() checking (bsc#1189581).
  o ocfs2: fix zero out valid data (bsc#1189579).
  o ocfs2: issue zeroout to EOF blocks (bsc#1189582).
  o ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439).
  o overflow: Correct check_shl_overflow() comment (git-fixes).
  o overflow: Include header file with SIZE_MAX declaration (git-fixes).
  o ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
  o ovl: filter of trusted xattr results in audit (bsc#1189846).
  o ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
  o ovl: initialize error in ovl_copy_xattr (bsc#1189846).
  o ovl: relax WARN_ON() on rename to self (bsc#1189846).
  o pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
  o power: supply: max17042: handle fails of reading status register
    (git-fixes).
  o powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885
    ltc#193722 git-fixes).
  o qlcnic: Fix error code in probe (git-fixes).
  o r8152: Fix potential PM refcount imbalance (git-fixes).
  o readdir: make sure to verify directory entry for legacy interfaces too (bsc
    #1189639).
  o regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes).
  o s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#
    193818).
  o scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
  o scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
  o scsi: libfc: Fix array index out of bound exception (bsc#1188616).
  o scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
  o scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#
    1189385).
  o scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC
    completions (bsc#1189385).
  o scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc
    #1189385).
  o scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385).
  o scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385).
  o scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC
    completes (bsc#1189385).
  o scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385).
  o scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385).
  o scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#
    1189385).
  o scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#
    1189385).
  o scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385).
  o scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
  o scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR
    request (bsc#1189385).
  o scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#
    1189385).
  o scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#
    1189385).
  o scsi: lpfc: Improve firmware download logging (bsc#1189385).
  o scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS
    handling (bsc#1189385).
  o scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
    (git-fixes).
  o scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#
    1189385).
  o scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385).
  o scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385).
  o scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#
    1189385).
  o scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385).
  o scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc
    #1189385).
  o scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
  o scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
  o scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#
    1189385).
  o scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc
    #1189385).
  o scsi: qla2xxx: Add heartbeat check (bsc#1189392).
  o scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#
    1189392).
  o scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189384).
  o scsi: qla2xxx: Fix use after free in debug code (bsc#1189384).
  o scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#
    1189392).
  o scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
  o scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392).
  o scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#
    1189392).
  o scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#
    1189384).
  o scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
  o scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189384).
  o scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail()
    (bsc#1189392).
  o scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#
    1189392).
  o scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189384).
  o scsi: qla2xxx: edif: Add detection of secure device (bsc#1189384).
  o scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189384).
  o scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189384).
  o scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#
    1189384).
  o scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189384).
  o scsi: qla2xxx: edif: Add key update (bsc#1189384).
  o scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#
    1189384).
  o scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
  o scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189384).
  o scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392).
  o serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
  o spi: mediatek: Fix fifo transfer (git-fixes).
  o spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
    (git-fixes).
  o spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
  o staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
  o virtio_net: Fix error code in probe() (git-fixes).
  o writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
  o x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1114648).
  o x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1114648).
  o x86/fpu: Reset state for all signal restore failures (bsc#1114648).
  o x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
  o x86/signal: Detect and prevent an alternate signal stack overflow (bsc#
    1114648).
  o xen/events: Fix race in set_evtchn_to_irq (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3192=1

Package List:

  o SUSE Linux Enterprise Server 12-SP5 (noarch):
       kernel-devel-azure-4.12.14-16.73.1
       kernel-source-azure-4.12.14-16.73.1
  o SUSE Linux Enterprise Server 12-SP5 (x86_64):
       kernel-azure-4.12.14-16.73.2
       kernel-azure-base-4.12.14-16.73.2
       kernel-azure-base-debuginfo-4.12.14-16.73.2
       kernel-azure-debuginfo-4.12.14-16.73.2
       kernel-azure-debugsource-4.12.14-16.73.2
       kernel-azure-devel-4.12.14-16.73.2
       kernel-syms-azure-4.12.14-16.73.1


References:

  o https://www.suse.com/security/cve/CVE-2018-9517.html
  o https://www.suse.com/security/cve/CVE-2019-3874.html
  o https://www.suse.com/security/cve/CVE-2019-3900.html
  o https://www.suse.com/security/cve/CVE-2021-3640.html
  o https://www.suse.com/security/cve/CVE-2021-3653.html
  o https://www.suse.com/security/cve/CVE-2021-3656.html
  o https://www.suse.com/security/cve/CVE-2021-3679.html
  o https://www.suse.com/security/cve/CVE-2021-3732.html
  o https://www.suse.com/security/cve/CVE-2021-3753.html
  o https://www.suse.com/security/cve/CVE-2021-3759.html
  o https://www.suse.com/security/cve/CVE-2021-38160.html
  o https://www.suse.com/security/cve/CVE-2021-38198.html
  o https://www.suse.com/security/cve/CVE-2021-38204.html
  o https://bugzilla.suse.com/1040364
  o https://bugzilla.suse.com/1108488
  o https://bugzilla.suse.com/1114648
  o https://bugzilla.suse.com/1127650
  o https://bugzilla.suse.com/1129898
  o https://bugzilla.suse.com/1133374
  o https://bugzilla.suse.com/1183050
  o https://bugzilla.suse.com/1183983
  o https://bugzilla.suse.com/1185902
  o https://bugzilla.suse.com/1185973
  o https://bugzilla.suse.com/1187076
  o https://bugzilla.suse.com/1188000
  o https://bugzilla.suse.com/1188172
  o https://bugzilla.suse.com/1188439
  o https://bugzilla.suse.com/1188616
  o https://bugzilla.suse.com/1188885
  o https://bugzilla.suse.com/1188982
  o https://bugzilla.suse.com/1189057
  o https://bugzilla.suse.com/1189262
  o https://bugzilla.suse.com/1189268
  o https://bugzilla.suse.com/1189269
  o https://bugzilla.suse.com/1189270
  o https://bugzilla.suse.com/1189271
  o https://bugzilla.suse.com/1189272
  o https://bugzilla.suse.com/1189291
  o https://bugzilla.suse.com/1189301
  o https://bugzilla.suse.com/1189384
  o https://bugzilla.suse.com/1189385
  o https://bugzilla.suse.com/1189392
  o https://bugzilla.suse.com/1189399
  o https://bugzilla.suse.com/1189400
  o https://bugzilla.suse.com/1189505
  o https://bugzilla.suse.com/1189506
  o https://bugzilla.suse.com/1189562
  o https://bugzilla.suse.com/1189564
  o https://bugzilla.suse.com/1189565
  o https://bugzilla.suse.com/1189566
  o https://bugzilla.suse.com/1189567
  o https://bugzilla.suse.com/1189568
  o https://bugzilla.suse.com/1189569
  o https://bugzilla.suse.com/1189573
  o https://bugzilla.suse.com/1189577
  o https://bugzilla.suse.com/1189579
  o https://bugzilla.suse.com/1189581
  o https://bugzilla.suse.com/1189582
  o https://bugzilla.suse.com/1189639
  o https://bugzilla.suse.com/1189640
  o https://bugzilla.suse.com/1189706
  o https://bugzilla.suse.com/1189846
  o https://bugzilla.suse.com/1190025
  o https://bugzilla.suse.com/1190115
  o https://bugzilla.suse.com/1190117

- -----------------------------------------------------------------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for
SLE 12 SP3)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3196-1
Rating:            important
References:        #1189278 #1189420
Cross-References:  CVE-2021-3653 CVE-2021-38198
Affected Products:
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server 12-SP3-LTSS
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.180-94_147 fixes several issues.
The following security issues were fixed:

  o CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field
    that would have allowed a malicious L1 guest to enable AVIC support for the
    L2 guest (bsc#1189420).
  o CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to
    get shadow page (bsc#1189278).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3195=1
    SUSE-SLE-SAP-12-SP3-2021-3196=1 SUSE-SLE-SAP-12-SP3-2021-3197=1
    SUSE-SLE-SAP-12-SP3-2021-3198=1 SUSE-SLE-SAP-12-SP3-2021-3199=1
    SUSE-SLE-SAP-12-SP3-2021-3200=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3195=1
    SUSE-SLE-SERVER-12-SP3-2021-3196=1 SUSE-SLE-SERVER-12-SP3-2021-3197=1
    SUSE-SLE-SERVER-12-SP3-2021-3198=1 SUSE-SLE-SERVER-12-SP3-2021-3199=1
    SUSE-SLE-SERVER-12-SP3-2021-3200=1

Package List:

  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       kgraft-patch-4_4_180-94_130-default-14-2.3
       kgraft-patch-4_4_180-94_130-default-debuginfo-14-2.3
       kgraft-patch-4_4_180-94_135-default-12-2.3
       kgraft-patch-4_4_180-94_135-default-debuginfo-12-2.3
       kgraft-patch-4_4_180-94_138-default-10-2.2
       kgraft-patch-4_4_180-94_138-default-debuginfo-10-2.2
       kgraft-patch-4_4_180-94_141-default-9-2.2
       kgraft-patch-4_4_180-94_141-default-debuginfo-9-2.2
       kgraft-patch-4_4_180-94_144-default-6-2.2
       kgraft-patch-4_4_180-94_144-default-debuginfo-6-2.2
       kgraft-patch-4_4_180-94_147-default-3-2.2
       kgraft-patch-4_4_180-94_147-default-debuginfo-3-2.2
  o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_180-94_130-default-14-2.3
       kgraft-patch-4_4_180-94_130-default-debuginfo-14-2.3
       kgraft-patch-4_4_180-94_135-default-12-2.3
       kgraft-patch-4_4_180-94_135-default-debuginfo-12-2.3
       kgraft-patch-4_4_180-94_138-default-10-2.2
       kgraft-patch-4_4_180-94_138-default-debuginfo-10-2.2
       kgraft-patch-4_4_180-94_141-default-9-2.2
       kgraft-patch-4_4_180-94_141-default-debuginfo-9-2.2
       kgraft-patch-4_4_180-94_144-default-6-2.2
       kgraft-patch-4_4_180-94_144-default-debuginfo-6-2.2
       kgraft-patch-4_4_180-94_147-default-3-2.2
       kgraft-patch-4_4_180-94_147-default-debuginfo-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2021-3653.html
  o https://www.suse.com/security/cve/CVE-2021-38198.html
  o https://bugzilla.suse.com/1189278
  o https://bugzilla.suse.com/1189420

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYU0IzeNLKJtyKPYoAQinCg/+IFghBiS944gx2pWfifwiKfbE1diKA7Jd
RDGzuRNLqmmM55t2r+lxXGkjiBi5l3mmhGeRgGpDPbldsY/3SBmlDZfwbEtX+e2R
sZHGc4VnIkRVbfPAswwZVUK0Jh7ulCM+s6WRuCBpxPbO8wF10KA3bOgqp6rLGC7P
byGSz9fS397e7YcDLSAe16ko4bB6lOjlkHxMqI4ol3d3sk+sj2vebu/Sg51Md2pn
j71Vc2avpCpIVcLVbNvIUgW+N8a9dQX7HBE3YeA0Lmj/KgI7YYJ4YvvV2T99xPkA
NHItXHseInxp1AClszn98kgGFEDJD09tV0sAEhI0O0H+3mxGMhnsMe+6bu8UMDA4
oziJIpEFPODMNul/2XY+U5P2XQWjQl78uFdfrdopszQia1bEqOwY1jWEV1MQwFYu
exZuA/ZsYbRkNqC9KZ79xXalAXTCeWofVTvFSBaTYwObOcrO2UgG89NZ2QASMrQ2
IwVzpjBobF+O2IF/I/GHvW/yHz+zwnJNwi3foqavQodjtFtRAk31vbpLOPNytv01
fk524m0mWnUUruDGApduNflq5BLZZ508i1hcKxFpUjXfE89zcggpw5Xt3emRsdnt
m6r8nhfo/AS9FaX0/8whhpHgujFx3esxBTZha17PwsdM/j3HAMcmvScAAwsSdGL8
Jv1cfqSWHZ0=
=L2v0
-----END PGP SIGNATURE-----