Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3968
Security update for the Linux Kernel
22 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Modify Arbitrary Files -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-43389 CVE-2021-43056 CVE-2021-42739
CVE-2021-42252 CVE-2021-42008 CVE-2021-41864
CVE-2021-37159 CVE-2021-35477 CVE-2021-34556
CVE-2021-33033 CVE-2021-3896 CVE-2021-3772
CVE-2021-3760 CVE-2021-3715 CVE-2021-3655
CVE-2021-3542 CVE-2018-13405
Reference: ESB-2021.3938
ESB-2021.3927
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20213754-1
https://www.suse.com/support/update/announcement/2021/suse-su-20213748-1
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3754-1
Rating: important
References: #1065729 #1085030 #1152489 #1154353 #1156395 #1157177
#1167773 #1172073 #1173604 #1176940 #1184673 #1185762
#1186063 #1187167 #1188563 #1189841 #1190006 #1190067
#1190349 #1190351 #1190479 #1190620 #1190642 #1190795
#1190941 #1191229 #1191241 #1191315 #1191317 #1191349
#1191384 #1191449 #1191450 #1191451 #1191452 #1191455
#1191456 #1191628 #1191731 #1191800 #1191934 #1191958
#1192040 #1192041 #1192107 #1192145 #1192267 #1192549
Cross-References: CVE-2021-3542 CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
CVE-2021-3772 CVE-2021-3896 CVE-2021-41864 CVE-2021-42008
CVE-2021-42252 CVE-2021-42739 CVE-2021-43056
Affected Products:
SUSE MicroOS 5.0
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 37 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
o CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
which may have allowed the kernel to read uninitialized memory (bsc#
1188563).
o CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
Power8 (bnc#1192107).
o CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers
/isdn/capi/kcapi.c (bsc#1191958).
o CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->
rf_conn_info object (bsc#1190067).
o CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/
firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
o CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
o CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/
cls_route.c (bsc#1190349).
o CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have
allowed local attackers to access the Aspeed LPC control interface to
overwrite memory in the kernel and potentially execute privileges (bnc#
1190479).
o CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged
users to trigger an eBPF multiplication integer overflow with a resultant
out-of-bounds write (bnc#1191317).
o CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
function in drivers/net/hamradio/6pack.c. Input from a process that had the
CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
The following non-security bugs were fixed:
o ACPI: bgrt: Fix CFI violation (git-fixes).
o ACPI: fix NULL pointer dereference (git-fixes).
o ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
o ALSA: hda/realtek: Complete partial device name to avoid ambiguity
(git-fixes).
o ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
(git-fixes).
o ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
o ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
o ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
o ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
o ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
o ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
o Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
o HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
(git-fixes).
o HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
o HID: u2fzero: ignore incomplete packets without data (git-fixes).
o HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
o HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
(git-fixes).
o ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
o IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
o Input: snvs_pwrkey - add clk handling (git-fixes).
o Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
o KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs
are live (bsc#1156395).
o KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
o KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
o KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
registers (bsc#1156395).
o KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
o KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
o NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
(git-fixes).
o NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
(git-fixes).
o NFS: dir_cookie is a pointer to the cookie in older kernels, not the cookie
itself (bsc#1191628 bsc#1192549).
o NFS: Do uncached readdir when we're seeking a cookie in an empty page cache
(bsc#1191628).
o PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
o USB: cdc-acm: clean up probe error labels (git-fixes).
o USB: cdc-acm: fix minor-number release (git-fixes).
o USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
o USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
o USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
o USB: serial: qcserial: add EM9191 QDL support (git-fixes).
o USB: xhci: dbc: fix tty registration race (git-fixes).
o acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
o ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators()
(git-fixes).
o ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
o audit: fix possible null-pointer dereference in audit_filter_rules
(git-fixes).
o bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
o blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
o blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#
1191452).
o block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
o bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
o bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
o bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
o bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
o can: dev: can_restart: fix use after free bug (git-fixes).
o can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
o can: peak_usb: fix use after free bugs (git-fixes).
o can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
notification (git-fixes).
o can: rcar_can: fix suspend/resume (git-fixes).
o can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error
path (git-fixes).
o can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
o cb710: avoid NULL pointer subtraction (git-fixes).
o ceph: fix handling of "meta" errors (bsc#1192041).
o ceph: skip existing superblocks that are blocklisted or shut down when
mounting (bsc#1192040).
o cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
o drm/amd/display: Pass PCI deviceid into DC (git-fixes).
o drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
o drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
o drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
o drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
o drm/nouveau/debugfs: fix file release memory leak (git-fixes).
o drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
o e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
o e100: fix buffer overrun in e100_get_regs (git-fixes).
o e100: fix length calculation in e100_get_regs_len (git-fixes).
o e100: handle eeprom as little endian (git-fixes).
o ext4: fix reserved space counter leakage (bsc#1191450).
o ext4: report correct st_size for encrypted symlinks (bsc#1191449).
o fs, mm: fix race in unlinking swapfile (bsc#1191455).
o fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
o ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
o gpio: pca953x: Improve bias setting (git-fixes).
o gve: Avoid freeing NULL pointer (git-fixes).
o gve: Correct available tx qpl check (git-fixes).
o gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
o gve: fix gve_get_stats() (git-fixes).
o gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#
1176940).
o hso: fix bailout in error case of probe (git-fixes).
o i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
o i40e: Fix ATR queue selection (git-fixes).
o i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
o i40e: fix endless loop under rtnl (git-fixes).
o iavf: fix double unlock of crit_lock (git-fixes).
o ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
o iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
o iio: adc: aspeed: set driver data when adc probe (git-fixes).
o iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
o iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
o iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
o iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
(git-fixes).
o iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
o ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
o ipv6/netfilter: Discard first fragment not including all headers (bsc#
1191241).
o isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
o isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
o ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
o kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
o kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
o kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#
1189841).")
o kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
o lan78xx: select CRC32 (git-fixes).
o libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
(git-fixes).
o mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
o mac80211: check return value of rhashtable_init (git-fixes).
o mei: me: add Ice Lake-N device id (git-fixes).
o mlx5: count all link events (git-fixes).
o mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
o mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
o mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
o mmc: vub300: fix control-message timeouts (git-fixes).
o net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
o net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
o net/mlx4_en: Resolve bad operstate value (git-fixes).
o net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
o net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
o net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
o net: batman-adv: fix error handling (git-fixes).
o net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
(git-fixes).
o net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
o net: cdc_eem: fix tx fixup skb leak (git-fixes).
o net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
o net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
o net: hso: add failure handler for add_net_device (git-fixes).
o net: hso: fix NULL-deref on disconnect regression (git-fixes).
o net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
o net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
o net: lan78xx: fix division by zero in send path (git-fixes).
o net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#
1191800).
o net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
o netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
o nfc: fix error handling of nfc_proto_register() (git-fixes).
o nfc: port100: fix using -ERRNO as command type mask (git-fixes).
o nvme-fc: avoid race between time out and tear down (bsc#1185762).
o nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
o nvme-fc: update hardware queues before using them (bsc#1185762).
o nvme-pci: Fix abort command id (git-fixes).
o nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
o nvme-pci: refactor nvme_unmap_data (bsc#1191934).
o nvme: add command id quirk for apple controllers (git-fixes).
o ocfs2: fix data corruption after conversion from inline format (bsc#
1190795).
o pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
o phy: mdio: fix memory leak (git-fixes).
o platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
(git-fixes).
o platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call (git-fixes).
o powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
o powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
o powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
o powerpc/lib: Fix emulate_step() std test (bsc#1065729).
o powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
git-fixes).
o powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#
1085030 git-fixes).
o pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
o ptp_pch: Load module automatically if ID matches (git-fixes).
o ptp_pch: Restore dependency on PCI (git-fixes).
o qed: Fix missing error code in qed_slowpath_start() (git-fixes).
o qed: Handle management FW error (git-fixes).
o qed: rdma - do not wait for resources under hw error recovery flow
(git-fixes).
o regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
o rpm: fix kmp install path
o rpm: use _rpmmacrodir (boo#1191384)
o scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
o scsi: lpfc: Allow fabric node recovery if recovery is in progress before
devloss (bsc#1192145).
o scsi: lpfc: Correct sysfs reporting of loop support after SFP status change
(bsc#1192145).
o scsi: lpfc: Fix link down processing to address NULL pointer dereference
(bsc#1192145).
o scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#
1191349).
o scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
o scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
o scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
o scsi: lpfc: Wait for successful restart of SLI3 adapter during host
sg_reset (bsc#1192145).
o scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
o scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
o scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
o scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
o scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
o scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
o scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
o scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
o scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#
1190941).
o scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#
1190941).
o scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#
1190941).
o scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
o scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
o scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
o scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
o scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
o scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
o scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
o scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
o scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#
1190941).
o scsi: qla2xxx: Fix port type info (bsc#1190941).
o scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
o scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
o scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#
1190941).
o scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
o scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
o scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#
1190941).
o scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
o scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
o scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#
1190941).
o scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
o scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
o scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
o scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
o scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#
1190941).
o scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
o scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#
1190941).
o scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
o scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
o scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
o scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
o scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
o sctp: check asoc peer.asconf_capable before processing asconf (bsc#
1190351).
o soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
o spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround
(git-fixes).
o tpm: ibmvtpm: Avoid error message when process gets signal while waiting
(bsc#1065729).
o usb: hso: fix error handling code of hso_create_net_device (git-fixes).
o usb: hso: remove the bailout parameter (git-fixes).
o usb: musb: dsps: Fix the probe error path (git-fixes).
o video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
o virtio: write back F_VERSION_1 before validate (git-fixes).
o watchdog: orion: use 0 for unset heartbeat (git-fixes).
o x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
o x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#
1152489).
o x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
(bsc#1152489).
o xen: fix setting of max_pfn in shared_info (git-fixes).
o xen: reset legacy rtc flag for PV domU (git-fixes).
o xfs: Fixed non-directory creation in SGID directories introduced by
CVE-2018-13405 patch (bsc#1190006).
o xfs: ensure that the inode uid/gid match values match the icdinode ones
(bsc#1190006).
o xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc
#1190642).
o xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
o xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
o xhci: Enable trust tx length quirk for Fresco FL11 USB controller
(git-fixes).
o xhci: Fix command ring pointer corruption while aborting a command
(git-fixes).
o xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
o xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3754=1
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3754=1
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3754=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3754=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3754=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3754=1
o SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3754=1
Package List:
o SUSE MicroOS 5.0 (aarch64 x86_64):
kernel-default-5.3.18-24.93.1
kernel-default-base-5.3.18-24.93.1.9.42.5
kernel-default-debuginfo-5.3.18-24.93.1
kernel-default-debugsource-5.3.18-24.93.1
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.93.1
kernel-default-debugsource-5.3.18-24.93.1
kernel-default-extra-5.3.18-24.93.1
kernel-default-extra-debuginfo-5.3.18-24.93.1
kernel-preempt-extra-5.3.18-24.93.1
kernel-preempt-extra-debuginfo-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-24.93.1
kernel-default-debugsource-5.3.18-24.93.1
kernel-default-livepatch-5.3.18-24.93.1
kernel-default-livepatch-devel-5.3.18-24.93.1
kernel-livepatch-5_3_18-24_93-default-1-5.3.5
kernel-livepatch-5_3_18-24_93-default-debuginfo-1-5.3.5
kernel-livepatch-SLE15-SP2_Update_21-debugsource-1-5.3.5
o SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-24.93.1
kernel-default-debugsource-5.3.18-24.93.1
reiserfs-kmp-default-5.3.18-24.93.1
reiserfs-kmp-default-debuginfo-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-24.93.1
kernel-obs-build-debugsource-5.3.18-24.93.1
kernel-syms-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.93.1
kernel-preempt-debugsource-5.3.18-24.93.1
kernel-preempt-devel-5.3.18-24.93.1
kernel-preempt-devel-debuginfo-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.93.1
kernel-source-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-24.93.1
kernel-default-base-5.3.18-24.93.1.9.42.5
kernel-default-debuginfo-5.3.18-24.93.1
kernel-default-debugsource-5.3.18-24.93.1
kernel-default-devel-5.3.18-24.93.1
kernel-default-devel-debuginfo-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.93.1
kernel-preempt-debuginfo-5.3.18-24.93.1
kernel-preempt-debugsource-5.3.18-24.93.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.93.1
kernel-macros-5.3.18-24.93.1
o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-24.93.1
cluster-md-kmp-default-debuginfo-5.3.18-24.93.1
dlm-kmp-default-5.3.18-24.93.1
dlm-kmp-default-debuginfo-5.3.18-24.93.1
gfs2-kmp-default-5.3.18-24.93.1
gfs2-kmp-default-debuginfo-5.3.18-24.93.1
kernel-default-debuginfo-5.3.18-24.93.1
kernel-default-debugsource-5.3.18-24.93.1
ocfs2-kmp-default-5.3.18-24.93.1
ocfs2-kmp-default-debuginfo-5.3.18-24.93.1
References:
o https://www.suse.com/security/cve/CVE-2021-3542.html
o https://www.suse.com/security/cve/CVE-2021-3655.html
o https://www.suse.com/security/cve/CVE-2021-3715.html
o https://www.suse.com/security/cve/CVE-2021-3760.html
o https://www.suse.com/security/cve/CVE-2021-3772.html
o https://www.suse.com/security/cve/CVE-2021-3896.html
o https://www.suse.com/security/cve/CVE-2021-41864.html
o https://www.suse.com/security/cve/CVE-2021-42008.html
o https://www.suse.com/security/cve/CVE-2021-42252.html
o https://www.suse.com/security/cve/CVE-2021-42739.html
o https://www.suse.com/security/cve/CVE-2021-43056.html
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1085030
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1154353
o https://bugzilla.suse.com/1156395
o https://bugzilla.suse.com/1157177
o https://bugzilla.suse.com/1167773
o https://bugzilla.suse.com/1172073
o https://bugzilla.suse.com/1173604
o https://bugzilla.suse.com/1176940
o https://bugzilla.suse.com/1184673
o https://bugzilla.suse.com/1185762
o https://bugzilla.suse.com/1186063
o https://bugzilla.suse.com/1187167
o https://bugzilla.suse.com/1188563
o https://bugzilla.suse.com/1189841
o https://bugzilla.suse.com/1190006
o https://bugzilla.suse.com/1190067
o https://bugzilla.suse.com/1190349
o https://bugzilla.suse.com/1190351
o https://bugzilla.suse.com/1190479
o https://bugzilla.suse.com/1190620
o https://bugzilla.suse.com/1190642
o https://bugzilla.suse.com/1190795
o https://bugzilla.suse.com/1190941
o https://bugzilla.suse.com/1191229
o https://bugzilla.suse.com/1191241
o https://bugzilla.suse.com/1191315
o https://bugzilla.suse.com/1191317
o https://bugzilla.suse.com/1191349
o https://bugzilla.suse.com/1191384
o https://bugzilla.suse.com/1191449
o https://bugzilla.suse.com/1191450
o https://bugzilla.suse.com/1191451
o https://bugzilla.suse.com/1191452
o https://bugzilla.suse.com/1191455
o https://bugzilla.suse.com/1191456
o https://bugzilla.suse.com/1191628
o https://bugzilla.suse.com/1191731
o https://bugzilla.suse.com/1191800
o https://bugzilla.suse.com/1191934
o https://bugzilla.suse.com/1191958
o https://bugzilla.suse.com/1192040
o https://bugzilla.suse.com/1192041
o https://bugzilla.suse.com/1192107
o https://bugzilla.suse.com/1192145
o https://bugzilla.suse.com/1192267
o https://bugzilla.suse.com/1192549
- --------------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3748-1
Rating: important
References: #1050549 #1065729 #1085030 #1114648 #1180624 #1184673
#1186063 #1186109 #1188563 #1188601 #1188983 #1188985
#1190006 #1190067 #1190317 #1190349 #1190397 #1190479
#1190620 #1190795 #1190941 #1191241 #1191315 #1191317
#1191349 #1191450 #1191452 #1191455 #1191500 #1191579
#1191628 #1191662 #1191667 #1191713 #1191801 #1191888
#1192145 #1192267
Cross-References: CVE-2018-13405 CVE-2021-33033 CVE-2021-34556 CVE-2021-3542
CVE-2021-35477 CVE-2021-3655 CVE-2021-3715 CVE-2021-37159
CVE-2021-3760 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
CVE-2021-42739
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 25 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
which may have allowed the kernel to read uninitialized memory (bsc#
1188563).
o CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/
cls_route.c (bsc#1190349).
o CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/
cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI
definitions is mishandled (bsc#1186109).
o CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->
rf_conn_info object (bsc#1190067).
o CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/
firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
o CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
o CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
via unprivileged BPF program that could have obtain sensitive information
from kernel memory (bsc#1188983).
o CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused
to disclose content of arbitrary kernel memory (bsc#1188985).
o CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have
allowed local attackers to access the Aspeed LPC control interface to
overwrite memory in the kernel and potentially execute privileges (bnc#
1190479).
o CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged
users to trigger an eBPF multiplication integer overflow with a resultant
out-of-bounds write (bnc#1191317).
o CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
function in drivers/net/hamradio/6pack.c. Input from a process that had the
CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
o CVE-2021-37159: Fixed use-after-free and a double free inside
hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is
called without checking for the NETREG_REGISTERED state (bnc#1188601).
The following non-security bugs were fixed:
o IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
o KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
o NFS: Do uncached readdir when we're seeking a cookie in an empty page cache
(bsc#1191628).
o NFS: Fix backport error - dir_cookie is a pointer to a u64, not a u64.
o PM: base: power: do not try to use non-existing RTC for storing data
(git-fixes).
o SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1190317).
o SMB3.1.1: do not log warning message if server does not populate salt (bsc#
1190317).
o SMB3.1.1: fix mount failure to some servers when compression enabled (bsc#
1190317).
o SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp
(bsc#1190317).
o SMB3.1.1: update comments clarifying SPNEGO info in negprot response (bsc#
1190317).
o SMB3: Add new info level for query directory (bsc#1190317).
o SMB3: Add support for getting and setting SACLs (bsc#1190317).
o SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1190317).
o SMB3: Resolve data corruption of TCP server info fields (bsc#1190317).
o SMB3: add support for recognizing WSL reparse tags (bsc#1190317).
o SMB3: avoid confusing warning message on mount to Azure (bsc#1190317).
o SMB3: fix readpage for large swap cache (bsc#1190317).
o SMB3: incorrect file id in requests compounded with open (bsc#1190317).
o SMB3: update structures for new compression protocol definitions (bsc#
1190317).
o USB: cdc-acm: fix break reporting (git-fixes).
o USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
o USB: iowarrior: fix control-message timeouts (git-fixes).
o USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
(git-fixes).
o USB: serial: keyspan: fix memleak on probe errors (git-fixes).
o USB: serial: option: add Telit LN920 compositions (git-fixes).
o USB: serial: option: add device id for Foxconn T99W265 (git-fixes).
o USB: xhci: dbc: fix tty registration race (git-fixes).
o bitmap: remove unused function declaration (git-fixes).
o blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#
1191452).
o cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
(git-fixes).
o ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#
1191888).
o cifs: Add get_security_type_str function to return sec type (bsc#1190317).
o cifs: Avoid field over-reading memcpy() (bsc#1190317).
o cifs: Change SIDs in ACEs while transferring file ownership (bsc#1190317).
o cifs: Clarify SMB1 code for POSIX Create (bsc#1190317).
o cifs: Clarify SMB1 code for POSIX Lock (bsc#1190317).
o cifs: Clarify SMB1 code for POSIX delete file (bsc#1190317).
o cifs: Clarify SMB1 code for SetFileSize (bsc#1190317).
o cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1190317).
o cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1190317).
o cifs: Clarify SMB1 code for delete (bsc#1190317).
o cifs: Clarify SMB1 code for rename open file (bsc#1190317).
o cifs: Display local UID details for SMB sessions in DebugData (bsc#
1190317).
o cifs: Do not use the original cruid when following DFS links for multiuser
mounts (bsc#1190317).
o cifs: Enable sticky bit with cifsacl mount option (bsc#1190317).
o cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1190317).
o cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#
1190317).
o cifs: Fix cifsacl ACE mask for group and others (bsc#1190317).
o cifs: Fix double add page to memcg when cifs_readpages (bsc#1190317).
o cifs: Fix in error types returned for out-of-credit situations (bsc#
1190317).
o cifs: Fix unix perm bits to cifsacl conversion for "other" bits (bsc#
1190317).
o cifs: Grab a reference for the dentry of the cached directory during the
lifetime of the cache (bsc#1190317).
o cifs: If a corrupted DACL is returned by the server, bail out (bsc#
1190317).
o cifs: Make extract_hostname function public (bsc#1190317).
o cifs: Make extract_sharename function public (bsc#1190317).
o cifs: Print the address and port we are connecting to in generic_ip_connect
() (bsc#1190317).
o cifs: Retain old ACEs when converting between mode bits and ACL (bsc#
1190317).
o cifs: Silently ignore unknown oplock break handle (bsc#1190317).
o cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1190317).
o cifs: add a function to get a cached dir based on its dentry (bsc#1190317).
o cifs: add a timestamp to track when the lease of the cached dir was taken
(bsc#1190317).
o cifs: add shutdown support (bsc#1190317).
o cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1190317).
o cifs: added WARN_ON for all the count decrements (bsc#1190317).
o cifs: ask for more credit on async read/write code paths (bsc#1190317).
o cifs: avoid extra calls in posix_info_parse (bsc#1190317).
o cifs: check pointer before freeing (bsc#1190317).
o cifs: check the timestamp for the cached dirent when deciding on revalidate
(bsc#1190317).
o cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1190317).
o cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1190317).
o cifs: cleanup misc.c (bsc#1190317).
o cifs: compute full_path already in cifs_readdir() (bsc#1190317).
o cifs: constify path argument of ->make_node() (bsc#1190317).
o cifs: constify pathname arguments in a bunch of helpers (bsc#1190317).
o cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1190317).
o cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1190317).
o cifs: convert to use be32_add_cpu() (bsc#1190317).
o cifs: create sd context must be a multiple of 8 (bsc#1190317).
o cifs: detect dead connections only when echoes are enabled (bsc#1190317).
o cifs: do not fail __smb_send_rqst if non-fatal signals are pending (bsc#
1190317).
o cifs: dump Security Type info in DebugData (bsc#1190317).
o cifs: fix DFS mount with cifsacl/modefromsid (bsc#1190317).
o cifs: fix NULL dereference in smb2_check_message() (bsc#1190317).
o cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1190317).
o cifs: fix a memleak with modefromsid (bsc#1190317).
o cifs: fix allocation size on newly created files (bsc#1190317).
o cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#
1190317).
o cifs: fix fallocate when trying to allocate a hole (bsc#1190317).
o cifs: fix leaked reference on requeued write (bsc#1190317).
o cifs: fix missing null session check in mount (bsc#1190317).
o cifs: fix missing spinlock around update to ses->status (bsc#1190317).
o cifs: fix out-of-bound memory access when calling smb3_notify() at mount
point (bsc#1190317).
o cifs: fix reference leak for tlink (bsc#1190317).
o cifs: fix rsize/wsize to be negotiated values (bsc#1190317).
o cifs: fix string declarations and assignments in tracepoints (bsc#1190317).
o cifs: fix the out of range assignment to bit fields in
parse_server_interfaces (bsc#1190317).
o cifs: handle "nolease" option for vers=1.0 (bsc#1190317).
o cifs: handle -EINTR in cifs_setattr (bsc#1190317).
o cifs: handle ERRBaduid for SMB1 (bsc#1190317).
o cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#
1190317).
o cifs: have ->mkdir() handle race with another client sanely (bsc#1190317).
o cifs: improve fallocate emulation (bsc#1190317).
o cifs: make build_path_from_dentry() return const char * (bsc#1190317).
o cifs: make const array static, makes object smaller (bsc#1190317).
o cifs: make locking consistent around the server session status (bsc#
1190317).
o cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1190317).
o cifs: minor kernel style fixes for comments (bsc#1190317).
o cifs: minor simplification to smb2_is_network_name_deleted (bsc#1190317).
o cifs: missing null check for newinode pointer (bsc#1190317).
o cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#
1190317).
o cifs: move the check for nohandlecache into open_shroot (bsc#1190317).
o cifs: only write 64kb at a time when fallocating a small region of a file
(bsc#1190317).
o cifs: pass a path to open_shroot and check if it is the root or not (bsc#
1190317).
o cifs: pass the dentry instead of the inode down to the revalidation check
functions (bsc#1190317).
o cifs: prevent truncation from long to int in wait_for_free_credits (bsc#
1190317).
o cifs: reduce stack use in smb2_compound_op (bsc#1190317).
o cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#
1190317).
o cifs: remove old dead code (bsc#1190317).
o cifs: remove some minor warnings pointed out by kernel test robot (bsc#
1190317).
o cifs: remove the retry in cifs_poxis_lock_set (bsc#1190317).
o cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#
1190317).
o cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1190317).
o cifs: remove various function description warnings (bsc#1190317).
o cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1190317).
o cifs: retry lookup and readdir when EAGAIN is returned (bsc#1190317).
o cifs: return cached_fid from open_shroot (bsc#1190317).
o cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1190317).
o cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1190317).
o cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#
1190317).
o cifs: store a pointer to the root dentry in cifs_sb_info once we have
completed mounting the share (bsc#1190317).
o cifs: update ctime and mtime during truncate (bsc#1190317).
o cifs: update new ACE pointer after populate_new_aces (bsc#1190317).
o cifs: use echo_interval even when connection not ready (bsc#1190317).
o cifs: use the expiry output of dns_query to schedule next resolution (bsc#
1190317).
o crypto: qat - detect PFVF collision after ACK (git-fixes).
o crypto: qat - disregard spurious PFVF interrupts (git-fixes).
o crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
o ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
o ext4: fix reserved space counter leakage (bsc#1191450).
o fs, mm: fix race in unlinking swapfile (bsc#1191455).
o fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs (bsc#1191500).
o ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
o gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
o gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
o gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
(git-fixes).
o gianfar: simplify FCS handling and fix memory leak (git-fixes).
o icmpv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
o ipc: remove memcg accounting for sops objects in do_semtimedop()
o ipv4: fix race condition between route lookup and invalidation (bsc#
1190397).
o ipv6/netfilter: Discard first fragment not including all headers (bsc#
1191241).
o ipv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
o kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
(bsc#1191713).
o kernel/locking/mutex.c: remove caller signal_pending branch predictions
(bsc#1050549).
o lib: iov_iter_fault_in_readable() should do nothing in xarray case (bsc#
1191579).
o locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
(git-fixes).
o locking/pvqspinlock/x86: Use LOCK_PREFIX in __pv_queued_spin_unlock()
assembly code (bsc#1050549).
o net: cdc_eem: fix tx fixup skb leak (git-fixes).
o net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
o net: cdc_ncm: use tasklet_init() for tasklet_struct init (git-fixes).
o net: hso: add failure handler for add_net_device (git-fixes).
o net: hso: fix NULL-deref on disconnect regression (git-fixes).
o net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
o net: hso: remove redundant unused variable dev (git-fixes).
o net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
o net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#
1191801).
o net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
o net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
(git-fixes).
o net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
o net_sched: cls_route: remove the right filter from hashtable
(networking-stable-20_03_28).
o netfilter: Drop fragmented ndisc packets assembled in netfilter
(git-fixes).
o ocfs2: Fix data corruption after conversion from inline format (bsc#
1190795).
o ocfs2: Fix data corruption on truncate (bsc#1190795).
o ocfs2: do not zero pages beyond i_size (bsc#1190795).
o ocfs2: drop acl cache for directories too (bsc#1191667).
o powerpc/64s: Fix crashes when toggling entry flush barrier
o powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
o powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
o powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
o powerpc/lib: Fix emulate_step() std test (bsc#1065729).
o powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
git-fixes).
o powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#
1085030 git-fixes).
o pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
o s390x: Turn off CONFIG_NUMA_EMU (jsc#SLE-11600).
o scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
o scsi: lpfc: Allow fabric node recovery if recovery is in progress before
devloss (bsc#1192145).
o scsi: lpfc: Correct sysfs reporting of loop support after SFP status change
(bsc#1192145).
o scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#
1192145).
o scsi: lpfc: Fix link down processing to address NULL pointer dereference
(bsc#1192145).
o scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#
1191349).
o scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
o scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
o scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
o scsi: lpfc: Wait for successful restart of SLI3 adapter during host
sg_reset (bsc#1192145).
o scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
o scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
o scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
o scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
o scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
o scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
o scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
o scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
o scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#
1190941).
o scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#
1190941).
o scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#
1190941).
o scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
o scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
o scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
o scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
o scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
o scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
o scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
o scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
o scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#
1190941).
o scsi: qla2xxx: Fix port type info (bsc#1190941).
o scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
o scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
o scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#
1190941).
o scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
o scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
o scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#
1190941).
o scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
o scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
o scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#
1190941).
o scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
o scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
o scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
o scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
o scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#
1190941).
o scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
o scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#
1190941).
o scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
o scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
o scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
o scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
o scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
o scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
o sctp: fully initialize v4 addr in some functions (bsc#1188563).
o selinux: fix error initialization in inode_doinit_with_dentry()
(git-fixes).
o selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
(git-fxes).
o smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1190317).
o smb3: Add debug message for new file creation with idsfromsid mount option
(bsc#1190317).
o smb3: Add new parm "nodelete" (bsc#1190317).
o smb3: Avoid Mid pending list corruption (bsc#1190317).
o smb3: Call cifs reconnect from demultiplex thread (bsc#1190317).
o smb3: Handle error case during offload read path (bsc#1190317).
o smb3: add indatalen that can be a non-zero value to calculation of credit
charge in smb2 ioctl (bsc#1190317).
o smb3: add some missing definitions from MS-FSCC (bsc#1190317).
o smb3: allow uid and gid owners to be set on create with idsfromsid mount
option (bsc#1190317).
o smb3: do not try to cache root directory if dir leases not supported (bsc#
1190317).
o smb3: fix access denied on change notify request to some servers (bsc#
1190317).
o smb3: fix cached file size problems in duplicate extents (reflink) (bsc#
1190317).
o smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
(bsc#1190317).
o smb3: fix possible access to uninitialized pointer to DACL (bsc#1190317).
o smb3: fix stat when special device file and mounted with modefromsid (bsc#
1190317).
o smb3: fix unneeded error message on change notify (bsc#1190317).
o smb3: limit noisy error (bsc#1190317).
o smb3: minor update to compression header definitions (bsc#1190317).
o smb3: prevent races updating CurrentMid (bsc#1190317).
o smb3: rc uninitialized in one fallocate path (bsc#1190317).
o smb3: remove static checker warning (bsc#1190317).
o tcp/dccp: fix possible race __inet_lookup_established() (bsc#1180624).
o tpm: ibmvtpm: Avoid error message when process gets signal while waiting
(bsc#1065729).
o uapi: nfnetlink_cthelper.h: fix userspace compilation error (git-fixes).
o update structure definitions from updated protocol documentation (bsc#
1190317).
o usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
o usb: hso: fix error handling code of hso_create_net_device (git-fixes).
o usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
o usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
o usb: xhci: dbc: Simplify error handling in 'xhci_dbc_alloc_requests()'
(git-fixes).
o usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in
'xhci_dbc_alloc_requests()' (git-fixes).
o x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#
1114648).
o x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
(bsc#1114648).
o xen: fix setting of max_pfn in shared_info (git-fixes).
o xen: reset legacy rtc flag for PV domU (git-fixes).
o xfs: Fixed non-directory creation in SGID directories introduced by
CVE-2018-13405 patch (bsc#1190006).
o xfs: always honor OWN_UNKNOWN rmap removal requests (bsc#1191500).
o xfs: convert growfs AG header init to use buffer lists (bsc#1191500).
o xfs: factor ag btree root block initialisation (bsc#1191500).
o xfs: factor out AG header initialisation from growfs core (bsc#1191500).
o xfs: fix check on struct_version for versions 4 or greater (bsc#1191500,
git-fixes).
o xfs: fix string handling in label get/set functions (bsc#1191500,
git-fixes).
o xfs: hoist xfs_fs_geometry to libxfs (bsc#1191500).
o xfs: implement online get/set fs label (bsc#1191500).
o xfs: make imaxpct changes in growfs separate (bsc#1191500).
o xfs: move growfs core to libxfs (bsc#1191500).
o xfs: one-shot cached buffers (bsc#1191500).
o xfs: refactor the geometry structure filling function (bsc#1191500).
o xfs: rework secondary superblock updates in growfs (bsc#1191500).
o xfs: separate secondary sb update in growfs (bsc#1191500).
o xfs: turn ag header initialisation into a table driven operation (bsc#
1191500).
o xfs: xfs_fsops: drop useless LIST_HEAD (bsc#1191500, git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3748=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3748=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3748=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3748=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3748=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.98.1
kernel-default-debugsource-4.12.14-122.98.1
kernel-default-extra-4.12.14-122.98.1
kernel-default-extra-debuginfo-4.12.14-122.98.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.98.1
kernel-obs-build-debugsource-4.12.14-122.98.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.98.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.98.1
kernel-default-base-4.12.14-122.98.1
kernel-default-base-debuginfo-4.12.14-122.98.1
kernel-default-debuginfo-4.12.14-122.98.1
kernel-default-debugsource-4.12.14-122.98.1
kernel-default-devel-4.12.14-122.98.1
kernel-syms-4.12.14-122.98.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.98.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.98.1
kernel-macros-4.12.14-122.98.1
kernel-source-4.12.14-122.98.1
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.98.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.98.1
kernel-default-debugsource-4.12.14-122.98.1
kernel-default-kgraft-4.12.14-122.98.1
kernel-default-kgraft-devel-4.12.14-122.98.1
kgraft-patch-4_12_14-122_98-default-1-8.7.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.98.1
cluster-md-kmp-default-debuginfo-4.12.14-122.98.1
dlm-kmp-default-4.12.14-122.98.1
dlm-kmp-default-debuginfo-4.12.14-122.98.1
gfs2-kmp-default-4.12.14-122.98.1
gfs2-kmp-default-debuginfo-4.12.14-122.98.1
kernel-default-debuginfo-4.12.14-122.98.1
kernel-default-debugsource-4.12.14-122.98.1
ocfs2-kmp-default-4.12.14-122.98.1
ocfs2-kmp-default-debuginfo-4.12.14-122.98.1
References:
o https://www.suse.com/security/cve/CVE-2018-13405.html
o https://www.suse.com/security/cve/CVE-2021-33033.html
o https://www.suse.com/security/cve/CVE-2021-34556.html
o https://www.suse.com/security/cve/CVE-2021-3542.html
o https://www.suse.com/security/cve/CVE-2021-35477.html
o https://www.suse.com/security/cve/CVE-2021-3655.html
o https://www.suse.com/security/cve/CVE-2021-3715.html
o https://www.suse.com/security/cve/CVE-2021-37159.html
o https://www.suse.com/security/cve/CVE-2021-3760.html
o https://www.suse.com/security/cve/CVE-2021-41864.html
o https://www.suse.com/security/cve/CVE-2021-42008.html
o https://www.suse.com/security/cve/CVE-2021-42252.html
o https://www.suse.com/security/cve/CVE-2021-42739.html
o https://bugzilla.suse.com/1050549
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1085030
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1180624
o https://bugzilla.suse.com/1184673
o https://bugzilla.suse.com/1186063
o https://bugzilla.suse.com/1186109
o https://bugzilla.suse.com/1188563
o https://bugzilla.suse.com/1188601
o https://bugzilla.suse.com/1188983
o https://bugzilla.suse.com/1188985
o https://bugzilla.suse.com/1190006
o https://bugzilla.suse.com/1190067
o https://bugzilla.suse.com/1190317
o https://bugzilla.suse.com/1190349
o https://bugzilla.suse.com/1190397
o https://bugzilla.suse.com/1190479
o https://bugzilla.suse.com/1190620
o https://bugzilla.suse.com/1190795
o https://bugzilla.suse.com/1190941
o https://bugzilla.suse.com/1191241
o https://bugzilla.suse.com/1191315
o https://bugzilla.suse.com/1191317
o https://bugzilla.suse.com/1191349
o https://bugzilla.suse.com/1191450
o https://bugzilla.suse.com/1191452
o https://bugzilla.suse.com/1191455
o https://bugzilla.suse.com/1191500
o https://bugzilla.suse.com/1191579
o https://bugzilla.suse.com/1191628
o https://bugzilla.suse.com/1191662
o https://bugzilla.suse.com/1191667
o https://bugzilla.suse.com/1191713
o https://bugzilla.suse.com/1191801
o https://bugzilla.suse.com/1191888
o https://bugzilla.suse.com/1192145
o https://bugzilla.suse.com/1192267
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYZscVuNLKJtyKPYoAQh+dQ//Q3k40eHxy0eez+nlZ2Yd3wy5aShjGOTV
OJdDq3OkHT9ijFRgYk03WjQsP+CISvKrzLaq3onoq/UOEzIVljM87/rkRnI4dNEJ
GVjui0mEeynV2OrV9jQodYSmh98IA2GSo8sQnUN99VfUxjLotz/CyvfFKGGlteMJ
6PMZQ1rsybYqn1IDmhdsLPGhddTkSQYspsBxmaE7Wow5Q3iEWNLZQqD9lDdGPHem
Q/QGxgsnveYyGrIcplR/fMFoyv3fi4h/i6CUSsACheO66bWqYq82w/Wrq7rpZBUY
lj14H6J+wBdtq3PtWH46HLCNKulEucc/HDy9VLd4pCiNr5XduHApWFDLcs3QTdzN
WRvy+Yzo0wTn/ULKcL7PDJa0UQJ7hzPcaVI+cKh4KubSgLQ+/DWkFmLeLT2J/e0O
OX2ALIRG8g4fqC+zY25BOmgXfEUS3jIbbbKWism3BtB/mGhXBc1MWQimnen9tKFj
lZUAE/tzo0enFbKR4EHnVGPZ/GhXNvKzLvcaZXEv3uCz39DPhtcYQPxbdR4mYzYK
eyoRRU5s+voAzm7nR6+bmtZPZzhIlPew5Bojm7Zkqh0YNxTBi5eLriYvna24CFCy
M+lmMKdwfz/Y61zPlxdO4UXZupY5mCIWpH2zyRiWaF0X5R1czn4Ljz4R0D54bwWw
voMg6SHNJog=
=MGjz
-----END PGP SIGNATURE-----