Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:1899-1
Rating:	important
References:	bsc#1064802 bsc#1066129 bsc#1087082 bsc#1101816 bsc#1103992 bsc#1104353 bsc#1104427 bsc#1104745 bsc#1109837 bsc#1113431 bsc#1126390 bsc#1133021 bsc#1152457 bsc#1174682 bsc#1176081 bsc#1177666 bsc#1180552 bsc#1181383 bsc#1182256 bsc#1183738 bsc#1183947 bsc#1184081 bsc#1184082 bsc#1184611 bsc#1184855 bsc#1185428 bsc#1185481 bsc#1185680 bsc#1185703 bsc#1185724 bsc#1185758 bsc#1185827 bsc#1185901 bsc#1185906 bsc#1185938 bsc#1186060 bsc#1186111 bsc#1186390 bsc#1186416 bsc#1186439 bsc#1186441 bsc#1186452 bsc#1186460 bsc#1186498
Cross-References:	CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
CVSS scores:	CVE-2020-24586 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-24586 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-24587 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-24587 ( NVD ): 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-26139 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-26139 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26141 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26141 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-26145 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26145 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-26147 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N CVE-2021-23133 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23133 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32399 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-32399 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33034 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-33034 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33200 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33200 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3491 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3491 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Real Time 12 SP5 SUSE Linux Enterprise Server 12 SP5

An update that solves 12 vulnerabilities and has 32 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
• CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
• CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
• CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
• CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
• CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
• CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
• CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
• CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
• CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
• CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
• CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)

The following non-security bugs were fixed:

• ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
• ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
• ALSA: aloop: Fix initialization of controls (git-fixes).
• ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes).
• ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes).
• ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes).
• ARM: footbridge: fix PCI interrupt mapping (git-fixes).
• ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
• ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
• ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
• Avoid potentially erroneos RST drop (bsc#1183947).
• Do not drop out of segments RST if tcp_be_liberal is set (bsc#1183947).
• Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
• Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
• Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
• EDAC/amd64: Gather hardware information early (bsc#1180552).
• EDAC/amd64: Make struct amd64_family_type global (bsc#1180552).
• EDAC/amd64: Save max number of controllers to family type (bsc#1180552).
• HID: alps: fix error return code in alps_input_configured() (git-fixes).
• HID: plantronics: Workaround for double volume key presses (git-fixes).
• HID: wacom: Assign boolean values to a bool variable (git-fixes).
• HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes).
• Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
• Input: nspire-keypad - enable interrupts only when opened (git-fixes).
• KVM: s390: fix guarded storage control register handling (bsc#1133021).
• NFSv4: Replace closed stateids with the "invalid special stateid" (bsc#1185481).
• PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
• RDMA/hns: Delete redundant condition judgment related to eq (bsc#1104427).
• RDMA/srpt: Fix error return code in srpt_cm_req_recv() (bsc#1103992).
• SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
• USB: serial: fix return value for unsupported ioctls (git-fixes).
• USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
• af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081).
• ata: libahci_platform: fix IRQ check (git-fixes).
• ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes).
• backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
• batman-adv: Do not always reallocate the fragmentation skb head (git-fixes).
• bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes).
• bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (bsc#1104745).
• bpf: Fix masking negation logic upon negative dst register (git-fixes).
• btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).
• btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).
• bus: qcom: Put child node before return (git-fixes).
• cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
• clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
• clk: fix invalid usage of list cursor in register (git-fixes).
• clk: fix invalid usage of list cursor in unregister (git-fixes).
• clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes).
• clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes).
• clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes).
• clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
• clk: uniphier: Fix potential infinite loop (git-fixes).
• cpufreq: Kconfig: fix documentation links (git-fixes).
• cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).
• crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).
• crypto: qat - Fix a double free in adf_create_ring (git-fixes).
• crypto: qat - do not release uninitialized resources (git-fixes).
• crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
• cxgb4: Fix unintentional sign extension issues (bsc#1064802 bsc#1066129).
• dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
• dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
• docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
• docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
• drivers: net: fix memory leak in atusb_probe (git-fixes).
• drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
• drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
• drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
• drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
• drm/omap: fix misleading indentation in pixinc() (git-fixes).
• drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes).
• e1000e: Fix duplicate include guard (git-fixes).
• e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
• e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
• ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (bsc#1113431).
• ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
• genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
• gianfar: Handle error code at MAC address change (git-fixes).
• i2c: cadence: add IRQ check (git-fixes).
• i2c: emev2: add IRQ check (git-fixes).
• i2c: jz4780: add IRQ check (git-fixes).
• i40e: Added Asym_Pause to supported link modes (git-fixes).
• i40e: Fix PHY type identifiers for 2.5G and 5G adapters (jsc#SLE-4797).
• i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
• i40e: Fix use-after-free in i40e_client_subtask() (bsc#1101816 ).
• i40e: fix broken XDP support (git-fixes).
• i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
• i40e: fix the restart auto-negotiation after FEC modified (jsc#SLE-4797).
• ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
• ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
• ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
• ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).
• igb: Fix duplicate include guard (git-fixes).
• igb: check timestamp validity (git-fixes).
• ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855).
• ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes).
• kABI: powerpc/64: add back start_tb and accum_tb to thread_struct.
• kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
• liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes).
• mac80211: bail out if cipher schemes are invalid (git-fixes).
• mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
• macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
• md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
• md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
• md: do not flush workqueue unconditionally in md_open (bsc#1184081).
• md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
• md: md_open returns -EBUSY when entering racing area (bsc#1184081).
• md: split mddev_find (bsc#1184081).
• media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
• media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes).
• media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
• mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes).
• mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
• misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
• misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
• misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes).
• mlxsw: spectrum_mr: Update egress RIF list before route's action (bsc#1112374).
• mm: mempolicy: fix potential pte_unmap_unlock pte error (bsc#1185906).
• mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bsc#1185906).
• mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
• mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
• mt7601u: fix always true expression (git-fixes).
• mtd: require write permissions for locking and badblock ioctls (git-fixes).
• net, xdp: Update pkt_type if generic XDP changes unicast MAC (bsc#1109837).
• net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
• net/mlx4_en: update moderation when config reset (git-fixes).
• net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
• net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081).
• net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
• net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
• net/packet: Remove redundant skb->protocol set (bsc#1176081).
• net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes).
• net: Do not set transport offset to invalid value (bsc#1176081).
• net: Introduce parse_protocol header_ops callback (bsc#1176081).
• net: hns3: Fix for geneve tx checksum bug (bsc#1104353 ).
• net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (bsc#1104353).
• net: hns3: disable phy loopback setting in hclge_mac_start_phy (bsc#1104353).
• net: hns3: fix for vxlan gpe tx checksum bug (bsc#1104353 ).
• net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1104353).
• net: hns3: initialize the message content in hclge_get_link_mode() (bsc#1126390).
• net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1104353).
• net: thunderx: Fix unintentional sign extension issue (git-fixes).
• netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
• netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
• netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
• netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
• netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950).
• nfc: pn533: prevent potential memory corruption (git-fixes).
• nvme-fc: clear q_live at beginning of association teardown (git-fixes).
• nvme-loop: Introduce no merge flag for biovec (bsc#1174682).
• pata_arasan_cf: fix IRQ check (git-fixes).
• pata_ipx4xx_cf: fix IRQ check (git-fixes).
• pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
• phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes).
• pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
• pinctrl: lewisburg: Update number of pins in community (git-fixes).
• platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes).
• powerpc/64: remove start_tb and accum_tb from thread_struct (bsc#1186487 ltc#177613).
• powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).
• powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
• powerpc/pseries: lparcfg calculate PURR on demand (bsc#1186487 ltc#177613).
• regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
• rsxx: remove extraneous 'const' qualifier (git-fixes).
• rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
• rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
• s390/dasd: fix hanging DASD driver unbind (bsc#1183754 LTC#192081).
• s390/dasd: fix hanging IO request during DASD driver unbind (bsc#1183754 LTC#192081).
• s390/entry: save the caller of psw_idle (bsc#1185677).
• s390/kdump: fix out-of-memory with PCI (bsc#1182256 LTC#191375).
• sata_mv: add IRQ checks (git-fixes).
• scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).
• scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).
• scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186452).
• scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186452).
• scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#1186452).
• scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186452).
• scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186452).
• scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186452).
• scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186452).
• scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186452).
• scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186452).
• scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186452).
• scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186452).
• scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186452).
• scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
• smc: disallow TCP_ULP in smc_setsockopt() (bsc#1109837).
• soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes).
• spi: spi-ti-qspi: Free DMA resources (git-fixes).
• staging: rtl8192u: Fix potential infinite loop (git-fixes).
• tcp: fix to update snd_wl1 in bulk receiver fast path (bsc#1185827).
• thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes).
• tracing: Map all PIDs to command lines (git-fixes).
• uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
• uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
• uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).
• uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
• usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
• usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
• usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes).
• usb: xhci: Increase timeout for HC halt (git-fixes).
• video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
• xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
• xsk: Respect device's headroom and tailroom on generic xmit path (bsc#1109837).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time 12 SP5
  zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1899=1

Package List:

• SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
  • cluster-md-kmp-rt-4.12.14-10.46.1
  • dlm-kmp-rt-4.12.14-10.46.1
  • kernel-rt_debug-devel-debuginfo-4.12.14-10.46.1
  • kernel-syms-rt-4.12.14-10.46.1
  • cluster-md-kmp-rt-debuginfo-4.12.14-10.46.1
  • kernel-rt-base-debuginfo-4.12.14-10.46.1
  • kernel-rt_debug-devel-4.12.14-10.46.1
  • dlm-kmp-rt-debuginfo-4.12.14-10.46.1
  • kernel-rt-devel-debuginfo-4.12.14-10.46.1
  • kernel-rt-debugsource-4.12.14-10.46.1
  • kernel-rt_debug-debugsource-4.12.14-10.46.1
  • ocfs2-kmp-rt-4.12.14-10.46.1
  • kernel-rt_debug-debuginfo-4.12.14-10.46.1
  • ocfs2-kmp-rt-debuginfo-4.12.14-10.46.1
  • kernel-rt-base-4.12.14-10.46.1
  • gfs2-kmp-rt-debuginfo-4.12.14-10.46.1
  • kernel-rt-debuginfo-4.12.14-10.46.1
  • gfs2-kmp-rt-4.12.14-10.46.1
  • kernel-rt-devel-4.12.14-10.46.1
• SUSE Linux Enterprise Real Time 12 SP5 (noarch)
  • kernel-devel-rt-4.12.14-10.46.1
  • kernel-source-rt-4.12.14-10.46.1
• SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
  • kernel-rt_debug-4.12.14-10.46.1
  • kernel-rt-4.12.14-10.46.1

References:

• https://www.suse.com/security/cve/CVE-2020-24586.html
• https://www.suse.com/security/cve/CVE-2020-24587.html
• https://www.suse.com/security/cve/CVE-2020-26139.html
• https://www.suse.com/security/cve/CVE-2020-26141.html
• https://www.suse.com/security/cve/CVE-2020-26145.html
• https://www.suse.com/security/cve/CVE-2020-26147.html
• https://www.suse.com/security/cve/CVE-2021-23133.html
• https://www.suse.com/security/cve/CVE-2021-23134.html
• https://www.suse.com/security/cve/CVE-2021-32399.html
• https://www.suse.com/security/cve/CVE-2021-33034.html
• https://www.suse.com/security/cve/CVE-2021-33200.html
• https://www.suse.com/security/cve/CVE-2021-3491.html
• https://bugzilla.suse.com/show_bug.cgi?id=1064802
• https://bugzilla.suse.com/show_bug.cgi?id=1066129
• https://bugzilla.suse.com/show_bug.cgi?id=1087082
• https://bugzilla.suse.com/show_bug.cgi?id=1101816
• https://bugzilla.suse.com/show_bug.cgi?id=1103992
• https://bugzilla.suse.com/show_bug.cgi?id=1104353
• https://bugzilla.suse.com/show_bug.cgi?id=1104427
• https://bugzilla.suse.com/show_bug.cgi?id=1104745
• https://bugzilla.suse.com/show_bug.cgi?id=1109837
• https://bugzilla.suse.com/show_bug.cgi?id=1113431
• https://bugzilla.suse.com/show_bug.cgi?id=1126390
• https://bugzilla.suse.com/show_bug.cgi?id=1133021
• https://bugzilla.suse.com/show_bug.cgi?id=1152457
• https://bugzilla.suse.com/show_bug.cgi?id=1174682
• https://bugzilla.suse.com/show_bug.cgi?id=1176081
• https://bugzilla.suse.com/show_bug.cgi?id=1177666
• https://bugzilla.suse.com/show_bug.cgi?id=1180552
• https://bugzilla.suse.com/show_bug.cgi?id=1181383
• https://bugzilla.suse.com/show_bug.cgi?id=1182256
• https://bugzilla.suse.com/show_bug.cgi?id=1183738
• https://bugzilla.suse.com/show_bug.cgi?id=1183947
• https://bugzilla.suse.com/show_bug.cgi?id=1184081
• https://bugzilla.suse.com/show_bug.cgi?id=1184082
• https://bugzilla.suse.com/show_bug.cgi?id=1184611
• https://bugzilla.suse.com/show_bug.cgi?id=1184855
• https://bugzilla.suse.com/show_bug.cgi?id=1185428
• https://bugzilla.suse.com/show_bug.cgi?id=1185481
• https://bugzilla.suse.com/show_bug.cgi?id=1185680
• https://bugzilla.suse.com/show_bug.cgi?id=1185703
• https://bugzilla.suse.com/show_bug.cgi?id=1185724
• https://bugzilla.suse.com/show_bug.cgi?id=1185758
• https://bugzilla.suse.com/show_bug.cgi?id=1185827
• https://bugzilla.suse.com/show_bug.cgi?id=1185901
• https://bugzilla.suse.com/show_bug.cgi?id=1185906
• https://bugzilla.suse.com/show_bug.cgi?id=1185938
• https://bugzilla.suse.com/show_bug.cgi?id=1186060
• https://bugzilla.suse.com/show_bug.cgi?id=1186111
• https://bugzilla.suse.com/show_bug.cgi?id=1186390
• https://bugzilla.suse.com/show_bug.cgi?id=1186416
• https://bugzilla.suse.com/show_bug.cgi?id=1186439
• https://bugzilla.suse.com/show_bug.cgi?id=1186441
• https://bugzilla.suse.com/show_bug.cgi?id=1186452
• https://bugzilla.suse.com/show_bug.cgi?id=1186460
• https://bugzilla.suse.com/show_bug.cgi?id=1186498