Security update for the Linux RT Kernel

Announcement ID:	SUSE-SU-2021:3978-1
Rating:	important
References:	bsc#1094840 bsc#1133021 bsc#1152489 bsc#1153275 bsc#1169263 bsc#1169514 bsc#1170269 bsc#1176940 bsc#1179599 bsc#1188601 bsc#1190523 bsc#1190795 bsc#1191790 bsc#1191851 bsc#1191958 bsc#1191961 bsc#1191980 bsc#1192045 bsc#1192229 bsc#1192273 bsc#1192328 bsc#1192718 bsc#1192740 bsc#1192745 bsc#1192750 bsc#1192753 bsc#1192781 bsc#1192802 bsc#1192896 bsc#1192906 bsc#1192918 bsc#1192987 bsc#1192998 bsc#1193002 jsc#SLE-22573
Cross-References:	CVE-2020-27820 CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-43389
CVSS scores:	CVE-2020-27820 ( SUSE ): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2020-27820 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0941 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0941 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20322 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-20322 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 ( SUSE ): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-37159 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37159 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43389 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Real Time 15 SP2 SUSE Real Time Module 15-SP2

An update that solves seven vulnerabilities, contains one feature and has 27 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)

You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)

• CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
• CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
• CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
• CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961).
• CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
• CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
• CVE-2020-27820: Fixed a use-after-free in nouveau's postclose() handler that could have happened during device or driver removal (bnc#1179599).

The following non-security bugs were fixed:

• ABI: sysfs-kernel-slab: Document some stats (git-fixes).
• ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
• ALSA: ua101: fix division by zero at probe (git-fixes).
• ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
• ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
• ASoC: cs42l42: Correct some register default values (git-fixes).
• ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
• ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
• ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
• ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
• ASoC: rockchip: Use generic dmaengine code (git-fixes).
• ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
• ath10k: fix control-message timeout (git-fixes).
• ath10k: fix division by zero in send path (git-fixes).
• ath10k: fix max antenna gain unit (git-fixes).
• ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
• ath6kl: fix control-message timeout (git-fixes).
• ath6kl: fix division by zero in send path (git-fixes).
• ath9k: Fix potential interrupt storm on queue reset (git-fixes).
• auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
• auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
• auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
• b43: fix a lower bounds test (git-fixes).
• b43legacy: fix a lower bounds test (git-fixes).
• Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
• Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
• bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
• bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
• bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
• bpf: Fix potential race in tail call compatibility check (git-fixes).
• btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
• btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
• btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
• btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
• btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
• btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
• btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
• btrfs: make checksum item extension more efficient (bsc#1193002).
• btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
• cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
• config: disable unprivileged BPF by default (jsc#SLE-22573)
• crypto: caam - disable pkc for non-E SoCs (git-fixes).
• crypto: qat - detect PFVF collision after ACK (git-fixes).
• crypto: qat - disregard spurious PFVF interrupts (git-fixes).
• driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
• drm/amdgpu: fix warning for overflow check (git-fixes).
• drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
• drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
• drm/v3d: fix wait for TMU write combiner flush (git-fixes).
• drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
• EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
• elfcore: fix building with clang (bsc#1169514).
• exfat: fix erroneous discard when clear cluster bit (git-fixes).
• exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
• exfat: properly set s_time_gran (bsc#1192328).
• exfat: truncate atimes to 2s granularity (bsc#1192328).
• firmware/psci: fix application of sizeof to pointer (git-fixes).
• fuse: fix page stealing (bsc#1192718).
• genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
• gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
• gve: Add netif_set_xps_queue call (bsc#1176940).
• gve: Add rx buffer pagecnt bias (bsc#1176940).
• gve: Allow pageflips on larger pages (bsc#1176940).
• gve: DQO: avoid unused variable warnings (bsc#1176940).
• gve: Track RX buffer allocation failures (bsc#1176940).
• HID: u2fzero: clarify error check and length calculations (git-fixes).
• HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
• hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
• hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
• hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
• hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
• ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
• ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
• ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
• ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
• iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
• Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
• Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
• kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
• kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
• KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
• KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
• KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
• KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
• libertas: Fix possible memory leak in probe and disconnect (git-fixes).
• libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
• media: cedrus: Fix SUNXI tile size calculation (git-fixes).
• media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
• media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
• media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
• media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
• media: em28xx: add missing em28xx_close_extension (git-fixes).
• media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
• media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
• media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
• media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
• media: mxl111sf: change mutex_init() location (git-fixes).
• media: radio-wl1273: Avoid card name truncation (git-fixes).
• media: si470x: Avoid card name truncation (git-fixes).
• media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
• media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
• media: tm6000: Avoid card name truncation (git-fixes).
• media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
• media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
• memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
• memstick: avoid out-of-range warning (git-fixes).
• memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
• mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
• mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
• mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
• mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
• mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
• mwifiex: fix division by zero in fw download path (git-fixes).
• mwifiex: Send DELBA requests according to spec (git-fixes).
• net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
• net: mscc: ocelot: fix hardware timestamp dequeue logic.
• net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
• nvme-pci: set min_align_mask (bsc#1191851).
• objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
• ocfs2: do not zero pages beyond i_size (bsc#1190795).
• ocfs2: fix data corruption on truncate (bsc#1190795).
• PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
• PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
• PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
• PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
• PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
• PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
• PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
• PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
• PCI: aardvark: Do not unmask unused interrupts (git-fixes).
• PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
• PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
• PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
• PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
• PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
• PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
• pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
• platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
• power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
• power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
• power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
• power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes).
• printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753).
• printk: handle blank console arguments passed in (bsc#1192753).
• printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
• qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
• r8152: add a helper function about setting EEE (git-fixes).
• r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
• r8152: Disable PLA MCU clock speed down (git-fixes).
• r8152: disable U2P3 for RTL8153B (git-fixes).
• r8152: divide the tx and rx bottom functions (git-fixes).
• r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
• r8152: fix runtime resume for linking change (git-fixes).
• r8152: replace array with linking list for rx information (git-fixes).
• r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
• r8152: saving the settings of EEE (git-fixes).
• r8152: separate the rx buffer size (git-fixes).
• r8152: use alloc_pages for rx buffer (git-fixes).
• regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
• regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
• Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510).
• Revert "platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes" (git-fixes).
• Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" (git-fixes).
• Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (git-fixes).
• Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes).
• rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
• rsi: fix control-message timeout (git-fixes).
• rsi: Fix module dev_oper_mode parameter description (git-fixes).
• rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
• rtl8187: fix control-message timeouts (git-fixes).
• s390/qeth: fix deadlock during failing recovery (git-fixes).
• s390/qeth: Fix deadlock in remove_discipline (git-fixes).
• s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
• scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
• scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
• scsi: core: Fix spelling in a source code comment (git-fixes).
• scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
• scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
• scsi: dc395: Fix error case unwinding (git-fixes).
• scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
• scsi: FlashPoint: Rename si_flags field (git-fixes).
• scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
• scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
• scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
• scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
• scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
• scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
• scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
• scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
• scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
• scsi: snic: Fix an error message (git-fixes).
• scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
• scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
• serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
• serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
• staging: r8712u: fix control-message timeout (git-fixes).
• staging: rtl8192u: fix control-message timeouts (git-fixes).
• stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
• swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
• swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
• swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
• swiotlb: factor out a nr_slots helper (bsc#1191851).
• swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
• swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
• swiotlb: respect min_align_mask (bsc#1191851).
• swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
• tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
• tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
• Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
• usb: gadget: hid: fix error code in do_config() (git-fixes).
• usb: iowarrior: fix control-message timeouts (git-fixes).
• usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
• usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
• usb: serial: keyspan: fix memleak on probe errors (git-fixes).
• usbnet: fix error return code in usbnet_probe() (git-fixes).
• usbnet: sanity check for maxpacket (git-fixes).
• video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
• virtio-gpu: fix possible memory allocation failure (git-fixes).
• wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
• wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
• wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
• x86/ioapic: Force affinity setup before startup (bsc#1152489).
• x86/msi: Force affinity setup before startup (bsc#1152489).
• x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
• x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
• xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
• xen: Fix implicit type conversion (git-fixes).
• xfs: do not allow log writes if the data device is readonly (bsc#1192229).
• zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
• zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
• zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
• zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Real Time Module 15-SP2
  zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-3978=1
• SUSE Linux Enterprise Micro 5.0
  zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3978=1

Package List:

• SUSE Real Time Module 15-SP2 (x86_64)
  • kernel-rt_debug-devel-debuginfo-5.3.18-62.3
  • kernel-rt_debug-debugsource-5.3.18-62.3
  • gfs2-kmp-rt-debuginfo-5.3.18-62.2
  • kernel-rt_debug-devel-5.3.18-62.3
  • kernel-syms-rt-5.3.18-62.1
  • kernel-rt-debugsource-5.3.18-62.2
  • dlm-kmp-rt-5.3.18-62.2
  • kernel-rt-debuginfo-5.3.18-62.2
  • kernel-rt-devel-5.3.18-62.2
  • kernel-rt-devel-debuginfo-5.3.18-62.2
  • kernel-rt_debug-debuginfo-5.3.18-62.3
  • ocfs2-kmp-rt-5.3.18-62.2
  • cluster-md-kmp-rt-debuginfo-5.3.18-62.2
  • cluster-md-kmp-rt-5.3.18-62.2
  • ocfs2-kmp-rt-debuginfo-5.3.18-62.2
  • gfs2-kmp-rt-5.3.18-62.2
  • dlm-kmp-rt-debuginfo-5.3.18-62.2
• SUSE Real Time Module 15-SP2 (noarch)
  • kernel-devel-rt-5.3.18-62.3
  • kernel-source-rt-5.3.18-62.3
• SUSE Real Time Module 15-SP2 (nosrc x86_64)
  • kernel-rt_debug-5.3.18-62.3
  • kernel-rt-5.3.18-62.2
• SUSE Linux Enterprise Micro 5.0 (nosrc x86_64)
  • kernel-rt-5.3.18-62.2
• SUSE Linux Enterprise Micro 5.0 (x86_64)
  • kernel-rt-debugsource-5.3.18-62.2
  • kernel-rt-debuginfo-5.3.18-62.2

References:

• https://www.suse.com/security/cve/CVE-2020-27820.html
• https://www.suse.com/security/cve/CVE-2021-0941.html
• https://www.suse.com/security/cve/CVE-2021-20322.html
• https://www.suse.com/security/cve/CVE-2021-31916.html
• https://www.suse.com/security/cve/CVE-2021-34981.html
• https://www.suse.com/security/cve/CVE-2021-37159.html
• https://www.suse.com/security/cve/CVE-2021-43389.html
• https://bugzilla.suse.com/show_bug.cgi?id=1094840
• https://bugzilla.suse.com/show_bug.cgi?id=1133021
• https://bugzilla.suse.com/show_bug.cgi?id=1152489
• https://bugzilla.suse.com/show_bug.cgi?id=1153275
• https://bugzilla.suse.com/show_bug.cgi?id=1169263
• https://bugzilla.suse.com/show_bug.cgi?id=1169514
• https://bugzilla.suse.com/show_bug.cgi?id=1170269
• https://bugzilla.suse.com/show_bug.cgi?id=1176940
• https://bugzilla.suse.com/show_bug.cgi?id=1179599
• https://bugzilla.suse.com/show_bug.cgi?id=1188601
• https://bugzilla.suse.com/show_bug.cgi?id=1190523
• https://bugzilla.suse.com/show_bug.cgi?id=1190795
• https://bugzilla.suse.com/show_bug.cgi?id=1191790
• https://bugzilla.suse.com/show_bug.cgi?id=1191851
• https://bugzilla.suse.com/show_bug.cgi?id=1191958
• https://bugzilla.suse.com/show_bug.cgi?id=1191961
• https://bugzilla.suse.com/show_bug.cgi?id=1191980
• https://bugzilla.suse.com/show_bug.cgi?id=1192045
• https://bugzilla.suse.com/show_bug.cgi?id=1192229
• https://bugzilla.suse.com/show_bug.cgi?id=1192273
• https://bugzilla.suse.com/show_bug.cgi?id=1192328
• https://bugzilla.suse.com/show_bug.cgi?id=1192718
• https://bugzilla.suse.com/show_bug.cgi?id=1192740
• https://bugzilla.suse.com/show_bug.cgi?id=1192745
• https://bugzilla.suse.com/show_bug.cgi?id=1192750
• https://bugzilla.suse.com/show_bug.cgi?id=1192753
• https://bugzilla.suse.com/show_bug.cgi?id=1192781
• https://bugzilla.suse.com/show_bug.cgi?id=1192802
• https://bugzilla.suse.com/show_bug.cgi?id=1192896
• https://bugzilla.suse.com/show_bug.cgi?id=1192906
• https://bugzilla.suse.com/show_bug.cgi?id=1192918
• https://bugzilla.suse.com/show_bug.cgi?id=1192987
• https://bugzilla.suse.com/show_bug.cgi?id=1192998
• https://bugzilla.suse.com/show_bug.cgi?id=1193002
• https://jira.suse.com/browse/SLE-22573