Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:3754-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2021-3542 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3655 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-3655 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-3715 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3715 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3760 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3760 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3772 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3772 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2021-3896 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-41864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-41864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-42008 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-42008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-42252 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-42252 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-42739 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-42739 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-43056 ( SUSE ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2021-43056 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • Basesystem Module 15-SP2
  • Development Tools Module 15-SP2
  • Legacy Module 15-SP2
  • SUSE Linux Enterprise Desktop 15 SP2
  • SUSE Linux Enterprise High Availability Extension 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise Live Patching 15-SP2
  • SUSE Linux Enterprise Micro 5.0
  • SUSE Linux Enterprise Real Time 15 SP2
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Linux Enterprise Workstation Extension 15 SP2
  • SUSE Manager Proxy 4.1
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1

An update that solves 11 vulnerabilities and has 37 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
  • CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
  • CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
  • CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
  • CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
  • CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
  • CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
  • CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
  • CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
  • CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
  • CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).

The following non-security bugs were fixed:

  • ACPI: bgrt: Fix CFI violation (git-fixes).
  • ACPI: fix NULL pointer dereference (git-fixes).
  • ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
  • ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
  • ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
  • ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
  • ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
  • ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
  • ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
  • ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
  • ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
  • ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
  • ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
  • Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
  • HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
  • HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
  • HID: u2fzero: ignore incomplete packets without data (git-fixes).
  • HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
  • HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
  • ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
  • IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
  • Input: snvs_pwrkey - add clk handling (git-fixes).
  • Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
  • KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
  • KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
  • KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
  • KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
  • KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
  • KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
  • NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
  • NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
  • NFS: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself (bsc#1191628 bsc#1192549).
  • NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
  • PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
  • USB: cdc-acm: clean up probe error labels (git-fixes).
  • USB: cdc-acm: fix minor-number release (git-fixes).
  • USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
  • USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
  • USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
  • USB: serial: qcserial: add EM9191 QDL support (git-fixes).
  • USB: xhci: dbc: fix tty registration race (git-fixes).
  • acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
  • ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
  • ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
  • audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
  • bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
  • blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
  • blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
  • block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
  • bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
  • bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
  • bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
  • bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
  • can: dev: can_restart: fix use after free bug (git-fixes).
  • can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
  • can: peak_usb: fix use after free bugs (git-fixes).
  • can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
  • can: rcar_can: fix suspend/resume (git-fixes).
  • can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
  • can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
  • cb710: avoid NULL pointer subtraction (git-fixes).
  • ceph: fix handling of "meta" errors (bsc#1192041).
  • ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
  • cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
  • drm/amd/display: Pass PCI deviceid into DC (git-fixes).
  • drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
  • drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
  • drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
  • drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
  • drm/nouveau/debugfs: fix file release memory leak (git-fixes).
  • drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
  • e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
  • e100: fix buffer overrun in e100_get_regs (git-fixes).
  • e100: fix length calculation in e100_get_regs_len (git-fixes).
  • e100: handle eeprom as little endian (git-fixes).
  • ext4: fix reserved space counter leakage (bsc#1191450).
  • ext4: report correct st_size for encrypted symlinks (bsc#1191449).
  • fs, mm: fix race in unlinking swapfile (bsc#1191455).
  • fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
  • ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
  • gpio: pca953x: Improve bias setting (git-fixes).
  • gve: Avoid freeing NULL pointer (git-fixes).
  • gve: Correct available tx qpl check (git-fixes).
  • gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
  • gve: fix gve_get_stats() (git-fixes).
  • gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
  • hso: fix bailout in error case of probe (git-fixes).
  • i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
  • i40e: Fix ATR queue selection (git-fixes).
  • i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
  • i40e: fix endless loop under rtnl (git-fixes).
  • iavf: fix double unlock of crit_lock (git-fixes).
  • ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
  • iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
  • iio: adc: aspeed: set driver data when adc probe (git-fixes).
  • iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
  • iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
  • iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
  • iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
  • iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
  • ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
  • ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
  • isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
  • isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
  • ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
  • kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
  • kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
  • kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).")
  • kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
  • lan78xx: select CRC32 (git-fixes).
  • libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
  • mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
  • mac80211: check return value of rhashtable_init (git-fixes).
  • mei: me: add Ice Lake-N device id (git-fixes).
  • mlx5: count all link events (git-fixes).
  • mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
  • mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
  • mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
  • mmc: vub300: fix control-message timeouts (git-fixes).
  • net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
  • net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
  • net/mlx4_en: Resolve bad operstate value (git-fixes).
  • net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
  • net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
  • net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
  • net: batman-adv: fix error handling (git-fixes).
  • net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
  • net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
  • net: cdc_eem: fix tx fixup skb leak (git-fixes).
  • net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
  • net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
  • net: hso: add failure handler for add_net_device (git-fixes).
  • net: hso: fix NULL-deref on disconnect regression (git-fixes).
  • net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
  • net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
  • net: lan78xx: fix division by zero in send path (git-fixes).
  • net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
  • net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
  • netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
  • nfc: fix error handling of nfc_proto_register() (git-fixes).
  • nfc: port100: fix using -ERRNO as command type mask (git-fixes).
  • nvme-fc: avoid race between time out and tear down (bsc#1185762).
  • nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
  • nvme-fc: update hardware queues before using them (bsc#1185762).
  • nvme-pci: Fix abort command id (git-fixes).
  • nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
  • nvme-pci: refactor nvme_unmap_data (bsc#1191934).
  • nvme: add command id quirk for apple controllers (git-fixes).
  • ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
  • pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
  • phy: mdio: fix memory leak (git-fixes).
  • platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
  • platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
  • powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
  • powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
  • powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
  • powerpc/lib: Fix emulate_step() std test (bsc#1065729).
  • powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
  • powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
  • pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
  • ptp_pch: Load module automatically if ID matches (git-fixes).
  • ptp_pch: Restore dependency on PCI (git-fixes).
  • qed: Fix missing error code in qed_slowpath_start() (git-fixes).
  • qed: Handle management FW error (git-fixes).
  • qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
  • regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
  • rpm: fix kmp install path
  • rpm: use _rpmmacrodir (boo#1191384)
  • scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
  • scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
  • scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
  • scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
  • scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
  • scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
  • scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
  • scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
  • scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
  • scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
  • scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
  • scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
  • scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
  • scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
  • scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
  • scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
  • scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
  • scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
  • scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
  • scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
  • scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
  • scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
  • scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
  • scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
  • scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
  • scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
  • scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
  • scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
  • scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
  • scsi: qla2xxx: Fix port type info (bsc#1190941).
  • scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
  • scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
  • scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
  • scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
  • scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
  • scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
  • scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
  • scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
  • scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
  • scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
  • scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
  • scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
  • scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
  • scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
  • scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
  • scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
  • scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
  • scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
  • scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
  • scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
  • scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
  • sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
  • soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
  • spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
  • tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
  • usb: hso: fix error handling code of hso_create_net_device (git-fixes).
  • usb: hso: remove the bailout parameter (git-fixes).
  • usb: musb: dsps: Fix the probe error path (git-fixes).
  • video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
  • virtio: write back F_VERSION_1 before validate (git-fixes).
  • watchdog: orion: use 0 for unset heartbeat (git-fixes).
  • x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
  • x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
  • x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
  • xen: fix setting of max_pfn in shared_info (git-fixes).
  • xen: reset legacy rtc flag for PV domU (git-fixes).
  • xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
  • xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
  • xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
  • xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
  • xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
  • xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
  • xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
  • xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
  • xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3754=1
  • Development Tools Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3754=1
  • Legacy Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3754=1
  • SUSE Linux Enterprise Live Patching 15-SP2
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3754=1
    Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.
  • SUSE Linux Enterprise High Availability Extension 15 SP2
    zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3754=1
  • SUSE Linux Enterprise Workstation Extension 15 SP2
    zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3754=1
  • SUSE Linux Enterprise Micro 5.0
    zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3754=1

Package List:

  • Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-5.3.18-24.93.1
  • Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-5.3.18-24.93.1
    • kernel-default-devel-debuginfo-5.3.18-24.93.1
    • kernel-default-base-5.3.18-24.93.1.9.42.5
    • kernel-default-devel-5.3.18-24.93.1
    • kernel-default-debugsource-5.3.18-24.93.1
  • Basesystem Module 15-SP2 (noarch)
    • kernel-macros-5.3.18-24.93.1
    • kernel-devel-5.3.18-24.93.1
  • Basesystem Module 15-SP2 (aarch64 nosrc x86_64)
    • kernel-preempt-5.3.18-24.93.1
  • Basesystem Module 15-SP2 (aarch64 x86_64)
    • kernel-preempt-debuginfo-5.3.18-24.93.1
    • kernel-preempt-debugsource-5.3.18-24.93.1
  • Development Tools Module 15-SP2 (noarch nosrc)
    • kernel-docs-5.3.18-24.93.1
  • Development Tools Module 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-syms-5.3.18-24.93.1
    • kernel-obs-build-debugsource-5.3.18-24.93.1
    • kernel-obs-build-5.3.18-24.93.1
  • Development Tools Module 15-SP2 (nosrc)
    • kernel-preempt-5.3.18-24.93.1
  • Development Tools Module 15-SP2 (aarch64 x86_64)
    • kernel-preempt-devel-debuginfo-5.3.18-24.93.1
    • kernel-preempt-debuginfo-5.3.18-24.93.1
    • kernel-preempt-devel-5.3.18-24.93.1
    • kernel-preempt-debugsource-5.3.18-24.93.1
  • Development Tools Module 15-SP2 (noarch)
    • kernel-source-5.3.18-24.93.1
  • Legacy Module 15-SP2 (nosrc)
    • kernel-default-5.3.18-24.93.1
  • Legacy Module 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-5.3.18-24.93.1
    • kernel-default-debugsource-5.3.18-24.93.1
    • reiserfs-kmp-default-debuginfo-5.3.18-24.93.1
    • reiserfs-kmp-default-5.3.18-24.93.1
  • SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
    • kernel-default-5.3.18-24.93.1
  • SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
    • kernel-default-debuginfo-5.3.18-24.93.1
    • kernel-default-livepatch-devel-5.3.18-24.93.1
    • kernel-livepatch-5_3_18-24_93-default-debuginfo-1-5.3.5
    • kernel-livepatch-SLE15-SP2_Update_21-debugsource-1-5.3.5
    • kernel-default-livepatch-5.3.18-24.93.1
    • kernel-livepatch-5_3_18-24_93-default-1-5.3.5
    • kernel-default-debugsource-5.3.18-24.93.1
  • SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-5.3.18-24.93.1
    • ocfs2-kmp-default-5.3.18-24.93.1
    • dlm-kmp-default-debuginfo-5.3.18-24.93.1
    • dlm-kmp-default-5.3.18-24.93.1
    • gfs2-kmp-default-debuginfo-5.3.18-24.93.1
    • gfs2-kmp-default-5.3.18-24.93.1
    • cluster-md-kmp-default-debuginfo-5.3.18-24.93.1
    • kernel-default-debugsource-5.3.18-24.93.1
    • ocfs2-kmp-default-debuginfo-5.3.18-24.93.1
    • cluster-md-kmp-default-5.3.18-24.93.1
  • SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
    • kernel-default-5.3.18-24.93.1
  • SUSE Linux Enterprise Workstation Extension 15 SP2 (nosrc)
    • kernel-default-5.3.18-24.93.1
    • kernel-preempt-5.3.18-24.93.1
  • SUSE Linux Enterprise Workstation Extension 15 SP2 (x86_64)
    • kernel-default-debuginfo-5.3.18-24.93.1
    • kernel-default-extra-5.3.18-24.93.1
    • kernel-preempt-extra-5.3.18-24.93.1
    • kernel-preempt-extra-debuginfo-5.3.18-24.93.1
    • kernel-default-debugsource-5.3.18-24.93.1
    • kernel-default-extra-debuginfo-5.3.18-24.93.1
  • SUSE Linux Enterprise Micro 5.0 (aarch64 nosrc x86_64)
    • kernel-default-5.3.18-24.93.1
  • SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64)
    • kernel-default-debuginfo-5.3.18-24.93.1
    • kernel-default-debugsource-5.3.18-24.93.1
    • kernel-default-base-5.3.18-24.93.1.9.42.5

References: