SUSE 5144 Published by

A Linux Kernel security update has been released for openSUSE Leap 15.2



openSUSE-SU-2021:1142-1: important: Security update for the Linux Kernel


openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:1142-1
Rating: important
References: #1065729 #1085224 #1094840 #1113295 #1153274
#1154353 #1156395 #1179243 #1183871 #1184114
#1184350 #1184631 #1185377 #1185902 #1186194
#1186264 #1186482 #1187476 #1188101 #1188405
#1188445 #1188504 #1188620 #1188683 #1188746
#1188747 #1188748 #1188770 #1188771 #1188772
#1188773 #1188774 #1188777 #1188780 #1188781
#1188782 #1188783 #1188784 #1188786 #1188787
#1188788 #1188790 #1188838 #1188842 #1188876
#1188885 #1188973 #1189021 #1189057 #1189077
#802154
Cross-References: CVE-2021-21781 CVE-2021-22543 CVE-2021-3659
CVE-2021-3679 CVE-2021-37576
CVSS scores:
CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 46 fixes is
now available.

Description:


The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module
functionality was found in the way user uses trace ring buffer in a
specific way. Only privileged local users (with CAP_SYS_ADMIN
capability) could use this flaw to starve the resources causing denial
of service (bnc#1189057).
- CVE-2021-3659: Fix general protection fault via NULL pointer dereference
in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform
allowed KVM guest OS users to cause host OS memory corruption via
rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1188842).
- CVE-2021-22543: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in
KVM could bypass RO checks and can lead to pages being freed while still
accessible by the VMM and guest. This allowed users with the ability to
start and control a VM to read/write random pages of memory and can
result in local privilege escalation (bnc#1186482).
- CVE-2021-21781: A SIGPAGE information disclosure vulnerability on ARM
was fixed (bsc#1188445).

The following non-security bugs were fixed:

- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256)
(git-fixes).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
(git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
(git-fixes).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
(git-fixes).
- ALSA: usx2y: Do not call free_pages_exact() with NULL address
(git-fixes).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20
characters (git-fixes).
- ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
- ASoC: soc-core: Fix the error return code in
snd_soc_of_parse_audio_routing() (git-fixes).
- backlight: lm3630a: Fix return code of .update_status() callback
(git-fixes).
- bcache: avoid oversized read request in cache missing code path
(bsc#1184631).
- bcache: remove bcache device self-defined readahead (bsc#1184631).
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
(git-fixes).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371
bsc#1153274).
- bnxt_en: do not disable an already disabled PCI device (git-fixes).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371
bsc#1153274).
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
(bsc#1154353).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: fix deadlock with concurrent chunk allocations involving system
chunks (bsc#1189077).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
- btrfs: rework chunk allocation to avoid exhaustion of the system chunk
array (bsc#1189077).
- cadence: force nonlinear buffers to be cloned (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: esd_usb2: fix memory leak (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma initialization
(git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- ceph: do not WARN if we're still opening a session to an MDS
(bsc#1188748).
- cfg80211: Fix possible memory leak in function cfg80211_bss_update
(git-fixes).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending
(git-fixes).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: Remove unused inline function is_sysvol_or_netlogon()
(bsc#1185902).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes).
- drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- Drop media rtl28xxu fix patch (bsc#1188683)
- e1000e: Check the PCIm state (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
(git-fixes).
- firmware: arm_scmi: Fix range check for the maximum number of pending
messages (git-fixes).
- firmware/efi: Tell memblock about EFI iomem reservations (git-fixes).
- gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
- gpio: tqmx86: really make IRQ optional (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- i2c: core: Disable client irq on reboot/shutdown (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
- ibmvnic: retry reset if there are no other resets (bsc#1184350
ltc#191533).
- ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency
(jsc#SLE-7926).
- igb: Check if num of q_vectors is smaller than max before array access
(git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- igb: Fix position of assignment to *ring (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- igc: change default return of igc_read_phy_reg() (git-fixes).
- igc: Fix an error handling path in 'igc_probe()' (git-fixes).
- igc: Fix use-after-free error during reset (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- iio: gyro: fxa21002c: Balance runtime pm + use
pm_runtime_resume_and_get() (git-fixes).
- iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
(git-fixes).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
(git-fixes).
- Input: ili210x - add missing negation for touch indication on ili210x
(git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes).
- ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
- kabi fix for NFSv4.1: Do not rebind to the same source port when
reconnecting to the server (bnc#1186264 bnc#1189021)
- kvm: i8254: remove redundant assignment to pointer s (bsc#1188770).
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw
disabled (bsc#1188771).
- kvm: LAPIC: Restore guard to prevent illegal APIC register access
(bsc#1188772).
- KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
(bsc#1188773).
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774).
- KVM: nVMX: Preserve exception priority irrespective of exiting behavior
(bsc#1188777).
- KVM: nVMX: Really make emulated nested preemption timer pinned
(bsc#1188780).
- KVM: nVMX: Reset the segment cache when stuffing guest segs
(bsc#1188781).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
(bsc#1188782).
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
(bsc#1188783).
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
(bsc#1188784).
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
- KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path
(bsc#1188788).
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds
(git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift of u16
(git-fixes).
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
(git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
- mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
- misc: alcor_pci: fix inverted branch condition (git-fixes).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
(git-fixes).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one
(git-fixes).
- Move upstreamed patches to sorted section
- mt76: mt7603: set 0 as min coverage_class value (git-fixes).
- mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes).
- mt76: mt7615: increase MCU command timeout (git-fixes).
- mt76: set dma-done flag for flushed descriptors (git-fixes).
- mvpp2: suppress warning (git-fixes).
- net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext
(git-fixes).
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
- net: hns3: Clear the CMDQ registers before unmapping BAR region
(git-fixes).
- net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
- net: marvell: Fix OF_MDIO config check (git-fixes).
- net/mlx5: Do not fail driver on failure to create debugfs (git-fixes).
- net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes).
- net/mlx5: Properly convey driver version to firmware (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
- net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx
phy (git-fixes).
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
- net: wilc1000: clean up resource in error path of init mon interface
(git-fixes).
- nfc: nfcsim: fix use after free during module unload (git-fixes).
- NFSv4.1: Do not rebind to the same source port when (bnc#1186264
bnc#1189021)
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
- platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command
(git-fixes).
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when
using s2idle (git-fixes).
- platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip
(git-fixes).
- platform/x86: intel_int0002_vgpio: Remove dev_err() usage after
platform_get_irq() (git-fixes).
- platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes).
- powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h
(bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
_setup_security_mitigations (bsc#1188885 ltc#193722).
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
- powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
- powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295,
git-fixes).
- powerpc/pesries: Get STF barrier requirement from
H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: add new branch prediction security bits for link stack
(bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885
ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits from
H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier (bsc#1188885
ltc#193722).
- powerpc/security: Allow for processors that flush the link stack using
the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush type enum
(bsc#1188885 ltc#193722).
- powerpc/security: Fix link stack flush instruction (bsc#1188885
ltc#193722).
- powerpc/security: make display of branch cache flush more consistent
(bsc#1188885 ltc#193722).
- powerpc/security: re-name count cache flush to branch cache flush
(bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code patching
(bsc#1188885 ltc#193722).
- powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
(bsc#1156395).
- powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
(git-fixes).
- power: supply: max17042: Do not enforce (incorrect) interrupt trigger
type (git-fixes).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
(git-fixes).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes).
- pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
- pwm: imx1: Do not disable clocks at device remove time (git-fixes).
- pwm: spear: Do not modify HW state in .remove callback (git-fixes).
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes).
- rbd: always kick acquire on "acquired" and "released" notifications
(bsc#1188746).
- rbd: do not hold lock_rwsem while running_list is being drained
(bsc#1188747).
- RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449).
- RDMA/cma: Protect RMW with qp_mutex (git-fixes).
- regulator: hi6421: Fix getting wrong drvdata (git-fixes).
- regulator: hi6421: Use correct variable type for regmap api val argument
(git-fixes).
- replaced with upstream security mitigation cleanup
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
- Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes).
- Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes).
- Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
(git-fixes).
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
(git-fixes).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
- scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
- sfp: Fix error handing in sfp_probe() (git-fixes).
- soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
- spi: cadence: Correct initialisation of runtime PM again (git-fixes).
- spi: imx: add a check for speed_hz before calculating the clock
(git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes).
- SUNRPC: prevent port reuse on transports which do not request it
(bnc#1186264 bnc#1189021).
- thermal/core: Correct function name thermal_zone_device_unregister()
(git-fixes).
- tracing: Do not reference char * as a string in histograms (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
(git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
zero (git-fixes).
- Update
patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch
(jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620
ltc#192221).
- Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch
(bsc#1085224 ltc#164363 bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-parenthesize-a-check.patch (bsc#1184114
ltc#192237 bsc#1183871 ltc#192139 git-fixes bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch
(bsc#1094840 ltc#167098 bsc#1188620 ltc#192221).
- Update
patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
(bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
(git-fixes).
- usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes).
- usb: gadget: hid: fix error return code in hid_bind() (git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
(git-fixes).
- usb: hub: Fix link power management max exit latency (MEL) calculations
(git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
(git-fixes).
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
- uuid: Add inline helpers to import / export UUIDs (bsc#1113295,
git-fixes).
- virtio_console: Assure used length from device is limited (git-fixes).
- virtio_net: move tx vq operation under tx queue lock (git-fixes).
- vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- watchdog: Fix possible use-after-free by calling del_timer_sync()
(git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
- watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
(git-fixes).
- wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
- workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
- xen/events: reset active flag for lateeoi events later (git-fixes).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
- xhci: Fix lost USB 2 remote wake (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1142=1


Package List:

- openSUSE Leap 15.2 (noarch):

kernel-devel-5.3.18-lp152.87.1
kernel-docs-5.3.18-lp152.87.1
kernel-docs-html-5.3.18-lp152.87.1
kernel-macros-5.3.18-lp152.87.1
kernel-source-5.3.18-lp152.87.1
kernel-source-vanilla-5.3.18-lp152.87.1

- openSUSE Leap 15.2 (x86_64):

kernel-debug-5.3.18-lp152.87.1
kernel-debug-debuginfo-5.3.18-lp152.87.1
kernel-debug-debugsource-5.3.18-lp152.87.1
kernel-debug-devel-5.3.18-lp152.87.1
kernel-debug-devel-debuginfo-5.3.18-lp152.87.1
kernel-default-5.3.18-lp152.87.1
kernel-default-base-5.3.18-lp152.87.1.lp152.8.40.1
kernel-default-base-rebuild-5.3.18-lp152.87.1.lp152.8.40.1
kernel-default-debuginfo-5.3.18-lp152.87.1
kernel-default-debugsource-5.3.18-lp152.87.1
kernel-default-devel-5.3.18-lp152.87.1
kernel-default-devel-debuginfo-5.3.18-lp152.87.1
kernel-kvmsmall-5.3.18-lp152.87.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.87.1
kernel-kvmsmall-debugsource-5.3.18-lp152.87.1
kernel-kvmsmall-devel-5.3.18-lp152.87.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.87.1
kernel-obs-build-5.3.18-lp152.87.1
kernel-obs-build-debugsource-5.3.18-lp152.87.1
kernel-obs-qa-5.3.18-lp152.87.1
kernel-preempt-5.3.18-lp152.87.1
kernel-preempt-debuginfo-5.3.18-lp152.87.1
kernel-preempt-debugsource-5.3.18-lp152.87.1
kernel-preempt-devel-5.3.18-lp152.87.1
kernel-preempt-devel-debuginfo-5.3.18-lp152.87.1
kernel-syms-5.3.18-lp152.87.1

References:

  https://www.suse.com/security/cve/CVE-2021-21781.html
  https://www.suse.com/security/cve/CVE-2021-22543.html
  https://www.suse.com/security/cve/CVE-2021-3659.html
  https://www.suse.com/security/cve/CVE-2021-3679.html
  https://www.suse.com/security/cve/CVE-2021-37576.html
  https://bugzilla.suse.com/1065729
  https://bugzilla.suse.com/1085224
  https://bugzilla.suse.com/1094840
  https://bugzilla.suse.com/1113295
  https://bugzilla.suse.com/1153274
  https://bugzilla.suse.com/1154353
  https://bugzilla.suse.com/1156395
  https://bugzilla.suse.com/1179243
  https://bugzilla.suse.com/1183871
  https://bugzilla.suse.com/1184114
  https://bugzilla.suse.com/1184350
  https://bugzilla.suse.com/1184631
  https://bugzilla.suse.com/1185377
  https://bugzilla.suse.com/1185902
  https://bugzilla.suse.com/1186194
  https://bugzilla.suse.com/1186264
  https://bugzilla.suse.com/1186482
  https://bugzilla.suse.com/1187476
  https://bugzilla.suse.com/1188101
  https://bugzilla.suse.com/1188405
  https://bugzilla.suse.com/1188445
  https://bugzilla.suse.com/1188504
  https://bugzilla.suse.com/1188620
  https://bugzilla.suse.com/1188683
  https://bugzilla.suse.com/1188746
  https://bugzilla.suse.com/1188747
  https://bugzilla.suse.com/1188748
  https://bugzilla.suse.com/1188770
  https://bugzilla.suse.com/1188771
  https://bugzilla.suse.com/1188772
  https://bugzilla.suse.com/1188773
  https://bugzilla.suse.com/1188774
  https://bugzilla.suse.com/1188777
  https://bugzilla.suse.com/1188780
  https://bugzilla.suse.com/1188781
  https://bugzilla.suse.com/1188782
  https://bugzilla.suse.com/1188783
  https://bugzilla.suse.com/1188784
  https://bugzilla.suse.com/1188786
  https://bugzilla.suse.com/1188787
  https://bugzilla.suse.com/1188788
  https://bugzilla.suse.com/1188790
  https://bugzilla.suse.com/1188838
  https://bugzilla.suse.com/1188842
  https://bugzilla.suse.com/1188876
  https://bugzilla.suse.com/1188885
  https://bugzilla.suse.com/1188973
  https://bugzilla.suse.com/1189021
  https://bugzilla.suse.com/1189057
  https://bugzilla.suse.com/1189077
  https://bugzilla.suse.com/802154