Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:3207-1
Rating:	important
References:	bsc#1040364 bsc#1127650 bsc#1135481 bsc#1152489 bsc#1160010 bsc#1167032 bsc#1168202 bsc#1174969 bsc#1175052 bsc#1175543 bsc#1177399 bsc#1180141 bsc#1180347 bsc#1181148 bsc#1181972 bsc#1184114 bsc#1184180 bsc#1185675 bsc#1185902 bsc#1186264 bsc#1186731 bsc#1187211 bsc#1187455 bsc#1187468 bsc#1187619 bsc#1188067 bsc#1188172 bsc#1188418 bsc#1188439 bsc#1188616 bsc#1188780 bsc#1188781 bsc#1188782 bsc#1188783 bsc#1188784 bsc#1188786 bsc#1188787 bsc#1188788 bsc#1188790 bsc#1188878 bsc#1188885 bsc#1188924 bsc#1188982 bsc#1188983 bsc#1188985 bsc#1189021 bsc#1189057 bsc#1189077 bsc#1189153 bsc#1189197 bsc#1189209 bsc#1189210 bsc#1189212 bsc#1189213 bsc#1189214 bsc#1189215 bsc#1189216 bsc#1189217 bsc#1189218 bsc#1189219 bsc#1189220 bsc#1189221 bsc#1189222 bsc#1189229 bsc#1189262 bsc#1189291 bsc#1189292 bsc#1189298 bsc#1189301 bsc#1189305 bsc#1189323 bsc#1189384 bsc#1189385 bsc#1189392 bsc#1189399 bsc#1189400 bsc#1189427 bsc#1189449 bsc#1189503 bsc#1189504 bsc#1189505 bsc#1189506 bsc#1189507 bsc#1189562 bsc#1189563 bsc#1189564 bsc#1189565 bsc#1189566 bsc#1189567 bsc#1189568 bsc#1189569 bsc#1189573 bsc#1189574 bsc#1189575 bsc#1189576 bsc#1189577 bsc#1189579 bsc#1189581 bsc#1189582 bsc#1189583 bsc#1189585 bsc#1189586 bsc#1189587 bsc#1189706 bsc#1189760 bsc#1189832 bsc#1189841 bsc#1189870 bsc#1189883 bsc#1190025 bsc#1190115 bsc#1190117 bsc#1190131 bsc#1190181
Cross-References:	CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38207
CVSS scores:	CVE-2021-34556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34556 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-35477 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3640 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3640 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3656 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3679 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3739 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3739 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-3743 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-3753 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3753 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3759 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3759 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38160 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38204 ( SUSE ): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38204 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-38205 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38205 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-38207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38207 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP2 Development Tools Module 15-SP2 Legacy Module 15-SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 16 vulnerabilities and has 98 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
CVE-2021-3653: Missing validation of the int_ctl VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
CVE-2021-3656: Missing validation of the the virt_ext VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).

The following non-security bugs were fixed:

ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Export function to claim _CST control (bsc#1175543)
ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
ALSA: seq: Fix racy deletion of subscriber (git-fixes).
ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes).
ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes).
ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes).
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes).
ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes).
Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes).
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes).
Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes).
Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted
Fix breakage of swap over NFS (bsc#1188924).
Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
HID: input: do not report stylus battery state as "full" (git-fixes).
KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788).
KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780).
KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781).
KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782).
KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783).
KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784).
KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
Move upstreamed BT fixes into sorted section
NFS: Correct size calculation for create reply length (bsc#1189870).
NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021)
NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes).
NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364).
PCI/MSI: Correct misleading comments (git-fixes).
PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
PCI/MSI: Enable and mask MSI-X early (git-fixes).
PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
PCI/MSI: Mask all unused MSI-X entries (git-fixes).
PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
README: Modernize build instructions.
Revert "ACPICA: Fix memory leak caused by _CID repair function" (git-fixes).
Revert "USB: serial: ch341: fix character loss at high transfer rates" (git-fixes).
Revert "dmaengine: imx-sdma: refine to load context only once" (git-fixes).
Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()" (git-fixes).
Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" (git-fixes).
SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
SUNRPC: Fix the batch tasks count wraparound (git-fixes).
SUNRPC: Should wake up the privileged task firstly (git-fixes).
SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924).
SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021).
USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes).
USB: usbtmc: Fix RCU stall warning (git-fixes).
USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
ath: Use safer key clearing with key cache entries (git-fixes).
bcma: Fix memory leak for internally-handled cores (git-fixes).
bdi: Do not use freezable workqueue (bsc#1189573).
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503).
blk-wbt: make sure throttle is enabled properly (bsc#1189504).
block: fix trace completion for chained bio (bsc#1189505).
brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
btrfs: add a comment explaining the data flush steps (bsc#1135481).
btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
btrfs: add flushing states for handling data reservations (bsc#1135481).
btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
btrfs: check tickets after waiting on ordered extents (bsc#1135481).
btrfs: do async reclaim for data reservations (bsc#1135481).
btrfs: don't force commit if we are data (bsc#1135481).
btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
btrfs: factor out create_chunk() (bsc#1189077).
btrfs: factor out decide_stripe_size() (bsc#1189077).
btrfs: factor out gather_device_info() (bsc#1189077).
btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077).
btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
btrfs: handle invalid profile in chunk allocation (bsc#1189077).
btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
btrfs: introduce alloc_chunk_ctl (bsc#1189077).
btrfs: introduce chunk allocation policy (bsc#1189077).
btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
btrfs: remove orig from shrink_del