Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:1177-1
Rating:	important
References:	bsc#1152472 bsc#1152489 bsc#1153274 bsc#1154353 bsc#1155518 bsc#1156256 bsc#1159280 bsc#1160634 bsc#1167773 bsc#1168777 bsc#1169514 bsc#1169709 bsc#1171295 bsc#1173485 bsc#1177326 bsc#1178163 bsc#1178330 bsc#1179454 bsc#1180197 bsc#1180980 bsc#1181383 bsc#1181674 bsc#1181862 bsc#1182011 bsc#1182077 bsc#1182485 bsc#1182552 bsc#1182574 bsc#1182591 bsc#1182595 bsc#1182715 bsc#1182716 bsc#1182717 bsc#1182770 bsc#1182989 bsc#1183015 bsc#1183018 bsc#1183022 bsc#1183023 bsc#1183048 bsc#1183252 bsc#1183277 bsc#1183278 bsc#1183279 bsc#1183280 bsc#1183281 bsc#1183282 bsc#1183283 bsc#1183284 bsc#1183285 bsc#1183286 bsc#1183287 bsc#1183288 bsc#1183366 bsc#1183369 bsc#1183386 bsc#1183412 bsc#1183416 bsc#1183427 bsc#1183428 bsc#1183445 bsc#1183447 bsc#1183501 bsc#1183509 bsc#1183530 bsc#1183534 bsc#1183540 bsc#1183593 bsc#1183596 bsc#1183598 bsc#1183637 bsc#1183646 bsc#1183662 bsc#1183686 bsc#1183692 bsc#1183696 bsc#1183750 bsc#1183757 bsc#1183775 bsc#1183843 bsc#1183859 bsc#1183871 bsc#1184167 bsc#1184168 bsc#1184170 bsc#1184176 bsc#1184192 bsc#1184193 bsc#1184196 bsc#1184198 bsc#1184217 bsc#1184218 bsc#1184219 bsc#1184220 bsc#1184224
Cross-References:	CVE-2019-18814 CVE-2019-19769 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-3428 CVE-2021-3444
CVSS scores:	CVE-2019-18814 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-18814 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19769 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H CVE-2019-19769 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27170 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27815 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27363 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27363 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27364 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28375 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28660 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28688 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28964 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29264 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29647 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3428 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3428 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3444 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Public Cloud Module 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 21 vulnerabilities and has 74 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).

The following non-security bugs were fixed:

0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)).
ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
ALSA: hda: generic: Fix the micmute led init state (git-fixes).
ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552).
ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes).
ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
ASoC: cs42l42: Fix channel width support (git-fixes).
ASoC: cs42l42: Fix mixer volume control (git-fixes).
ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
ASoC: simple-card-utils: Do not handle device clock (git-fixes).
ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
btrfs: fix exhaustion of the system chunk arr