Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:3415-1
Rating:	important
References:	bsc#1065729 bsc#1124431 bsc#1127650 bsc#1135481 bsc#1148868 bsc#1152489 bsc#1154353 bsc#1159886 bsc#1167032 bsc#1167773 bsc#1168202 bsc#1170774 bsc#1171420 bsc#1171688 bsc#1173746 bsc#1174003 bsc#1175543 bsc#1176447 bsc#1176940 bsc#1177028 bsc#1177399 bsc#1178134 bsc#1180141 bsc#1180347 bsc#1181006 bsc#1181972 bsc#1184114 bsc#1184439 bsc#1184611 bsc#1184804 bsc#1185302 bsc#1185550 bsc#1185675 bsc#1185677 bsc#1185726 bsc#1185762 bsc#1185898 bsc#1187211 bsc#1187455 bsc#1187591 bsc#1187619 bsc#1188067 bsc#1188172 bsc#1188270 bsc#1188412 bsc#1188418 bsc#1188439 bsc#1188616 bsc#1188651 bsc#1188694 bsc#1188700 bsc#1188878 bsc#1188924 bsc#1188983 bsc#1188985 bsc#1188986 bsc#1189153 bsc#1189225 bsc#1189257 bsc#1189262 bsc#1189297 bsc#1189301 bsc#1189399 bsc#1189400 bsc#1189503 bsc#1189504 bsc#1189505 bsc#1189506 bsc#1189507 bsc#1189562 bsc#1189563 bsc#1189564 bsc#1189565 bsc#1189566 bsc#1189567 bsc#1189568 bsc#1189569 bsc#1189573 bsc#1189574 bsc#1189575 bsc#1189576 bsc#1189577 bsc#1189579 bsc#1189581 bsc#1189582 bsc#1189583 bsc#1189585 bsc#1189586 bsc#1189587 bsc#1189696 bsc#1189706 bsc#1189760 bsc#1189762 bsc#1189832 bsc#1189841 bsc#1189870 bsc#1189872 bsc#1189883 bsc#1189884 bsc#1190022 bsc#1190023 bsc#1190025 bsc#1190062 bsc#1190115 bsc#1190117 bsc#1190131 bsc#1190138 bsc#1190159 bsc#1190181 bsc#1190358 bsc#1190406 bsc#1190412 bsc#1190413 bsc#1190428 bsc#1190467 bsc#1190523 bsc#1190534 bsc#1190543 bsc#1190544 bsc#1190561 bsc#1190576 bsc#1190595 bsc#1190596 bsc#1190598 bsc#1190620 bsc#1190626 bsc#1190679 bsc#1190705 bsc#1190717 bsc#1190746 bsc#1190758 bsc#1190784 bsc#1190785 bsc#1191172 bsc#1191193 bsc#1191292 bsc#859220
Cross-References:	CVE-2020-12770 CVE-2020-3702 CVE-2021-34556 CVE-2021-35477 CVE-2021-3653 CVE-2021-3656 CVE-2021-3669 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-3759 CVE-2021-3764 CVE-2021-38160 CVE-2021-38198 CVE-2021-40490
CVSS scores:	CVE-2020-12770 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-12770 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-3702 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-34556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34556 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-35477 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3653 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3656 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3739 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3739 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-3743 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-3744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3744 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3752 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3752 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3753 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3753 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3759 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3759 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3764 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3764 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38160 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-40490 ( SUSE ): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-40490 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Real Time 15 SP3 SUSE Real Time Module 15-SP3

An update that solves 18 vulnerabilities and has 119 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
CVE-2021-3653: Missing validation of the int_ctl VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
CVE-2021-3656: Missing validation of the the virt_ext VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).

The following non-security bugs were fixed:

ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Export function to claim _CST control (bsc#1175543)
ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (git-fixes).
ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes).
ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes).
ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (git-fixes).
ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes).
ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
ASoC: Intel: Fix platform ID matching (git-fixes).
ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes).
ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes).
ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
ASoC: rt5682: Adjust headset volume button threshold (git-fixes).
ASoC: rt5682: Adjust headset volume button threshold again (git-fixes).
ASoC: rt5682: Implement remove callback (git-fixes).
ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
ath: Use safer key clearing with key cache entries (git-fixes).
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
ath9k: fix sleeping in atomic context (git-fixes).
Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
bcma: Fix memory leak for internally-handled cores (git-fixes).
bdi: Do not use freezable workqueue (bsc#1189573).
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).