SUSE-SU-2021:3723-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Nov 17 14:21:58 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3723-1
Rating:             important
References:         #1050549 #1065729 #1085030 #1094840 #1114648 
                    #1180624 #1184673 #1186063 #1186109 #1188563 
                    #1188601 #1188983 #1188985 #1190006 #1190067 
                    #1190317 #1190349 #1190351 #1190479 #1190620 
                    #1190795 #1190941 #1191241 #1191315 #1191317 
                    #1191349 #1191450 #1191452 #1191455 #1191500 
                    #1191579 #1191628 #1191662 #1191667 #1191713 
                    #1191801 #1192145 #1192379 
Cross-References:   CVE-2018-13405 CVE-2021-33033 CVE-2021-34556
                    CVE-2021-3542 CVE-2021-35477 CVE-2021-3655
                    CVE-2021-3715 CVE-2021-37159 CVE-2021-3760
                    CVE-2021-3772 CVE-2021-41864 CVE-2021-42008
                    CVE-2021-42252 CVE-2021-42739
CVSS scores:
                    CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 24 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 Real Time kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
     via unprivileged BPF program that could have obtain sensitive
     information from kernel memory (bsc#1188983).
   - CVE-2021-35477: Fixed BPF stack frame pointer which could have been
     abused to disclose content of arbitrary kernel memory (bsc#1188985).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).
   - CVE-2021-37159: Fixed use-after-free and a double free in
     hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is
     called without checking for the NETREG_REGISTERED state (bnc#1188601).
   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).

   The following non-security bugs were fixed:

   - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PM: base: power: do not try to use non-existing RTC for storing data
     (git-fixes).
   - SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1190317).
   - SMB3.1.1: do not log warning message if server does not populate salt
     (bsc#1190317).
   - SMB3.1.1: fix mount failure to some servers when compression enabled
     (bsc#1190317).
   - SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot
     rsp (bsc#1190317).
   - SMB3.1.1: update comments clarifying SPNEGO info in negprot response
     (bsc#1190317).
   - SMB3: Add new info level for query directory (bsc#1190317).
   - SMB3: Add support for getting and setting SACLs (bsc#1190317).
   - SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1190317).
   - SMB3: Resolve data corruption of TCP server info fields (bsc#1190317).
   - SMB3: add support for recognizing WSL reparse tags (bsc#1190317).
   - SMB3: avoid confusing warning message on mount to Azure (bsc#1190317).
   - SMB3: fix readpage for large swap cache (bsc#1190317).
   - SMB3: incorrect file id in requests compounded with open (bsc#1190317).
   - SMB3: update structures for new compression protocol definitions
     (bsc#1190317).
   - USB: cdc-acm: fix break reporting (git-fixes).
   - USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
   - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
     (git-fixes).
   - USB: serial: option: add Telit LN920 compositions (git-fixes).
   - USB: serial: option: add device id for Foxconn T99W265 (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - bitmap: remove unused function declaration (git-fixes).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
     (git-fixes).
   - cifs: Add get_security_type_str function to return sec type
     (bsc#1190317).
   - cifs: Avoid field over-reading memcpy() (bsc#1190317).
   - cifs: Change SIDs in ACEs while transferring file ownership
     (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX Create (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX Lock (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX delete file (bsc#1190317).
   - cifs: Clarify SMB1 code for SetFileSize (bsc#1190317).
   - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1190317).
   - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1190317).
   - cifs: Clarify SMB1 code for delete (bsc#1190317).
   - cifs: Clarify SMB1 code for rename open file (bsc#1190317).
   - cifs: Display local UID details for SMB sessions in DebugData
     (bsc#1190317).
   - cifs: Do not use the original cruid when following DFS links for
     multiuser mounts (bsc#1190317).
   - cifs: Enable sticky bit with cifsacl mount option (bsc#1190317).
   - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1190317).
   - cifs: Fix chmod with modefromsid when an older ACE already exists
     (bsc#1190317).
   - cifs: Fix cifsacl ACE mask for group and others (bsc#1190317).
   - cifs: Fix double add page to memcg when cifs_readpages (bsc#1190317).
   - cifs: Fix in error types returned for out-of-credit situations
     (bsc#1190317).
   - cifs: Fix unix perm bits to cifsacl conversion for "other" bits
     (bsc#1190317).
   - cifs: Grab a reference for the dentry of the cached directory during the
     lifetime of the cache (bsc#1190317).
   - cifs: If a corrupted DACL is returned by the server, bail out
     (bsc#1190317).
   - cifs: Make extract_hostname function public (bsc#1190317).
   - cifs: Make extract_sharename function public (bsc#1190317).
   - cifs: Print the address and port we are connecting to in
     generic_ip_connect() (bsc#1190317).
   - cifs: Retain old ACEs when converting between mode bits and ACL
     (bsc#1190317).
   - cifs: Silently ignore unknown oplock break handle (bsc#1190317).
   - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1190317).
   - cifs: add a function to get a cached dir based on its dentry
     (bsc#1190317).
   - cifs: add a timestamp to track when the lease of the cached dir was
     taken (bsc#1190317).
   - cifs: add shutdown support (bsc#1190317).
   - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1190317).
   - cifs: added WARN_ON for all the count decrements (bsc#1190317).
   - cifs: ask for more credit on async read/write code paths (bsc#1190317).
   - cifs: avoid extra calls in posix_info_parse (bsc#1190317).
   - cifs: check pointer before freeing (bsc#1190317).
   - cifs: check the timestamp for the cached dirent when deciding on
     revalidate (bsc#1190317).
   - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1190317).
   - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1190317).
   - cifs: cleanup misc.c (bsc#1190317).
   - cifs: compute full_path already in cifs_readdir() (bsc#1190317).
   - cifs: constify path argument of ->make_node() (bsc#1190317).
   - cifs: constify pathname arguments in a bunch of helpers (bsc#1190317).
   - cifs: convert list_for_each to entry variant in cifs_debug.c
     (bsc#1190317).
   - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1190317).
   - cifs: convert to use be32_add_cpu() (bsc#1190317).
   - cifs: create sd context must be a multiple of 8 (bsc#1190317).
   - cifs: detect dead connections only when echoes are enabled (bsc#1190317).
   - cifs: do not fail __smb_send_rqst if non-fatal signals are pending
     (bsc#1190317).
   - cifs: dump Security Type info in DebugData (bsc#1190317).
   - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1190317).
   - cifs: fix NULL dereference in smb2_check_message() (bsc#1190317).
   - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1190317).
   - cifs: fix a memleak with modefromsid (bsc#1190317).
   - cifs: fix allocation size on newly created files (bsc#1190317).
   - cifs: fix chown and chgrp when idsfromsid mount option enabled
     (bsc#1190317).
   - cifs: fix fallocate when trying to allocate a hole (bsc#1190317).
   - cifs: fix leaked reference on requeued write (bsc#1190317).
   - cifs: fix missing null session check in mount (bsc#1190317).
   - cifs: fix missing spinlock around update to ses->status (bsc#1190317).
   - cifs: fix out-of-bound memory access when calling smb3_notify() at mount
     point (bsc#1190317).
   - cifs: fix reference leak for tlink (bsc#1190317).
   - cifs: fix rsize/wsize to be negotiated values (bsc#1190317).
   - cifs: fix string declarations and assignments in tracepoints
     (bsc#1190317).
   - cifs: fix the out of range assignment to bit fields in
     parse_server_interfaces (bsc#1190317).
   - cifs: handle "nolease" option for vers=1.0 (bsc#1190317).
   - cifs: handle -EINTR in cifs_setattr (bsc#1190317).
   - cifs: handle ERRBaduid for SMB1 (bsc#1190317).
   - cifs: handle reconnect of tcon when there is no cached dfs referral
     (bsc#1190317).
   - cifs: have ->mkdir() handle race with another client sanely
     (bsc#1190317).
   - cifs: improve fallocate emulation (bsc#1190317).
   - cifs: make build_path_from_dentry() return const char * (bsc#1190317).
   - cifs: make const array static, makes object smaller (bsc#1190317).
   - cifs: make locking consistent around the server session status
     (bsc#1190317).
   - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1190317).
   - cifs: minor kernel style fixes for comments (bsc#1190317).
   - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1190317).
   - cifs: missing null check for newinode pointer (bsc#1190317).
   - cifs: move some variables off the stack in smb2_ioctl_query_info
     (bsc#1190317).
   - cifs: move the check for nohandlecache into open_shroot (bsc#1190317).
   - cifs: only write 64kb at a time when fallocating a small region of a
     file (bsc#1190317).
   - cifs: pass a path to open_shroot and check if it is the root or not
     (bsc#1190317).
   - cifs: pass the dentry instead of the inode down to the revalidation
     check functions (bsc#1190317).
   - cifs: prevent truncation from long to int in wait_for_free_credits
     (bsc#1190317).
   - cifs: reduce stack use in smb2_compound_op (bsc#1190317).
   - cifs: refactor create_sd_buf() and and avoid corrupting the buffer
     (bsc#1190317).
   - cifs: remove old dead code (bsc#1190317).
   - cifs: remove some minor warnings pointed out by kernel test robot
     (bsc#1190317).
   - cifs: remove the retry in cifs_poxis_lock_set (bsc#1190317).
   - cifs: remove two cases where rc is set unnecessarily in sid_to_id
     (bsc#1190317).
   - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1190317).
   - cifs: remove various function description warnings (bsc#1190317).
   - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1190317).
   - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1190317).
   - cifs: return cached_fid from open_shroot (bsc#1190317).
   - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1190317).
   - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1190317).
   - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails
     (bsc#1190317).
   - cifs: store a pointer to the root dentry in cifs_sb_info once we have
     completed mounting the share (bsc#1190317).
   - cifs: update ctime and mtime during truncate (bsc#1190317).
   - cifs: update new ACE pointer after populate_new_aces (bsc#1190317).
   - cifs: use echo_interval even when connection not ready (bsc#1190317).
   - cifs: use the expiry output of dns_query to schedule next resolution
     (bsc#1190317).
   - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs (bsc#1191500).
   - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
   - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
   - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
     (git-fixes).
   - gianfar: simplify FCS handling and fix memory leak (git-fixes).
   - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
   - ipc: remove memcg accounting for sops objects in do_semtimedop()
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - kernel, fs: Introduce and use set_restart_fn() and
     arch_set_restart_data() (bsc#1191713).
   - kernel, fs: Introduce and use set_restart_fn() and
     arch_set_restart_data() (bsc#1191713).
   - kernel, hrtimer: Move copyout of remaining time to do_nanosleep()
     (bsc#1191713).
   - kernel, hrtimer_nanosleep(): Pass rmtp in restart_block (bsc#1191713).
   - kernel/locking/mutex.c: remove caller signal_pending branch predictions
     (bsc#1050549).
   - lib: iov_iter_fault_in_readable() should do nothing in xarray case
     (bsc#1191579).
   - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
     (git-fixes).
   - locking/pvqspinlock/x86: Use LOCK_PREFIX in __pv_queued_spin_unlock()
     assembly code (bsc#1050549).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: cdc_ncm: use tasklet_init() for tasklet_struct init (git-fixes).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: hso: remove redundant unused variable dev (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191801).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem
     family (git-fixes).
   - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
   - net_sched: cls_route: remove the right filter from hashtable
     (networking-stable-20_03_28).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - objtool: Don't fail on missing symbol table (bsc#1192379).
   - ocfs2: drop acl cache for directories too (bsc#1191667).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - ocfs2: Fix data corruption on truncate (bsc#1190795).
   - ocfs2: do not zero pages beyond i_size (bsc#1190795).
   - powerpc/64s: Fix crashes when toggling entry flush barrier
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - s390x: Turn off CONFIG_NUMA_EMU (jsc#SLE-11600).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix crash when nvmet transport calls host_release
     (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
   - sctp: fully initialize v4 addr in some functions (bsc#1188563).
   - selinux: fix error initialization in inode_doinit_with_dentry()
     (git-fixes).
   - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
     (git-fxes).
   - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1190317).
   - smb3: Add debug message for new file creation with idsfromsid mount
     option (bsc#1190317).
   - smb3: Add new parm "nodelete" (bsc#1190317).
   - smb3: Avoid Mid pending list corruption (bsc#1190317).
   - smb3: Call cifs reconnect from demultiplex thread (bsc#1190317).
   - smb3: Handle error case during offload read path (bsc#1190317).
   - smb3: add indatalen that can be a non-zero value to calculation of
     credit charge in smb2 ioctl (bsc#1190317).
   - smb3: add some missing definitions from MS-FSCC (bsc#1190317).
   - smb3: allow uid and gid owners to be set on create with idsfromsid mount
     option (bsc#1190317).
   - smb3: do not try to cache root directory if dir leases not supported
     (bsc#1190317).
   - smb3: fix access denied on change notify request to some servers
     (bsc#1190317).
   - smb3: fix cached file size problems in duplicate extents (reflink)
     (bsc#1190317).
   - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
     (bsc#1190317).
   - smb3: fix possible access to uninitialized pointer to DACL (bsc#1190317).
   - smb3: fix stat when special device file and mounted with modefromsid
     (bsc#1190317).
   - smb3: fix unneeded error message on change notify (bsc#1190317).
   - smb3: limit noisy error (bsc#1190317).
   - smb3: minor update to compression header definitions (bsc#1190317).
   - smb3: prevent races updating CurrentMid (bsc#1190317).
   - smb3: rc uninitialized in one fallocate path (bsc#1190317).
   - smb3: remove static checker warning (bsc#1190317).
   - tcp/dccp: fix possible race __inet_lookup_established() (bsc#1180624).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - uapi: nfnetlink_cthelper.h: fix userspace compilation error (git-fixes).
   - update structure definitions from updated protocol documentation
     (bsc#1190317).
   - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
     (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
   - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
   - usb: xhci: dbc: Simplify error handling in 'xhci_dbc_alloc_requests()'
     (git-fixes).
   - usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in
     'xhci_dbc_alloc_requests()' (git-fixes).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1114648).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1114648).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: always honor OWN_UNKNOWN rmap removal requests (bsc#1191500).
   - xfs: convert growfs AG header init to use buffer lists (bsc#1191500).
   - xfs: factor ag btree root block initialisation (bsc#1191500).
   - xfs: factor out AG header initialisation from growfs core (bsc#1191500).
   - xfs: fix check on struct_version for versions 4 or greater (bsc#1191500,
     git-fixes).
   - xfs: fix string handling in label get/set functions (bsc#1191500,
     git-fixes).
   - xfs: hoist xfs_fs_geometry to libxfs (bsc#1191500).
   - xfs: implement online get/set fs label (bsc#1191500).
   - xfs: make imaxpct changes in growfs separate (bsc#1191500).
   - xfs: move growfs core to libxfs (bsc#1191500).
   - xfs: one-shot cached buffers (bsc#1191500).
   - xfs: refactor the geometry structure filling function (bsc#1191500).
   - xfs: rework secondary superblock updates in growfs (bsc#1191500).
   - xfs: separate secondary sb update in growfs (bsc#1191500).
   - xfs: turn ag header initialisation into a table driven operation
     (bsc#1191500).
   - xfs: xfs_fsops: drop useless LIST_HEAD (bsc#1191500, git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2021-3723=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):

      cluster-md-kmp-rt-4.12.14-10.65.1
      cluster-md-kmp-rt-debuginfo-4.12.14-10.65.1
      dlm-kmp-rt-4.12.14-10.65.1
      dlm-kmp-rt-debuginfo-4.12.14-10.65.1
      gfs2-kmp-rt-4.12.14-10.65.1
      gfs2-kmp-rt-debuginfo-4.12.14-10.65.1
      kernel-rt-4.12.14-10.65.1
      kernel-rt-base-4.12.14-10.65.1
      kernel-rt-base-debuginfo-4.12.14-10.65.1
      kernel-rt-debuginfo-4.12.14-10.65.1
      kernel-rt-debugsource-4.12.14-10.65.1
      kernel-rt-devel-4.12.14-10.65.1
      kernel-rt-devel-debuginfo-4.12.14-10.65.1
      kernel-rt_debug-4.12.14-10.65.1
      kernel-rt_debug-debuginfo-4.12.14-10.65.1
      kernel-rt_debug-debugsource-4.12.14-10.65.1
      kernel-rt_debug-devel-4.12.14-10.65.1
      kernel-rt_debug-devel-debuginfo-4.12.14-10.65.1
      kernel-syms-rt-4.12.14-10.65.1
      ocfs2-kmp-rt-4.12.14-10.65.1
      ocfs2-kmp-rt-debuginfo-4.12.14-10.65.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):

      kernel-devel-rt-4.12.14-10.65.1
      kernel-source-rt-4.12.14-10.65.1


References:

   https://www.suse.com/security/cve/CVE-2018-13405.html
   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34556.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-35477.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://bugzilla.suse.com/1050549
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1180624
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1188983
   https://bugzilla.suse.com/1188985
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190317
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191500
   https://bugzilla.suse.com/1191579
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191662
   https://bugzilla.suse.com/1191667
   https://bugzilla.suse.com/1191713
   https://bugzilla.suse.com/1191801
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192379



More information about the sle-security-updates mailing list