The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation . - CVE-2021-31916: An out-of-bounds memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability . - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails . - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c . - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free . The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats . - ALSA: hda: Reduce udelay at SKL+ position reporting . - ALSA: ua101: fix division by zero at probe . - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table . - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table . - ASoC: cs42l42: Correct some register default values . - ASoC: cs42l42: Defer probe if request_threaded_irq returns EPROBE_DEFER . - ASoC: cs42l42: Do not set defaults for volatile registers . - ASoC: dt-bindings: cs42l42: Correct description of ts-inv . - ASoC: mediatek: mt8195: Remove unsued irqs_lock . - ASoC: rockchip: Use generic dmaengine code . - ata: sata_mv: Fix the error handling of mv_chip_id . - ath10k: fix control-message timeout . - ath10k: fix division by zero in send path . - ath10k: fix max antenna gain unit . - ath10k: Fix missing frame timestamp for beacon/probe-resp . - ath6kl: fix control-message timeout . - ath6kl: fix division by zero in send path . - ath9k: Fix potential interrupt storm on queue reset . - auxdisplay: ht16k33: Connect backlight to fbdev . - auxdisplay: ht16k33: Fix frame buffer device blanking . - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string . - b43: fix a lower bounds test . - b43legacy: fix a lower bounds test . - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync . - Bluetooth: fix init and cleanup of sco_conn.timeout_work . - bpf: Add kconfig knob for disabling unpriv bpf by default - bpf: Disallow unprivileged bpf by default . - bpf: Fix potential race in tail call compatibility check . - btrfs: block-group: Rework documentation of check_system_chunk function . - btrfs: fix deadlock between chunk allocation and chunk btree modifications . - btrfs: fix memory ordering between normal and ordered work functions . - btrfs: update comments for chunk allocation -ENOSPC cases . - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem . - config: disable unprivileged BPF by default - crypto: caam - disable pkc for non-E SoCs . - crypto: qat - detect PFVF collision after ACK . - crypto: qat - disregard spurious PFVF interrupts . - driver core: add a min_align_mask field to struct device_dma_parameters . - drm/amdgpu: fix warning for overflow check . - drm/msm: Fix potential NULL dereference in DPU SSPP . - drm: prevent spectre issue in vmw_execbuf_ioctl . - drm/sun4i: Fix macros in sun8i_csc.h . - drm/v3d: fix wait for TMU write combiner flush . - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell . - exfat: fix erroneous discard when clear cluster bit . - exfat: handle wrong stream entry size in exfat_readdir . - exfat: properly set s_time_gran . - exfat: truncate atimes to 2s granularity . - firmware/psci: fix application of sizeof to pointer . - fuse: fix page stealing . - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP . - gpio: mpc8xxx: Use "devm_gpiochip_add_data" to simplify the code and avoid a leak . - HID: u2fzero: clarify error check and length calculations . - HID: u2fzero: properly handle timeouts in usb_submit_urb . - hwmon: Fix possible memleak in __hwmon_device_register . - hwmon: Add offset coefficients . - hwmon: Let compiler determine outer dimension of lm25066_coeff . - hwrng: mtk - Force runtime pm ops for sleep ops . - ibmvnic: check failover_pending in login response . - ibmvnic: delay complete . - ibmvnic: do not stop queue in xmit . - ibmvnic: Process crqs after enabling interrupts . - iio: dac: ad5446: Fix ad5622_write return value . - Input: elantench - fix misreporting trackpoint coordinates . - Input: i8042 - Add quirk for Fujitsu Lifebook T725 . - kABI: Fix kABI after 36950f2da1ea . - kernel-*-subpackage: Add dependency on kernel scriptlets . - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer . - KVM: s390: index kvm- greater than arch.idle_mask by vcpu_idx . - KVM: s390: split kvm_s390_logical_to_effective . - KVM: s390: VSIE: correctly handle MVPG when in VSIE . - libertas: Fix possible memory leak in probe and disconnect . - libertas_tf: Fix possible memory leak in probe and disconnect . - media: cedrus: Fix SUNXI tile size calculation . - media: cx23885: Fix snd_card_free call on null card pointer . - media: cxd2880-spi: Fix a null pointer dereference on error handling path . - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable . - media: dvb-usb: fix ununit-value in az6027_rc_query . - media: em28xx: add missing em28xx_close_extension . - media: em28xx: Do not use ops- greater than suspend if it is NULL . - media: i2c: ths8200 needs V4L2_ASYNC . - media: ite-cir: IR receiver stop working after receive overflow . - media: mtk-vpu: Fix a resource leak in the error handling path of "mtk_vpu_probe" . - media: mxl111sf: change mutex_init location . - media: radio-wl1273: Avoid card name truncation . - media: si470x: Avoid card name truncation . - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init . - media: TDA1997x: handle short reads of hdmi info frame . - media: tm6000: Avoid card name truncation . - media: v4l2-ioctl: Fix check_ext_ctrls . - media: v4l2-ioctl: S_CTRL output the right value . - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe . - memstick: avoid out-of-range warning . - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host . - mmc: mxs-mmc: disable regulator on error and in the remove function . - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 . - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured . - mm/hugetlb: initialize hugetlb_usage in mm_init . - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c . - mwifiex: fix division by zero in fw download path . - mwifiex: Send DELBA requests according to spec . - net: dsa: felix: re-enable TX flow control in ocelot_port_flush . - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb . - nvme-pci: set min_align_mask . - ocfs2: do not zero pages beyond i_size . - ocfs2: fix data corruption on truncate . - PCI: aardvark: Do not clear status bits of masked interrupts . - PCI: aardvark: Do not spam about PIO Response Status . - PCI: aardvark: Do not unmask unused interrupts . - PCI: aardvark: Fix checking for link up via LTSSM state . - PCI: aardvark: Fix reporting Data Link Layer Link Active . - PCI: aardvark: Fix return value of MSI domain .alloc method . - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG . - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set . - PCI/ACPI: Clarify message about _OSC failure . - PCI/ACPI: Move _OSC query checks to separate function . - PCI/ACPI: Move supported and control calculations to separate functions . - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS . - PCI/ACPI: Remove unnecessary osc_lock . - PCI: pci-bridge-emul: Fix emulation of W1C bits . - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation . - pinctrl: core: fix possible memory leak in pinctrl_enable . - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning . - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error . - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold . - power: supply: max17042_battery: use VFSOC for capacity when no rsns . - power: supply: rt5033 battery: Change voltage values to ca 5V . - printk/console: Allow to disable console output by using console= or console=null . - printk: handle blank console arguments passed in . - qtnfmac: fix potential Spectre vulnerabilities . - r8152: add a helper function about setting EEE . - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 . - r8152: Disable PLA MCU clock speed down . - r8152: disable U2P3 for RTL8153B . - r8152: divide the tx and rx bottom functions . - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B . - r8152: fix runtime resume for linking change . - r8152: replace array with linking list for rx information . - r8152: reset flow control patch when linking on for RTL8153B . - r8152: saving the settings of EEE . - r8152: separate the rx buffer size . - r8152: use alloc_pages for rx buffer . - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property . - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled . - Revert ibmvnic: check failover_pending in login response . - Revert platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes . - Revert r8152: adjust the settings about MAC clock speed down for RTL8153 . - Revert scsi: ufs: fix a missing check of devm_reset_control_get . - Revert x86/kvm: fix vcpu-id indexed array sizes . - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request . - rsi: fix control-message timeout . - rsi: Fix module dev_oper_mode parameter description . - rsi: stop thread firstly in rsi_91x_init error handling . - rtl8187: fix control-message timeouts . - s390/qeth: fix deadlock during failing recovery . - s390/qeth: Fix deadlock in remove_discipline . - s390/qeth: fix NULL deref in qeth_clear_working_pool_list . - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe . - scsi: BusLogic: Fix missing pr_cont use . - scsi: core: Fix spelling in a source code comment . - scsi: csiostor: Add module softdep on cxgb4 . - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn . - scsi: dc395: Fix error case unwinding . - scsi: fdomain: Fix error return code in fdomain_probe . - scsi: FlashPoint: Rename si_flags field . - scsi: iscsi: Fix iface sysfs attr detection . - scsi: libsas: Use _safe loop in sas_resume_port . - scsi: mpt3sas: Fix error return value in _scsih_expander_add . - scsi: qedf: Add pointer checks in qedf_update_link_speed . - scsi: qedf: Fix error codes in qedf_alloc_global_queues . - scsi: qedi: Fix error codes in qedi_alloc_global_queues . - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els . - scsi: qla2xxx: Make sure that aborted commands are freed . - scsi: smartpqi: Fix an error code in pqi_get_raid_map . - scsi: snic: Fix an error message . - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL . - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer . - serial: 8250_dw: Drop wrong use of ACPI_PTR . - serial: xilinx_uartps: Fix race condition causing stuck TX . - staging: r8712u: fix control-message timeout . - staging: rtl8192u: fix control-message timeouts . - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt . - swiotlb: add a IO_TLB_SIZE define . - swiotlb: clean up swiotlb_tbl_unmap_single . - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single . - swiotlb: factor out an io_tlb_offset helper . - swiotlb: factor out a nr_slots helper . - swiotlb: refactor swiotlb_tbl_map_single . - swiotlb: respect min_align_mask . - swiotlb: Split size parameter to map/unmap APIs . - tpm: Check for integer overflow in tpm2_map_response_body . - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together . - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - usb: gadget: hid: fix error code in do_config . - usb: iowarrior: fix control-message timeouts . - usb: max-3421: Use driver data instead of maintaining a list of bound devices . - usb: musb: Balance list entry in musb_gadget_queue . - usbnet: fix error return code in usbnet_probe . - usbnet: sanity check for maxpacket . - usb: serial: keyspan: fix memleak on probe errors . - video: fbdev: chipsfb: use memset_io instead of memset . - virtio-gpu: fix possible memory allocation failure . - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two"s complement . - wcn36xx: add proper DMA memory barriers in rx path . - wcn36xx: Fix HT40 capability for 2Ghz band . - x86/ioapic: Force affinity setup before startup . - x86/msi: Force affinity setup before startup . - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c . - x86/xen: Mark cpu_bringup_and_idle as dead_end_function . - xen: Fix implicit type conversion . - xen-pciback: Fix return in pm_ctrl_init . - xfs: do not allow log writes if the data device is readonly . - zram-avoid-race-between-zram_remove-and-disksize_sto.patch: . - zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: . - zram-fix-race-between-zram_reset_device-and-disksize.patch: . - zram-replace-fsync_bdev-with-sync_blockdev.patch: . Special Instructions and Notes: Please reboot the system after installing this update.