The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. The following non-security bugs were fixed: - ACPI: property: Constify stubs for CONFIG_ACPI=n case . - ACPI: sysfs: Fix a buffer overrun problem with description_show . - ALSA: isa: Fix error return code in snd_cmi8330_probe . - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode . - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan . - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK . - ASoC: hisilicon: fix missing clk_disable_unprepare on error in hi6210_i2s_startup . - ata: ahci_sunxi: Disable DIPM . - ath10k: Fix an error code in ath10k_add_interface . - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid . - brcmfmac: correctly report average RSSI in station info . - brcmfmac: fix setting of station info chains bitmask . - brcmsmac: mac80211_if: Fix a resource leak in an error handling path . - can: gw: synchronize rcu operations before removing gw job entry . - can: hi311x: hi3110_can_probe: silence clang warning . - can: peak_pciefd: pucan_handle_status: fix a potential starvation issue in TX path . - cfg80211: call cfg80211_leave_ocb when switching away from OCB . - char: pcmcia: error out if "num_bytes_read" is greater than 4 in set_protocol . - crypto: cavium/nitrox - Fix an error rhandling path in "nitrox_probe" . - cxgb4: fix wrong shift . - drm: qxl: ensure surf.data is ininitialized . - drm/nouveau: wait for moving fence after pinning v2 . - drm/radeon: wait for moving fence after pinning . - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare on error in cdn_dp_grf_write . - extcon: max8997: Add missing modalias string . - extcon: sm5502: Drop invalid register write in sm5502_reg_data . - fpga: stratix10-soc: Add missing fpga_mgr_free call . - fuse: check connected before queueing on fpq-io . - fuse: reject internal errno . - genirq: Disable interrupts for force threaded handlers - genirq: Fix reference leaks on irq affinity notifiers - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY - genirq/irqdomain: Do not try to free an interrupt that has no - gve: Fix swapped vars when fetching max queues . - HID: Add BUS_VIRTUAL to hid_connect logging . - HID: gt683r: add missing MODULE_DEVICE_TABLE . - HID: hid-sensor-hub: Return error for hid_set_field failure . - HID: usbhid: fix info leak in hid_submit_ctrl . - hwmon: Remove non-standard ACPI device IDs . - hwmon: Fix fan speed reporting for fan7..12 . - i2c: robotfuzz-osif: fix control-request directions . - ibmvnic: Allow device probe if the device is not ready at boot . - ibmvnic: fix kernel build warning . - ibmvnic: fix kernel build warning in strncpy . - ibmvnic: fix kernel build warnings in build_hdr_descs_arr . - ibmvnic: fix send_request_map incompatible argument . - ibmvnic: free tx_pool if tso_pool alloc fails . - ibmvnic: parenthesize a check . - ibmvnic: set ltb-buff to NULL after freeing . - ibmvnic: Use list_for_each_entry to simplify code in ibmvnic.c . - ibmvnic: Use strscpy instead of strncpy . - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adis_buffer: do not return ints in irq handlers . - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: ltr501: ltr501_read_ps: add missing endianness conversion . - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR . - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too . - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp . - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - Input: hil_kbd - fix error return code in hil_dev_connect . - Input: usbtouchscreen - fix control-request directions . - leds: ktd2692: Fix an error handling path . - leds: trigger: fix potential deadlock with libata . - lib/decompressors: remove set but not used variabled "level" . - lpfc: Decouple port_template and vport_template . - mac80211: remove iwlwifi specific workaround NDPs of null_response . - mac80211: remove warning in ieee80211_get_sband . - media: dtv5100: fix control-request directions . - media: dvb-usb: fix wrong definition . - media: exynos4-is: Fix a use after free in isp_video_release . - media: gspca/gl860: fix zero-length control requests . - media: gspca/sq905: fix control-request direction . - media: gspca/sunplus: fix zero-length control requests . - media: I2C: change "RST" to RSET to fix multiple build errors . - media: rtl28xxu: fix zero-length control request . - media: s5p-g2d: Fix a memory leak on ctx-fh.m2m_ctx . - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2 . - media: tc358743: Fix error return code in tc358743_probe_of . - media: zr364xx: fix memory leak in zr364xx_start_readpipe . - memory: atmel-ebi: add missing of_node_put for loop iteration . - memory: fsl_ifc: fix leak of IO mapping on probe failure . - memory: fsl_ifc: fix leak of private memory on probe failure . - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] . - mmc: block: Disable CMDQ on the ioctl path . - mmc: core: clear flags before allowing to retune . - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc . - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode . - mmc: usdhi6rol0: fix error return code in usdhi6_probe . - mmc: vub3000: fix control-request direction . - mwifiex: re-fix for unaligned accesses . - net: usb: fix possible use-after-free in smsc75xx_bind . - netsec: restore phy power state after controller reset . - nvme: verify MNAN value if ANA is enabled . - PCI: Mark some NVIDIA GPUs to avoid bus reset . - PCI: Mark TI C667X to avoid bus reset . - PCI: Work around Huawei Intelligent NIC VF FLR erratum . - r8152: Avoid memcpy over-reading of ETH_SS_STATS . - reset: a10sr: add missing of_match_table reference . - reset: bail if try_module_get fails . - reset: sti: reset-syscfg: fix struct description warnings . - Revert ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro . - Revert hwmon: fix a missing check of bus read in lm80 probe . - Revert ibmvnic: remove duplicate napi_schedule call in open function . - Revert PCI: PM: Do not read power state in pci_enable_device_flags . - Revert USB: cdc-acm: fix rounding error in TIOCSSERIAL . - sched/cpufreq/schedutil: Fix error path mutex unlock - sched/fair: Do not assign runtime for throttled cfs_rq - sched/fair: Fix unfairness caused by missing load decay - sched/numa: Fix a possible divide-by-zero - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug . - scsi: qedf: Do not put host in qedf_vport_create unconditionally . - serial: mvebu-uart: clarify the baud rate derivation . - serial: mvebu-uart: correctly calculate minimal possible baudrate . - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available . - serial: mvebu-uart: fix calculation of clock divisor . - spi: spi-sun6i: Fix chipselect/clock bug . - spi: tegra114: Fix an error message . - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt . - staging: gdm724x: check for overflow in gdm_lte_netif_rx . - tty: nozomi: Fix a resource leak in an error handling function . - tty: nozomi: Fix the error handling path of "nozomi_card_init" . - usb: typec: Add the missed altmode_id_remove in typec_register_altmode . - watchdog: aspeed: fix hardware timeout calculation . - watchdog: sp805: Fix kernel doc description . - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe . - wireless: carl9170: fix LEDS build errors and warnings . - x86/debug: Extend the lower bound of crash kernel low reservations . - x86/kvm: Disable all PV features on crash . - x86/kvm: Disable kvmclock on all CPUs on shutdown . - x86/kvm: Fix pr_info for async PF setup/teardown . - x86/kvm: Teardown PV features on boot CPU as well . - x86/kvm: Unify kvm_pv_guest_cpu_reboot with kvm_guest_cpu_offline . Special Instructions and Notes: Please reboot the system after installing this update.