The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect . - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications . - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx . - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg in the bluetooth stack . - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest . - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users could use this flaw to starve the resources causing denial of service . - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files . - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling . - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks . - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf-len value exceeding the buffer size in drivers/char/virtio_console.c - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault . - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service by removing a MAX-3421 USB device in certain situations . The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges . - ALSA: seq: Fix racy deletion of subscriber . - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J . - ASoC: cs42l42: Fix inversion of ADC Notch Switch control . - ASoC: cs42l42: Remove duplicate control for WNF filter frequency . - Bluetooth: Move shutdown callback before flushing tx and rx queue . - Bluetooth: add timeout sanity check to hci_inquiry . - Bluetooth: fix repeated calls to sco_sock_kill . - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow . - Bluetooth: sco: prevent information leak in sco_conn_defer_accept . - KVM: SVM: Call SEV Guest Decommission if ASID binding fails . - Move upstreamed BT fixes into sorted section - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times . - NFSv4: Initialise connection to the server in nfs4_alloc_client . - PCI/MSI: Correct misleading comments . - PCI/MSI: Do not set invalid bits in MSI mask . - PCI/MSI: Enable and mask MSI-X early . - PCI/MSI: Use msi_mask_irq in pci_msi_shutdown . - PCI: Add Intel VMD devices to pci ids . - PCI: PM: Enable PME if it can be signaled from D3cold . - PCI: hv: Use expected affinity when unmasking IRQ . - PCI: vmd: Add an additional VMD device id to driver device id table . - PCI: vmd: Add offset to bus numbers if necessary . - PCI: vmd: Assign membar addresses from shadow registers . - PCI: vmd: Filter resource type bits from shadow register . - PCI: vmd: Fix config addressing when using bus offsets . - PCI: vmd: Fix shadow offsets to reflect spec changes . - SUNRPC: Fix the batch tasks count wraparound . - SUNRPC: Should wake up the privileged task firstly . - USB: serial: ch341: fix character loss at high transfer rates . - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 . - USB: serial: option: add Telit FD980 composition 0x1056 . - USB: usbtmc: Fix RCU stall warning . - USB:ehci:fix Kunpeng920 ehci hardware problem . - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point . - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 . - bcma: Fix memory leak for internally-handled cores . - bdi: Do not use freezable workqueue . - blk-mq-sched: Fix blk_mq_sched_alloc_tags error handling . - block: fix trace completion for chained bio . - can: usb: esd_usb2: esd_usb2_rx_event: fix the interchange of the CAN RX and TX error counters . - cifs: Remove unused inline function is_sysvol_or_netlogon . - cifs: avoid starvation when refreshing dfs cache . - cifs: constify get_normalized_path properly . - cifs: do not cargo-cult strndup . - cifs: do not send tree disconnect to ipc shares . - cifs: do not share tcp servers with dfs mounts . - cifs: do not share tcp sessions of dfs connections . - cifs: fix check of dfs interlinks . - cifs: fix path comparison and hash calc . - cifs: get rid of @noreq param in __dfs_cache_find . - cifs: handle different charsets in dfs cache . - cifs: keep referral server sessions alive . - cifs: missing null pointer check in cifs_mount . - cifs: prevent NULL deref in cifs_compose_mount_options . - cifs: set a minimum of 2 minutes for refreshing dfs cache . - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs . - crypto: ccp - Annotate SEV Firmware file names . - crypto: nx - Fix RCU warning in nx842_OF_upd_status . - crypto: nx - Fix memcpy over-reading in nonce . - crypto: talitos - Do not modify req-cryptlen on decryption . - crypto: talitos - fix ECB algs ivsize . - crypto: ux500 - Fix error return code in hash_hw_final . - dm btree remove: assign new_root only when removal succeeds . - dm cache metadata: Avoid returning cmd-bm wild pointer on error . - dm era: Fix bitset memory leaks . - dm era: Recover committed writeset after crash . - dm era: Reinitialize bitset cache before digesting a new writeset . - dm era: Use correct value size in equality function of writeset tree . - dm era: Verify the data block size hasn"t changed . - dm era: only resize metadata in preresume . - dm ioctl: fix error return code in target_message . - dm ioctl: fix out of bounds array access when no devices . - dm persistent data: packed struct should have an aligned attribute too . - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails . - dm snapshot: fix crash with transient storage and zero chunk size . - dm snapshot: flush merged data before committing metadata . - dm snapshot: properly fix a crash when an origin has no snapshots . - dm space map common: fix division bug in sm_ll_find_free_block . - dm table: fix iterate_devices based device capability checks . - dm thin metadata: Avoid returning cmd-bm wild pointer on error . - dm verity: fix DM_VERITY_OPTS_MAX value . - dm writecache: fix the maximum number of arguments . - dm writecache: handle DAX to partitions on persistent memory correctly . - dm writecache: remove BUG and fail gracefully instead . - dm zoned: select CONFIG_CRC32 . - dm: eliminate potential source of excessive kernel log noise . - dm: remove invalid sparse __acquires and __releases annotations . - ext4: cleanup in-core orphan list if ext4_truncate failed to get a transaction handle . - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit . - ext4: fix avefreec in find_group_orlov . - ext4: fix kernel infoleak via ext4_extent_header . - ext4: remove check for zero nr_to_scan in ext4_es_scan . - ext4: use ext4_grp_locked_error in mb_find_extent . - ftgmac100: Restart MAC HW once . - i2c: dev: zero out array used for i2c reads from userspace . - i2c: highlander: add IRQ check . - i2c: iop3xx: fix deferred probing . - i2c: mt65xx: fix IRQ check . - i2c: s3c2410: fix IRQ check . - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs . - iio: adc: Fix incorrect exit of for-loop . - iio: humidity: hdc100x: Add margin to the conversion time . - iommu/amd: Fix extended features logging . - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK . - iommu/vt-d: Define counter explicitly as unsigned int . - iommu/vt-d: Fix sysfs leak in alloc_iommu . - kABI: Fix kABI after fixing vcpu-id indexed arrays . - kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter . - mac80211: Fix insufficient headroom issue for AMSDU . - md/raid10: properly indicate failure when ending a failed write request . - media: go7007: fix memory leak in go7007_usb_probe . - media: rtl28xxu: fix zero-length control request . - memcg: enable accounting for file lock caches . - mm, vmscan: guarantee drop_slab_node termination . - mm/memory-failure: unnecessary amount of unmapping . - mm/rmap: fix potential pte_unmap on an not mapped pte . - mm/thp: unmap_mapping_page to fix THP truncate_cleanup_page . - mm/vmscan: fix infinite loop in drop_slab_node . - mm: vmscan: scan anonymous pages on file refaults . - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config . - mmc: moxart: Fix issue with uninitialized dma_slave_config . - net: lapbether: Remove netif_start_queue / netif_stop_queue . - net: mvpp2: Add TCAM entry to drop flow control pause frames . - net: mvpp2: prs: fix PPPoE with ipv6 packet parse . - net: stmmac: use netif_tx_start|stop_all_queues function . - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 . - net: usb: ax88179_178a: remove redundant assignment to variable ret . - nfs: fix acl memory leak of posix_acl_create . - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context . - nvme-fc: convert assoc_active flag to bit op . - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery . - nvme-fc: fix double-free scenarios on hw queues . - nvme-fc: fix io timeout to abort I/O . - nvme-fc: fix racing controller reset and create association . - nvme-fc: remove err_work work item . - nvme-fc: remove nvme_fc_terminate_io . - nvme-fc: track error_recovery while connecting . - ocfs2: fix snprintf checking . - ocfs2: fix zero out valid data . - ocfs2: issue zeroout to EOF blocks . - ocfs2: ocfs2_downconvert_lock failure results in deadlock . - overflow: Correct check_shl_overflow comment . - overflow: Include header file with SIZE_MAX declaration . - ovl: check whiteout in ovl_create_over_whiteout . - ovl: filter of trusted xattr results in audit . - ovl: fix dentry leak in ovl_get_redirect . - ovl: initialize error in ovl_copy_xattr . - ovl: relax WARN_ON on rename to self . - pcmcia: i82092: fix a null pointer dereference bug . - power: supply: max17042: handle fails of reading status register . - powerpc/pseries: Fix update of LPAR security flavor after LPM . - qlcnic: Fix error code in probe . - r8152: Fix potential PM refcount imbalance . - readdir: make sure to verify directory entry for legacy interfaces too . - regulator: rt5033: Fix n_voltages settings for BUCK and LDO . - s390/ap: Fix hanging ioctl caused by wrong msg counter . - scsi: core: Add scsi_prot_ref_tag helper . - scsi: ibmvfc: Do not wait for initial device scan . - scsi: libfc: Fix array index out of bound exception . - scsi: lpfc: Add 256 Gb link speed support . - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters . - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions . - scsi: lpfc: Clear outstanding active mailbox during PCI function reset . - scsi: lpfc: Copyright updates for 12.8.0.11 patches . - scsi: lpfc: Copyright updates for 14.0.0.0 patches . - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes . - scsi: lpfc: Discovery state machine fixes for LOGO handling . - scsi: lpfc: Enable adisc discovery after RSCN by default . - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi routine . - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling . - scsi: lpfc: Fix NVMe support reporting in log message . - scsi: lpfc: Fix cq_id truncation in rq create . - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request . - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted . - scsi: lpfc: Fix target reset handler from falsely returning FAILURE . - scsi: lpfc: Improve firmware download logging . - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling . - scsi: lpfc: Move initialization of phba-poll_list earlier to avoid crash . - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF . - scsi: lpfc: Remove redundant assignment to pointer pcmd . - scsi: lpfc: Remove use of kmalloc in trace event logging . - scsi: lpfc: Revise Topology and RAS support checks for new adapters . - scsi: lpfc: Skip issuing ADISC when node is in NPR state . - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path . - scsi: lpfc: Update lpfc version to 12.8.0.11 . - scsi: lpfc: Update lpfc version to 14.0.0.0 . - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support . - scsi: lpfc: Use list_move_tail instead of list_del/list_add_tail . - scsi: qla2xxx: Add heartbeat check . - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword . - scsi: qla2xxx: Fix spelling mistakes allloc - alloc . - scsi: qla2xxx: Fix use after free in debug code . - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port . - scsi: qla2xxx: Remove duplicate declarations . - scsi: qla2xxx: Remove redundant assignment to rval . - scsi: qla2xxx: Remove redundant continue statement in a for-loop . - scsi: qla2xxx: Remove redundant initialization of variable num_cnt . - scsi: qla2xxx: Remove unused variable "status" . - scsi: qla2xxx: Update version to 10.02.00.107-k . - scsi: qla2xxx: Use list_move_tail instead of list_del/list_add_tail . - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI . - scsi: qla2xxx: edif: Add authentication pass + fail bsgs . - scsi: qla2xxx: edif: Add detection of secure device . - scsi: qla2xxx: edif: Add doorbell notification for app . - scsi: qla2xxx: edif: Add encryption to I/O path . - scsi: qla2xxx: edif: Add extraction of auth_els from the wire . - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs . - scsi: qla2xxx: edif: Add key update . - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els . - scsi: qla2xxx: edif: Add start + stop bsgs . - scsi: qla2xxx: edif: Increment command and completion counts . - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal . - serial: 8250: Mask out floating 16/32-bit bus bits . - spi: mediatek: Fix fifo transfer . - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config . - spi: spi-pic32: Fix issue with uninitialized dma_slave_config . - staging: rtl8723bs: Fix a resource leak in sd_int_dpc . - virtio_net: Fix error code in probe . - writeback: fix obtain a reference to a freeing memcg css . - x86/fpu: Limit xstate copy size in xstateregs_set . - x86/fpu: Make init_fpstate correct with optimized XSAVE . - x86/fpu: Reset state for all signal restore failures . - x86/kvm: fix vcpu-id indexed array sizes . - x86/signal: Detect and prevent an alternate signal stack overflow . - xen/events: Fix race in set_evtchn_to_irq . Special Instructions and Notes: Please reboot the system after installing this update.