The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory . - CVE-2021-3715: Fixed a use-after-free in route4_change in net/sched/cls_route.c . - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled . - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev-rf_conn_info object . - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking . - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver . - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory . - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory . - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges . - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write . - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access . - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state . The following non-security bugs were fixed: - IB/hfi1: Fix abba locking issue with sc_disable - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path . - NFS: Do uncached readdir when we"re seeking a cookie in an empty page cache . - NFS: Fix backport error - dir_cookie is a pointer to a u64, not a u64. - PM: base: power: do not try to use non-existing RTC for storing data . - SMB3.1.1: Fix ids returned in POSIX query dir . - SMB3.1.1: do not log warning message if server does not populate salt . - SMB3.1.1: fix mount failure to some servers when compression enabled . - SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp . - SMB3.1.1: update comments clarifying SPNEGO info in negprot response . - SMB3: Add new info level for query directory . - SMB3: Add support for getting and setting SACLs . - SMB3: Fix mkdir when idsfromsid configured on mount . - SMB3: Resolve data corruption of TCP server info fields . - SMB3: add support for recognizing WSL reparse tags . - SMB3: avoid confusing warning message on mount to Azure . - SMB3: fix readpage for large swap cache . - SMB3: incorrect file id in requests compounded with open . - SMB3: update structures for new compression protocol definitions . - USB: cdc-acm: fix break reporting . - USB: cdc-acm: fix racy tty buffer accesses . - USB: iowarrior: fix control-message timeouts . - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter . - USB: serial: keyspan: fix memleak on probe errors . - USB: serial: option: add Telit LN920 compositions . - USB: serial: option: add device id for Foxconn T99W265 . - USB: xhci: dbc: fix tty registration race . - bitmap: remove unused function declaration . - blktrace: Fix uaf in blk_trace access after removing by sysfs . - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices . - ceph: take snap_empty_lock atomically with snaprealm refcount change . - cifs: Add get_security_type_str function to return sec type . - cifs: Avoid field over-reading memcpy . - cifs: Change SIDs in ACEs while transferring file ownership . - cifs: Clarify SMB1 code for POSIX Create . - cifs: Clarify SMB1 code for POSIX Lock . - cifs: Clarify SMB1 code for POSIX delete file . - cifs: Clarify SMB1 code for SetFileSize . - cifs: Clarify SMB1 code for UnixCreateSymLink . - cifs: Clarify SMB1 code for UnixSetPathInfo . - cifs: Clarify SMB1 code for delete . - cifs: Clarify SMB1 code for rename open file . - cifs: Display local UID details for SMB sessions in DebugData . - cifs: Do not use the original cruid when following DFS links for multiuser mounts . - cifs: Enable sticky bit with cifsacl mount option . - cifs: Fix cached_fid refcnt leak in open_shroot . - cifs: Fix chmod with modefromsid when an older ACE already exists . - cifs: Fix cifsacl ACE mask for group and others . - cifs: Fix double add page to memcg when cifs_readpages . - cifs: Fix in error types returned for out-of-credit situations . - cifs: Fix unix perm bits to cifsacl conversion for other bits . - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache . - cifs: If a corrupted DACL is returned by the server, bail out . - cifs: Make extract_hostname function public . - cifs: Make extract_sharename function public . - cifs: Print the address and port we are connecting to in generic_ip_connect . - cifs: Retain old ACEs when converting between mode bits and ACL . - cifs: Silently ignore unknown oplock break handle . - cifs: add FALLOC_FL_INSERT_RANGE support . - cifs: add a function to get a cached dir based on its dentry . - cifs: add a timestamp to track when the lease of the cached dir was taken . - cifs: add shutdown support . - cifs: add support for FALLOC_FL_COLLAPSE_RANGE . - cifs: added WARN_ON for all the count decrements . - cifs: ask for more credit on async read/write code paths . - cifs: avoid extra calls in posix_info_parse . - cifs: check pointer before freeing . - cifs: check the timestamp for the cached dirent when deciding on revalidate . - cifs: clarify SMB1 code for UnixCreateHardLink . - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c . - cifs: cleanup misc.c . - cifs: compute full_path already in cifs_readdir . - cifs: constify path argument of -make_node . - cifs: constify pathname arguments in a bunch of helpers . - cifs: convert list_for_each to entry variant in cifs_debug.c . - cifs: convert list_for_each to entry variant in smb2misc.c . - cifs: convert to use be32_add_cpu . - cifs: create sd context must be a multiple of 8 . - cifs: detect dead connections only when echoes are enabled . - cifs: do not fail __smb_send_rqst if non-fatal signals are pending . - cifs: dump Security Type info in DebugData . - cifs: fix DFS mount with cifsacl/modefromsid . - cifs: fix NULL dereference in smb2_check_message . - cifs: fix SMB1 error path in cifs_get_file_info_unix . - cifs: fix a memleak with modefromsid . - cifs: fix allocation size on newly created files . - cifs: fix chown and chgrp when idsfromsid mount option enabled . - cifs: fix fallocate when trying to allocate a hole . - cifs: fix leaked reference on requeued write . - cifs: fix missing null session check in mount . - cifs: fix missing spinlock around update to ses-status . - cifs: fix out-of-bound memory access when calling smb3_notify at mount point . - cifs: fix reference leak for tlink . - cifs: fix rsize/wsize to be negotiated values . - cifs: fix string declarations and assignments in tracepoints . - cifs: fix the out of range assignment to bit fields in parse_server_interfaces . - cifs: handle nolease option for vers=1.0 . - cifs: handle -EINTR in cifs_setattr . - cifs: handle ERRBaduid for SMB1 . - cifs: handle reconnect of tcon when there is no cached dfs referral . - cifs: have -mkdir handle race with another client sanely . - cifs: improve fallocate emulation . - cifs: make build_path_from_dentry return const char * . - cifs: make const array static, makes object smaller . - cifs: make locking consistent around the server session status . - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES . - cifs: minor kernel style fixes for comments . - cifs: minor simplification to smb2_is_network_name_deleted . - cifs: missing null check for newinode pointer . - cifs: move some variables off the stack in smb2_ioctl_query_info . - cifs: move the check for nohandlecache into open_shroot . - cifs: only write 64kb at a time when fallocating a small region of a file . - cifs: pass a path to open_shroot and check if it is the root or not . - cifs: pass the dentry instead of the inode down to the revalidation check functions . - cifs: prevent truncation from long to int in wait_for_free_credits . - cifs: reduce stack use in smb2_compound_op . - cifs: refactor create_sd_buf and and avoid corrupting the buffer . - cifs: remove old dead code . - cifs: remove some minor warnings pointed out by kernel test robot . - cifs: remove the retry in cifs_poxis_lock_set . - cifs: remove two cases where rc is set unnecessarily in sid_to_id . - cifs: remove unnecessary copies of tcon-crfid.fid . - cifs: remove various function description warnings . - cifs: rename the *_shroot* functions to *_cached_dir* . - cifs: retry lookup and readdir when EAGAIN is returned . - cifs: return cached_fid from open_shroot . - cifs: revalidate mapping when we open files for SMB1 POSIX . - cifs: set server-cipher_type to AES-128-CCM for SMB3.0 . - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails . - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share . - cifs: update ctime and mtime during truncate . - cifs: update new ACE pointer after populate_new_aces . - cifs: use echo_interval even when connection not ready . - cifs: use the expiry output of dns_query to schedule next resolution . - crypto: qat - detect PFVF collision after ACK . - crypto: qat - disregard spurious PFVF interrupts . - crypto: s5p-sss - Add error handling in s5p_aes_probe . - ext4: fix potential infinite loop in ext4_dx_readdir . - ext4: fix reserved space counter leakage . - fs, mm: fix race in unlinking swapfile . - fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs . - ftrace: Fix scripts/recordmcount.pl due to new binutils . - gianfar: Account for Tx PTP timestamp in the skb headroom . - gianfar: Fix TX timestamping with a stacked DSA driver . - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP . - gianfar: simplify FCS handling and fix memory leak . - icmpv6: Add ICMPv6 Parameter Problem, code 3 definition . - ipc: remove memcg accounting for sops objects in do_semtimedop - ipv4: fix race condition between route lookup and invalidation . - ipv6/netfilter: Discard first fragment not including all headers . - ipv6: reply ICMP error if the first fragment do not include all headers . - kernel, fs: Introduce and use set_restart_fn and arch_set_restart_data . - kernel/locking/mutex.c: remove caller signal_pending branch predictions . - lib: iov_iter_fault_in_readable should do nothing in xarray case . - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal . - locking/pvqspinlock/x86: Use LOCK_PREFIX in __pv_queued_spin_unlock assembly code . - net: cdc_eem: fix tx fixup skb leak . - net: cdc_ncm: correct overhead in delayed_ndp_size . - net: cdc_ncm: use tasklet_init for tasklet_struct init . - net: hso: add failure handler for add_net_device . - net: hso: fix NULL-deref on disconnect regression . - net: hso: fix null-ptr-deref during tty device unregistration . - net: hso: remove redundant unused variable dev . - net: ipv6: Discard next-hop MTU less than minimum link MTU . - net: mana: Fix error handling in mana_create_rxq . - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr . - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family . - net: usb: qmi_wwan: support ZTE P685M modem . - net_sched: cls_route: remove the right filter from hashtable . - netfilter: Drop fragmented ndisc packets assembled in netfilter . - ocfs2: Fix data corruption after conversion from inline format . - ocfs2: Fix data corruption on truncate . - ocfs2: do not zero pages beyond i_size . - ocfs2: drop acl cache for directories too . - powerpc/64s: Fix crashes when toggling entry flush barrier - powerpc/bpf: Fix BPF_MOD when imm == 1 . - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 . - powerpc/bpf: Use bctrl for making function calls . - powerpc/lib: Fix emulate_step std test . - powerpc/pseries: Fix build error when NUMA=n . - powerpc/xive: Discard disabled interrupts in get_irqchip_state . - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init . - s390x: Turn off CONFIG_NUMA_EMU . - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted . - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss . - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change . - scsi: lpfc: Fix crash when nvmet transport calls host_release . - scsi: lpfc: Fix link down processing to address NULL pointer dereference . - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling . - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi routine . - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup . - scsi: lpfc: Update lpfc version to 14.0.0.3 . - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset . - scsi: qla2xxx: Add debug print of 64G link speed . - scsi: qla2xxx: Add host attribute to trigger MPI hang . - scsi: qla2xxx: Add support for mailbox passthru . - scsi: qla2xxx: Adjust request/response queue size for 28xx . - scsi: qla2xxx: Call process_response_queue in Tx path . - scsi: qla2xxx: Changes to support FCP2 Target . - scsi: qla2xxx: Changes to support kdump kernel . - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS . - scsi: qla2xxx: Check for firmware capability before creating QPair . - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card . - scsi: qla2xxx: Do not call fc_block_scsi_eh during bus reset . - scsi: qla2xxx: Fix NPIV create erroneous error . - scsi: qla2xxx: Fix NVMe retry . - scsi: qla2xxx: Fix NVMe session down detection . - scsi: qla2xxx: Fix NVMe | FCP personality change . - scsi: qla2xxx: Fix crash in NVMe abort path . - scsi: qla2xxx: Fix excessive messages during device logout . - scsi: qla2xxx: Fix hang during NVMe session tear down . - scsi: qla2xxx: Fix hang on NVMe command timeouts . - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file . - scsi: qla2xxx: Fix port type info . - scsi: qla2xxx: Fix unsafe removal from linked list . - scsi: qla2xxx: Fix use after free in eh_abort path . - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue . - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset . - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset . - scsi: qla2xxx: Remove redundant initialization of pointer req . - scsi: qla2xxx: Restore initiator in dual mode . - scsi: qla2xxx: Show OS name and version in FDMI-1 . - scsi: qla2xxx: Suppress unnecessary log messages during login . - scsi: qla2xxx: Sync queue idx with queue_pair_map idx . - scsi: qla2xxx: Update version to 10.02.06.100-k . - scsi: qla2xxx: Update version to 10.02.06.200-k . - scsi: qla2xxx: Update version to 10.02.07.100-k . - scsi: qla2xxx: Use scsi_cmd_to_rq instead of scsi_cmnd.request . - scsi: qla2xxx: edif: Add N2N support for EDIF . - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present . - scsi: qla2xxx: edif: Fix EDIF enable flag . - scsi: qla2xxx: edif: Fix returnvar.cocci warnings . - scsi: qla2xxx: edif: Fix stale session . - scsi: qla2xxx: edif: Reject AUTH ELS on session down . - scsi: qla2xxx: edif: Use link event to wake up app . - scsi: smartpqi: Fix an error code in pqi_get_raid_map . - sctp: fully initialize v4 addr in some functions . - selinux: fix error initialization in inode_doinit_with_dentry . - selinux: fix inode_doinit_with_dentry LABEL_INVALID error handling . - smb2: fix use-after-free in smb2_ioctl_query_info . - smb3: Add debug message for new file creation with idsfromsid mount option . - smb3: Add new parm nodelete . - smb3: Avoid Mid pending list corruption . - smb3: Call cifs reconnect from demultiplex thread . - smb3: Handle error case during offload read path . - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl . - smb3: add some missing definitions from MS-FSCC . - smb3: allow uid and gid owners to be set on create with idsfromsid mount option . - smb3: do not try to cache root directory if dir leases not supported . - smb3: fix access denied on change notify request to some servers . - smb3: fix cached file size problems in duplicate extents . - smb3: fix incorrect number of credits when ioctl MaxOutputResponse 64K . - smb3: fix possible access to uninitialized pointer to DACL . - smb3: fix stat when special device file and mounted with modefromsid . - smb3: fix unneeded error message on change notify . - smb3: limit noisy error . - smb3: minor update to compression header definitions . - smb3: prevent races updating CurrentMid . - smb3: rc uninitialized in one fallocate path . - smb3: remove static checker warning . - tcp/dccp: fix possible race __inet_lookup_established . - tpm: ibmvtpm: Avoid error message when process gets signal while waiting . - uapi: nfnetlink_cthelper.h: fix userspace compilation error . - update structure definitions from updated protocol documentation . - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c . - usb: hso: fix error handling code of hso_create_net_device . - usb: typec: tcpm: handle SRC_STARTUP state if cc changes . - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI . - usb: xhci: dbc: Simplify error handling in "xhci_dbc_alloc_requests" . - usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in "xhci_dbc_alloc_requests" . - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions . - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state fails . - xen: fix setting of max_pfn in shared_info . - xen: reset legacy rtc flag for PV domU . - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch . - xfs: always honor OWN_UNKNOWN rmap removal requests . - xfs: convert growfs AG header init to use buffer lists . - xfs: factor ag btree root block initialisation . - xfs: factor out AG header initialisation from growfs core . - xfs: fix check on struct_version for versions 4 or greater . - xfs: fix string handling in label get/set functions . - xfs: hoist xfs_fs_geometry to libxfs . - xfs: implement online get/set fs label . - xfs: make imaxpct changes in growfs separate . - xfs: move growfs core to libxfs . - xfs: one-shot cached buffers . - xfs: refactor the geometry structure filling function . - xfs: rework secondary superblock updates in growfs . - xfs: separate secondary sb update in growfs . - xfs: turn ag header initialisation into a table driven operation . - xfs: xfs_fsops: drop useless LIST_HEAD . Special Instructions and Notes: Please reboot the system after installing this update.