The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c . - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution . - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation . - CVE-2021-3612: An out-of-bounds memory write flaw was found in the joystick devices subsystem in the way the user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability . - CVE-2021-35039: kernel/module.c mishandled Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument . NOTE that SUSE kernels are configured with CONFIG_MODULE_SIG=y, so are not affected. The following non-security bugs were fixed: - ACPI: APEI: fix synchronous external aborts in user-mode . - ACPI: bus: Call kobject_put in acpi_init error path . - ACPICA: Fix memory leak caused by _CID repair function . - ACPI: EC: Make more Asus laptops use ECDT _GPE . - ACPI: processor idle: Fix up C-state latency if not ordered . - ACPI: property: Constify stubs for CONFIG_ACPI=n case . - ACPI: resources: Add checks for ACPI IRQ override . - ACPI: sysfs: Fix a buffer overrun problem with description_show . - ALSA: hda/realtek: Add another ALC236 variant support . - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D . - ALSA: intel8x0: Fix breakage at ac97 clock measurement . - ALSA: isa: Fix error return code in snd_cmi8330_probe . - ALSA: usb-audio: fix rate on Ozone Z90 USB headset . - ALSA: usb-audio: scarlett2: Fix wrong resume call . - ALSA: usb-audio: scarlett2: Read mixer volumes at init time . - ALSA: usb-audio: scarlett2: Read mux at init time . - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create - ASoC: atmel-i2s: Fix usage of capture and playback at the same time . - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK . - ASoC: hisilicon: fix missing clk_disable_unprepare on error in hi6210_i2s_startup . - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in "mtk_btcvsd_snd_probe" . - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query . - ata: ahci_sunxi: Disable DIPM . - ath10k: add missing error return code in ath10k_pci_probe . - ath10k: Fix an error code in ath10k_add_interface . - ath10k: go to path err_unsupported when chip id is not supported . - ath10k: remove unused more_frags variable . - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal . - backlight: lm3630a_bl: Put fwnode in error case during - greater than probe . - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event . - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid . - brcmfmac: correctly report average RSSI in station info . - brcmfmac: fix setting of station info chains bitmask . - brcmsmac: mac80211_if: Fix a resource leak in an error handling path . - can: gw: synchronize rcu operations before removing gw job entry . - can: hi311x: hi3110_can_probe: silence clang warning . - can: peak_pciefd: pucan_handle_status: fix a potential starvation issue in TX path . - cfg80211: call cfg80211_leave_ocb when switching away from OCB . - char: pcmcia: error out if "num_bytes_read" is greater than 4 in set_protocol . - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC . - clk: actions: Fix SD clocks factor table on Owl S500 SoC . - clk: actions: Fix UART clock dividers on Owl S500 SoC . - clk: meson: g12a: fix gp0 and hifi ranges . - clk: renesas: rcar-gen3: Update Z clock rate formula in comments . - clk: si5341: Avoid divide errors due to bogus register contents . - clk: si5341: Update initialization magic . - clk: zynqmp: pll: Remove some dead code . - clocksource: Retry clock read if long delays detected . - cpufreq: sc520_freq: add "fallthrough" to one case . - crypto: ccp - Fix a resource leak in an error handling path . - crypto: ixp4xx - dma_unmap the correct address . - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts . - crypto: nx - add missing MODULE_DEVICE_TABLE . - crypto: omap-sham - Fix PM reference leak in omap sham ops . - crypto: qat - check return code of qat_hal_rd_rel_reg . - crypto: qat - remove unused macro in FW loader . - crypto: ux500 - Fix error return code in hash_hw_final . - dmaengine: mediatek: do not issue a new desc if one is still current . - dmaengine: mediatek: free the proper desc in desc_free handler . - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma . - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe . - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc . - docs: admin-guide: update description for kernel.hotplug sysctl . - dpaa2-eth: fix memory leak in XDP_REDIRECT . - drm/amdgpu: Do not query CE and UE errors - drm: bridge/panel: Cleanup connector on bridge detach - drm/mcde/panel: Inverse misunderstood flag - drm/msm/dpu: Fix error return code in dpu_mdss_init . - drm/msm: Small msm_gem_purge fix - drm/nouveau: wait for moving fence after pinning v2 . - drm: qxl: ensure surf.data is ininitialized . - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect - drm/radeon: wait for moving fence after pinning . - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare on error in cdn_dp_grf_write . - drm/rockchip: dsi: move all lane config except LCDC mux to bind . - drm/rockchip: dsi: remove extra component_del call . - drm/stm: Fix bus_flags handling - drm/vc4: hdmi: Make sure the controller is powered in detect - extcon: extcon-max8997: Fix IRQ freeing at error path . - extcon: intel-mrfld: Sync hardware and software state on init . - extcon: max8997: Add missing modalias string . - extcon: sm5502: Drop invalid register write in sm5502_reg_data . - firmware: tegra: Fix error return code in tegra210_bpmp_init . - Fix meta data in lpfc-decouple-port_template-and-vport_template.patch - fix patches metadata - fm10k: Fix an error handling path in "fm10k_probe" . - fpga: machxo2-spi: Address warning about unused variable . - fpga: stratix10-soc: Add missing fpga_mgr_free call . - fuse: check connected before queueing on fpq- greater than io . - fuse: ignore PG_workingset after stealing . - fuse: reject internal errno . - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP . - gve: Fix an error handling path in "gve_probe" . - gve: Fix swapped vars when fetching max queues . - HID: do not use down_interruptible when unbinding devices . - HID: wacom: Correct base usage for capacitive ExpressKey status bits . - hwmon: Remove non-standard ACPI device IDs . - hwmon: Fix fan speed reporting for fan7..12 . - hwmon: Fix pwmX_enable attributes . - hwmon: Report correct current pwm duty cycles . - hwrng: exynos - Fix runtime PM imbalance on error . - i2c: dev: Add __user annotation . - i2c: robotfuzz-osif: fix control-request directions . - ibmvnic: account for bufs already saved in indir_buf . - ibmvnic: Allow device probe if the device is not ready at boot . - ibmvnic: clean pending indirect buffs during reset . - ibmvnic: fix kernel build warning . - ibmvnic: fix kernel build warning in strncpy . - ibmvnic: fix kernel build warnings in build_hdr_descs_arr . - ibmvnic: fix send_request_map incompatible argument . - ibmvnic: free tx_pool if tso_pool alloc fails . - ibmvnic: parenthesize a check . - ibmvnic: set ltb- greater than buff to NULL after freeing . - ibmvnic: Use list_for_each_entry to simplify code in ibmvnic.c . - ibmvnic: Use "skb_frag_address" instead of hand coding it . - ibmvnic: Use strscpy instead of strncpy . - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls . - iio: accel: mxc4005: Fix overread of data and alignment issue . - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp . - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: adis16400: do not return ints in irq handlers . - iio: adis_buffer: do not return ints in irq handlers . - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev helper . - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: light: tcs3472: do not free unallocated IRQ . - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: ltr501: ltr501_read_ps: add missing endianness conversion . - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR . - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too . - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp . - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp . - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp . - iio: si1133: fix format string warnings . - Input: hil_kbd - fix error return code in hil_dev_connect . - Input: usbtouchscreen - fix control-request directions . - kABI: restore struct tcpc_config definition . - kernel-binary.spec: Exctract s390 decompression code . - leds: as3645a: Fix error return code in as3645a_parse_node . - leds: ktd2692: Fix an error handling path . - leds: lm3532: select regmap I2C API . - lib/decompressors: remove set but not used variabled "level" . - lib: vsprintf: Fix handling of number field widths in vsscanf . - mac80211_hwsim: drop pending frames on stop . - mac80211: remove iwlwifi specific workaround NDPs of null_response . - mac80211: remove iwlwifi specific workaround that broke sta NDP tx . - mac80211: remove warning in ieee80211_get_sband . - math: Export mul_u64_u64_div_u64 . - media: au0828: fix a NULL vs IS_ERR check . - media: bt8xx: Fix a missing check bug in bt878_probe . - media: cobalt: fix race condition in setting HPD . - media: cpia2: fix memory leak in cpia2_usb_probe . - media: dtv5100: fix control-request directions . - media: dvb_net: avoid speculation from net slot . - media: dvb-usb: fix wrong definition . - media: dvd_usb: memory leak in cinergyt2_fe_attach . - media: em28xx: Fix possible memory leak of em28xx struct . - media: exynos4-is: Fix a use after free in isp_video_release . - media: exynos-gsc: fix pm_runtime_get_sync usage count . - media: Fix Media Controller API config checks . - media: gspca/gl860: fix zero-length control requests . - media: gspca/sq905: fix control-request direction . - media: gspca/sunplus: fix zero-length control requests . - media: I2C: change "RST" to RSET to fix multiple build errors . - media: imx-csi: Skip first few frames from a BT.656 source . - media: imx: imx7_mipi_csis: Fix logging of only error event counters . - media: mdk-mdp: fix pm_runtime_get_sync usage count . - media: mtk-vcodec: fix PM runtime get logic . - media: pvrusb2: fix warning in pvr2_i2c_core_done . - media: rc: i2c: Fix an error message . - media: rtl28xxu: fix zero-length control request . - media: s5p-g2d: Fix a memory leak on ctx- greater than fh.m2m_ctx . - media: s5p-jpeg: fix pm_runtime_get_sync usage count . - media: sh_vou: fix pm_runtime_get_sync usage count . - media: siano: fix device register error path . - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2 . - media: st-hva: Fix potential NULL pointer dereferences . - media: sti/bdisp: fix pm_runtime_get_sync usage count . - media: sti: fix obj-$ targets . - media: tc358743: Fix error return code in tc358743_probe_of . - media: v4l2-async: Fix trivial documentation typo . - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release . - media: zr364xx: fix memory leak in zr364xx_start_readpipe . - memory: atmel-ebi: add missing of_node_put for loop iteration . - memory: fsl_ifc: fix leak of IO mapping on probe failure . - memory: fsl_ifc: fix leak of private memory on probe failure . - memory: pl353: Fix error return code in pl353_smc_probe . - memstick: rtsx_usb_ms: fix UAF . - mmc: block: Disable CMDQ on the ioctl path . - mmc: core: clear flags before allowing to retune . - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc . - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode . - mmc: sdhci-sprd: use sdhci_sprd_writew . - mmc: usdhi6rol0: fix error return code in usdhi6_probe . - mmc: via-sdmmc: add a check against NULL pointer dereference . - mmc: vub3000: fix control-request direction . - mm, futex: fix shared futex pgoff on shmem huge page . - mt76: fix possible NULL pointer dereference in mt76_tx . - mtd: partitions: redboot: seek fis-index-block in the right node . - mtd: rawnand: marvell: add missing clk_disable_unprepare on error in marvell_nfc_resume . - mwifiex: re-fix for unaligned accesses . - nvme-rdma: fix in-casule data send for chained sgls . - nvme-rdma: introduce nvme_rdma_sgl structure . - nvme-tcp: rerun io_work if req_list is not empty . - nvme: verify MNAN value if ANA is enabled . - PCI: Add AMD RS690 quirk to enable 64-bit DMA . - pinctrl: stm32: fix the reported number of GPIO lines per bank . - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard . - ptp_qoriq: fix overflow in ptp_qoriq_adjfine u64 calcalation . - r8152: Avoid memcpy over-reading of ETH_SS_STATS . - r8169: Avoid memcpy over-reading of ETH_SS_STATS . - random32: Fix implicit truncation warning in prandom_seed_state . - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel . - regulator: hi655x: Fix pass wrong pointer to config.driver_data . - regulator: uniphier: Add missing MODULE_DEVICE_TABLE . - reset: a10sr: add missing of_match_table reference . - reset: bail if try_module_get fails . - reset: brcmstb: Add missing MODULE_DEVICE_TABLE . - Revert ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro . - Revert ibmvnic: remove duplicate napi_schedule call in open function . - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field . - rtc: fix snprintf checking in is_rtc_hctosys . - rtc: stm32: Fix unbalanced clk_disable_unprepare on probe error path . - scsi: qedf: Do not put host in qedf_vport_create unconditionally . - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates . - serial_cs: Add Option International GSM-Ready 56K/ISDN modem . - serial_cs: remove wrong GLOBETROTTER.cis entry . - serial: mvebu-uart: correctly calculate minimal possible baudrate . - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available . - serial: mvebu-uart: fix calculation of clock divisor . - serial: tegra-tcu: Reorder channel initialization . - soc: fsl: qbman: Delete useless kfree code . - soc: fsl: qbman: Ensure device cleanup is run for kexec . - soundwire: stream: Fix test for DP prepare complete . - spi: fspi: dynamically alloc AHB memory . - spi: Make of_register_spi_device also set the fwnode . - spi: nxp-fspi: Use devm API to fix missed unregistration of controller . - spi: omap-100k: Fix the length judgment problem . - spi: spi-loopback-test: Fix "tx_buf" might be "rx_buf" . - spi: spi-nxp-fspi: Add ACPI support . - spi: spi-nxp-fspi: Add support for IP read only . - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 . - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR check in probe . - spi: spi-nxp-fspi: Implement errata workaround for LS1028A . - spi: spi-sun6i: Fix chipselect/clock bug . - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages . - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash . - spi: tegra114: Fix an error message . - ssb: Fix error return code in ssb_bus_scan . - ssb: sdio: Do not overwrite const buffer if block_write fails . - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt . - staging: gdm724x: check for overflow in gdm_lte_netif_rx . - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb . - staging: rtl8712: remove redundant check in r871xu_drv_init . - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations . - tpm, tpm_tis: Decorate tpm_get_timeouts with request_locality . - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt with request_locality . - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt . - tpm, tpm_tis: Reserve locality in tpm_tis_resume . - tracepoint: Add tracepoint_probe_register_may_exist for BPF tracing . - tracing/histograms: Fix parsing of sym-offset modifier . - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT . - tracing: Simplify fix saved_tgids logic . - tty: nozomi: Fix a resource leak in an error handling function . - tty: nozomi: Fix the error handling path of "nozomi_card_init" . - USB: cdc-acm: blacklist Heimann USB Appset device . - usb: dwc2: Do not reset the core after setting turnaround time . - usb: dwc3: Fix debugfs creation flow . - usb: gadget: eem: fix echo command packet response issue . - usb: gadget: f_fs: Fix setting of device and driver data cross-references . - usb: typec: Add the missed altmode_id_remove in typec_register_altmode . - usb: typec: fusb302: Always provide fwnode for the port . - usb: typec: fusb302: fix op-sink-microwatt default that was in mW . - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes . - usb: typec: tcpm: Move mod_delayed_work call into tcpm_queue_vdm . - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP . - usb: typec: tcpm: Refactor tcpm_handle_vdm_request . - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling . - usb: typec: tcpm: Remove tcpc_config configuration mechanism . - usb: typec: tcpm: set correct data role for non-DRD . - usb: typec: tcpm: Switch to use fwnode_property_count_uXX . - usb: typec: tcpm: update power supply once partner accepts . - usb: typec: ucsi: Hold con- greater than lock for the entire duration of ucsi_register_port . - usb: typec: ucsi: Put fwnode in any case during - greater than probe . - usb: typec: wcove: Fx wrong kernel doc format . - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - vfio/pci: Handle concurrent vma faults . - vfs: Convert functionfs to use the new mount API . - video: fbdev: imxfb: Fix an error message . - visorbus: fix error return code in visorchipset_init . - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports . - watchdog: aspeed: fix hardware timeout calculation . - watchdog: sp805: Fix kernel doc description . - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe . - wireless: carl9170: fix LEDS build errors warnings . - x86/kvm: Disable all PV features on crash . - x86/kvm: Disable kvmclock on all CPUs on shutdown . - x86/kvm: Fix pr_info for async PF setup/teardown . - x86/kvm: Teardown PV features on boot CPU as well . - x86/kvm: Unify kvm_pv_guest_cpu_reboot with kvm_guest_cpu_offline . - [xarray] iov_iter_fault_in_readable should do nothing in xarray case . - xhci: solve a double free problem while doing s4 . Special Instructions and Notes: Please reboot the system after installing this update.