The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka Kr00k. - CVE-2021-33098: Fixed a potential denial of service in Intel Ethernet ixgbe driver due to improper input validation. - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker to trigger an out-of-bounds write via a crafted length value. - CVE-2021-43976: Fixed a flaw that could allow an attacker to cause a denial of service. - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau"s postclose handler could happen if removing device. The following non-security bugs were fixed: - blk-mq: do not deactivate hctx if managed irq isn"t used . - cifs: Add new mount parameter acdirmax to allow caching directory metadata . - cifs: Add new parameter acregmax for distinct file and directory metadata timeout . - cifs: convert list_for_each to entry variant . - cifs: convert revalidate of directories to using directory metadata cache timeout . - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED . - cifs: fiemap: do not return EINVAL if get nothing . - cifs: Fix a potencially linear read overflow . - cifs: fix a sign extension bug . - cifs: fix incorrect check for null pointer in header_assemble . - cifs: fix memory leak of smb3_fs_context_dup::server_hostname . - cifs: fix missed refcounting of ipc tcon . - cifs: fix potential use-after-free bugs . - cifs: fix print of hdr_flags in dfscache_proc_show . - cifs: fix wrong release in sess_alloc_buffer failed path . - cifs: for compound requests, use open handle if possible . - cifs: introduce new helper for cifs_reconnect . - cifs: move to generic async completion . - cifs: nosharesock should be set on new server . - cifs: nosharesock should not share socket with future sessions . - cifs: On cifs_reconnect, resolve the hostname again . - cifs: properly invalidate cached root handle when closing it . - cifs: release lock earlier in dequeue_mid error case . - cifs: set a minimum of 120s for next dns resolution . - cifs: Simplify reconnect code when dfs upcall is enabled . - cifs: split out dfs code from cifs_reconnect . - cifs: support nested dfs links over reconnect . - cifs: support share failover when remounting . - cifs: To match file servers, make sure the server hostname matches . - config: INPUT_EVBUG=n . Debug driver unsuitable for production, only enabled on ppc64. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - cred: allow get_cred and put_cred to be given NULL . - EDAC/amd64: Handle three rank interleaving mode . - elfcore: correct reference to CONFIG_UML . - elfcore: fix building with clang . - fuse: release pipe buf after last use . - genirq: Move initial affinity setup to irq_startup . - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP . - genirq: Remove mask argument from setup_affinity . - genirq: Rename setup_affinity to irq_setup_affinity . - genirq: Split out irq_startup code . - lpfc: Reintroduce old IRQ probe logic . - md: fix a lock order reversal in md_alloc . - net: hso: fix control-request directions . - net: hso: fix muxed tty registration . - net: lan78xx: fix division by zero in send path . - net: mana: Allow setting the number of queues while the NIC is down . - net: mana: Fix spelling mistake calledd - called . - net: mana: Fix the netdev_err"s vPort argument in mana_init_port . - net: mana: Improve the HWC error handling . - net: mana: Support hibernation and kexec . - net: mana: Use kcalloc instead of kzalloc . - net: pegasus: fix uninit-value in get_interrupt_interval . - net: usb: lan78xx: lan78xx_phy_init: use PHY_POLL instead of 0 if no IRQ is available . - nfsd: do not alloc under spinlock in rpc_parse_scope_id . - nfsd: Handle the NFSv4 READDIR "dircount" hint being zero . - nvme-fc: avoid race between time out and tear down . - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues . - nvme-fc: update hardware queues before using them . - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues . - nvme-pci: add NO APST quirk for Kioxia device . - objtool: Support Clang non-section symbols in ORC generation . - platform/x86: hp_accel: Fix an error handling path in "lis3lv02d_probe" . - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning . - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds . - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request . - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid . - scsi: core: Put LLD module refcnt after SCSI device is released . - scsi: iscsi: Adjust iface sysfs attr detection . - scsi: lpfc: Add additional debugfs support for CMF . - scsi: lpfc: Adjust CMF total bytes and rxmonitor . - scsi: lpfc: Cap CMF read bytes to MBPI . - scsi: lpfc: Change return code on I/Os received during link bounce . - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV . - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance . - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO . - scsi: lpfc: Fix NPIV port deletion crash . - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup . - scsi: lpfc: Update lpfc version to 14.0.0.4 . - scsi: mpt3sas: Fix kernel panic during drive powercycle test . - scsi: qla2xxx: edif: Fix app start delay . - scsi: qla2xxx: edif: Fix app start fail . - scsi: qla2xxx: edif: Fix EDIF bsg . - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo . - scsi: qla2xxx: edif: Flush stale events and msgs on session down . - scsi: qla2xxx: edif: Increase ELS payload . - scsi: qla2xxx: Fix gnl list corruption . - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id . - scsi: qla2xxx: Format log strings only if needed . - scsi: qla2xxx: Relogin during fabric disturbance . - smb3: add additional null check in SMB2_ioctl . - smb3: add additional null check in SMB2_open . - smb3: add additional null check in SMB2_tcon . - smb3: correct server pointer dereferencing check to be more consistent . - smb3: correct smb3 ACL security descriptor . - smb3: do not error on fsync when readonly . - smb3: remove trivial dfs compile warning . - SUNRPC: async tasks mustn"t block waiting for memory . - SUNRPC: improve "swap" handling: scheduling and PF_MEMALLOC . - tracing: Check pid filtering when creating events . - tracing: Fix pid filtering when triggers are attached . - tty: hvc: replace BUG_ON with negative return value . - usb: Add compatibility quirk flags for iODD 2531/2541 . - usb: dwc2: hcd_queue: Fix use of floating point literal . - usb: serial: option: add Fibocom FM101-GL variants . - usb: serial: option: add prod. id for Quectel EG91 . - usb: serial: option: add Quectel EC200S-CN module support . - usb: serial: option: add Telit LE910Cx composition 0x1204 . - usb: serial: option: add Telit LE910S1 0x9200 composition . - usb: serial: qcserial: add EM9191 QDL support . - x86/msi: Force affinity setup before startup . - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT . - x86/sme: Explicitly map new EFI memmap table as encrypted . - x86/xen: Add xenpv_restore_regs_and_return_to_usermode . - x86/xen: Mark cpu_bringup_and_idle as dead_end_function . - xen: sync include/xen/interface/io/ring.h with Xen"s newest version . - xen/blkfront: do not take local copy of a request from the ring page . - xen/blkfront: do not trust the backend response data blindly . - xen/blkfront: read response from backend only once . - xen/netfront: disentangle tx_skb_freelist . - xen/netfront: do not read data from request on the ring page . - xen/netfront: do not trust the backend response data blindly . - xen/netfront: read response from backend only once . Special Instructions and Notes: Please reboot the system after installing this update.