Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1357-1 Final 1 1 2021-10-15T12:13:03Z current 2021-10-15T12:13:03Z 2021-10-15T12:13:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-3669: Fixed a denial of service to replace costly bailout check in sysvipc_find_ipc() (bsc#1159886 bsc#1188986). - CVE-2021-3752: Fixed a use-after-free uaf bug in bluetooth (bsc#1190023). - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159) - CVE-2021-3744, CVE-2021-3764: Fixed some resource leaks in the ccp driver ccp_run_aes_gcm_cmd() (bsc#1189884 bsc#1190534). The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - libata: fix ata_host_start() (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - USB: serial: option: add device id for Foxconn T99W265 (git-fixes). - USB: serial: option: add Telit LN920 compositions (git-fixes). - USB: serial: option: remove duplicate USB device ID (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1357 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ E-Mail link for openSUSE-SU-2021:1357-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1148868 SUSE Bug 1148868 https://bugzilla.suse.com/1152489 SUSE Bug 1152489 https://bugzilla.suse.com/1154353 SUSE Bug 1154353 https://bugzilla.suse.com/1159886 SUSE Bug 1159886 https://bugzilla.suse.com/1167773 SUSE Bug 1167773 https://bugzilla.suse.com/1170774 SUSE Bug 1170774 https://bugzilla.suse.com/1173746 SUSE Bug 1173746 https://bugzilla.suse.com/1176940 SUSE Bug 1176940 https://bugzilla.suse.com/1184439 SUSE Bug 1184439 https://bugzilla.suse.com/1184804 SUSE Bug 1184804 https://bugzilla.suse.com/1185302 SUSE Bug 1185302 https://bugzilla.suse.com/1185677 SUSE Bug 1185677 https://bugzilla.suse.com/1185726 SUSE Bug 1185726 https://bugzilla.suse.com/1185762 SUSE Bug 1185762 https://bugzilla.suse.com/1187167 SUSE Bug 1187167 https://bugzilla.suse.com/1188067 SUSE Bug 1188067 https://bugzilla.suse.com/1188651 SUSE Bug 1188651 https://bugzilla.suse.com/1188986 SUSE Bug 1188986 https://bugzilla.suse.com/1189297 SUSE Bug 1189297 https://bugzilla.suse.com/1189841 SUSE Bug 1189841 https://bugzilla.suse.com/1189884 SUSE Bug 1189884 https://bugzilla.suse.com/1190023 SUSE Bug 1190023 https://bugzilla.suse.com/1190062 SUSE Bug 1190062 https://bugzilla.suse.com/1190115 SUSE Bug 1190115 https://bugzilla.suse.com/1190159 SUSE Bug 1190159 https://bugzilla.suse.com/1190358 SUSE Bug 1190358 https://bugzilla.suse.com/1190406 SUSE Bug 1190406 https://bugzilla.suse.com/1190467 SUSE Bug 1190467 https://bugzilla.suse.com/1190523 SUSE Bug 1190523 https://bugzilla.suse.com/1190534 SUSE Bug 1190534 https://bugzilla.suse.com/1190543 SUSE Bug 1190543 https://bugzilla.suse.com/1190576 SUSE Bug 1190576 https://bugzilla.suse.com/1190595 SUSE Bug 1190595 https://bugzilla.suse.com/1190596 SUSE Bug 1190596 https://bugzilla.suse.com/1190598 SUSE Bug 1190598 https://bugzilla.suse.com/1190620 SUSE Bug 1190620 https://bugzilla.suse.com/1190626 SUSE Bug 1190626 https://bugzilla.suse.com/1190679 SUSE Bug 1190679 https://bugzilla.suse.com/1190705 SUSE Bug 1190705 https://bugzilla.suse.com/1190717 SUSE Bug 1190717 https://bugzilla.suse.com/1190746 SUSE Bug 1190746 https://bugzilla.suse.com/1190758 SUSE Bug 1190758 https://bugzilla.suse.com/1190784 SUSE Bug 1190784 https://bugzilla.suse.com/1190785 SUSE Bug 1190785 https://bugzilla.suse.com/1191172 SUSE Bug 1191172 https://bugzilla.suse.com/1191193 SUSE Bug 1191193 https://bugzilla.suse.com/1191240 SUSE Bug 1191240 https://bugzilla.suse.com/1191292 SUSE Bug 1191292 https://www.suse.com/security/cve/CVE-2020-3702/ SUSE CVE CVE-2020-3702 page https://www.suse.com/security/cve/CVE-2021-3669/ SUSE CVE CVE-2021-3669 page https://www.suse.com/security/cve/CVE-2021-3744/ SUSE CVE CVE-2021-3744 page https://www.suse.com/security/cve/CVE-2021-3752/ SUSE CVE CVE-2021-3752 page https://www.suse.com/security/cve/CVE-2021-3764/ SUSE CVE CVE-2021-3764 page https://www.suse.com/security/cve/CVE-2021-40490/ SUSE CVE CVE-2021-40490 page openSUSE Leap 15.2 kernel-debug-5.3.18-lp152.95.1 kernel-debug-devel-5.3.18-lp152.95.1 kernel-default-5.3.18-lp152.95.1 kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 kernel-default-devel-5.3.18-lp152.95.1 kernel-devel-5.3.18-lp152.95.1 kernel-docs-5.3.18-lp152.95.1 kernel-docs-html-5.3.18-lp152.95.1 kernel-kvmsmall-5.3.18-lp152.95.1 kernel-kvmsmall-devel-5.3.18-lp152.95.1 kernel-macros-5.3.18-lp152.95.1 kernel-obs-build-5.3.18-lp152.95.1 kernel-obs-qa-5.3.18-lp152.95.1 kernel-preempt-5.3.18-lp152.95.1 kernel-preempt-devel-5.3.18-lp152.95.1 kernel-source-5.3.18-lp152.95.1 kernel-source-vanilla-5.3.18-lp152.95.1 kernel-syms-5.3.18-lp152.95.1 kernel-debug-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-debug-devel-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-default-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 as a component of openSUSE Leap 15.2 kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 as a component of openSUSE Leap 15.2 kernel-default-devel-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-devel-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-docs-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-docs-html-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-kvmsmall-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-kvmsmall-devel-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-macros-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-obs-build-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-obs-qa-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-preempt-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-preempt-devel-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-source-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-source-vanilla-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 kernel-syms-5.3.18-lp152.95.1 as a component of openSUSE Leap 15.2 u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 CVE-2020-3702 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ https://www.suse.com/security/cve/CVE-2020-3702.html CVE-2020-3702 https://bugzilla.suse.com/1191193 SUSE Bug 1191193 https://bugzilla.suse.com/1191529 SUSE Bug 1191529 A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. CVE-2021-3669 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ https://www.suse.com/security/cve/CVE-2021-3669.html CVE-2021-3669 https://bugzilla.suse.com/1188986 SUSE Bug 1188986 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. CVE-2021-3744 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ https://www.suse.com/security/cve/CVE-2021-3744.html CVE-2021-3744 https://bugzilla.suse.com/1189884 SUSE Bug 1189884 https://bugzilla.suse.com/1190534 SUSE Bug 1190534 A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-3752 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1 important 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ https://www.suse.com/security/cve/CVE-2021-3752.html CVE-2021-3752 https://bugzilla.suse.com/1190023 SUSE Bug 1190023 https://bugzilla.suse.com/1190432 SUSE Bug 1190432 A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. CVE-2021-3764 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ https://www.suse.com/security/cve/CVE-2021-3764.html CVE-2021-3764 https://bugzilla.suse.com/1190534 SUSE Bug 1190534 https://bugzilla.suse.com/1194518 SUSE Bug 1194518 A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. CVE-2021-40490 openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1 openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.95.1 openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.95.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/ https://www.suse.com/security/cve/CVE-2021-40490.html CVE-2021-40490 https://bugzilla.suse.com/1190159 SUSE Bug 1190159 https://bugzilla.suse.com/1192775 SUSE Bug 1192775