Lucene search

HistoryAug 11, 2021 - 12:00 a.m.

Security update for the Linux Kernel (important)






An update that solves 5 vulnerabilities and has 46 fixes is
now available.


The openSUSE Leap 15.2 kernel was updated to receive various security and

The following security bugs were fixed:

  • CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module
    functionality was found in the way user uses trace ring buffer in a
    specific way. Only privileged local users (with CAP_SYS_ADMIN
    capability) could use this flaw to starve the resources causing denial
    of service (bnc#1189057).
  • CVE-2021-3659: Fix general protection fault via NULL pointer dereference
    in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
  • CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform
    allowed KVM guest OS users to cause host OS memory corruption via
    rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1188842).
  • CVE-2021-22543: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in
    KVM could bypass RO checks and can lead to pages being freed while still
    accessible by the VMM and guest. This allowed users with the ability to
    start and control a VM to read/write random pages of memory and can
    result in local privilege escalation (bnc#1186482).
  • CVE-2021-21781: A SIGPAGE information disclosure vulnerability on ARM
    was fixed (bsc#1188445).

The following non-security bugs were fixed:

  • ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
  • ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
  • ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes).
  • ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
  • ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
  • ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
  • ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256)
  • ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
  • ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
  • ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
  • ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
  • ALSA: seq: Fix racy deletion of subscriber (git-fixes).
  • ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
  • ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
  • ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
  • ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes).
  • ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
  • ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
  • ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
  • ALSA: usx2y: Do not call free_pages_exact() with NULL address
  • ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes).
  • ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20
    characters (git-fixes).
  • ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
  • ASoC: soc-core: Fix the error return code in
    snd_soc_of_parse_audio_routing() (git-fixes).
  • backlight: lm3630a: Fix return code of .update_status() callback
  • bcache: avoid oversized read request in cache missing code path
  • bcache: remove bcache device self-defined readahead (bsc#1184631).
  • Bluetooth: defer cleanup of resources in hci_unregister_dev()
  • bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
    bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
  • bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371
  • bnxt_en: do not disable an already disabled PCI device (git-fixes).
  • bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371
  • bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
  • btrfs: factor out create_chunk() (bsc#1189077).
  • btrfs: factor out decide_stripe_size() (bsc#1189077).
  • btrfs: factor out gather_device_info() (bsc#1189077).
  • btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
  • btrfs: fix deadlock with concurrent chunk allocations involving system
    chunks (bsc#1189077).
  • btrfs: handle invalid profile in chunk allocation (bsc#1189077).
  • btrfs: introduce alloc_chunk_ctl (bsc#1189077).
  • btrfs: introduce chunk allocation policy (bsc#1189077).
  • btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
  • btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
  • btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
  • btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
  • btrfs: rework chunk allocation to avoid exhaustion of the system chunk
    array (bsc#1189077).
  • cadence: force nonlinear buffers to be cloned (git-fixes).
  • can: ems_usb: fix memory leak (git-fixes).
  • can: esd_usb2: fix memory leak (git-fixes).
  • can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
  • can: mcba_usb_start(): add missing urb->transfer_dma initialization
  • can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
  • can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
  • can: usb_8dev: fix memory leak (git-fixes).
  • ceph: do not WARN if we’re still opening a session to an MDS
  • cfg80211: Fix possible memory leak in function cfg80211_bss_update
  • cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
  • cifs: constify get_normalized_path() properly (bsc#1185902).
  • cifs: do not cargo-cult strndup() (bsc#1185902).
  • cifs: do not fail __smb_send_rqst if non-fatal signals are pending
  • cifs: do not send tree disconnect to ipc shares (bsc#1185902).
  • cifs: do not share tcp servers with dfs mounts (bsc#1185902).
  • cifs: do not share tcp sessions of dfs connections (bsc#1185902).
  • cifs: fix check of dfs interlinks (bsc#1185902).
  • cifs: fix interrupted close commands (git-fixes).
  • cifs: fix memory leak in smb2_copychunk_range (git-fixes).
  • cifs: fix path comparison and hash calc (bsc#1185902).
  • cifs: Fix preauth hash corruption (git-fixes).
  • cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
  • cifs: handle different charsets in dfs cache (bsc#1185902).
  • cifs: keep referral server sessions alive (bsc#1185902).
  • cifs: missing null pointer check in cifs_mount (bsc#1185902).
  • cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
  • cifs: Remove unused inline function is_sysvol_or_netlogon()
  • cifs: Return correct error code from smb2_get_enc_key (git-fixes).
  • cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
  • clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
  • clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
  • cxgb4: fix IRQ free race during driver unload (git-fixes).
  • dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes).
  • drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
  • drm: Return -ENOTTY for non-drm ioctls (git-fixes).
  • Drop media rtl28xxu fix patch (bsc#1188683)
  • e1000e: Check the PCIm state (git-fixes).
  • e1000e: Fix an error handling path in ‘e1000_probe()’ (git-fixes).
  • firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
  • firmware: arm_scmi: Fix range check for the maximum number of pending
    messages (git-fixes).
  • firmware/efi: Tell memblock about EFI iomem reservations (git-fixes).
  • gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
  • gpio: tqmx86: really make IRQ optional (git-fixes).
  • gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
  • gtp: fix an use-before-init in gtp_newlink() (git-fixes).
  • i2c: core: Disable client irq on reboot/shutdown (git-fixes).
  • i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
  • i40e: Fix error handling in i40e_vsi_open (git-fixes).
  • iavf: Fix an error handling path in ‘iavf_probe()’ (git-fixes).
  • ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
  • ibmvnic: retry reset if there are no other resets (bsc#1184350
  • ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency
  • igb: Check if num of q_vectors is smaller than max before array access
  • igb: Fix an error handling path in ‘igb_probe()’ (git-fixes).
  • igb: Fix position of assignment to *ring (git-fixes).
  • igb: Fix use-after-free error during reset (git-fixes).
  • igc: change default return of igc_read_phy_reg() (git-fixes).
  • igc: Fix an error handling path in ‘igc_probe()’ (git-fixes).
  • igc: Fix use-after-free error during reset (git-fixes).
  • iio: accel: bma180: Use explicit member assignment (git-fixes).
  • iio: gyro: fxa21002c: Balance runtime pm + use
    pm_runtime_resume_and_get() (git-fixes).
  • iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
  • Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
  • Input: ili210x - add missing negation for touch indication on ili210x
  • ixgbe: Fix an error handling path in ‘ixgbe_probe()’ (git-fixes).
  • ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
  • kabi fix for NFSv4.1: Do not rebind to the same source port when
    reconnecting to the server (bnc#1186264 bnc#1189021)
  • kvm: i8254: remove redundant assignment to pointer s (bsc#1188770).
  • KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw
    disabled (bsc#1188771).
  • kvm: LAPIC: Restore guard to prevent illegal APIC register access
  • KVM: nVMX: Consult only the “basic” exit reason when routing nested exit
  • KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774).
  • KVM: nVMX: Preserve exception priority irrespective of exiting behavior
  • KVM: nVMX: Really make emulated nested preemption timer pinned
  • KVM: nVMX: Reset the segment cache when stuffing guest segs
  • KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
  • KVM: nVMX: Sync unsync’d vmcs02 state to vmcs12 on migration
  • KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
  • KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
  • KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
  • KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path
  • KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
  • lib/decompress_unlz4.c: correctly handle zero-padding around initrds
  • liquidio: Fix unintentional sign extension issue on left shift of u16
  • media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
  • media: rtl28xxu: fix zero-length control request (git-fixes).
  • media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
  • mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
  • mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
  • misc: alcor_pci: fix inverted branch condition (git-fixes).
  • misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
  • misc/libmasm/module: Fix two use after free in ibmasm_init_one
  • Move upstreamed patches to sorted section
  • mt76: mt7603: set 0 as min coverage_class value (git-fixes).
  • mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes).
  • mt76: mt7615: increase MCU command timeout (git-fixes).
  • mt76: set dma-done flag for flushed descriptors (git-fixes).
  • mvpp2: suppress warning (git-fixes).
  • net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
  • net: dp83867: Fix OF_MDIO config check (git-fixes).
  • net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext
  • net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
  • net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
  • net: hns3: Clear the CMDQ registers before unmapping BAR region
  • net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
  • net: marvell: Fix OF_MDIO config check (git-fixes).
  • net/mlx5: Do not fail driver on failure to create debugfs (git-fixes).
  • net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes).
  • net/mlx5: Properly convey driver version to firmware (git-fixes).
  • net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
  • net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx
    phy (git-fixes).
  • net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
  • net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
  • net: wilc1000: clean up resource in error path of init mon interface
  • nfc: nfcsim: fix use after free during module unload (git-fixes).
  • NFSv4.1: Do not rebind to the same source port when (bnc#1186264
  • PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
  • platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command
  • platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
  • platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when
    using s2idle (git-fixes).
  • platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip
  • platform/x86: intel_int0002_vgpio: Remove dev_err() usage after
    platform_get_irq() (git-fixes).
  • platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes).
  • powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h
    (bsc#1188885 ltc#193722).
  • powerpc/64s: rename pnv|pseries_setup_rfi_flush to
    _setup_security_mitigations (bsc#1188885 ltc#193722).
  • powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
  • powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
  • powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295,
  • powerpc/pesries: Get STF barrier requirement from
    H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
  • powerpc/pseries: add new branch prediction security bits for link stack
    (bsc#1188885 ltc#193722).
  • powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885
  • powerpc/pseries: Get entry and uaccess flush required bits from
    H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
  • powerpc/security: Add a security feature for STF barrier (bsc#1188885
  • powerpc/security: Allow for processors that flush the link stack using
    the special bcctr (bsc#1188885 ltc#193722).
  • powerpc/security: change link stack flush state to the flush type enum
    (bsc#1188885 ltc#193722).
  • powerpc/security: Fix link stack flush instruction (bsc#1188885
  • powerpc/security: make display of branch cache flush more consistent
    (bsc#1188885 ltc#193722).
  • powerpc/security: re-name count cache flush to branch cache flush
    (bsc#1188885 ltc#193722).
  • powerpc/security: split branch cache flush toggle from code patching
    (bsc#1188885 ltc#193722).
  • powerpc/stacktrace: Fix spurious “stale” traces in raise_backtrace_ipi()
  • powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
  • power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
  • power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
  • power: supply: ab8500: Avoid NULL pointers (git-fixes).
  • power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
  • power: supply: max17042: Do not enforce (incorrect) interrupt trigger
    type (git-fixes).
  • power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
  • power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes).
  • pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
  • pwm: imx1: Do not disable clocks at device remove time (git-fixes).
  • pwm: spear: Do not modify HW state in .remove callback (git-fixes).
  • r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
  • r8152: Fix potential PM refcount imbalance (bsc#1186194).
  • ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes).
  • rbd: always kick acquire on “acquired” and “released” notifications
  • rbd: do not hold lock_rwsem while running_list is being drained
  • RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449).
  • RDMA/cma: Protect RMW with qp_mutex (git-fixes).
  • regulator: hi6421: Fix getting wrong drvdata (git-fixes).
  • regulator: hi6421: Use correct variable type for regmap api val argument
  • replaced with upstream security mitigation cleanup
  • reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
  • Revert “ACPI: resources: Add checks for ACPI IRQ override” (git-fixes).
  • Revert “be2net: disable bh with spin_lock in be_process_mcc” (git-fixes).
  • Revert “USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem”
  • rtc: max77686: Do not enforce (incorrect) interrupt trigger type
  • rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
  • scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
  • sfp: Fix error handing in sfp_probe() (git-fixes).
  • soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
  • spi: cadence: Correct initialisation of runtime PM again (git-fixes).
  • spi: imx: add a check for speed_hz before calculating the clock
  • spi: mediatek: fix fifo rx mode (git-fixes).
  • staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes).
  • SUNRPC: prevent port reuse on transports which do not request it
    (bnc#1186264 bnc#1189021).
  • thermal/core: Correct function name thermal_zone_device_unregister()
  • tracing: Do not reference char * as a string in histograms (git-fixes).
  • tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
  • tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
    zero (git-fixes).
  • Update
    (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620
  • Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch
    (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221).
  • Update patches.suse/ibmvnic-parenthesize-a-check.patch (bsc#1184114
    ltc#192237 bsc#1183871 ltc#192139 git-fixes bsc#1188620 ltc#192221).
  • Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch
    (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221).
  • Update
    (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646).
  • usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
  • usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes).
  • usb: gadget: hid: fix error return code in hid_bind() (git-fixes).
  • usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
  • usb: hub: Fix link power management max exit latency (MEL) calculations
  • usb: max-3421: Prevent corruption of freed memory (git-fixes).
  • usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
  • USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
  • USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
  • USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
  • USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
  • uuid: Add inline helpers to import / export UUIDs (bsc#1113295,
  • virtio_console: Assure used length from device is limited (git-fixes).
  • virtio_net: move tx vq operation under tx queue lock (git-fixes).
  • vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
  • w1: ds2438: fixing bug that would always get page0 (git-fixes).
  • watchdog: Fix possible use-after-free by calling del_timer_sync()
  • watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
  • watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
  • watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
  • wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
  • workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
  • xen/events: reset active flag for lateeoi events later (git-fixes).
  • xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
  • xhci: Fix lost USB 2 remote wake (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-1142=1

openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (x86_64):- openSUSE Leap 15.2 (x86_64):.x86_64.rpm