Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3389-1 Final 1 1 2021-10-12T16:26:03Z current 2021-10-12T16:26:03Z 2021-10-12T16:26:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) The following non-security bugs were fixed: - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bnxt: disable napi before canceling DIM (bsc#1104745 ). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - crypto: x86/aes-ni-xts - use direct calls to and 4-way stride (bsc#1114648). - cxgb4: fix IRQ free race during driver unload (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - docs: Fix infiniband uverbs minor number (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (bsc#1129770) Backporting changes: * refresh - drm/imx: ipuv3-plane: Remove two unnecessary export symbols (bsc#1129770) Backporting changes: * refreshed - drm/mediatek: Add AAL output size configuration (bsc#1129770) Backporting changes: * adapted code to use writel() function - drm/msm: Small msm_gem_purge() fix (bsc#1129770) Backporting changes: * context changes in msm_gem_purge() * remove test for non-existant msm_gem_is_locked() - drm/msm/dsi: Fix some reference counted resource leaks (bsc#1129770) - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (bsc#1186785). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 (bsc#1129770) Backporting changes * context changes - dt-bindings: pwm: stm32: Add #pwm-cells (git-fixes). - e1000e: Do not take care about recovery NVM checksum (bsc#1158533). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1114648). - fbmem: add margin check to fb_check_caps() (bsc#1129770) Backporting changes: * context chacnges in fb_set_var() - Fix build warnings. Also align code location with later codestreams and improve bisectability. - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fs/select: avoid clang stack usage warning (git-fixes). - fuse: truncate pagecache on atomic_o_trunc (bsc#1191051). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185727). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (bsc#1109837 bsc#1111981). - i40e: Fix logic of disabling queues (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ice: Prevent probing virtual functions (bsc#1118661 ). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - irqchip/gic-v2: Reset APRn registers at boot time (bsc#1189407). - irqchip/gic-v3: Do not try to reset AP0Rn (bsc#1189407). - irqchip/gic-v3: Reset APgRn registers at boot time (bsc#1189407). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - kdb: do a sanity check on the cpu in kdb_per_cpu() (git-fixes). - KVM: x86: Use kernel's x86_phys_bits to handle reduced MAXPHYADDR (bsc#1114648). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1109837). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: qed: fix left elements count calculation (git-fixes). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: cls_api: Fix the the wrong parameter (bsc#1109837). - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed (bsc#1056657 bsc#1056653 bsc#1056787). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/mm: Fix section mismatch warning (bsc#1148868). - powerpc/mm: Fix section mismatch warning in early_check_vec5() (bsc#1148868). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1065729). - powerpc/numa: Early request for home node associativity (bsc#1190914). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Move mm/book3s64/vphn.c under platforms/pseries/ (bsc#1190914). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - profiling: fix shift-out-of-bounds bugs (git-fixes). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/efa: Be consistent with modify QP bitmask (git-fixes) - RDMA/efa: Use the correct current and new states in modify QP (git-fixes) - resource: Fix find_next_iomem_res() iteration issue (bsc#1181193). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - SUNRPC: Ensure to ratelimit the 'server not responding' syslog messages (bsc#1191136). - USB: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: serial: option: remove duplicate USB device ID (git-fixes). - video: fbdev: imxfb: Fix an error message (bsc#1129770) Backporting changes: * context changes in imxfb_probe() - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/crash: Add e820 reserved ranges to kdump kernel's e820 table (bsc#1181193). - x86/e820, ioport: Add a new I/O resource descriptor IORES_DESC_RESERVED (bsc#1181193). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1114648). - x86/mm: Rework ioremap resource mapping determination (bsc#1181193). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1114648). - x86/resctrl: Fix default monitoring groups reporting (bsc#1114648). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-Basic-On-Demand-2021-3389,Image SLES12-SP5-Azure-HPC-On-Demand-2021-3389,Image SLES12-SP5-Azure-Standard-On-Demand-2021-3389,SUSE-2021-3389,SUSE-SLE-SERVER-12-SP5-2021-3389 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213389-1/ Link for SUSE-SU-2021:3389-1 https://lists.suse.com/pipermail/sle-updates/2021-October/020461.html E-Mail link for SUSE-SU-2021:3389-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1050244 SUSE Bug 1050244 https://bugzilla.suse.com/1056653 SUSE Bug 1056653 https://bugzilla.suse.com/1056657 SUSE Bug 1056657 https://bugzilla.suse.com/1056787 SUSE Bug 1056787 https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1104745 SUSE Bug 1104745 https://bugzilla.suse.com/1109837 SUSE Bug 1109837 https://bugzilla.suse.com/1111981 SUSE Bug 1111981 https://bugzilla.suse.com/1114648 SUSE Bug 1114648 https://bugzilla.suse.com/1118661 SUSE Bug 1118661 https://bugzilla.suse.com/1129770 SUSE Bug 1129770 https://bugzilla.suse.com/1148868 SUSE Bug 1148868 https://bugzilla.suse.com/1158533 SUSE Bug 1158533 https://bugzilla.suse.com/1173746 SUSE Bug 1173746 https://bugzilla.suse.com/1176940 SUSE Bug 1176940 https://bugzilla.suse.com/1181193 SUSE Bug 1181193 https://bugzilla.suse.com/1184439 SUSE Bug 1184439 https://bugzilla.suse.com/1185677 SUSE Bug 1185677 https://bugzilla.suse.com/1185727 SUSE Bug 1185727 https://bugzilla.suse.com/1186785 SUSE Bug 1186785 https://bugzilla.suse.com/1189297 SUSE Bug 1189297 https://bugzilla.suse.com/1189407 SUSE Bug 1189407 https://bugzilla.suse.com/1189884 SUSE Bug 1189884 https://bugzilla.suse.com/1190023 SUSE Bug 1190023 https://bugzilla.suse.com/1190115 SUSE Bug 1190115 https://bugzilla.suse.com/1190159 SUSE Bug 1190159 https://bugzilla.suse.com/1190432 SUSE Bug 1190432 https://bugzilla.suse.com/1190523 SUSE Bug 1190523 https://bugzilla.suse.com/1190534 SUSE Bug 1190534 https://bugzilla.suse.com/1190543 SUSE Bug 1190543 https://bugzilla.suse.com/1190576 SUSE Bug 1190576 https://bugzilla.suse.com/1190601 SUSE Bug 1190601 https://bugzilla.suse.com/1190620 SUSE Bug 1190620 https://bugzilla.suse.com/1190626 SUSE Bug 1190626 https://bugzilla.suse.com/1190717 SUSE Bug 1190717 https://bugzilla.suse.com/1190914 SUSE Bug 1190914 https://bugzilla.suse.com/1191051 SUSE Bug 1191051 https://bugzilla.suse.com/1191136 SUSE Bug 1191136 https://bugzilla.suse.com/1191193 SUSE Bug 1191193 https://www.suse.com/security/cve/CVE-2020-3702/ SUSE CVE CVE-2020-3702 page https://www.suse.com/security/cve/CVE-2021-3744/ SUSE CVE CVE-2021-3744 page https://www.suse.com/security/cve/CVE-2021-3752/ SUSE CVE CVE-2021-3752 page https://www.suse.com/security/cve/CVE-2021-3764/ SUSE CVE CVE-2021-3764 page https://www.suse.com/security/cve/CVE-2021-40490/ SUSE CVE CVE-2021-40490 page Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-azure-4.12.14-16.76.2 cluster-md-kmp-azure-4.12.14-16.76.2 dlm-kmp-azure-4.12.14-16.76.2 gfs2-kmp-azure-4.12.14-16.76.2 kernel-azure-base-4.12.14-16.76.2 kernel-azure-devel-4.12.14-16.76.2 kernel-azure-extra-4.12.14-16.76.2 kernel-azure-kgraft-devel-4.12.14-16.76.2 kernel-devel-azure-4.12.14-16.76.2 kernel-source-azure-4.12.14-16.76.2 kernel-syms-azure-4.12.14-16.76.2 kselftests-kmp-azure-4.12.14-16.76.2 ocfs2-kmp-azure-4.12.14-16.76.2 kernel-azure-4.12.14-16.76.2 as a component of Image SLES12-SP5-Azure-Basic-On-Demand kernel-azure-4.12.14-16.76.2 as a component of Image SLES12-SP5-Azure-HPC-On-Demand kernel-azure-4.12.14-16.76.2 as a component of Image SLES12-SP5-Azure-Standard-On-Demand kernel-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-azure-base-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-azure-devel-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-devel-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-source-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-syms-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-azure-base-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-azure-devel-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-devel-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-source-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-syms-azure-4.12.14-16.76.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 CVE-2020-3702 Image SLES12-SP5-Azure-Basic-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.76.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213389-1/ https://www.suse.com/security/cve/CVE-2020-3702.html CVE-2020-3702 https://bugzilla.suse.com/1191193 SUSE Bug 1191193 https://bugzilla.suse.com/1191529 SUSE Bug 1191529 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. CVE-2021-3744 Image SLES12-SP5-Azure-Basic-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.76.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213389-1/ https://www.suse.com/security/cve/CVE-2021-3744.html CVE-2021-3744 https://bugzilla.suse.com/1189884 SUSE Bug 1189884 https://bugzilla.suse.com/1190534 SUSE Bug 1190534 A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-3752 Image SLES12-SP5-Azure-Basic-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.76.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213389-1/ https://www.suse.com/security/cve/CVE-2021-3752.html CVE-2021-3752 https://bugzilla.suse.com/1190023 SUSE Bug 1190023 https://bugzilla.suse.com/1190432 SUSE Bug 1190432 A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. CVE-2021-3764 Image SLES12-SP5-Azure-Basic-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.76.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213389-1/ https://www.suse.com/security/cve/CVE-2021-3764.html CVE-2021-3764 https://bugzilla.suse.com/1190534 SUSE Bug 1190534 https://bugzilla.suse.com/1194518 SUSE Bug 1194518 A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. CVE-2021-40490 Image SLES12-SP5-Azure-Basic-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-HPC-On-Demand:kernel-azure-4.12.14-16.76.2 Image SLES12-SP5-Azure-Standard-On-Demand:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.76.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.76.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213389-1/ https://www.suse.com/security/cve/CVE-2021-40490.html CVE-2021-40490 https://bugzilla.suse.com/1190159 SUSE Bug 1190159 https://bugzilla.suse.com/1192775 SUSE Bug 1192775