The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read . - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent . - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure . - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status . - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size . - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly . - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled . - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service . - CVE-2021-28688: Fixed an issue introduced by XSA-365 . - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan . - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations . - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message . - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages . - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure . - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind . - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code . - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory . - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory . - CVE-2021-26930: Fixed an improper error handling in blkback"s grant mapping . - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs . - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping . - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check . - CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege . The following non-security bugs were fixed: - ACPI: scan: Rearrange memory allocation in acpi_device_add . - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits . - ALSA: hda: Drop the BATCH workaround for AMD controllers . - ALSA: hda/realtek: modify EAPD in the ALC886 . - amba: Fix resource leak for drivers without .remove . - bfq: Fix kABI for update internal depth state when queue depth changes . - bfq: update internal depth state when queue depth changes . - block: rsxx: fix error return code of rsxx_pci_probe . - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data . - Bluetooth: hci_uart: Cancel init work before unregistering . - Bluetooth: hci_uart: Fix a race for write_work scheduling . - bpf: Add sanity check for upper ptr_limit . - bpf: Fix 32 bit src register truncation on div/mod . - bpf: fix subprog verifier bypass by div/mod by 0 exception . - bpf: fix x64 JIT code generation for jmp to 1st insn . - bpf_lru_list: Read double-checked variable once without lock . - bpf: Simplify alu_limit masking for pointer arithmetic . - bpf,x64: Pad NOPs to make images converge more easily . - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD . - can: c_can: move runtime PM enable/disable to c_can_platform . - can: c_can_pci: c_can_pci_remove: fix use-after-free . - can: m_can: m_can_do_rx_poll: fix extraneous msg loss warning . - can: peak_usb: add forgotten supported devices . - can: peak_usb: Revert quot;can: peak_usb: add forgotten supported devicesquot; . - can: skb: can_skb_set_owner: fix ref counting if socket was closed before setting skb ownership . - cifs: change noisy error message to FYI . - cifs: check all path components in resolved dfs target . - cifs_debug: use %pd instead of messing with -gt;d_name . - cifs: fix nodfs mount option . - cifs: introduce helper for finding referral server . - cifs: New optype for session operations . - cifs: print MIDs in decimal notation . - cifs: return proper error code in statfs . - cifs: Tracepoints and logs for tracing credit changes . - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds . - dmaengine: hsu: disable spurious interrupt . - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if Backporting notes: * context changes - drm/atomic: Create __drm_atomic_helper_crtc_reset for subclassing Backporting notes: * taken for 427c4a0680a2 * renamed drm_atomic_state_helper.{c,h} to drm_atomic_helper.{c,h} * context changes - drm: bridge: dw-hdmi: Avoid resetting force in the detect function Backporting notes: * context changes - drm/compat: Clear bounce structures Backporting notes: * context changes - drm/etnaviv: replace MMU flush marker with flush sequence Backporting notes: * context changes - drm/gma500: Fix error return code in psb_driver_load - drm/mediatek: Add missing put_device call in mtk_drm_kms_init Backporting notes: * context changes - drm/mediatek: Fix aal size config Backporting notes: * access I/O memory with writel - drm: meson_drv add shutdown function . - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register . - drm/msm/dsi: Correct io_start for MSM8994 - drm/msm: fix shutdown hook in case GPU components failed to bind . - drm: mxsfb: check framebuffer pitch Backporting notes: * context changes - drm/omap: fix max fclk divider for omap36xx - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel Backporting notes: * context changes - drm/radeon: fix AGP dependency . - drm: rcar-du: Put reference to VSP device Backporting notes: * context changes - drm/vc4: crtc: Rework a bit the CRTC state code Backporting notes: * context changes - drm/vc4: hdmi: Avoid sleeping in atomic context Backporting notes: * context changes - ethernet: alx: fix order of calls on resume . - fbdev: aty: SPARC64 requires FB_ATY_CT - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent . - futex: Prevent robust futex exit race . - gma500: clean up error handling in init - gpiolib: acpi: Add missing IRQF_ONESHOT . - HID: make arrays usage and value to be the same . - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition . - i40e: Add zero-initialization of AQ command structures . - i40e: Fix add TC filter for IPv6 . - i40e: Fix endianness conversions . - IB/mlx5: Return appropriate error code instead of ENOMEM . - ibmvnic: add comments for spinlock_t definitions . - ibmvnic: add memory barrier to protect long term buffer . - ibmvnic: always store valid MAC address . - ibmvnic: avoid multiple line dereference . - ibmvnic: compare adapter-gt;init_done_rc with more readable ibmvnic_rc_codes . - ibmvnic: Correctly re-enable interrupts in NAPI polling routine . - ibmvnic: create send_control_ip_offload . - ibmvnic: create send_query_ip_offload . - ibmvnic: Do not replenish RX buffers after every polling loop . - ibmvnic: Ensure that CRQ entry read are correctly ordered . - ibmvnic: Ensure that device queue memory is cache-line aligned . - ibmvnic: Ensure that SCRQ entry reads are correctly ordered . - ibmvnic: fix block comments . - ibmvnic: fix braces . - ibmvnic: fix miscellaneous checks . - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq . - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning . - ibmvnic: Fix TX completion error handling . - ibmvnic: Fix use-after-free of VNIC login response buffer . - ibmvnic: handle inconsistent login with reset . - ibmvnic: Harden device Command Response Queue handshake . - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init . - ibmvnic: merge do_change_param_reset into do_reset . - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init . - ibmvnic: no reset timeout for 5 seconds after reset . - ibmvnic: prefer strscpy over strlcpy . - ibmvnic: prefer "unsigned long" over "unsigned long int" . - ibmvnic: reduce wait for completion time . - ibmvnic: remove excessive irqsave . - ibmvnic: remove never executed if statement . - ibmvnic: remove unnecessary rmb inside ibmvnic_poll . - ibmvnic: remove unused spinlock_t stats_lock definition . - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap . - ibmvnic: rename send_cap_queries to send_query_cap . - ibmvnic: rename send_map_query to send_query_map . - ibmvnic: rework to ensure SCRQ entry reads are properly ordered . - ibmvnic: send_login should check for crq errors . - ibmvnic: simplify reset_long_term_buff function . - ibmvnic: skip send_request_unmap for timeout reset . - ibmvnic: skip tx timeout reset while in resetting . - ibmvnic: stop free_all_rwi on failed reset . - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct . - ibmvnic: substitute mb with dma_wmb for send_*crq* functions . - ibmvnic: track pending login . - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers . - ibmvnic: Use "skb_frag_address" instead of hand coding it . - ice: Account for port VLAN in VF max packet size calculation . - igc: check return value of ret_val in igc_config_fc_after_link_up . - igc: Report speed and duplex as unknown when device is runtime suspended . - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr . - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel . - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler . - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel . - iio: hid-sensor-prox: Fix scale not correct issue . - iio: hid-sensor-temperature: Fix issues of timestamp channel . - Input: i8042 - add ASUS Zenbook Flip to noselftest list . - Input: i8042 - unbreak Pegatron C15B . - Input: raydium_ts_i2c - do not send zero length . - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S . - Input: xpad - sync supported devices with fork on GitHub . - iommu/amd: Fix sleeping in atomic in increase_address_space . - iommu/intel: Fix memleak in intel_irq_remapping_alloc . - iommu/vt-d: Avoid panic if iommu init fails in tboot system . - iommu/vt-d: Do not use flush-queue when caching-mode is on . - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA . - kABI: Fix kABI after modifying struct __call_single_data . - kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask - kernel/smp: add boot parameter for controlling CSD lock debugging . - kernel/smp: add more data to CSD lock debugging . - kernel/smp: prepare more CSD lock debugging . - kernel/smp: Provide CSD lock timeout diagnostics . - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off . - lib/crc32test: remove extra local_irq_disable/enable . - mac80211: fix double free in ibss_leave . - mac80211: fix rate mask reset . - media: usbtv: Fix deadlock on suspend . - media: uvcvideo: Allow entities with no pads . - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom . - mmc: core: Fix partition switch time for eMMC . - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE. - mmc: cqhci: Fix random crash when remove mmc module/card . - mmc: sdhci-esdhc-imx: fix kernel panic when remove module . - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register . - mwifiex: pcie: skip cancel_work_sync on reset failure path . - net: bridge: use switchdev for port flags set through sysfs too . - net: cdc-phonet: fix data-interface release on probe failure . - net: core: introduce __netdev_notify_peers . - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours . - net: hns3: add a check for index in hclge_get_rss_key . - net: hns3: add a check for queue_id in hclge_reset_vf_queue . - net: hns3: fix bug when calculating the TCAM table info . - net: hns3: fix query vlan mask value error for flow director . - net/mlx5e: Update max_opened_tc also when channels are closed . - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 . - net: re-solve some conflicts after net -gt; net-next merge . - net: usb: ax88179_178a: fix missing stop entry in driver_info . - net: usb: qmi_wwan: allow qmimux add/del with master up . - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller . - PCI: Align checking of syscall user config accessors . - phy: rockchip-emmc: emmc_phy_init always return 0 . - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes . - powerpc/book3s64/radix: Remove WARN_ON in destroy_context . - powerpc: Convert to using %pOFn instead of device_node.name . - powerpc: Fix some spelling mistakes . - powerpc/hvcall: add token and codes for H_VASI_SIGNAL . - powerpc: kABI: add back suspend_disable_cpu in machdep_calls . - powerpc/machdep: remove suspend_disable_cpu . - powerpc/mm/pkeys: Make pkey access check work on execute_only_key . - powerpc/numa: Fix build when CONFIG_NUMA=n . - powerpc/numa: make vphn_enabled, prrn_enabled flags const . - powerpc/numa: remove ability to enable topology updates . - powerpc/numa: remove arch_update_cpu_topology . - powerpc/numa: Remove late request for home node associativity . - powerpc/numa: remove prrn_is_enabled . - powerpc/numa: remove start/stop_topology_update . - powerpc/numa: remove timed_topology_update . - powerpc/numa: remove unreachable topology timer code . - powerpc/numa: remove unreachable topology update code . - powerpc/numa: remove unreachable topology workqueue code . - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags . - powerpc/numa: stub out numa_update_cpu_topology . - powerpc/numa: Suppress quot;VPHN is not supportedquot; messages . - powerpc/pseries: Add empty update_numa_cpu_lookup_table for NUMA=n . - powerpc/pseries: Do not enforce MSI affinity with kdump . - powerpc/pseries: Generalize hcall_vphn . - powerpc/pseries/hibernation: drop pseries_suspend_begin from suspend ops . - powerpc/pseries/hibernation: pass stream id via function arguments . - powerpc/pseries/hibernation: perform post-suspend fixups later . - powerpc/pseries/hibernation: remove prepare_late callback . - powerpc/pseries/hibernation: remove pseries_suspend_cpu . - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me . - powerpc/pseries/mobility: add missing break to default case . - powerpc/pseries/mobility: Add pr_debug for device tree changes . - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes . - powerpc/pseries/mobility: error message improvements . - powerpc/pseries/mobility: extract VASI session polling logic . - powerpc/pseries/mobility: handle premature return from H_JOIN . - powerpc/pseries/mobility: refactor node lookup during DT update . - powerpc/pseries/mobility: retry partition suspend after error . - powerpc/pseries/mobility: Set pr_fmt . - powerpc/pseries/mobility: signal suspend cancellation to platform . - powerpc/pseries/mobility: use rtas_activate_firmware on resume . - powerpc/pseries/mobility: use stop_machine for join/suspend . - powerpc/pseries/mobility: use struct for shared state . - powerpc/pseries: remove dlpar_cpu_readd . - powerpc/pseries: remove memory quot;re-addquot; implementation . - powerpc/pseries: remove obsolete memory hotplug DT notifier code . - powerpc/pseries: remove prrn special case from DT update path . - powerpc/rtas: add rtas_activate_firmware . - powerpc/rtas: add rtas_ibm_suspend_me . - powerpc/rtas: complete ibm,suspend-me status codes . - powerpc/rtas: dispatch partition migration requests to pseries . - powerpc/rtasd: simplify handle_rtas_event, emit message on events . - powerpc/rtas: prevent suspend-related sys_rtas use on LE . - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe . - powerpc/rtas: remove rtas_suspend_cpu . - powerpc/rtas: remove unused rtas_suspend_last_cpu . - powerpc/rtas: remove unused rtas_suspend_me_data . - powerpc/rtas: rtas_ibm_suspend_me -gt; rtas_ibm_suspend_me_unsafe . - powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask . - powerpc/vio: Use device_type to detect family . - printk: fix deadlock when kernel panic . - pseries/drmem: do not cache node id in drmem_lmb struct . - pseries/hotplug-memory: hot-add: skip redundant LMB lookup . - pwm: rockchip: rockchip_pwm_probe: Remove superfluous clk_unprepare . - qxl: Fix uninitialised struct field head.surface_id . - random: fix the RNDRESEEDCRNG ioctl . - rcu: Allow only one expedited GP to run concurrently with - rcu: Fix missed wakeup of exp_wq waiters - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation . - RDMA/rxe: Remove useless code in rxe_recv.c . - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes - RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc . - Revert quot;ibmvnic: remove never executed if statementquot; . - rpadlpar: fix potential drc_name corruption in store functions . - rsxx: Return -EFAULT if copy_to_user fails . - s390/cio: return -EFAULT if copy_to_user fails . - s390/cio: return -EFAULT if copy_to_user fails . - s390/crypto: return -EFAULT if copy_to_user fails . - s390/dasd: fix hanging offline processing due to canceled worker . - s390/dasd: fix hanging offline processing due to canceled worker . - s390/vtime: fix increased steal time accounting . - sched/fair: Fix wrong cpu selecting from isolated domain - sched/vtime: Fix guest/system mis-accounting on task switch - scsi: lpfc: Change wording of invalid pci reset log message . - scsi: lpfc: Correct function header comments related to ndlp reference counting . - scsi: lpfc: Fix ADISC handling that never frees nodes . - scsi: lpfc: Fix ancient double free . - scsi: lpfc: Fix crash caused by switch reboot . - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery . - scsi: lpfc: Fix EEH encountering oops with NVMe traffic . - scsi: lpfc: Fix FLOGI failure due to accessing a freed node . - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe . - scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0 . - scsi: lpfc: Fix lpfc_els_retry possible null pointer dereference . - scsi: lpfc: Fix nodeinfo debugfs output . - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb . - scsi: lpfc: Fix "physical" typos . - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN . - scsi: lpfc: Fix pt2pt connection does not recover after LOGO . - scsi: lpfc: Fix pt2pt state transition causing rmmod hang . - scsi: lpfc: Fix reftag generation sizing errors . - scsi: lpfc: Fix stale node accesses on stale RRQ request . - scsi: lpfc: Fix status returned in lpfc_els_retry error exit path . - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf . - scsi: lpfc: Fix use after free in lpfc_els_free_iocb . - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid . - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports . - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes . - scsi: lpfc: Update lpfc version to 12.8.0.8 . - selinux: never allow relabeling on context mounts . - smb3: add dynamic trace point to trace when credits obtained . - smb3: fix crediting for compounding when only one request in flight . - smp: Add source and destination CPUs to __call_single_data . - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 . - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG . - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot . - USBip: fix stub_dev to check for stream socket . - USBip: fix stub_dev usbip_sockfd_store races leading to gpf . - USBip: Fix unsafe unaligned pointer usage . - USBip: fix vhci_hcd attach_store races leading to gpf . - USBip: fix vhci_hcd to check for stream socket . - USBip: tools: fix build error for multiple definition . - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable . - USB: replace hardcode maximum usb string length by definition . - USB: serial: io_edgeport: fix memory leak in edge_startup . - USB: serial: option: add Quectel EM160R-GL . - USB-storage: Add quirk to defeat Kindle"s automatic unload . - USB: usblp: do not call usb_set_interface if there"s a single alt . - use __netdev_notify_peers in ibmvnic . - video: fbdev: acornfb: remove free_unused_pages - video: fbdev: atmel_lcdfb: fix return error code in Backporting notes: * context changes * fallout from trailing whitespaces - wlcore: Fix command execute failure 19 for wl12xx . - xen/gnttab: handle p2m update errors on a per-slot basis . - xen/netback: avoid race in xenvif_rx_ring_slots_available . - xen/netback: fix spurious event detection for common event case . - xen-netback: respect gnttab_map_refs"s return value . - xfs: Fix assert failure in xfs_setattr_size . - xsk: Remove dangling function declaration from header file . Special Instructions and Notes: Please reboot the system after installing this update.