The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free . - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb . - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory . - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is used, allowed remote attackers to cause a denial of service via a malformed INIT chunk . - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability . - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking . - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value . - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c . - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access . - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf-len value exceeding the buffer size in drivers/char/virtio_console.c - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg in the bluetooth stack . - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault . - CVE-2021-3653: A flaw was found in the KVM"s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB provided by the L1 guest to spawn/handle a nested guest . Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to enable AVIC support for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. - CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users could use this flaw to starve the resources causing denial of service . - CVE-2021-3609: A potential local privilege escalation in the CAN BCM networking protocol was fixed . - CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c . The following non-security bugs were fixed: - sctp: check asoc peer.asconf_capable before processing asconf . - sctp: fully initialize v4 addr in some functions . - sctp: simplify addr copy . Special Instructions and Notes: Please reboot the system after installing this update.