openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:1076-1
Rating:             important
References:         #1065729 #1085224 #1094840 #1152472 #1152489 
                    #1155518 #1170511 #1176940 #1179243 #1180092 
                    #1183871 #1184114 #1184804 #1185308 #1185791 
                    #1186206 #1187215 #1187585 #1188036 #1188062 
                    #1188080 #1188116 #1188121 #1188176 #1188267 
                    #1188268 #1188269 #1188405 #1188445 
Cross-References:   CVE-2021-22555 CVE-2021-33909 CVE-2021-35039
                    CVE-2021-3609 CVE-2021-3612
CVSS scores:
                    CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 24 fixes is
   now available.

Description:



   The openSUSE Leap 15.2 kernel was updated to receive various security and
   bugfixes.


   The following security bugs were fixed:

   - CVE-2021-22555: A heap out-of-bounds write affecting Linux was
     discovered in net/netfilter/x_tables.c (bnc#1188116).
   - CVE-2021-33909: fs/seq_file.c did not properly restrict seq buffer
     allocations, leading to an integer overflow, an Out-of-bounds Write, and
     escalation to root by an unprivileged user, aka CID-8cae8cd89f05
     (bnc#1188062).
   - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege
     escalation (bsc#1187215).
   - CVE-2021-3612: An out-of-bounds memory write flaw was found in the
     joystick devices subsystem in versions before 5.9-rc1, in the way the
     user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash
     the system or possibly escalate their privileges on the system. The
     highest threat from this vulnerability is to confidentiality, integrity,
     as well as system availability (bnc#1187585 ).
   - CVE-2021-35039: kernel/module.c in the Linux kernel mishandled Signature
     Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG,
     verification that a kernel module is signed, for loading via
     init_module, did not occur for a module.sig_enforce=1 command-line
     argument (bnc#1188080).

   The following non-security bugs were fixed:

   - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes).
   - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes).
   - ACPICA: Fix memory leak caused by _CID repair function (git-fixes).
   - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes).
   - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
   - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
   - ACPI: resources: Add checks for ACPI IRQ override (git-fixes).
   - ACPI: sysfs: Fix a buffer overrun problem with description_show()
     (git-fixes).
   - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes).
   - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
     (git-fixes).
   - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes).
   - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
   - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
   - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes).
   - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes).
   - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes).
   - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create
     (bsc#1152472)
   - ARM: ensure the signal page contains defined contents (bsc#1188445).
   - ASoC: atmel-i2s: Fix usage of capture and playback at the same time
     (git-fixes).
   - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
   - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
     hi6210_i2s_startup() (git-fixes).
   - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in
     'mtk_btcvsd_snd_probe()' (git-fixes).
   - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes).
   - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
   - ata: ahci_sunxi: Disable DIPM (git-fixes).
   - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes).
   - ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
   - ath10k: go to path err_unsupported when chip id is not supported
     (git-fixes).
   - ath10k: remove unused more_frags variable (git-fixes).
   - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
     (git-fixes).
   - backlight: lm3630a_bl: Put fwnode in error case during ->probe()
     (git-fixes).
   - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
   - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick
     (bsc#1180092).
   - blk-mq: insert flush request to the front of dispatch queue
     (bsc#1180092).
   - blk-mq: insert passthrough request into hctx->dispatch directly
     (bsc#1180092).
   - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget
     (bsc#1180092).
   - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092).
   - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc
     (git-fixes).
   - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip
     (git-fixes).
   - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
     (git-fixes).
   - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
   - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
   - Bluetooth: Shutdown controller after workqueues are flushed or cancelled
     (git-fixes).
   - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518).
   - brcmfmac: correctly report average RSSI in station info (git-fixes).
   - brcmfmac: fix setting of station info chains bitmask (git-fixes).
   - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
     (git-fixes).
   - can: gw: synchronize rcu operations before removing gw job entry
     (git-fixes).
   - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
   - can: peak_pciefd: pucan_handle_status(): fix a potential starvation
     issue in TX path (git-fixes).
   - cfg80211: call cfg80211_leave_ocb when switching away from OCB
     (git-fixes).
   - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
     set_protocol() (git-fixes).
   - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC
     (git-fixes).
   - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes).
   - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes).
   - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes).
   - clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
   - clk: renesas: rcar-gen3: Update Z clock rate formula in comments
     (git-fixes).
   - clk: si5341: Avoid divide errors due to bogus register contents
     (git-fixes).
   - clk: si5341: Update initialization magic (git-fixes).
   - clk: tegra: Ensure that PLLU configuration is applied properly
     (git-fixes).
   - clk: zynqmp: pll: Remove some dead code (git-fixes).
   - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
     (git-fixes).
   - clocksource: Retry clock read if long delays detected (git-fixes).
   - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes).
   - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)).
   - crypto: ccp - Fix a resource leak in an error handling path (git-fixes).
   - crypto: ixp4xx - dma_unmap the correct address (git-fixes).
   - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts
     (git-fixes).
   - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes).
   - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes).
   - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes).
   - crypto: qat - remove unused macro in FW loader (git-fixes).
   - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes).
   - crypto: sun4i-ss - initialize need_fallback (git-fixes).
   - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes).
   - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes).
   - crypto: virtio: Fix dest length calculation in
     __virtio_crypto_skcipher_do_req() (git-fixes).
   - crypto: virtio: Fix src/dst scatterlist calculation in
     __virtio_crypto_skcipher_do_req() (git-fixes).
   - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
   - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
   - dmaengine: mediatek: do not issue a new desc if one is still current
     (git-fixes).
   - dmaengine: mediatek: free the proper desc in desc_free handler
     (git-fixes).
   - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma
     (git-fixes).
   - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe()
     (git-fixes).
   - dmaengine: zynqmp_dma: Fix PM reference leak in
     zynqmp_dma_alloc_chan_resourc() (git-fixes).
   - docs: admin-guide: update description for kernel.hotplug sysctl
     (git-fixes).
   - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes).
   - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
   - drm/amd/display: fix incorrrect valid irq check (git-fixes).
   - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes).
   - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
   - drm/amd/display: Update scaling settings on modeset (git-fixes).
   - drm/amd/display: Verify Gamma & Degamma LUT sizes in
     amdgpu_dm_atomic_check (git-fixes).
   - drm/amdgpu: Do not query CE and UE errors (bsc#1152472)
   - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
   - drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
   - drm/arm/malidp: Always list modifiers (git-fixes).
   - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
     (git-fixes).
   - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489)
   - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472)
   - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
     (git-fixes).
   - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes).
   - drm/msm/mdp4: Fix modifier support enabling (git-fixes).
   - drm/msm: Small msm_gem_purge() fix (bsc#1152489)
   - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes).
   - drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
   - drm: qxl: ensure surf.data is ininitialized (git-fixes).
   - drm/radeon: Add the missed drm_gem_object_put() in
     radeon_user_framebuffer_create() (git-fixes).
   - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect()
     (bsc#1152489)
   - drm/radeon: wait for moving fence after pinning (git-fixes).
   - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error
     in cdn_dp_grf_write() (git-fixes).
   - drm/rockchip: dsi: move all lane config except LCDC mux to bind()
     (git-fixes).
   - drm/rockchip: dsi: remove extra component_del() call (git-fixes).
   - drm/sched: Avoid data corruptions (git-fixes).
   - drm/stm: Fix bus_flags handling (bsc#1152472)
   - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes).
   - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes).
   - drm/vc4: hdmi: Make sure the controller is powered in detect
     (bsc#1152489)
   - drm/virtio: Fix double free on probe failure (git-fixes).
   - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes).
   - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes).
   - extcon: intel-mrfld: Sync hardware and software state on init
     (git-fixes).
   - extcon: max8997: Add missing modalias string (git-fixes).
   - extcon: sm5502: Drop invalid register write in sm5502_reg_data
     (git-fixes).
   - fbmem: add margin check to fb_check_caps() (git-fixes).
   - fbmem: Do not delete the mode that is still in use (git-fixes).
   - firmware: tegra: Fix error return code in tegra210_bpmp_init()
     (git-fixes).
   - Fix meta data in lpfc-decouple-port_template-and-vport_template.patch
   - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes).
   - fpga: machxo2-spi: Address warning about unused variable (git-fixes).
   - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
   - fuse: check connected before queueing on fpq->io (bsc#1188267).
   - fuse: ignore PG_workingset after stealing (bsc#1188268).
   - fuse: reject internal errno (bsc#1188269).
   - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes).
   - gve: Add dqo descriptors (bsc#1176940).
   - gve: Add DQO fields for core data structures (bsc#1176940).
   - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
     (bsc#1176940).
   - gve: Add stats for gve (bsc#1176940).
   - gve: Add support for DQO RX PTYPE map (bsc#1176940).
   - gve: Add support for raw addressing device option (bsc#1176940).
   - gve: Add support for raw addressing in the tx path (bsc#1176940).
   - gve: Add support for raw addressing to the rx path (bsc#1176940).
   - gve: adminq: DQO specific device descriptor logic (bsc#1176940).
   - gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
   - gve: Check TX QPL was actually assigned (bsc#1176940).
   - gve: DQO: Add core netdev features (bsc#1176940).
   - gve: DQO: Add ring allocation and initialization (bsc#1176940).
   - gve: DQO: Add RX path (bsc#1176940).
   - gve: DQO: Add TX path (bsc#1176940).
   - gve: DQO: Configure interrupts on device up (bsc#1176940).
   - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
   - gve: DQO: Remove incorrect prefetch (bsc#1176940).
   - gve: Enable Link Speed Reporting in the driver (bsc#1176940).
   - gve: Fix an error handling path in 'gve_probe()' (git-fixes).
   - gve: Fix swapped vars when fetching max queues (git-fixes).
   - gve: Fix warnings reported for DQO patchset (bsc#1176940).
   - gve: Get and set Rx copybreak via ethtool (bsc#1176940).
   - gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
   - gve: Introduce a new model for device options (bsc#1176940).
   - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
   - gve: Make gve_rx_slot_page_info.page_offset an absolute offset
     (bsc#1176940).
   - gve: Move some static functions to a common file (bsc#1176940).
   - gve: NIC stats for report-stats and for ethtool (bsc#1176940).
   - gve: Propagate error codes to caller (bsc#1176940).
   - gve: Replace zero-length array with flexible-array member (bsc#1176940).
   - gve: Rx Buffer Recycling (bsc#1176940).
   - gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
   - gve: Update adminq commands to support DQO queues (bsc#1176940).
   - gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
   - gve: Use link status register to report link status (bsc#1176940).
   - HID: do not use down_interruptible() when unbinding devices (git-fixes).
   - HID: wacom: Correct base usage for capacitive ExpressKey status bits
     (git-fixes).
   - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
   - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
   - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes).
   - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes).
   - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes).
   - i2c: dev: Add __user annotation (git-fixes).
   - i2c: robotfuzz-osif: fix control-request directions (git-fixes).
   - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268
     jsc#SLE-17043 bsc#1179243 ltc#189290).
   - ibmvnic: Allow device probe if the device is not ready at boot
     (bsc#1184114 ltc#192237).
   - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268
     jsc#SLE-17043 bsc#1179243 ltc#189290).
   - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114
     ltc#192237).
   - ibmvnic: fix send_request_map incompatible argument (bsc#1184114
     ltc#192237).
   - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
   - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871
     ltc#192139 git-fixes).
   - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
   - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
     (bsc#1184114 ltc#192237).
   - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114
     ltc#192237).
   - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
   - iio: accel: bma180: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: bma220: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: hid: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: kxcjk-1013: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read
     calls (git-fixes).
   - iio: accel: mxc4005: Fix overread of data and alignment issue
     (git-fixes).
   - iio: accel: stk8312: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8ba50: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: at91-sama5d2: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: hx711: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: mxs-lradc: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: ti-ads1015: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: ti-ads8688: Fix alignment of buffer in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: vf610: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adis16400: do not return ints in irq handlers (git-fixes).
   - iio: adis_buffer: do not return ints in irq handlers (git-fixes).
   - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper
     (git-fixes).
   - iio: gyro: bmg160: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: humidity: am2315: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: isl29125: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: tcs3414: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: tcs3472: do not free unallocated IRQ (git-fixes).
   - iio: light: tcs3472: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: vcnl4035: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: ltr501: ltr501_read_ps(): add missing endianness conversion
     (git-fixes).
   - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
   - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and
     PS_DATA as volatile, too (git-fixes).
   - iio: magn: bmc150: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: magn: hmc5843: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: magn: rm3100: Fix alignment of buffer in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: potentiostat: lmp91000: Fix alignment of buffer in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: as3935: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: isl29501: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: pulsed-light: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: srf08: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: si1133: fix format string warnings (git-fixes).
   - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
   - Input: usbtouchscreen - fix control-request directions (git-fixes).
   - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
   - iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
   - kABI: restore struct tcpc_config definition (git-fixes).
   - kABI workaround for pci/quirks.c (git-fixes).
   - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042).
   - kernel-binary.spec: Fix up usrmerge for non-modular kernels.
   - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes).
   - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes).
   - kprobes: fix kill kprobe which has been marked as gone (git-fixes).
   - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
     (git-fixes).
   - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
     (git-fixes).
   - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes).
   - leds: ktd2692: Fix an error handling path (git-fixes).
   - leds: lm3532: select regmap I2C API (git-fixes).
   - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
   - lib/decompressors: remove set but not used variabled 'level' (git-fixes).
   - lib: vsprintf: Fix handling of number field widths in vsscanf
     (git-fixes).
   - mac80211_hwsim: drop pending frames on stop (git-fixes).
   - mac80211: remove iwlwifi specific workaround NDPs of null_response
     (git-fixes).
   - mac80211: remove iwlwifi specific workaround that broke sta NDP tx
     (git-fixes).
   - mac80211: remove warning in ieee80211_get_sband() (git-fixes).
   - math: Export mul_u64_u64_div_u64 (git-fixes).
   - media: au0828: fix a NULL vs IS_ERR() check (git-fixes).
   - media, bpf: Do not copy more entries than user space requested
     (git-fixes).
   - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes).
   - media: cobalt: fix race condition in setting HPD (git-fixes).
   - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
   - media: dtv5100: fix control-request directions (git-fixes).
   - media: dvb_net: avoid speculation from net slot (git-fixes).
   - media: dvb-usb: fix wrong definition (git-fixes).
   - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
   - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes).
   - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
   - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes).
   - media: Fix Media Controller API config checks (git-fixes).
   - media: gspca/gl860: fix zero-length control requests (git-fixes).
   - media: gspca/sq905: fix control-request direction (git-fixes).
   - media: gspca/sunplus: fix zero-length control requests (git-fixes).
   - media: I2C: change 'RST' to "RSET" to fix multiple build errors
     (git-fixes).
   - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes).
   - media: imx: imx7_mipi_csis: Fix logging of only error event counters
     (git-fixes).
   - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes).
   - media: mtk-vcodec: fix PM runtime get logic (git-fixes).
   - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
   - media: rc: i2c: Fix an error message (git-fixes).
   - media: rtl28xxu: fix zero-length control request (git-fixes).
   - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
   - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes).
   - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes).
   - media: siano: fix device register error path (git-fixes).
   - media: siano: Fix out-of-bounds warnings in
     smscore_load_firmware_family2() (git-fixes).
   - media: st-hva: Fix potential NULL pointer dereferences (git-fixes).
   - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes).
   - media: sti: fix obj-$(config) targets (git-fixes).
   - media: tc358743: Fix error return code in tc358743_probe_of()
     (git-fixes).
   - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
     (git-fixes).
   - media: v4l2-async: Fix trivial documentation typo (git-fixes).
   - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
     (git-fixes).
   - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
   - memory: atmel-ebi: add missing of_node_put for loop iteration
     (git-fixes).
   - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
   - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
   - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
   - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
   - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes).
   - memstick: rtsx_usb_ms: fix UAF (git-fixes).
   - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
   - mmc: block: Disable CMDQ on the ioctl path (git-fixes).
   - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
     (git-fixes).
   - mmc: core: clear flags before allowing to retune (git-fixes).
   - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
   - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
     (git-fixes).
   - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes).
   - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
   - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes).
   - mmc: vub3000: fix control-request direction (git-fixes).
   - mm, futex: fix shared futex pgoff on shmem huge page (git fixes
     (kernel/futex)).
   - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes).
   - mtd: partitions: redboot: seek fis-index-block in the right node
     (git-fixes).
   - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in
     marvell_nfc_resume() (git-fixes).
   - mwifiex: re-fix for unaligned accesses (git-fixes).
   - net: gve: convert strlcpy to strscpy (bsc#1176940).
   - net: gve: remove duplicated allowed (bsc#1176940).
   - nvme-rdma: fix in-casule data send for chained sgls (git-fixes).
   - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes).
   - nvme-tcp: rerun io_work if req_list is not empty (git-fixes).
   - nvme: verify MNAN value if ANA is enabled (bsc#1185791).
   - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
   - PCI: aardvark: Implement workaround for the readback value of VEND_ID
     (git-fixes).
   - PCI: aardvark: Implement workaround for the readback value of VEND_ID
     (git-fixes).
   - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes).
   - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
   - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
   - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes).
   - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
     (git-fixes).
   - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
     (git-fixes).
   - PCI: quirks: fix false kABI positive (git-fixes).
   - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
   - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes).
   - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
     (git-fixes).
   - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes).
   - pinctrl: stm32: fix the reported number of GPIO lines per bank
     (git-fixes).
   - platform/x86: toshiba_acpi: Fix missing error code in
     toshiba_acpi_setup_keyboard() (git-fixes).
   - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation
     (git-fixes).
   - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes).
   - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
   - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM
     (git-fixes).
   - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
   - random32: Fix implicit truncation warning in prandom_seed_state()
     (git-fixes).
   - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
     (git-fixes).
   - regulator: hi655x: Fix pass wrong pointer to config.driver_data
     (git-fixes).
   - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - reset: a10sr: add missing of_match_table reference (git-fixes).
   - reset: bail if try_module_get() fails (git-fixes).
   - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
     (git-fixes).
   - Revert "ibmvnic: remove duplicate napi_schedule call in open function"
     (bsc#1065729).
   - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
     (boo#1184804).
   - rpm/kernel-binary.spec.in: Remove zdebug define used only once.
   - rsi: Assign beacon rate settings to the correct rate_info descriptor
     field (git-fixes).
   - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes).
   - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
     (git-fixes).
   - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
   - scsi: qedf: Do not put host in qedf_vport_create() unconditionally
     (bsc#1170511).
   - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes).
   - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes).
   - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes).
   - serial: mvebu-uart: correctly calculate minimal possible baudrate
     (git-fixes).
   - serial: mvebu-uart: do not allow changing baudrate when uartclk is not
     available (git-fixes).
   - serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
   - serial: tegra-tcu: Reorder channel initialization (git-fixes).
   - soc: fsl: qbman: Delete useless kfree code (bsc#1188176).
   - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176).
   - soundwire: stream: Fix test for DP prepare complete (git-fixes).
   - spi: fspi: dynamically alloc AHB memory (bsc#1188121).
   - spi: Make of_register_spi_device also set the fwnode (git-fixes).
   - spi: nxp-fspi: Use devm API to fix missed unregistration of controller
     (bsc#1188121).
   - spi: omap-100k: Fix the length judgment problem (git-fixes).
   - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes).
   - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121).
   - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121).
   - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121).
   - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121).
   - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121).
   - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
   - spi: spi-topcliff-pch: Fix potential double free in
     pch_spi_process_messages() (git-fixes).
   - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash
     (git-fixes).
   - spi: tegra114: Fix an error message (git-fixes).
   - ssb: Fix error return code in ssb_bus_scan() (git-fixes).
   - ssb: sdio: Do not overwrite const buffer if block_write fails
     (git-fixes).
   - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
     (git-fixes).
   - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
   - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes).
   - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes).
   - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
     (git-fixes).
   - tpm: efi: Use local variable for calculating final log size (git-fixes).
   - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality()
     (bsc#1188036).
   - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality()
     (bsc#1188036).
   - tpm, tpm_tis: Extend locality handling to TPM2 in
     tpm_tis_gen_interrupt() (bsc#1188036).
   - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036).
   - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
     (git-fixes).
   - tracing/histograms: Fix parsing of "sym-offset" modifier (git-fixes).
   - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes).
   - tracing: Simplify & fix saved_tgids logic (git-fixes).
   - tty: nozomi: Fix a resource leak in an error handling function
     (git-fixes).
   - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
     (git-fixes).
   - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
   - usb: dwc2: Do not reset the core after setting turnaround time
     (git-fixes).
   - usb: dwc3: Fix debugfs creation flow (git-fixes).
   - usb: gadget: eem: fix echo command packet response issue (git-fixes).
   - usb: gadget: f_fs: Fix setting of device and driver data
     cross-references (git-fixes).
   - usb: typec: Add the missed altmode_id_remove() in
     typec_register_altmode() (git-fixes).
   - usb: typec: fusb302: Always provide fwnode for the port (git-fixes).
   - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW
     (git-fixes).
   - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes
     (git-fixes).
   - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call
     into tcpm_queue_vdm() (git-fixes).
   - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP
     (git-fixes).
   - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes).
   - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling
     (git-fixes).
   - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes).
   - usb: typec: tcpm: set correct data role for non-DRD (git-fixes).
   - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes).
   - usb: typec: tcpm: update power supply once partner accepts (git-fixes).
   - usb: typec: ucsi: Hold con->lock for the entire duration of
     ucsi_register_port() (git-fixes).
   - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
   - usb: typec: wcove: Fx wrong kernel doc format (git-fixes).
   - vfio/pci: Handle concurrent vma faults (git-fixes).
   - vfs: Convert functionfs to use the new mount API (git -fixes).
   - video: fbdev: imxfb: Fix an error message (git-fixes).
   - visorbus: fix error return code in visorchipset_init() (git-fixes).
   - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports
     (git-fixes).
   - watchdog: aspeed: fix hardware timeout calculation (git-fixes).
   - watchdog: sp805: Fix kernel doc description (git-fixes).
   - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
   - wireless: carl9170: fix LEDS build errors & warnings (git-fixes).
   - wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
   - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
   - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
   - x86/kvm: Disable all PV features on crash (bsc#1185308).
   - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
   - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
   - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
   - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()
     (bsc#1185308).
   - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case
     (git-fixes).
   - xhci: solve a double free problem while doing s4 (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-1076=1



Package List:

   - openSUSE Leap 15.2 (noarch):

      kernel-devel-5.3.18-lp152.84.1
      kernel-docs-5.3.18-lp152.84.1
      kernel-docs-html-5.3.18-lp152.84.1
      kernel-macros-5.3.18-lp152.84.1
      kernel-source-5.3.18-lp152.84.1
      kernel-source-vanilla-5.3.18-lp152.84.1

   - openSUSE Leap 15.2 (x86_64):

      kernel-debug-5.3.18-lp152.84.1
      kernel-debug-debuginfo-5.3.18-lp152.84.1
      kernel-debug-debugsource-5.3.18-lp152.84.1
      kernel-debug-devel-5.3.18-lp152.84.1
      kernel-debug-devel-debuginfo-5.3.18-lp152.84.1
      kernel-default-5.3.18-lp152.84.1
      kernel-default-base-5.3.18-lp152.84.1.lp152.8.38.1
      kernel-default-base-rebuild-5.3.18-lp152.84.1.lp152.8.38.1
      kernel-default-debuginfo-5.3.18-lp152.84.1
      kernel-default-debugsource-5.3.18-lp152.84.1
      kernel-default-devel-5.3.18-lp152.84.1
      kernel-default-devel-debuginfo-5.3.18-lp152.84.1
      kernel-kvmsmall-5.3.18-lp152.84.1
      kernel-kvmsmall-debuginfo-5.3.18-lp152.84.1
      kernel-kvmsmall-debugsource-5.3.18-lp152.84.1
      kernel-kvmsmall-devel-5.3.18-lp152.84.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.84.1
      kernel-obs-build-5.3.18-lp152.84.1
      kernel-obs-build-debugsource-5.3.18-lp152.84.1
      kernel-obs-qa-5.3.18-lp152.84.1
      kernel-preempt-5.3.18-lp152.84.1
      kernel-preempt-debuginfo-5.3.18-lp152.84.1
      kernel-preempt-debugsource-5.3.18-lp152.84.1
      kernel-preempt-devel-5.3.18-lp152.84.1
      kernel-preempt-devel-debuginfo-5.3.18-lp152.84.1
      kernel-syms-5.3.18-lp152.84.1


References:

   https://www.suse.com/security/cve/CVE-2021-22555.html
   https://www.suse.com/security/cve/CVE-2021-33909.html
   https://www.suse.com/security/cve/CVE-2021-35039.html
   https://www.suse.com/security/cve/CVE-2021-3609.html
   https://www.suse.com/security/cve/CVE-2021-3612.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085224
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1170511
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1179243
   https://bugzilla.suse.com/1180092
   https://bugzilla.suse.com/1183871
   https://bugzilla.suse.com/1184114
   https://bugzilla.suse.com/1184804
   https://bugzilla.suse.com/1185308
   https://bugzilla.suse.com/1185791
   https://bugzilla.suse.com/1186206
   https://bugzilla.suse.com/1187215
   https://bugzilla.suse.com/1187585
   https://bugzilla.suse.com/1188036
   https://bugzilla.suse.com/1188062
   https://bugzilla.suse.com/1188080
   https://bugzilla.suse.com/1188116
   https://bugzilla.suse.com/1188121
   https://bugzilla.suse.com/1188176
   https://bugzilla.suse.com/1188267
   https://bugzilla.suse.com/1188268
   https://bugzilla.suse.com/1188269
   https://bugzilla.suse.com/1188405
   https://bugzilla.suse.com/1188445