openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:2352-1
Rating:             important
References:         #1152489 #1153274 #1154353 #1155518 #1164648 
                    #1176447 #1176774 #1176919 #1177028 #1178134 
                    #1182470 #1184212 #1184685 #1185486 #1185675 
                    #1185677 #1186206 #1186666 #1186949 #1187171 
                    #1187263 #1187356 #1187402 #1187403 #1187404 
                    #1187407 #1187408 #1187409 #1187410 #1187411 
                    #1187412 #1187413 #1187452 #1187554 #1187595 
                    #1187601 #1187795 #1187867 #1187883 #1187886 
                    #1187927 #1187972 #1187980 
Cross-References:   CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
                    CVE-2021-34693 CVE-2021-3573
CVSS scores:
                    CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3573 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 38 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
     attackers to corrupt kernel heaps and adopt further exploitations.
     (bsc#1186666)
   - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
     information disclosure in the kernel with System execution privileges
     needed. (bsc#1187601)
   - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
     local escalation of privilege with no additional execution privileges
     needed. (bsc#1187595)
   - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to
     leak the contents of arbitrary kernel memory (and therefore, of all
     physical memory) via a side-channel. (bsc#1187554)
   - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
     users to obtain sensitive information from kernel stack memory because
     parts of a data structure are uninitialized. (bsc#1187452)

   The following non-security bugs were fixed:

   - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch:
     (bsc#1187263).
   - alx: Fix an error handling path in 'alx_probe()' (git-fixes).
   - ASoC: fsl-asoc-card: Set .owner attribute when registering card
     (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
     (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
     (git-fixes).
   - ASoC: max98088: fix ni clock divider calculation (git-fixes).
   - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
   - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire
     mode (git-fixes).
   - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
   - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).
   - batman-adv: Avoid WARN_ON timing related checks (git-fixes).
   - be2net: Fix an error handling path in 'be_probe()' (git-fixes).
   - block: Discard page cache of zone reset target range (bsc#1187402).
   - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
   - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
   - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371
     bsc#1153274).
   - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
     (bsc#1177028).
   - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
   - bpfilter: Specify the log level for the kmsg message (bsc#1155518).
   - can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
   - ceph: must hold snap_rwsem when filling inode for async create
     (bsc#1187927).
   - cfg80211: avoid double free of PMSR request (git-fixes).
   - cfg80211: make certificate generation more robust (git-fixes).
   - cgroup1: do not allow '\n' in renaming (bsc#1187972).
   - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
   - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
   - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
   - cxgb4: fix wrong shift (git-fixes).
   - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
   - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
   - dax: Add an enum for specifying dax wakup mode (bsc#1187411).
   - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
   - dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
   - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
   - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions
     (git-fixes).
   - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
     (git-fixes).
   - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
   - dmaengine: stedma40: add missing iounmap() on error in d40_probe()
     (git-fixes).
   - drm: Fix use-after-free read in drm_getunique() (git-fixes).
   - drm: Lock pointer access in drm_master_release() (git-fixes).
   - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
   - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
   - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
   - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).
   - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
   - drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
   - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
   - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
   - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
   - ethtool: strset: fix message length calculation (bsc#1176447).
   - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
     (bsc#1187408).
   - ext4: fix check to prevent false positive report of incorrect used
     inodes (bsc#1187404).
   - ext4: fix error code in ext4_commit_super (bsc#1187407).
   - ext4: fix memory leak in ext4_fill_super (bsc#1187409).
   - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
   - fs: fix reporting supported extra file attributes for statx()
     (bsc#1187410).
   - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
   - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
   - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
   - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
   - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
   - HID: hid-input: add mapping for emoji picker key (git-fixes).
   - HID: hid-sensor-hub: Return error for hid_set_field() failure
     (git-fixes).
   - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
   - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
   - HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
     (git-fixes).
   - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
   - i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
   - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
   - ice: parameterize functions responsible for Tx ring management
     (jsc#SLE-12878).
   - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
   - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
   - kernel: kexec_file: fix error return code of
     kexec_calculate_store_digests() (git-fixes).
   - kthread_worker: split code for canceling the delayed work timer
     (bsc#1187867).
   - kthread: prevent deadlock when kthread_mod_delayed_work() races with
     kthread_cancel_delayed_work_sync() (bsc#1187867).
   - kyber: fix out of bounds access when preempted (bsc#1187403).
   - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
   - media: mtk-mdp: Check return value of of_clk_get (git-fixes).
   - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
   - media: s5p-g2d: Fix a memory leak in an error handling path in
     'g2d_probe()' (git-fixes).
   - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11
     (bsc#1176774).
   - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
   - module: limit enabling module.sig_enforce (git-fixes).
   - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
   - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
   - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
   - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
   - net/mlx5: Fix PBMC register mapping (git-fixes).
   - net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
   - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
   - net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
   - net/mlx5e: Block offload of outer header csum for UDP tunnels
     (git-fixes).
   - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
   - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
   - net/nfc/rawsock.c: fix a permission check bug (git-fixes).
   - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
   - net/x25: Return the correct errno code (git-fixes).
   - netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
     (git-fixes).
   - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
   - NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
   - NFS: Fix deadlock between nfs4_evict_inode() and
     nfs4_opendata_get_inode() (git-fixes).
   - nvmem: rmem: fix undefined reference to memremap (git-fixes).
   - ocfs2: fix data corruption by fallocate (bsc#1187412).
   - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
   - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
   - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
   - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
   - PCI: Mark TI C667X to avoid bus reset (git-fixes).
   - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
   - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1
     (git-fixes).
   - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
     (bsc#1184685).
   - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not
     set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
   - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
     bsc#1185486).
   - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
   - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
   - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
     (git-fixes).
   - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
   - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413).
   - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206
     ltc#191041).
   - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
     (git-fixes).
   - Revert "video: hgafb: fix potential NULL pointer dereference"
     (git-fixes).
   - Revert "video: imsttfb: fix potential NULL pointer dereferences"
     (bsc#1152489)
   - s390/dasd: add missing discipline function (git-fixes).
   - s390/stack: fix possible register corruption with stack switch helper
     (bsc#1185677).
   - sched/debug: Fix cgroup_path[] serialization (git-fixes)
   - sched/fair: Keep load_avg and load_sum synced (git-fixes)
   - scsi: core: Fix race between handling STS_RESOURCE and completion
     (bsc#1187883).
   - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
   - scsi: ufs: Fix imprecise load calculation in devfreq window
     (bsc#1187795).
   - SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
   - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
   - spi: spi-nxp-fspi: move the register operation after the clock enable
     (git-fixes).
   - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - spi: stm32-qspi: Always wait BUSY bit to be cleared in
     stm32_qspi_wait_cmd() (git-fixes).
   - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
   - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
   - tracing: Correct the length check which causes memory corruption
     (git-fixes).
   - tracing: Do no increment trace_clock_global() by one (git-fixes).
   - tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
   - tracing: Do not stop recording comms if the trace file is being read
     (git-fixes).
   - tracing: Restructure trace_clock_global() to never block (git-fixes).
   - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
   - USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
   - USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
   - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
   - USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
   - USB: f_ncm: only first packet of aggregate needs to start timer
     (git-fixes).
   - USB: f_ncm: only first packet of aggregate needs to start timer
     (git-fixes).
   - USB: fix various gadget panics on 10gbps cabling (git-fixes).
   - USB: fix various gadget panics on 10gbps cabling (git-fixes).
   - USB: gadget: eem: fix wrong eem header operation (git-fixes).
   - USB: gadget: eem: fix wrong eem header operation (git-fixes).
   - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
     (git-fixes).
   - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
     (git-fixes).
   - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
   - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
   - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
   - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
   - video: hgafb: correctly handle card detect failure during probe
     (git-fixes).
   - video: hgafb: fix potential NULL pointer dereference (git-fixes).
   - vrf: fix maximum MTU (git-fixes).
   - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
   - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate()
     (bsc#1178134).
   - x86/pkru: Write hardware init value to PKRU when xstate is init
     (bsc#1152489).
   - x86/process: Check PF_KTHREAD and not current->mm for kernel threads
     (bsc#1152489).
   - xen-blkback: fix compatibility bug with single page rings (git-fixes).
   - xen-pciback: reconfigure also from backend watch handler (git-fixes).
   - xen-pciback: redo VF placement in the virtual topology (git-fixes).
   - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
   - xfrm: policy: Read seqcount outside of rcu-read side in
     xfrm_policy_lookup_bytype (bsc#1185675).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2021-2352=1



Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-59.13.1
      cluster-md-kmp-default-debuginfo-5.3.18-59.13.1
      dlm-kmp-default-5.3.18-59.13.1
      dlm-kmp-default-debuginfo-5.3.18-59.13.1
      gfs2-kmp-default-5.3.18-59.13.1
      gfs2-kmp-default-debuginfo-5.3.18-59.13.1
      kernel-default-5.3.18-59.13.1
      kernel-default-base-5.3.18-59.13.1.18.6.1
      kernel-default-base-rebuild-5.3.18-59.13.1.18.6.1
      kernel-default-debuginfo-5.3.18-59.13.1
      kernel-default-debugsource-5.3.18-59.13.1
      kernel-default-devel-5.3.18-59.13.1
      kernel-default-devel-debuginfo-5.3.18-59.13.1
      kernel-default-extra-5.3.18-59.13.1
      kernel-default-extra-debuginfo-5.3.18-59.13.1
      kernel-default-livepatch-5.3.18-59.13.1
      kernel-default-livepatch-devel-5.3.18-59.13.1
      kernel-default-optional-5.3.18-59.13.1
      kernel-default-optional-debuginfo-5.3.18-59.13.1
      kernel-obs-build-5.3.18-59.13.1
      kernel-obs-build-debugsource-5.3.18-59.13.1
      kernel-obs-qa-5.3.18-59.13.1
      kernel-syms-5.3.18-59.13.1
      kselftests-kmp-default-5.3.18-59.13.1
      kselftests-kmp-default-debuginfo-5.3.18-59.13.1
      ocfs2-kmp-default-5.3.18-59.13.1
      ocfs2-kmp-default-debuginfo-5.3.18-59.13.1
      reiserfs-kmp-default-5.3.18-59.13.1
      reiserfs-kmp-default-debuginfo-5.3.18-59.13.1

   - openSUSE Leap 15.3 (ppc64le x86_64):

      kernel-debug-5.3.18-59.13.1
      kernel-debug-debuginfo-5.3.18-59.13.1
      kernel-debug-debugsource-5.3.18-59.13.1
      kernel-debug-devel-5.3.18-59.13.1
      kernel-debug-devel-debuginfo-5.3.18-59.13.1
      kernel-debug-livepatch-devel-5.3.18-59.13.1
      kernel-kvmsmall-5.3.18-59.13.1
      kernel-kvmsmall-debuginfo-5.3.18-59.13.1
      kernel-kvmsmall-debugsource-5.3.18-59.13.1
      kernel-kvmsmall-devel-5.3.18-59.13.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-59.13.1
      kernel-kvmsmall-livepatch-devel-5.3.18-59.13.1

   - openSUSE Leap 15.3 (aarch64 x86_64):

      cluster-md-kmp-preempt-5.3.18-59.13.1
      cluster-md-kmp-preempt-debuginfo-5.3.18-59.13.1
      dlm-kmp-preempt-5.3.18-59.13.1
      dlm-kmp-preempt-debuginfo-5.3.18-59.13.1
      gfs2-kmp-preempt-5.3.18-59.13.1
      gfs2-kmp-preempt-debuginfo-5.3.18-59.13.1
      kernel-preempt-5.3.18-59.13.1
      kernel-preempt-debuginfo-5.3.18-59.13.1
      kernel-preempt-debugsource-5.3.18-59.13.1
      kernel-preempt-devel-5.3.18-59.13.1
      kernel-preempt-devel-debuginfo-5.3.18-59.13.1
      kernel-preempt-extra-5.3.18-59.13.1
      kernel-preempt-extra-debuginfo-5.3.18-59.13.1
      kernel-preempt-livepatch-devel-5.3.18-59.13.1
      kernel-preempt-optional-5.3.18-59.13.1
      kernel-preempt-optional-debuginfo-5.3.18-59.13.1
      kselftests-kmp-preempt-5.3.18-59.13.1
      kselftests-kmp-preempt-debuginfo-5.3.18-59.13.1
      ocfs2-kmp-preempt-5.3.18-59.13.1
      ocfs2-kmp-preempt-debuginfo-5.3.18-59.13.1
      reiserfs-kmp-preempt-5.3.18-59.13.1
      reiserfs-kmp-preempt-debuginfo-5.3.18-59.13.1

   - openSUSE Leap 15.3 (aarch64):

      cluster-md-kmp-64kb-5.3.18-59.13.1
      cluster-md-kmp-64kb-debuginfo-5.3.18-59.13.1
      dlm-kmp-64kb-5.3.18-59.13.1
      dlm-kmp-64kb-debuginfo-5.3.18-59.13.1
      gfs2-kmp-64kb-5.3.18-59.13.1
      gfs2-kmp-64kb-debuginfo-5.3.18-59.13.1
      kernel-64kb-5.3.18-59.13.1
      kernel-64kb-debuginfo-5.3.18-59.13.1
      kernel-64kb-debugsource-5.3.18-59.13.1
      kernel-64kb-devel-5.3.18-59.13.1
      kernel-64kb-devel-debuginfo-5.3.18-59.13.1
      kernel-64kb-extra-5.3.18-59.13.1
      kernel-64kb-extra-debuginfo-5.3.18-59.13.1
      kernel-64kb-livepatch-devel-5.3.18-59.13.1
      kernel-64kb-optional-5.3.18-59.13.1
      kernel-64kb-optional-debuginfo-5.3.18-59.13.1
      kselftests-kmp-64kb-5.3.18-59.13.1
      kselftests-kmp-64kb-debuginfo-5.3.18-59.13.1
      ocfs2-kmp-64kb-5.3.18-59.13.1
      ocfs2-kmp-64kb-debuginfo-5.3.18-59.13.1
      reiserfs-kmp-64kb-5.3.18-59.13.1
      reiserfs-kmp-64kb-debuginfo-5.3.18-59.13.1

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-5.3.18-59.13.1
      kernel-docs-5.3.18-59.13.1
      kernel-docs-html-5.3.18-59.13.1
      kernel-macros-5.3.18-59.13.1
      kernel-source-5.3.18-59.13.1
      kernel-source-vanilla-5.3.18-59.13.1

   - openSUSE Leap 15.3 (s390x):

      kernel-zfcpdump-5.3.18-59.13.1
      kernel-zfcpdump-debuginfo-5.3.18-59.13.1
      kernel-zfcpdump-debugsource-5.3.18-59.13.1


References:

   https://www.suse.com/security/cve/CVE-2021-0512.html
   https://www.suse.com/security/cve/CVE-2021-0605.html
   https://www.suse.com/security/cve/CVE-2021-33624.html
   https://www.suse.com/security/cve/CVE-2021-34693.html
   https://www.suse.com/security/cve/CVE-2021-3573.html
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1164648
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176919
   https://bugzilla.suse.com/1177028
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1182470
   https://bugzilla.suse.com/1184212
   https://bugzilla.suse.com/1184685
   https://bugzilla.suse.com/1185486
   https://bugzilla.suse.com/1185675
   https://bugzilla.suse.com/1185677
   https://bugzilla.suse.com/1186206
   https://bugzilla.suse.com/1186666
   https://bugzilla.suse.com/1186949
   https://bugzilla.suse.com/1187171
   https://bugzilla.suse.com/1187263
   https://bugzilla.suse.com/1187356
   https://bugzilla.suse.com/1187402
   https://bugzilla.suse.com/1187403
   https://bugzilla.suse.com/1187404
   https://bugzilla.suse.com/1187407
   https://bugzilla.suse.com/1187408
   https://bugzilla.suse.com/1187409
   https://bugzilla.suse.com/1187410
   https://bugzilla.suse.com/1187411
   https://bugzilla.suse.com/1187412
   https://bugzilla.suse.com/1187413
   https://bugzilla.suse.com/1187452
   https://bugzilla.suse.com/1187554
   https://bugzilla.suse.com/1187595
   https://bugzilla.suse.com/1187601
   https://bugzilla.suse.com/1187795
   https://bugzilla.suse.com/1187867
   https://bugzilla.suse.com/1187883
   https://bugzilla.suse.com/1187886
   https://bugzilla.suse.com/1187927
   https://bugzilla.suse.com/1187972
   https://bugzilla.suse.com/1187980