Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0742-1 Final 1 1 2021-03-09T15:13:52Z current 2021-03-09T15:13:52Z 2021-03-09T15:13:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2021-3348: Fixed a use-after-free read in nbd_queue_rq (bsc#1181504). The following non-security bugs were fixed: - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - block: fix use-after-free in disk_part_iter_next (bsc#1182610). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - BTRFS: Cleanup try_flush_qgroup (bsc#1182047). - BTRFS: correctly calculate item size used when item key collision happens (bsc#1181996). - BTRFS: correctly validate compression type (bsc#1182269). - BTRFS: delete the ordered isize update code (bsc#1181998). - BTRFS: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: do not set path->leave_spinning for truncate (bsc#1181998). - BTRFS: factor out extent dropping code from hole punch handler (bsc#1182038). - BTRFS: fix cloning range with a hole when using the NO_HOLES feature (bsc#1182038). - BTRFS: fix data bytes_may_use underflow with fallocate due to failed quota reserve (bsc#1182130) - BTRFS: fix ENOSPC errors, leading to transaction aborts, when cloning extents (bsc#1182038). - BTRFS: fix hole extent items with a zero size after range cloning (bsc#1182038). - BTRFS: fix lost i_size update after cloning inline extent (bsc#1181998). - BTRFS: fix mount failure caused by race with umount (bsc#1182248). - BTRFS: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - BTRFS: fix unexpected cow in run_delalloc_nocow (bsc#1181987). - BTRFS: fix unexpected failure of nocow buffered writes after snapshotting when low on space (bsc#1181987). - BTRFS: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: incremental send, fix file corruption when no-holes feature is enabled (bsc#1182184). - BTRFS: Introduce extent_io_tree::owner to distinguish different io_trees (bsc#1181998). - BTRFS: introduce per-inode file extent tree (bsc#1181998). - BTRFS: prepare for extensions in compression options (bsc#1182269). - BTRFS: prop: fix vanished compression property after failed set (bsc#1182269). - BTRFS: prop: fix zstd compression parameter validation (bsc#1182269). - BTRFS: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: replace all uses of btrfs_ordered_update_i_size (bsc#1181998). - BTRFS: send, allow clone operations within the same file (bsc#1182173) - BTRFS: send, do not issue unnecessary truncate operations (bsc#1182173) - BTRFS: send, fix emission of invalid clone operations within the same file (bsc#1182173) - BTRFS: send, fix incorrect file layout after hole punching beyond eof (bsc#1182173). - BTRFS: send: fix invalid clone operations when cloning from the same file and root (bsc#1182173) - BTRFS: send, fix missing truncate for inode with prealloc extent past eof (bsc#1182173). - BTRFS: send, orphanize first all conflicting inodes when processing references (bsc#1182243 bsc#1182242). - BTRFS: send, recompute reference path after orphanization of a directory (bsc#1182243). - BTRFS: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - BTRFS: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info (bsc#1181931). - BTRFS: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - BTRFS: Use bd_dev to generate index when dev_state_hashtable add items (bsc#1181931). - BTRFS: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1181998). - BTRFS: use the file extent tree infrastructure (bsc#1181998). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049). - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ('kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.') - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - Fix unsynchronized access to sev members through svm_register_enc_region (bsc#1114648). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - fs: move I_DIRTY_INODE to fs.h (bsc#1182612). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612). - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernfs: deal with kernfs_fill_super() failures (bsc#1181809). - KVM: apic: Flush TLB after APIC mode/address change if VPIDs are in use (bsc#1182302). - KVM: Fix kABI for set_virtual_apic_mode (bsc#1182310). - KVM: Fix kABI for tlb_flush (bsc#1182195). - kvm-vmx-Basic-APIC-virtualization-controls-have-thre.patch: (bsc#1182310). - KVM: VMX: check for existence of secondary exec controls before accessing (bsc#1182438). - KVM: VMX: hide flexpriority from guest when disabled at the module level (bsc#1182448). - kvm-vmx-Introduce-lapic_mode-enumeration.patch: (bsc#1182307). - KVM: x86: emulate RDPID (bsc#1182182). - KVM: x86: emulating RDPID failure shall return #UD rather than - KVM: X86: introduce invalidate_gpa argument to tlb flush (bsc#1182195). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: pwc: Use correct device for DMA (git-fixes). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net: bcmgenet: add support for ethtool rxnfc flows (git-fixes). - net: bcmgenet: code movement (git-fixes). - net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes). - net: bcmgenet: Use correct I/O accessors (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - nvme-multipath: Early exit if no path is available (git-fixes). - objtool: Do not fail on missing symbol table (bsc#1169514). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - quota: Fix error codes in v2_read_file_info() (bsc#1182652). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - regulator: axp20x: Fix reference cout leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - reset: hisilicon: correct vendor prefix (git-fixes). - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - s390/pci: adaptation of iommu to multifunction (bsc#1179612). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1179612). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: target: Fix truncated PR-in ReadKeys response (bsc#1182590). - scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - tools lib traceevent: Fix 'robust' test of do_generate_dynamic_list_file (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes). - USB: musb: Fix runtime PM race in mUSB_queue_resume_work (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1179612). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1114648). - x86/efistub: Disable paging at mixed mode entry (bsc#1114648). - x86/entry/64/compat: Fix 'x86/entry/64/compat: Preserve r8-r11 in int $0x80' (bsc#1114648). - x86/entry/64/compat: Preserve r8-r11 in int $0x80 (bsc#1114648). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1114648). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1114648). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2021-742,Image SLES12-SP5-Azure-HPC-BYOS-2021-742,Image SLES12-SP5-Azure-SAP-BYOS-2021-742,Image SLES12-SP5-Azure-SAP-On-Demand-2021-742,Image SLES12-SP5-EC2-BYOS-2021-742,Image SLES12-SP5-EC2-ECS-On-Demand-2021-742,Image SLES12-SP5-EC2-On-Demand-2021-742,Image SLES12-SP5-EC2-SAP-BYOS-2021-742,Image SLES12-SP5-EC2-SAP-On-Demand-2021-742,Image SLES12-SP5-GCE-BYOS-2021-742,Image SLES12-SP5-GCE-On-Demand-2021-742,Image SLES12-SP5-GCE-SAP-BYOS-2021-742,Image SLES12-SP5-GCE-SAP-On-Demand-2021-742,Image SLES12-SP5-OCI-BYOS-BYOS-2021-742,Image SLES12-SP5-OCI-BYOS-SAP-BYOS-2021-742,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2021-742,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2021-742,SUSE-2021-742,SUSE-SLE-HA-12-SP5-2021-742,SUSE-SLE-Live-Patching-12-SP5-2021-742,SUSE-SLE-SDK-12-SP5-2021-742,SUSE-SLE-SERVER-12-SP5-2021-742,SUSE-SLE-WE-12-SP5-2021-742 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210742-1/ Link for SUSE-SU-2021:0742-1 https://lists.suse.com/pipermail/sle-security-updates/2021-March/008460.html E-Mail link for SUSE-SU-2021:0742-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1065600 SUSE Bug 1065600 https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1078720 SUSE Bug 1078720 https://bugzilla.suse.com/1081134 SUSE Bug 1081134 https://bugzilla.suse.com/1084610 SUSE Bug 1084610 https://bugzilla.suse.com/1114648 SUSE Bug 1114648 https://bugzilla.suse.com/1163617 SUSE Bug 1163617 https://bugzilla.suse.com/1163930 SUSE Bug 1163930 https://bugzilla.suse.com/1169514 SUSE Bug 1169514 https://bugzilla.suse.com/1170442 SUSE Bug 1170442 https://bugzilla.suse.com/1176855 SUSE Bug 1176855 https://bugzilla.suse.com/1177440 SUSE Bug 1177440 https://bugzilla.suse.com/1178049 SUSE Bug 1178049 https://bugzilla.suse.com/1179082 SUSE Bug 1179082 https://bugzilla.suse.com/1179142 SUSE Bug 1179142 https://bugzilla.suse.com/1179612 SUSE Bug 1179612 https://bugzilla.suse.com/1179709 SUSE Bug 1179709 https://bugzilla.suse.com/1180058 SUSE Bug 1180058 https://bugzilla.suse.com/1181346 SUSE Bug 1181346 https://bugzilla.suse.com/1181504 SUSE Bug 1181504 https://bugzilla.suse.com/1181574 SUSE Bug 1181574 https://bugzilla.suse.com/1181671 SUSE Bug 1181671 https://bugzilla.suse.com/1181809 SUSE Bug 1181809 https://bugzilla.suse.com/1181854 SUSE Bug 1181854 https://bugzilla.suse.com/1181896 SUSE Bug 1181896 https://bugzilla.suse.com/1181931 SUSE Bug 1181931 https://bugzilla.suse.com/1181960 SUSE Bug 1181960 https://bugzilla.suse.com/1181985 SUSE Bug 1181985 https://bugzilla.suse.com/1181987 SUSE Bug 1181987 https://bugzilla.suse.com/1181996 SUSE Bug 1181996 https://bugzilla.suse.com/1181998 SUSE Bug 1181998 https://bugzilla.suse.com/1182038 SUSE Bug 1182038 https://bugzilla.suse.com/1182047 SUSE Bug 1182047 https://bugzilla.suse.com/1182118 SUSE Bug 1182118 https://bugzilla.suse.com/1182130 SUSE Bug 1182130 https://bugzilla.suse.com/1182140 SUSE Bug 1182140 https://bugzilla.suse.com/1182171 SUSE Bug 1182171 https://bugzilla.suse.com/1182173 SUSE Bug 1182173 https://bugzilla.suse.com/1182175 SUSE Bug 1182175 https://bugzilla.suse.com/1182182 SUSE Bug 1182182 https://bugzilla.suse.com/1182184 SUSE Bug 1182184 https://bugzilla.suse.com/1182195 SUSE Bug 1182195 https://bugzilla.suse.com/1182242 SUSE Bug 1182242 https://bugzilla.suse.com/1182243 SUSE Bug 1182243 https://bugzilla.suse.com/1182248 SUSE Bug 1182248 https://bugzilla.suse.com/1182269 SUSE Bug 1182269 https://bugzilla.suse.com/1182302 SUSE Bug 1182302 https://bugzilla.suse.com/1182307 SUSE Bug 1182307 https://bugzilla.suse.com/1182310 SUSE Bug 1182310 https://bugzilla.suse.com/1182438 SUSE Bug 1182438 https://bugzilla.suse.com/1182447 SUSE Bug 1182447 https://bugzilla.suse.com/1182448 SUSE Bug 1182448 https://bugzilla.suse.com/1182449 SUSE Bug 1182449 https://bugzilla.suse.com/1182460 SUSE Bug 1182460 https://bugzilla.suse.com/1182461 SUSE Bug 1182461 https://bugzilla.suse.com/1182462 SUSE Bug 1182462 https://bugzilla.suse.com/1182463 SUSE Bug 1182463 https://bugzilla.suse.com/1182464 SUSE Bug 1182464 https://bugzilla.suse.com/1182465 SUSE Bug 1182465 https://bugzilla.suse.com/1182466 SUSE Bug 1182466 https://bugzilla.suse.com/1182560 SUSE Bug 1182560 https://bugzilla.suse.com/1182561 SUSE Bug 1182561 https://bugzilla.suse.com/1182571 SUSE Bug 1182571 https://bugzilla.suse.com/1182590 SUSE Bug 1182590 https://bugzilla.suse.com/1182610 SUSE Bug 1182610 https://bugzilla.suse.com/1182612 SUSE Bug 1182612 https://bugzilla.suse.com/1182650 SUSE Bug 1182650 https://bugzilla.suse.com/1182652 SUSE Bug 1182652 https://www.suse.com/security/cve/CVE-2021-3348/ SUSE CVE CVE-2021-3348 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-OCI-BYOS-BYOS Image SLES12-SP5-OCI-BYOS-SAP-BYOS Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 kernel-default-4.12.14-122.63.1 cluster-md-kmp-default-4.12.14-122.63.1 dlm-kmp-default-4.12.14-122.63.1 gfs2-kmp-default-4.12.14-122.63.1 ocfs2-kmp-default-4.12.14-122.63.1 kernel-debug-4.12.14-122.63.1 kernel-debug-base-4.12.14-122.63.1 kernel-debug-devel-4.12.14-122.63.1 kernel-debug-kgraft-devel-4.12.14-122.63.1 kernel-default-base-4.12.14-122.63.1 kernel-default-devel-4.12.14-122.63.1 kernel-default-extra-4.12.14-122.63.1 kernel-default-kgraft-4.12.14-122.63.1 kernel-default-kgraft-devel-4.12.14-122.63.1 kernel-default-man-4.12.14-122.63.1 kernel-devel-4.12.14-122.63.1 kernel-docs-4.12.14-122.63.1 kernel-docs-html-4.12.14-122.63.1 kernel-kvmsmall-4.12.14-122.63.1 kernel-kvmsmall-base-4.12.14-122.63.1 kernel-kvmsmall-devel-4.12.14-122.63.1 kernel-kvmsmall-kgraft-devel-4.12.14-122.63.1 kernel-macros-4.12.14-122.63.1 kernel-obs-build-4.12.14-122.63.1 kernel-obs-qa-4.12.14-122.63.1 kernel-source-4.12.14-122.63.1 kernel-source-vanilla-4.12.14-122.63.1 kernel-syms-4.12.14-122.63.1 kernel-vanilla-4.12.14-122.63.1 kernel-vanilla-base-4.12.14-122.63.1 kernel-vanilla-devel-4.12.14-122.63.1 kernel-vanilla-kgraft-devel-4.12.14-122.63.1 kernel-zfcpdump-4.12.14-122.63.1 kernel-zfcpdump-man-4.12.14-122.63.1 kgraft-patch-4_12_14-122_63-default-1-8.3.1 kselftests-kmp-default-4.12.14-122.63.1 kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-On-Demand cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-On-Demand cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-OCI-BYOS-BYOS cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production cluster-md-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production dlm-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production gfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production kernel-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production ocfs2-kmp-default-4.12.14-122.63.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production cluster-md-kmp-default-4.12.14-122.63.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 dlm-kmp-default-4.12.14-122.63.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 gfs2-kmp-default-4.12.14-122.63.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 ocfs2-kmp-default-4.12.14-122.63.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 kernel-default-kgraft-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-default-kgraft-devel-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_63-default-1-8.3.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-default-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-base-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-devel-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-man-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-devel-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-macros-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-source-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-syms-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default-base-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default-devel-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default-man-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-devel-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-macros-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-source-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-syms-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-docs-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 kernel-obs-build-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 kernel-default-extra-4.12.14-122.63.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. CVE-2021-3348 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-OCI-BYOS-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.63.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.63.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.63.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.63.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.63.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.63.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.63.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.63.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_63-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.63.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.63.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.63.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.63.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.63.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.63.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210742-1/ https://www.suse.com/security/cve/CVE-2021-3348.html CVE-2021-3348 https://bugzilla.suse.com/1181504 SUSE Bug 1181504 https://bugzilla.suse.com/1181645 SUSE Bug 1181645