SUSE: Security Advisory (SUSE-SU-2021:2438-1)

The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:2438-1 advisory.

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). CVE-2021-3612: An out-of-bounds memory write flaw was found in the joystick devices subsystem in the way the user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1187585 ). CVE-2021-35039: kernel/module.c mishandled Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bnc#1188080). NOTE that SUSE kernels are configured with CONFIG_MODULE_SIG=y, so are not affected. The following non-security bugs were fixed: ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). ACPICA: Fix memory leak caused by _CID repair function (git-fixes). ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). ACPI: resources: Add checks for ACPI IRQ override (git-fixes). ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). ata: ahci_sunxi: Disable DIPM (git-fixes). ath10k: add missing ... [Please see the references for more information on the vulnerabilities]

'Linux Kernel' package(s) on SUSE MicroOS 5.0, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise High Availability 15-SP2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).