SUSE: Security Advisory (SUSE-SU-2021:3754-1)

The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:3754-1 advisory.

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: ACPI: bgrt: Fix CFI violation (git-fixes). ACPI: fix NULL pointer dereference (git-fixes). ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). ALSA: usb-audio: Add quirk for VF0770 (git-fixes). ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). ASoC: DAPM: Fix missing kctl change notifications (git-fixes). ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). HID: u2fzero: ignore incomplete packets without data (git-fixes). HID: usbhid: free raw_report ... [Please see the references for more information on the vulnerabilities]

'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE MicroOS 5.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).