[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2021:3806-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":26,"duplicates":27,"related":28,"reserved_at":9,"published_at":35,"modified_at":36,"state":9,"summary":37,"references_raw":39,"kevs":236,"epss":9,"epss_history":237,"metrics":238,"affected":239},"SUSE-SU-2021:3806-1","Security update for the Linux Kernel\n\n\n\nThe SUSE Linux Enterprise 15 SP3 kernel for Azure was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)\n\n  You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)\n\n- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).\n- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).\n- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)\n- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails  (bsc#1191961).\n- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).\n- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).\n\nThe following non-security bugs were fixed:\n\n- ABI: sysfs-kernel-slab: Document some stats (git-fixes).\n- ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes).\n- ALSA: hda: Free card instance properly at probe errors (git-fixes).\n- ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes).\n- ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).\n- ALSA: hda: Use position buffer for SKL+ again (git-fixes).\n- ALSA: ua101: fix division by zero at probe (git-fixes).\n- ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).\n- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).\n- ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375).\n- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).\n- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375).\n- ALSA: usb-audio: Use int for dB map values (bsc#1192375).\n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473).\n- ASoC: cs42l42: Correct some register default values (git-fixes).\n- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).\n- ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).\n- ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).\n- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).\n- ASoC: rockchip: Use generic dmaengine code (git-fixes).\n- ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes).\n- ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes).\n- ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).\n- ath10k: fix control-message timeout (git-fixes).\n- ath10k: fix division by zero in send path (git-fixes).\n- ath10k: fix max antenna gain unit (git-fixes).\n- ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).\n- ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes).\n- ath6kl: fix control-message timeout (git-fixes).\n- ath6kl: fix division by zero in send path (git-fixes).\n- ath9k: Fix potential interrupt storm on queue reset (git-fixes).\n- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).\n- auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).\n- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).\n- b43: fix a lower bounds test (git-fixes).\n- b43legacy: fix a lower bounds test (git-fixes).\n- blacklist.conf: 5c9d706f6133 ('bpf: Fix BPF_LSM kconfig symbol dependency') Not needed since 30897832d8b9 ('bpf: Allow local storage to be used from LSM programs') is not backported.\n- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).\n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).\n- bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).\n- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)\n- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574)\n- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).\n- bpf: Disallow unprivileged bpf by default (jsc#SLE-22574).\n- bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574).\n- bpf: Fix potential race in tail call compatibility check (git-fixes).\n- bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574).\n- btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).\n- btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).\n- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).\n- btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).\n- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).\n- config: disable unprivileged BPF by default (jsc#SLE-22573)\n- crypto: caam - disable pkc for non-E SoCs (git-fixes).\n- crypto: qat - detect PFVF collision after ACK (git-fixes).\n- crypto: qat - disregard spurious PFVF interrupts (git-fixes).\n- driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).\n- drm/amdgpu/display: add quirk handling for stutter mode (git-fixes).\n- drm/amdgpu: fix warning for overflow check (git-fixes).\n- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).\n- drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758).\n- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).\n- drm/msm: potential error pointer dereference in init() (git-fixes).\n- drm/msm: uninitialized variable in msm_gem_import() (git-fixes).\n- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).\n- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).\n- drm/ttm: stop calling tt_swapin in vm_access (git-fixes).\n- drm/v3d: fix wait for TMU write combiner flush (git-fixes).\n- EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288).\n- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).\n- Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then.\n- exfat: fix erroneous discard when clear cluster bit (git-fixes).\n- exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).\n- exfat: properly set s_time_gran (bsc#1192328).\n- exfat: truncate atimes to 2s granularity (bsc#1192328).\n- firmware/psci: fix application of sizeof to pointer (git-fixes).\n- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).\n- fuse: fix page stealing (bsc#1192718).\n- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).\n- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).\n- gpio/rockchip: add driver for rockchip gpio (bsc#1192217).\n- gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217).\n- gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217).\n- gpio/rockchip: fetch deferred output settings on probe (bsc#1192217).\n- gpio/rockchip: fix get_direction value handling (bsc#1192217).\n- gpio/rockchip: support next version gpio controller (bsc#1192217).\n- gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217).\n- gve: Avoid freeing NULL pointer (git-fixes).\n- gve: Correct available tx qpl check (git-fixes).\n- gve: fix gve_get_stats() (git-fixes).\n- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).\n- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).\n- HID: u2fzero: clarify error check and length calculations (git-fixes).\n- HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).\n- hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).\n- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).\n- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).\n- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).\n- i40e: Fix ATR queue selection (git-fixes).\n- i40e: fix endless loop under rtnl (git-fixes).\n- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).\n- iavf: fix double unlock of crit_lock (git-fixes).\n- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).\n- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).\n- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).\n- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).\n- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).\n- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).\n- Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).\n- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).\n- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).\n- iwlwifi: mvm: fix some kerneldoc issues (git-fixes).\n- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).\n- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).\n- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).\n- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).\n- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).\n- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).\n- KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).\n- libertas: Fix possible memory leak in probe and disconnect (git-fixes).\n- libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).\n- media: cedrus: Fix SUNXI tile size calculation (git-fixes).\n- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).\n- media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).\n- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).\n- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).\n- media: em28xx: add missing em28xx_close_extension (git-fixes).\n- media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).\n- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).\n- media: ite-cir: IR receiver stop working after receive overflow (git-fixes).\n- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).\n- media: mxl111sf: change mutex_init() location (git-fixes).\n- media: radio-wl1273: Avoid card name truncation (git-fixes).\n- media: si470x: Avoid card name truncation (git-fixes).\n- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).\n- media: TDA1997x: handle short reads of hdmi info frame (git-fixes).\n- media: tm6000: Avoid card name truncation (git-fixes).\n- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).\n- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).\n- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).\n- memstick: avoid out-of-range warning (git-fixes).\n- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).\n- mlx5: count all link events (git-fixes).\n- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).\n- mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).\n- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).\n- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).\n- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).\n- Move upstreamed sound fix into sorted section\n- mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes).\n- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).\n- mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes).\n- mt76: mt7915: fix possible infinite loop release semaphore (git-fixes).\n- mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).\n- mwifiex: fix division by zero in fw download path (git-fixes).\n- mwifiex: Send DELBA requests according to spec (git-fixes).\n- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).\n- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).\n- net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).\n- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).\n- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).\n- net/mlx4_en: Resolve bad operstate value (git-fixes).\n- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).\n- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).\n- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).\n- net: mscc: ocelot: fix hardware timestamp dequeue logic.\n- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).\n- net/smc: Correct smc link connection counter in case of smc client (git-fixes).\n- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes).\n- nvme-pci: set min_align_mask (bsc#1191851).\n- ocfs2: do not zero pages beyond i_size (bsc#1190795).\n- ocfs2: fix data corruption on truncate (bsc#1190795).\n- PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).\n- PCI: aardvark: Do not spam about PIO Response Status (git-fixes).\n- PCI: aardvark: Do not unmask unused interrupts (git-fixes).\n- PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).\n- PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).\n- PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).\n- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).\n- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).\n- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).\n- PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).\n- PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).\n- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).\n- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).\n- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).\n- PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).\n- pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).\n- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217).\n- pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217).\n- pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217).\n- pinctrl: rockchip: add rk3308 SoC support (bsc#1192217).\n- pinctrl: rockchip: add support for rk3568 (bsc#1192217).\n- pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217).\n- pinctrl: rockchip: clear int status when driver probed (bsc#1192217).\n- pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217).\n- pinctrl: rockchip: do coding style for mux route struct (bsc#1192217).\n- pinctrl/rockchip: drop the gpio related codes (bsc#1192217).\n- pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217).\n- pinctrl: rockchip: make driver be tristate module (bsc#1192217).\n- pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217).\n- pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217).\n- pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217).\n- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).\n- PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes).\n- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).\n- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).\n- power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).\n- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).\n- printk: handle blank console arguments passed in (bsc#1192753).\n- qed: Fix missing error code in qed_slowpath_start() (git-fixes).\n- qed: Handle management FW error (git-fixes).\n- qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).\n- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).\n- r8152: add a helper function about setting EEE (git-fixes).\n- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).\n- r8152: Disable PLA MCU clock speed down (git-fixes).\n- r8152: disable U2P3 for RTL8153B (git-fixes).\n- r8152: divide the tx and rx bottom functions (git-fixes).\n- r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).\n- r8152: fix runtime resume for linking change (git-fixes).\n- r8152: replace array with linking list for rx information (git-fixes).\n- r8152: reset flow control patch when linking on for RTL8153B (git-fixes).\n- r8152: saving the settings of EEE (git-fixes).\n- r8152: separate the rx buffer size (git-fixes).\n- r8152: use alloc_pages for rx buffer (git-fixes).\n- random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924)\n- README.BRANCH: Add Oscar Salvador as SLE15-SP3 maintainer\n- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).\n- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).\n- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).\n- Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).\n- Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).\n- Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).\n- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).\n- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).\n- rsi: fix control-message timeout (git-fixes).\n- rsi: Fix module dev_oper_mode parameter description (git-fixes).\n- rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).\n- rtl8187: fix control-message timeouts (git-fixes).\n- s390/dasd: fix use after free in dasd path handling (git-fixes).\n- s390/pci: fix use after free of zpci_dev (git-fixes).\n- s390/pci: fix zpci_zdev_put() on reserve (git-fixes).\n- s390/qeth: fix deadlock during failing recovery (git-fixes).\n- s390/qeth: Fix deadlock in remove_discipline (git-fixes).\n- s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).\n- s390/topology: clear thread/group maps for offline cpus (git-fixes).\n- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).\n- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).\n- scsi: core: Fix spelling in a source code comment (git-fixes).\n- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).\n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).\n- scsi: dc395: Fix error case unwinding (git-fixes).\n- scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).\n- scsi: FlashPoint: Rename si_flags field (git-fixes).\n- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).\n- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).\n- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).\n- scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).\n- scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).\n- scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).\n- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).\n- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).\n- scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).\n- scsi: snic: Fix an error message (git-fixes).\n- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).\n- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).\n- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).\n- serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).\n- staging: r8712u: fix control-message timeout (git-fixes).\n- staging: rtl8192u: fix control-message timeouts (git-fixes).\n- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).\n- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).\n- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).\n- swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).\n- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).\n- swiotlb: factor out a nr_slots helper (bsc#1191851).\n- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).\n- swiotlb: respect min_align_mask (bsc#1191851).\n- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).\n- tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).\n- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).\n- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set\n- Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch (bsc#1191628 bsc#1192549). dir_cookie is a pointer to the cookie in older kernels, not the cookie itself.\n- Update patch reference for AMDGPU fix (bsc#1180749)\n- usb: gadget: hid: fix error code in do_config() (git-fixes).\n- USB: iowarrior: fix control-message timeouts (git-fixes).\n- usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).\n- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).\n- usbnet: fix error return code in usbnet_probe() (git-fixes).\n- usbnet: sanity check for maxpacket (git-fixes).\n- USB: serial: keyspan: fix memleak on probe errors (git-fixes).\n- video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).\n- virtio-gpu: fix possible memory allocation failure (git-fixes).\n- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).\n- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).\n- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).\n- x86/ioapic: Force affinity setup before startup (bsc#1152489).\n- x86/msi: Force affinity setup before startup (bsc#1152489).\n- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).\n- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).\n- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).\n- xen: Fix implicit type conversion (git-fixes).\n- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).\n- xfs: do not allow log writes if the data device is readonly (bsc#1192229).\n",null,[],[],[],[14,16,18,20,22,24],{"_key":15},"CVE-2021-0941",{"_key":17},"CVE-2021-20322",{"_key":19},"CVE-2021-31916",{"_key":21},"CVE-2021-34981",{"_key":23},"CVE-2021-37159",{"_key":25},"CVE-2021-43389",[],[],[29,30,31,32,33,34],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},"2021-11-25T13:19:50Z","2026-02-04T03:09:06.552529Z",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[40,46,51,55,59,63,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,127,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,216,220,224,228,232],{"url":41,"sources":42,"tags":44},"https://www.suse.com/support/update/announcement/2021/suse-su-20213806-1/",[43],"osv_suse",[45],"Advisory",{"url":47,"sources":48,"tags":49},"https://bugzilla.suse.com/1094840",[43],[50],"REPORT",{"url":52,"sources":53,"tags":54},"https://bugzilla.suse.com/1133021",[43],[50],{"url":56,"sources":57,"tags":58},"https://bugzilla.suse.com/1152489",[43],[50],{"url":60,"sources":61,"tags":62},"https://bugzilla.suse.com/1154353",[43],[50],{"url":64,"sources":65,"tags":66},"https://bugzilla.suse.com/1157177",[43],[50],{"url":68,"sources":69,"tags":70},"https://bugzilla.suse.com/1167773",[43],[50],{"url":72,"sources":73,"tags":74},"https://bugzilla.suse.com/1169263",[43],[50],{"url":76,"sources":77,"tags":78},"https://bugzilla.suse.com/1170269",[43],[50],{"url":80,"sources":81,"tags":82},"https://bugzilla.suse.com/1176940",[43],[50],{"url":84,"sources":85,"tags":86},"https://bugzilla.suse.com/1180749",[43],[50],{"url":88,"sources":89,"tags":90},"https://bugzilla.suse.com/1184924",[43],[50],{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1188601",[43],[50],{"url":96,"sources":97,"tags":98},"https://bugzilla.suse.com/1190523",[43],[50],{"url":100,"sources":101,"tags":102},"https://bugzilla.suse.com/1190795",[43],[50],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1191628",[43],[50],{"url":108,"sources":109,"tags":110},"https://bugzilla.suse.com/1191790",[43],[50],{"url":112,"sources":113,"tags":114},"https://bugzilla.suse.com/1191851",[43],[50],{"url":116,"sources":117,"tags":118},"https://bugzilla.suse.com/1191958",[43],[50],{"url":120,"sources":121,"tags":122},"https://bugzilla.suse.com/1191961",[43],[50],{"url":124,"sources":125,"tags":126},"https://bugzilla.suse.com/1191980",[43],[50],{"url":128,"sources":129,"tags":130},"https://bugzilla.suse.com/1192045",[43],[50],{"url":132,"sources":133,"tags":134},"https://bugzilla.suse.com/1192217",[43],[50],{"url":136,"sources":137,"tags":138},"https://bugzilla.suse.com/1192229",[43],[50],{"url":140,"sources":141,"tags":142},"https://bugzilla.suse.com/1192267",[43],[50],{"url":144,"sources":145,"tags":146},"https://bugzilla.suse.com/1192273",[43],[50],{"url":148,"sources":149,"tags":150},"https://bugzilla.suse.com/1192288",[43],[50],{"url":152,"sources":153,"tags":154},"https://bugzilla.suse.com/1192328",[43],[50],{"url":156,"sources":157,"tags":158},"https://bugzilla.suse.com/1192375",[43],[50],{"url":160,"sources":161,"tags":162},"https://bugzilla.suse.com/1192473",[43],[50],{"url":164,"sources":165,"tags":166},"https://bugzilla.suse.com/1192549",[43],[50],{"url":168,"sources":169,"tags":170},"https://bugzilla.suse.com/1192718",[43],[50],{"url":172,"sources":173,"tags":174},"https://bugzilla.suse.com/1192740",[43],[50],{"url":176,"sources":177,"tags":178},"https://bugzilla.suse.com/1192745",[43],[50],{"url":180,"sources":181,"tags":182},"https://bugzilla.suse.com/1192750",[43],[50],{"url":184,"sources":185,"tags":186},"https://bugzilla.suse.com/1192753",[43],[50],{"url":188,"sources":189,"tags":190},"https://bugzilla.suse.com/1192758",[43],[50],{"url":192,"sources":193,"tags":194},"https://bugzilla.suse.com/1192781",[43],[50],{"url":196,"sources":197,"tags":198},"https://bugzilla.suse.com/1192802",[43],[50],{"url":200,"sources":201,"tags":202},"https://bugzilla.suse.com/1192896",[43],[50],{"url":204,"sources":205,"tags":206},"https://bugzilla.suse.com/1192906",[43],[50],{"url":208,"sources":209,"tags":210},"https://bugzilla.suse.com/1192918",[43],[50],{"url":212,"sources":213,"tags":214},"https://www.suse.com/security/cve/CVE-2021-0941",[43],[215],"WEB",{"url":217,"sources":218,"tags":219},"https://www.suse.com/security/cve/CVE-2021-20322",[43],[215],{"url":221,"sources":222,"tags":223},"https://www.suse.com/security/cve/CVE-2021-31916",[43],[215],{"url":225,"sources":226,"tags":227},"https://www.suse.com/security/cve/CVE-2021-34981",[43],[215],{"url":229,"sources":230,"tags":231},"https://www.suse.com/security/cve/CVE-2021-37159",[43],[215],{"url":233,"sources":234,"tags":235},"https://www.suse.com/security/cve/CVE-2021-43389",[43],[215],[],[],[],[240,253,258],{"ecosystem":241,"name":242,"vendor":243,"product":244,"cpe_part":9,"purl_type":245,"purl_namespace":243,"purl_name":244,"source":9,"versions":246},"SUSE Linux Enterprise","kernel-azure","suse","kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP3","rpm",[247],{"version":248,"is_range":249,"range_type":250,"version_start":9,"version_start_type":9,"version_end":251,"version_end_type":252,"fixed_in":9},"lt5_3_18_38_31_1",true,"ecosystem","5.3.18-38.31.1","excluding",{"ecosystem":241,"name":254,"vendor":243,"product":255,"cpe_part":9,"purl_type":245,"purl_namespace":243,"purl_name":255,"source":9,"versions":256},"kernel-source-azure","kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP3",[257],{"version":248,"is_range":249,"range_type":250,"version_start":9,"version_start_type":9,"version_end":251,"version_end_type":252,"fixed_in":9},{"ecosystem":241,"name":259,"vendor":243,"product":260,"cpe_part":9,"purl_type":245,"purl_namespace":243,"purl_name":260,"source":9,"versions":261},"kernel-syms-azure","kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP3",[262],{"version":248,"is_range":249,"range_type":250,"version_start":9,"version_start_type":9,"version_end":251,"version_end_type":252,"fixed_in":9}]