support for SLES 15 SP3

https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/
Kernel version is 5.3.18-59.5.2.

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
  operations by the BPF verifier could be abused to perform out-of-bounds
  reads and writes in kernel memory (bsc#1186484).
• CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
  could lead to writing an arbitrary values. (bsc#1186111)
• CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
  forwards EAPOL frames to other clients even though the sender has not
  yet successfully authenticated to the AP. (bnc#1186062)
• CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed
  local attackers to elevate their privileges. (bnc#1186060)
• CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
  vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
  the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
• CVE-2021-32399: Fixed a race condition when removing the HCI controller
  (bnc#1184611).
• CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected
  Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
  require that received fragments be cleared from memory after
  (re)connecting to a network. Under the right circumstances this can be
  abused to inject arbitrary network packets and/or exfiltrate user data
  (bnc#1185859).
• CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected
  Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
  require that all fragments of a frame are encrypted under the same key.
  An adversary can abuse this to decrypt selected fragments when another
  device sends fragmented frames and the WEP, CCMP, or GCMP encryption key
  is periodically renewed (bnc#1185859 bnc#1185862).
• CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected
  Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
  require that the A-MSDU flag in the plaintext QoS header field is
  authenticated. Against devices that support receiving non-SSP A-MSDU
  frames (which is mandatory as part of 802.11n), an adversary can abuse
  this to inject arbitrary network packets. (bnc#1185861)
• CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
  fragments, even though some of them were sent in plaintext. This
  vulnerability can be abused to inject packets and/or exfiltrate selected
  fragments when another device sends fragmented frames and the WEP, CCMP,
  or GCMP data-confidentiality protocol is used (bnc#1185859).
• CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305
  4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept
  second (or subsequent) broadcast fragments even when sent in plaintext
  and process them as full unfragmented frames. An adversary can abuse
  this to inject arbitrary network packets independent of the network
  configuration. (bnc#1185860)
• CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
  where the Message Integrity Check (authenticity) of fragmented TKIP
  frames was not verified. An adversary can abuse this to inject and
  possibly decrypt packets in WPA or WPA2 networks that support the TKIP
  data-confidentiality protocol. (bnc#1185987)
• CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed
  attackers to cause a denial of service (panic) because
  net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
  full memory barrier upon the assignment of a new table value
  (bnc#1184208).
• CVE-2021-29155: Fixed an issue that was discovered in
  kernel/bpf/verifier.c that performs undesirable out-of-bounds
  speculation on pointer arithmetic, leading to side-channel attacks that
  defeat Spectre mitigations and obtain sensitive information from kernel
  memory. Specifically, for sequences of pointer arithmetic operations,
  the pointer modification performed by the first operation was not
  correctly accounted for when restricting subsequent operations
  (bnc#1184942).
• CVE-2021-3444: Fixed an issue with the bpf verifier which did not
  properly handle mod32 destination register truncation when the source
  register was known to be 0 leading to out of bounds read (bsc#1184170).
• CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent
  (bsc#1173485).
• CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed
  attackers to obtain sensitive information from kernel memory because of
  a partially uninitialized data structure (bsc#1184192 ).
• CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have
  allowed attackers to cause a denial of service due to race conditions
  during an update of the local and shared status (bsc#1184167).
• CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver
  which could have allowed attackers to cause a system crash due to a
  calculation of negative fragment size (bsc#1184168).
• CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a
  new device name to the driver from userspace, allowing userspace to
  write data to the kernel stack frame directly (bsc#1184198).
• CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could
  have caused a system crash because the PEBS status in a PEBS record was
  mishandled (bsc#1184196 ).
• CVE-2021-28964: Fixed a race condition in get_old_root which could have
  allowed attackers to cause a denial of service (bsc#1184193).
• CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
• CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan
  (bsc#1183593 ).
• CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not
  prevent user applications from sending kernel RPC messages (bsc#1183596).
• CVE-2021-28038: Fixed an issue with the netback driver which was lacking
  necessary treatment of errors such as failed memory allocations
  (bsc#1183022).
• CVE-2021-27365: Fixed an issue where an unprivileged user can send a
  Netlink message that is associated with iSCSI, and has a length up to
  the maximum length of a Netlink message (bsc#1182715).
• CVE-2021-27364: Fixed an issue where an attacker could craft Netlink
  messages (bsc#1182717).
• CVE-2021-27363: Fixed a kernel pointer leak which could have been used
  to determine the address of the iscsi_transport structure (bsc#1182716).
• CVE-2020-35519: Fixed an out-of-bounds memory access was found in
  x25_bind (bsc#1183696).
• CVE-2020-27815: Fixed an issue in JFS filesystem where could have
  allowed an attacker to execute code (bsc#1179454).
• CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds
  speculation on pointer arithmetic, leading to side-channel attacks that
  defeat Spectre mitigations and obtain sensitive information from kernel
  memory (bsc#1183775).
• CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre
  mitigations and obtain sensitive information from kernel memory
  (bsc#1183686).
• CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire
  function (bsc#1159280 ).
• CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in
  aa_audit_rule_init() (bsc#1156256).
• CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
• CVE-2021-30002: Fixed a memory leak for large arguments in
  video_usercopy (bsc#1184120).
• CVE-2021-29154: Fixed incorrect computation of branch displacements,
  allowing arbitrary code execution (bsc#1184391).
• CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop
  continually was finding the same bad inode (bsc#1184194).
• CVE-2021-28952: Fixed a buffer overflow in the soundwire device driver,
  triggered when an unexpected port ID number is encountered.
  (bnc#1184197).
• CVE-2021-20268: Fixed an out-of-bounds access flaw in the implementation
  of the eBPF code verifier. This flaw allowed a local user to crash the
  system or possibly escalate their privileges. (bnc#1183077)
• CVE-2020-27673: Fixed a vulnerability with xen, where guest OS users
  could cause a denial of service (host OS hang) via a high rate of events
  to dom0 (bnc#1177411).
• CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509
  ).
• CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering
  destruction of a large SEV VM (bsc#1184511).
• CVE-2020-36310: Fixed infinite loop for certain nested page faults
  (bsc#1184512).
• CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve
  did not check that the allocated size was smaller than the ringbuf size
  (bnc#1185640).
• CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for
  bitwise ops (AND, OR and XOR) did not update the 32-bit bounds
  (bnc#1185641 bnc#1185796 ).
• CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem
  implementation which could have caused a system crash (bsc#1184211).
• CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed
  multiple bugs in NFC subsytem (bsc#1178181).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-June/009018.html