The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• CVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a
  kvm_io_bus_unregister_dev memory leak upon a kmalloc failure
  (bnc#1184509).
• CVE-2021-29650: Fixed an issue within the netfilter subsystem that
  allowed attackers to cause a denial of service (panic) because
  net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
  full memory barrier upon the assignment of a new table value
  (bnc#1184208).
• CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that
  performed undesirable out-of-bounds speculation on pointer arithmetic,
  leading to side-channel attacks that defeat Spectre mitigations and
  obtain sensitive information from kernel memory. Specifically, for
  sequences of pointer arithmetic operations, the pointer modification
  performed by the first operation is not correctly accounted for when
  restricting subsequent operations (bnc#1184942).
• CVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that
  allowed a set_memory_region_test infinite loop for certain nested page
  faults (bnc#1184512).
• CVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a "stall on
  CPU" could have occured because a retry loop continually finds the same
  bad inode (bnc#1184194, bnc#1184211).
• CVE-2020-36322: Fixed an issue within the FUSE filesystem implementation
  where fuse_do_getattr() calls make_bad_inode() in inappropriate
  situations, causing a system crash. NOTE: the original fix for this
  vulnerability was incomplete, and its incompleteness is tracked as
  CVE-2021-28950 (bnc#1184211, bnc#1184952).
• CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation
  (bsc#1184170).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-May/008769.html