The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
  sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
• CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows
  a malicious L1 guest to enable AVIC support for the L2 guest.
  (bsc#1189399).
• CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and
  allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
  VLS for the L2 guest (bsc#1189400).
• CVE-2021-3679: A lack of CPU resource in tracing module functionality
  was found in the way user uses trace ring buffer in a specific way. Only
  privileged local users (with CAP_SYS_ADMIN capability) could use this
  flaw to starve the resources causing denial of service (bnc#1189057).
• CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace
  can reveal files (bsc#1189706).
• CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by
  invalid id (bsc#1189832 ).
• CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
• CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling
  (bsc#1190025).
• CVE-2021-38160: Data corruption or loss could be triggered by an
  untrusted device that supplies a buf->len value exceeding the buffer
  size in drivers/char/virtio_console.c (bsc#1190117)
• CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
  access permissions of a shadow page, leading to a missing guest
  protection page fault (bnc#1189262).
• CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically
  proximate attackers to cause a denial of service (use-after-free and
  panic) by removing a MAX-3421 USB device in certain situations
  (bnc#1189291).
• CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it
  easier for attackers to defeat an ASLR protection mechanism because it
  prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
• CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed
  remote attackers to cause a denial of service (buffer overflow and
  lockup) by sending heavy network traffic for about ten minutes
  (bnc#1189298).
• CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when
  many elements are placed in a single bucket in kernel/bpf/hashtab.c
  (bnc#1189233 ).
• CVE-2021-38209: Fixed allowed observation of changes in any net
  namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
• CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser
  inside the mac80211 subsystem (bnc#1189296).
• CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
  via unprivileged BPF program that could have obtain sensitive
  information from kernel memory (bsc#1188983).
• CVE-2021-35477: Fixed BPF stack frame pointer which could have been
  abused to disclose content of arbitrary kernel memory (bsc#1188985).
• CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead
  to breaking memcg limits and DoS attacks (bsc#1190115).
• CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases
  (bsc#1171420).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-September/009505.html