The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• Unprivileged BPF has been disabled by default to reduce attack surface
  as too many security issues have happened in the past (jsc#SLE-22573)

You can reenable via systemctl setting
/proc/sys/kernel/unprivileged_bpf_disabled to 0.
(kernel.unprivileged_bpf_disabled = 0)

• CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible
  out of bounds read due to a use after free. This could lead to local
  escalation of privilege with System execution privileges needed. User
  interaction is not needed for exploitation (bnc#1192045).
• CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in
  list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module
  in the Linux kernel A bound check failure allowed an attacker with
  special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds
  memory leading to a system crash or a leak of internal kernel
  information. The highest threat from this vulnerability is to system
  availability (bnc#1192781).
• CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less
  predictive to avoid information leaks about UDP ports in use.
  (bsc#1191790)
• CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device
  fails (bsc#1191961).
• CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
  detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
• CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
  unregister_netdev without checking for the NETREG_REGISTERED state,
  leading to a use-after-free and a double free (bnc#1188601).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2021-December/009843.html