SUSE-SU-2020:3748-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Dec 10 10:15:45 MST 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3748-1
Rating:             important
References:         #1149032 #1152489 #1153274 #1154353 #1155518 
                    #1160634 #1166146 #1166166 #1167030 #1167773 
                    #1170139 #1171073 #1171558 #1172873 #1173504 
                    #1174852 #1175306 #1175918 #1176109 #1176180 
                    #1176200 #1176481 #1176586 #1176855 #1176983 
                    #1177066 #1177070 #1177353 #1177397 #1177577 
                    #1177666 #1177703 #1177820 #1178123 #1178182 
                    #1178227 #1178286 #1178304 #1178330 #1178393 
                    #1178401 #1178426 #1178461 #1178579 #1178581 
                    #1178584 #1178585 #1178589 #1178635 #1178653 
                    #1178659 #1178661 #1178669 #1178686 #1178740 
                    #1178755 #1178762 #1178838 #1178853 #1178886 
                    #1179001 #1179012 #1179014 #1179015 #1179045 
                    #1179076 #1179082 #1179107 #1179140 #1179141 
                    #1179160 #1179201 #1179211 #1179217 #1179225 
                    #1179419 #1179424 #1179425 #1179426 #1179427 
                    #1179429 #1179432 #1179442 #1179550 
Cross-References:   CVE-2020-15436 CVE-2020-15437 CVE-2020-25668
                    CVE-2020-25669 CVE-2020-25704 CVE-2020-27777
                    CVE-2020-28915 CVE-2020-28941 CVE-2020-28974
                    CVE-2020-29369 CVE-2020-29371 CVE-2020-4788
                   
Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 72 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
     which could have allowed local users to gain privileges or cause a
     denial of service (bsc#1179141).
   - CVE-2020-15437: Fixed a null pointer dereference which could have
     allowed local users to cause a denial of service(bsc#1179140).
   - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op
     (bsc#1178123).
   - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()
     (bsc#1178182).
   - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()
     (bsc#1178393).
   - CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107)
   - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
     have been used by local attackers to read kernel memory (bsc#1178886).
   - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could
     have been used by local attackers to read privileged information or
     potentially crash the kernel (bsc#1178589).
   - CVE-2020-29371: Fixed uninitialized memory leaks to userspace
     (bsc#1179429).
   - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan
     open UDP ports. This flaw allowed an off-path remote user to effectively
     bypassing source port UDP randomization (bsc#1175721).
   - CVE-2020-28941: Fixed an issue where local attackers on systems with the
     speakup driver could cause a local denial of service attack
     (bsc#1178740).
   - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
     allowed a local user to obtain sensitive information from the data in
     the L1 cache under extenuating circumstances (bsc#1177666).
   - CVE-2020-29369: Fixed a race condition between certain expand functions
     (expand_downwards and expand_upwards) and page-table free operations
     from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).

   The following non-security bugs were fixed:


   - 9P: Cast to loff_t before multiplying (git-fixes).
   - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).
   - ACPICA: Add NHLT table signature (bsc#1176200).
   - ACPI: dock: fix enum-conversion warning (git-fixes).
   - ACPI / extlog: Check for RDMSR failure (git-fixes).
   - ACPI: GED: fix -Wformat (git-fixes).
   - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
   - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
   - Add bug reference to two hv_netvsc patches (bsc#1178853).
   - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
   - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
     (git-fixes).
   - ALSA: fix kernel-doc markups (git-fixes).
   - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).
   - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
     (git-fixes).
   - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
     (git-fixes).
   - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button
     (git-fixes).
   - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).
   - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).
   - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).
   - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).
   - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).
   - ALSA: mixart: Fix mutex deadlock (git-fixes).
   - ALSA: usb-audio: Add delay quirk for all Logitech USB devices
     (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
   - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
     (git-fixes).
   - arm64: bpf: Fix branch offset in JIT (git-fixes).
   - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on
     PHY (git-fixes).
   - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay
     (git-fixes).
   - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay
     (git-fixes).
   - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).
   - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point
     (git-fixes).
   - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).
   - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).
   - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
     (git-fixes).
   - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions
     (git-fixes).
   - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).
   - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).
   - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes
     (git-fixes).
   - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes
     (git-fixes).
   - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).
   - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).
   - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).
   - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).
   - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).
   - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function
     (git-fixes).
   - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
   - ASoC: qcom: sdm845: set driver name correctly (git-fixes).
   - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).
   - ath10k: start recovery process when payload length exceeds max htc
     length for sdio (git-fixes).
   - batman-adv: set .owner to THIS_MODULE (git-fixes).
   - bnxt_en: Avoid sending firmware messages when AER error is detected
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task()
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one()
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).
   - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371
     bsc#1153274).
   - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE
     (bsc#1155518).
   - bpf: Fix comment for helper bpf_current_task_under_cgroup()
     (bsc#1155518).
   - bpf: Zero-fill re-used per-cpu map element (bsc#1155518).
   - btrfs: Account for merged patches upstream Move below patches to sorted
     section.
   - btrfs: cleanup cow block on error (bsc#1178584).
   - btrfs: fix bytes_may_use underflow in prealloc error condtition
     (bsc#1179217).
   - btrfs: fix metadata reservation for fallocate that leads to transaction
     aborts (bsc#1179217).
   - btrfs: fix relocation failure due to race with fallocate (bsc#1179217).
   - btrfs: remove item_size member of struct btrfs_clone_extent_info
     (bsc#1179217).
   - btrfs: rename btrfs_insert_clone_extent() to a more generic name
     (bsc#1179217).
   - btrfs: rename btrfs_punch_hole_range() to a more generic name
     (bsc#1179217).
   - btrfs: rename struct btrfs_clone_extent_info to a more generic name
     (bsc#1179217).
   - btrfs: reschedule if necessary when logging directory items
     (bsc#1178585).
   - btrfs: send, orphanize first all conflicting inodes when processing
     references (bsc#1178579).
   - btrfs: send, recompute reference path after orphanization of a directory
     (bsc#1178581).
   - can: af_can: prevent potential access of uninitialized member in
     canfd_rcv() (git-fixes).
   - can: af_can: prevent potential access of uninitialized member in
     can_rcv() (git-fixes).
   - can: can_create_echo_skb(): fix echo skb generation: always use
     skb_clone() (git-fixes).
   - can: dev: __can_get_echo_skb(): fix real payload length return value for
     RTR frames (git-fixes).
   - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
     context (git-fixes).
   - can: dev: can_restart(): post buffer from the right context (git-fixes).
   - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).
   - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop
     mode property comment (git-fixes).
   - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A
     (git-fixes).
   - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
   - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).
   - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1
     (git-fixes).
   - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
   - can: m_can: m_can_stop(): set device to software init mode before
     closing (git-fixes).
   - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to
     can_put_echo_skb() (git-fixes).
   - can: peak_canfd: pucan_handle_can_rx(): fix echo management when
     loopback is on (git-fixes).
   - can: peak_usb: add range checking in decode operations (git-fixes).
   - can: peak_usb: fix potential integer overflow on shift of a int
     (git-fixes).
   - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
     (git-fixes).
   - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
   - ceph: add check_session_state() helper and make it global (bsc#1179012).
   - ceph: check session state after bumping session->s_seq (bsc#1179012).
   - ceph: check the sesion state and return false in case it is closed
     (bsc#1179012).
   - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).
   - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
   - cfg80211: initialize wdev data earlier (git-fixes).
   - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
   - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
   - cifs: remove bogus debug code (bsc#1179427).
   - cifs: Return the error from crypt_message when enc/dec key not found
     (bsc#1179426).
   - clk: define to_clk_regmap() as inline function (git-fixes).
   - Convert trailing spaces and periods in path components (bsc#1179424).
   - cosa: Add missing kfree in error path of cosa_write (git-fixes).
   - dax: fix detection of dax support for non-persistent memory block
     devices (bsc#1171073).
   - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).
   - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch
     (bsc#1179419)
   - devlink: Make sure devlink instance and port are in same net namespace
     (bsc#1154353).
   - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
   - Documentation/admin-guide/module-signing.rst: add openssl command option
     example for CodeSign EKU (bsc#1177353, bsc#1179076).
   - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option
     compiles /dev/null file to test for an option availability. Filter out
     -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in
     the process.
   - drbd: code cleanup by using sendpage_ok() to check page for
     kernel_sendpage() (bsc#1172873).
   - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).
   - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).
   - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838).
     Also correct the page size on ppc64.
   - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).
   - EDAC/amd64: Find Chip Select memory size using Address Mask
     (bsc#1179001).
   - EDAC/amd64: Gather hardware information early (bsc#1179001).
   - EDAC/amd64: Initialize DIMM info for systems with more than two channels
     (bsc#1179001).
   - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).
   - EDAC/amd64: Save max number of controllers to family type (bsc#1179001).
   - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).
   - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).
   - efi: efibc: check for efivars write capability (git-fixes).
   - efi: EFI_EARLYCON should depend on EFI (git-fixes).
   - efi/efivars: Set generic ops before loading SSDT (git-fixes).
   - efi/esrt: Fix reference count leak in esre_create_sysfs_entry
     (git-fixes).
   - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).
   - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
   - efivarfs: fix memory leak in efivarfs_create() (git-fixes).
   - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes).
   - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper
     (git-fixes).
   - efi/x86: Do not panic or BUG() on non-critical error conditions
     (git-fixes).
   - efi/x86: Fix the deletion of variables in mixed mode (git-fixes).
   - efi/x86: Free efi_pgd with free_pages() (git-fixes).
   - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode
     (git-fixes).
   - efi/x86: Ignore the memory attributes table on i386 (git-fixes).
   - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
   - exfat: fix name_hash computation on big endian systems (git-fixes).
   - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).
   - exfat: fix possible memory leak in exfat_find() (git-fixes).
   - exfat: fix use of uninitialized spinlock on error path (git-fixes).
   - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry()
     (git-fixes).
   - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
     (git-fixes).
   - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was
     mistakenly set as built-in. Mark it as module.
   - ftrace: Fix recursion check for NMI test (git-fixes).
   - ftrace: Handle tracing when switching between context (git-fixes).
   - futex: Do not enable IRQs unconditionally in put_pi_state()
     (bsc#1149032).
   - futex: Handle transient "ownerless" rtmutex state correctly
     (bsc#1149032).
   - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).
   - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).
   - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).
   - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).
   - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver
     (git-fixes).
   - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin
     trackpad (git-fixes).
   - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).
   - hv_balloon: disable warning when floor reached (git-fixes).
   - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*()
     functions (git-fixes).
   - hv_netvsc: Add XDP support (bsc#1177820).
   - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).
   - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).
   - hv_netvsc: record hardware hash in skb (bsc#1177820).
   - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).
   - hyperv_fb: Update screen_info after removing old framebuffer
     (bsc#1175306).
   - i2c: mediatek: move dma reset before i2c reset (git-fixes).
   - i2c: sh_mobile: implement atomic transfers (git-fixes).
   - igc: Fix not considering the TX delay for timestamps (bsc#1160634).
   - igc: Fix wrong timestamp latency numbers (bsc#1160634).
   - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting
     tablet-mode (git-fixes).
   - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
     (git-fixes).
   - iio: adc: mediatek: fix unset field (git-fixes).
   - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).
   - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
   - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER
     (git-fixes).
   - intel_idle: Customize IceLake server support (bsc#1178286).
   - ionic: check port ptr before use (bsc#1167773).
   - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).
   - kABI: revert use_mm name change (MM Functionality, bsc#1178426).
   - kABI workaround for HD-audio (git-fixes).
   - kernel: better document the use_mm/unuse_mm API contract (MM
     Functionality, bsc#1178426).
   - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
   - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
     RPM_BUILD_ROOT is cleared before %%install. Do the unpack into
     RPM_BUILD_ROOT in %%install
   - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).
   - kgdb: Fix spurious true from in_dbg_master() (git-fixes).
   - kthread_worker: prevent queuing delayed work from timer_fn when it is
     being canceled (git-fixes).
   - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return
     SMCCC_RET_NOT_REQUIRED (git-fixes).
   - lan743x: fix "BUG: invalid wait context" when setting rx mode
     (git-fixes).
   - lan743x: fix issue causing intermittent kernel log warnings (git-fixes).
   - lan743x: prevent entire kernel HANG on open, for some platforms
     (git-fixes).
   - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).
   - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).
   - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
   - lib/crc32test: remove extra local_irq_disable/enable (git-fixes).
   - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - lib/strncpy_from_user.c: Mask out bytes after NUL terminator
     (bsc#1155518).
   - mac80211: always wind down STA state (git-fixes).
   - mac80211: fix use of skb payload instead of header (git-fixes).
   - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
   - mac80211: minstrel: fix tx status processing corner case (git-fixes).
   - mac80211: minstrel: remove deferred sampling code (git-fixes).
   - media: imx274: fix frame interval handling (git-fixes).
   - media: platform: Improve queue set up flow for bug fixing (git-fixes).
   - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).
   - media: uvcvideo: Fix dereference of out-of-bound list iterator
     (git-fixes).
   - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
     (git-fixes).
   - mei: protect mei_cl_mtu from null dereference (git-fixes).
   - memcg: fix NULL pointer dereference in
     __mem_cgroup_usage_unregister_event (bsc#1177703).
   - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).
   - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove
     (git-fixes).
   - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs
     (git-fixes).
   - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based
     Intel controllers (git-fixes).
   - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
     (MM Functionality, bsc#1178426).
   - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality,
     bsc#1178426).
   - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).
   - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586,
     LTC#188235).
   - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git
     fixes (mm/ksm)).
   - mm, memcg: fix inconsistent oom event behavior (bsc#1178659).
   - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
   - mm/memcontrol.c: add missed css_put() (bsc#1178661).
   - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes
     (mm/mempolicy)).
   - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).
   - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).
   - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes
     (mm/vmscan)).
   - mm, THP, swap: fix allocating cluster for swapfile by mistake
     (bsc#1178755).
   - modsign: Add codeSigning EKU when generating X.509 key generation config
     (bsc#1177353, bsc#1179076).
   - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send
     (bsc#1172873).
   - net: ena: Capitalize all log strings and improve code readability
     (bsc#1177397).
   - net: ena: Change license into format to SPDX in all files (bsc#1177397).
   - net: ena: Change log message to netif/dev function (bsc#1177397).
   - net: ena: Change RSS related macros and variables names (bsc#1177397).
   - net: ena: ethtool: Add new device statistics (bsc#1177397).
   - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
   - net: ena: ethtool: convert stat_offset to 64 bit resolution
     (bsc#1177397).
   - net: ena: Fix all static chekers' warnings (bsc#1177397).
   - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
   - net: ena: handle bad request id in ena_netdev (bsc#1174852).
   - net: ena: Remove redundant print of placement policy (bsc#1177397).
   - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
   - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).
   - net: introduce helper sendpage_ok() in include/linux/net.h
     (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h
     (bsc#1172873).
   - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).
   - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled
     (jsc#SLE-8464).
   - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).
   - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
   - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
   - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669
     bsc#1170139).
   - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).
   - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).
   - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).
   - nvme: do not update disk info for multipathed device (bsc#1171558).
   - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()
     (bsc#1172873).
   - p54: avoid accessing the data mapped to streaming DMA (git-fixes).
   - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI
     (git-fixes).
   - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
   - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
   - pinctrl: aspeed: Fix GPI only function problem (git-fixes).
   - pinctrl: intel: Set default bias in case no particular value given
     (git-fixes).
   - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time
     (git-fixes).
   - platform/x86: toshiba_acpi: Fix the wrong variable assignment
     (git-fixes).
   - PM: runtime: Drop runtime PM references to supplier on link removal
     (git-fixes).
   - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM
     Functionality, bsc#1178426).
   - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).
   - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h
     (jsc#SLE-16360 jsc#SLE-16915).
   - powerpc/pmem: Add flush routines using new pmem store and sync
     instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Add new instructions for persistent storage and sync
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Update ppc64 to use the new barrier instruction
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869
     jsc#SLE-16321).
   - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score
     (jsc#SLE-16360 jsc#SLE-16915).
   - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869
     jsc#SLE-16321).
   - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality,
     bsc#1178426).
   - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293).
   - power: supply: bq27xxx: report "not charging" on all types (git-fixes).
   - power: supply: test_power: add missing newlines when printing parameters
     by sysfs (git-fixes).
   - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).
   - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).
   - RDMA/hns: Fix the wrong value of rnr_retry when querying qp
     (jsc#SLE-8449).
   - RDMA/hns: Fix wrong field of SRQ number the device supports
     (jsc#SLE-8449).
   - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).
   - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).
   - RDMA/qedr: Fix return code if accept is called on a destroyed qp
     (jsc#SLE-8215).
   - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).
   - reboot: fix overflow parsing reboot cpu number (git-fixes).
   - Refresh patches.suse/vfs-add-super_operations-get_inode_dev.
     (bsc#1176983)
   - regulator: avoid resolve_supply() infinite recursion (git-fixes).
   - regulator: defer probe when trying to get voltage from unresolved supply
     (git-fixes).
   - regulator: fix memory leak with repeated set_machine_constraints()
     (git-fixes).
   - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200}
     (git-fixes).
   - regulator: ti-abb: Fix array out of bound read access on the first
     transition (git-fixes).
   - regulator: workaround self-referent regulators (git-fixes).
   - Restore the header of series.conf The header of series.conf was
     accidentally changed by abb50be8e6bc "(kABI: revert use_mm name change
     (MM Functionality, bsc#1178426))".
   - Revert "cdc-acm: hardening against malicious devices" (git-fixes).
   - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
     (git-fixes).
   - Revert "xfs: complain if anyone tries to create a too-large buffer"
     (bsc#1179425, bsc#1179550).
   - rfkill: Fix use-after-free in rfkill_resume() (git-fixes).
   - ring-buffer: Fix recursion protection transitions between interrupt
     context (git-fixes).
   - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author:
     Dominique Leuenberger -<dimstar at opensuse.org>
   - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)
     %split_extra still contained two.
   - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)
     egrep is only a deprecated bash wrapper for "grep -E". So use the latter
     instead.
   - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls
     (bsc#1178401)
   - rpm/kernel-{source,binary}.spec: do not include ghost symlinks
     (boo#1179082).
   - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit
     kernel due to various bugs (bsc#1178762 to name one). There is:
     ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's
     prjconf now. No other actively maintained distro (i.e. merging packaging
     branch) builds a x86_32 kernel, hence pushing to packaging directly.
   - s390/bpf: Fix multiple tail calls (git-fixes).
   - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918
     LTC#187935).
   - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
   - s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
   - s390/pkey: fix paes selftest failure with paes and pkey static build
     (git-fixes).
   - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).
   - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).
   - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).
   - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes
     (sched)).
   - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).
   - sched: Fix rq->nr_iowait ordering (git fixes (sched)).
   - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
   - scsi: libiscsi: Fix NOP race condition (bsc#1176481).
   - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map()
     (bsc#1172873).
   - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).
   - serial: txx9: add missing platform_driver_unregister() on error in
     serial_txx9_init (git-fixes).
   - spi: lpspi: Fix use-after-free on unbind (git-fixes).
   - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
     (git-fixes).
   - staging: octeon: Drop on uncorrectable alignment or FCS error
     (git-fixes).
   - staging: octeon: repair "fixed-link" support (git-fixes).
   - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
     (git-fixes).
   - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
     (bsc#1154353).
   - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow()
     (git-fixes).
   - svcrdma: fix bounce buffers for unaligned offsets and multiple pages
     (git-fixes).
   - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).
   - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
     (git-fixes).
   - thunderbolt: Fix memory leak if ida_simple_get() fails in
     enumerate_services() (git-fixes).
   - timer: Fix wheel index calculation on last level (git-fixes).
   - timer: Prevent base->clk from moving backward (git-fixes).
   - tpm: efi: Do not create binary_bios_measurements file for an empty log
     (git-fixes).
   - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).
   - tracing: Fix out of bounds write in get_trace_buf (git-fixes).
   - tty: serial: fsl_lpuart: add LS1028A support (git-fixes).
   - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like
     LS1028A (git-fixes).
   - tty: serial: imx: fix potential deadlock (git-fixes).
   - tty: serial: imx: keep console clocks always on (git-fixes).
   - uio: Fix use-after-free in uio_unregister_device() (git-fixes).
   - uio: free uio id after uio file node is freed (git-fixes).
   - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
   - USB: adutux: fix debugging (git-fixes).
   - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
   - USB: cdc-acm: fix cooldown mechanism (git-fixes).
   - USB: core: Change %pK for __user pointers to %px (git-fixes).
   - USB: core: driver: fix stray tabs in error messages (git-fixes).
   - USB: core: Fix regression in Hercules audio card (git-fixes).
   - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
   - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
   - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).
   - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
   - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).
   - USB: serial: cyberjack: fix write-URB completion race (git-fixes).
   - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
     (git-fixes).
   - USB: serial: option: add Quectel EC200T module support (git-fixes).
   - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
   - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after
     tSwapSourceStart (git-fixes).
   - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).
   - USB: xhci: omit duplicate actions when suspending a runtime suspended
     host (git-fixes).
   - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
   - video: hyperv_fb: include vmalloc.h (git-fixes).
   - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host
     (bsc#1175306).
   - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer
     driver (bsc#1175306).
   - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs
     (bsc#1175306).
   - virtio: virtio_console: fix DMA memory allocation for rproc serial
     (git-fixes).
   - vt: Disable KD_FONT_OP_COPY (bsc#1178589).
   - x86/hyperv: Clarify comment on x2apic mode (git-fixes).
   - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).
   - x86/kexec: Use up-to-dated screen_info copy to fill boot params
     (bsc#1175306).
   - x86/microcode/intel: Check patch signature before saving microcode for
     early loading (bsc#1152489).
   - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with
     always-on STIBP (bsc#1152489).
   - xfs: complain if anyone tries to create a too-large buffer log item
     (bsc#1166146).
   - xfs: do not update mtime on COW faults (bsc#1167030).
   - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
   - xfs: fix brainos in the refcount scrubber's rmap fragment processor
     (git-fixes).
   - xfs: fix flags argument to rmap lookup when converting shared file rmaps
     (git-fixes).
   - xfs: fix rmap key and record comparison functions (git-fixes).
   - xfs: fix scrub flagging rtinherit even if there is no rt device
     (git-fixes).
   - xfs: flush new eof page on truncate to avoid post-eof corruption
     (git-fixes).
   - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).
   - xfs: prohibit fs freezing when using empty transactions (bsc#1179442).
   - xfs: remove unused variable 'done' (bsc#1166166).
   - xfs: revert "xfs: fix rmap key and record comparison functions"
     (git-fixes).
   - xfs: set the unwritten bit in rmap lookup flags in
     xchk_bmap_get_rmapextents (git-fixes).
   - xfs: set xefi_discard when creating a deferred agfl free log intent item
     (git-fixes).
   - xfs: truncate should remove all blocks, not just to the end of the page
     cache (bsc#1166166).
   - xhci: Fix sizeof() mismatch (git-fixes).
   - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).

   kernel-default-base fixes the following issues:

   - Add wireguard kernel module (bsc#1179225)
   - Create the list of crypto kernel modules dynamically, supersedes
     hardcoded list of crc32 implementations (bsc#1177577)


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3748=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-24.43.2
      kernel-default-debugsource-5.3.18-24.43.2
      kernel-default-livepatch-5.3.18-24.43.2
      kernel-default-livepatch-devel-5.3.18-24.43.2
      kernel-livepatch-5_3_18-24_43-default-1-5.3.3
      kernel-livepatch-5_3_18-24_43-default-debuginfo-1-5.3.3
      kernel-livepatch-SLE15-SP2_Update_8-debugsource-1-5.3.3


References:

   https://www.suse.com/security/cve/CVE-2020-15436.html
   https://www.suse.com/security/cve/CVE-2020-15437.html
   https://www.suse.com/security/cve/CVE-2020-25668.html
   https://www.suse.com/security/cve/CVE-2020-25669.html
   https://www.suse.com/security/cve/CVE-2020-25704.html
   https://www.suse.com/security/cve/CVE-2020-27777.html
   https://www.suse.com/security/cve/CVE-2020-28915.html
   https://www.suse.com/security/cve/CVE-2020-28941.html
   https://www.suse.com/security/cve/CVE-2020-28974.html
   https://www.suse.com/security/cve/CVE-2020-29369.html
   https://www.suse.com/security/cve/CVE-2020-29371.html
   https://www.suse.com/security/cve/CVE-2020-4788.html
   https://bugzilla.suse.com/1149032
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1160634
   https://bugzilla.suse.com/1166146
   https://bugzilla.suse.com/1166166
   https://bugzilla.suse.com/1167030
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1170139
   https://bugzilla.suse.com/1171073
   https://bugzilla.suse.com/1171558
   https://bugzilla.suse.com/1172873
   https://bugzilla.suse.com/1173504
   https://bugzilla.suse.com/1174852
   https://bugzilla.suse.com/1175306
   https://bugzilla.suse.com/1175918
   https://bugzilla.suse.com/1176109
   https://bugzilla.suse.com/1176180
   https://bugzilla.suse.com/1176200
   https://bugzilla.suse.com/1176481
   https://bugzilla.suse.com/1176586
   https://bugzilla.suse.com/1176855
   https://bugzilla.suse.com/1176983
   https://bugzilla.suse.com/1177066
   https://bugzilla.suse.com/1177070
   https://bugzilla.suse.com/1177353
   https://bugzilla.suse.com/1177397
   https://bugzilla.suse.com/1177577
   https://bugzilla.suse.com/1177666
   https://bugzilla.suse.com/1177703
   https://bugzilla.suse.com/1177820
   https://bugzilla.suse.com/1178123
   https://bugzilla.suse.com/1178182
   https://bugzilla.suse.com/1178227
   https://bugzilla.suse.com/1178286
   https://bugzilla.suse.com/1178304
   https://bugzilla.suse.com/1178330
   https://bugzilla.suse.com/1178393
   https://bugzilla.suse.com/1178401
   https://bugzilla.suse.com/1178426
   https://bugzilla.suse.com/1178461
   https://bugzilla.suse.com/1178579
   https://bugzilla.suse.com/1178581
   https://bugzilla.suse.com/1178584
   https://bugzilla.suse.com/1178585
   https://bugzilla.suse.com/1178589
   https://bugzilla.suse.com/1178635
   https://bugzilla.suse.com/1178653
   https://bugzilla.suse.com/1178659
   https://bugzilla.suse.com/1178661
   https://bugzilla.suse.com/1178669
   https://bugzilla.suse.com/1178686
   https://bugzilla.suse.com/1178740
   https://bugzilla.suse.com/1178755
   https://bugzilla.suse.com/1178762
   https://bugzilla.suse.com/1178838
   https://bugzilla.suse.com/1178853
   https://bugzilla.suse.com/1178886
   https://bugzilla.suse.com/1179001
   https://bugzilla.suse.com/1179012
   https://bugzilla.suse.com/1179014
   https://bugzilla.suse.com/1179015
   https://bugzilla.suse.com/1179045
   https://bugzilla.suse.com/1179076
   https://bugzilla.suse.com/1179082
   https://bugzilla.suse.com/1179107
   https://bugzilla.suse.com/1179140
   https://bugzilla.suse.com/1179141
   https://bugzilla.suse.com/1179160
   https://bugzilla.suse.com/1179201
   https://bugzilla.suse.com/1179211
   https://bugzilla.suse.com/1179217
   https://bugzilla.suse.com/1179225
   https://bugzilla.suse.com/1179419
   https://bugzilla.suse.com/1179424
   https://bugzilla.suse.com/1179425
   https://bugzilla.suse.com/1179426
   https://bugzilla.suse.com/1179427
   https://bugzilla.suse.com/1179429
   https://bugzilla.suse.com/1179432
   https://bugzilla.suse.com/1179442
   https://bugzilla.suse.com/1179550



More information about the sle-security-updates mailing list