SUSE-SU-2020:3764-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 11 10:23:11 MST 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3764-1
Rating:             important
References:         #1139944 #1149032 #1152489 #1153274 #1154353 
                    #1155518 #1158775 #1160634 #1161099 #1167773 
                    #1170139 #1171558 #1173504 #1174852 #1175721 
                    #1175918 #1175995 #1176109 #1176200 #1176481 
                    #1176586 #1176855 #1176956 #1177066 #1177070 
                    #1177353 #1177397 #1177666 #1178182 #1178203 
                    #1178227 #1178286 #1178401 #1178426 #1178590 
                    #1178634 #1178635 #1178653 #1178669 #1178740 
                    #1178755 #1178756 #1178762 #1178782 #1178838 
                    #1178853 #1178886 #1179001 #1179012 #1179014 
                    #1179015 #1179045 #1179076 #1179082 #1179107 
                    #1179140 #1179141 #1179160 #1179201 #1179211 
                    #1179217 #1179419 #1179424 #1179425 #1179426 
                    #1179427 #1179429 #1179432 #1179442 #1179550 
                    #1179578 #1179601 #1179639 
Cross-References:   CVE-2020-15436 CVE-2020-15437 CVE-2020-25669
                    CVE-2020-25705 CVE-2020-27777 CVE-2020-27786
                    CVE-2020-28915 CVE-2020-28941 CVE-2020-29369
                    CVE-2020-29371 CVE-2020-4788
Affected Products:
                    SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 62 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
     which could have allowed local users to gain privileges or cause a
     denial of service (bsc#1179141).
   - CVE-2020-15437: Fixed a null pointer dereference which could have
     allowed local users to cause a denial of service(bsc#1179140).
   - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()
     (bsc#1178182).
   - CVE-2020-25705: Fixed A flaw in the way reply ICMP packets are limited
     in was found that allowed to quickly scan open UDP ports. This flaw
     allowed an off-path remote user to effectively bypassing source port UDP
     randomization. The highest threat from this vulnerability is to
     confidentiality and possibly integrity, because software and services
     that rely on UDP source port randomization (like DNS) are indirectly
     affected as well. Kernel versions may be vulnerable to this issue
     (bsc#1175721, bsc#1178782).
   - CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107)
   - CVE-2020-27786: Fixed a use after free in kernel midi subsystem
     snd_rawmidi_kernel_read1() (bsc#1179601).
   - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
     have been used by local attackers to read kernel memory (bsc#1178886).
   - CVE-2020-28941: Fixed an issue where local attackers on systems with the
     speakup driver could cause a local denial of service attack
     (bsc#1178740).
   - CVE-2020-29369: Fixed a race condition between certain expand functions
     (expand_downwards and expand_upwards) and page-table free operations
     from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432).
   - CVE-2020-29371: Fixed uninitialized memory leaks to userspace
     (bsc#1179429).
   - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
     allowed a local user to obtain sensitive information from the data in
     the L1 cache under extenuating circumstances (bsc#1177666).

   The following non-security bugs were fixed:

   - ACPI: APEI: Kick the memory_failure() queue for synchronous errors
     (jsc#SLE-16610).
   - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).
   - ACPICA: Add NHLT table signature (bsc#1176200).
   - Add bug reference to two hv_netvsc patches (bsc#1178853).
   - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
   - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
     (git-fixes).
   - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).
   - ALSA: hda/generic: Add option to enforce preferred_dacs pairs
     (git-fixes).
   - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model
     (git-fixes).
   - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
   - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
     (git-fixes).
   - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button
     (git-fixes).
   - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).
   - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294
     (git-fixes).
   - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14
     (git-fixes).
   - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes).
   - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).
   - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).
   - ALSA: mixart: Fix mutex deadlock (git-fixes).
   - ALSA: usb-audio: Add delay quirk for all Logitech USB devices
     (git-fixes).
   - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203).
   - ALSA: usb-audio: Correct wrongly matching entries with audio class
     (bsc#1178203).
   - ALSA: usb-audio: Move device rename and profile quirks to an internal
     table (bsc#1178203).
   - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203).
   - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203).
   - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203).
   - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
   - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo
     (bsc#1178203).
   - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203).
   - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work
     (jsc#SLE-16610).
   - arm64: bpf: Fix branch offset in JIT (git-fixes).
   - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on
     PHY (git-fixes).
   - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay
     (git-fixes).
   - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).
   - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay
     (git-fixes).
   - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).
   - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point
     (git-fixes).
   - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).
   - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).
   - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
     (git-fixes).
   - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions
     (git-fixes).
   - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).
   - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).
   - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes
     (git-fixes).
   - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes
     (git-fixes).
   - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).
   - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).
   - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks
     (git-fixes).
   - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
   - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes).
   - batman-adv: Consider fragmentation for needed_headroom (git-fixes).
   - batman-adv: Do not always reallocate the fragmentation skb head
     (git-fixes).
   - batman-adv: Reserve needed_*room for fragments (git-fixes).
   - batman-adv: set .owner to THIS_MODULE (git-fixes).
   - blk-mq-blk-mq-provide-forced-completion-method.patch:
     (bsc#1175995,jsc#SLE-15608,bsc#1178756).
   - bnxt_en: Avoid sending firmware messages when AER error is detected
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task()
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one()
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).
   - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371
     bsc#1153274).
   - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE
     (bsc#1155518).
   - bpf: Fix comment for helper bpf_current_task_under_cgroup()
     (bsc#1155518).
   - bpf: Zero-fill re-used per-cpu map element (bsc#1155518).
   - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space
     reservation (bsc#1161099).
   - btrfs: fix bytes_may_use underflow in prealloc error condtition
     (bsc#1179217).
   - btrfs: fix metadata reservation for fallocate that leads to transaction
     aborts (bsc#1179217).
   - btrfs: fix relocation failure due to race with fallocate (bsc#1179217).
   - btrfs: qgroup: do not commit transaction when we already hold the handle
     (bsc#1178634).
   - btrfs: remove item_size member of struct btrfs_clone_extent_info
     (bsc#1179217).
   - btrfs: rename btrfs_insert_clone_extent() to a more generic name
     (bsc#1179217).
   - btrfs: rename btrfs_punch_hole_range() to a more generic name
     (bsc#1179217).
   - btrfs: rename struct btrfs_clone_extent_info to a more generic name
     (bsc#1179217).
   - can: af_can: prevent potential access of uninitialized member in
     canfd_rcv() (git-fixes).
   - can: af_can: prevent potential access of uninitialized member in
     can_rcv() (git-fixes).
   - can: c_can: c_can_power_up(): fix error handling (git-fixes).
   - can: dev: can_restart(): post buffer from the right context (git-fixes).
   - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop
     mode property comment (git-fixes).
   - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
   - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).
   - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1
     (git-fixes).
   - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
   - can: m_can: m_can_stop(): set device to software init mode before
     closing (git-fixes).
   - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to
     can_put_echo_skb() (git-fixes).
   - can: peak_usb: fix potential integer overflow on shift of a int
     (git-fixes).
   - can: sja1000: sja1000_err(): do not count arbitration lose as an error
     (git-fixes).
   - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an
     error (git-fixes).
   - ceph: add check_session_state() helper and make it global (bsc#1179012).
   - ceph: check session state after bumping session->s_seq (bsc#1179012).
   - ceph: check the sesion state and return false in case it is closed
     (bsc#1179012).
   - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).
   - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
   - cfg80211: initialize wdev data earlier (git-fixes).
   - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
   - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
   - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
   - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
   - cifs: remove bogus debug code (bsc#1179427).
   - cifs: Return the error from crypt_message when enc/dec key not found
     (bsc#1179426).
   - clk: define to_clk_regmap() as inline function (git-fixes).
   - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case
     use (bsc#1178203).
   - Convert trailing spaces and periods in path components (bsc#1179424).
   - coredump: fix core_pattern parse error (git-fixes).
   - crypto: sun4i-ss - add the A33 variant of SS (git-fixes).
   - devlink: Make sure devlink instance and port are in same net namespace
     (bsc#1154353).
   - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
   - Documentation/admin-guide/module-signing.rst: add openssl command option
     example for CodeSign EKU (bsc#1177353, bsc#1179076).
   - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).
   - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838).
     Also correct the page size on ppc64.
   - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).
   - EDAC/amd64: Find Chip Select memory size using Address Mask
     (bsc#1179001).
   - EDAC/amd64: Gather hardware information early (bsc#1179001).
   - EDAC/amd64: Initialize DIMM info for systems with more than two channels
     (bsc#1179001).
   - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).
   - EDAC/amd64: Save max number of controllers to family type (bsc#1179001).
   - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).
   - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).
   - efi: efibc: check for efivars write capability (git-fixes).
   - efi: EFI_EARLYCON should depend on EFI (git-fixes).
   - efi/efivars: Set generic ops before loading SSDT (git-fixes).
   - efi/esrt: Fix reference count leak in esre_create_sysfs_entry
     (git-fixes).
   - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).
   - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
   - efivarfs: fix memory leak in efivarfs_create() (git-fixes).
   - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes).
   - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper
     (git-fixes).
   - efi/x86: Do not panic or BUG() on non-critical error conditions
     (git-fixes).
   - efi/x86: Fix the deletion of variables in mixed mode (git-fixes).
   - efi/x86: Free efi_pgd with free_pages() (git-fixes).
   - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode
     (git-fixes).
   - efi/x86: Ignore the memory attributes table on i386 (git-fixes).
   - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
   - ethtool: fix error handling in ethtool_phys_id (git-fixes).
   - firmware: arm_sdei: Document the motivation behind these set_fs() calls
     (jsc#SLE-16610).
   - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was
     mistakenly set as built-in. Mark it as module.
   - futex: Do not enable IRQs unconditionally in put_pi_state()
     (bsc#1149032).
   - futex: Handle transient "ownerless" rtmutex state correctly
     (bsc#1149032).
   - geneve: pull IP header before ECN decapsulation (git-fixes).
   - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices
     (git-fixes).
   - HID: Add Logitech Dinovo Edge battery quirk (git-fixes).
   - HID: add support for Sega Saturn (git-fixes).
   - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).
   - HID: hid-sensor-hub: Fix issue with devices with no report ID
     (git-fixes).
   - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off
     keypresses (git-fixes).
   - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).
   - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver
     (git-fixes).
   - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin
     trackpad (git-fixes).
   - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo
     Edge (git-fixes).
   - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).
   - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes).
   - hv_balloon: disable warning when floor reached (git-fixes).
   - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*()
     functions (git-fixes).
   - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).
   - i2c: mediatek: move dma reset before i2c reset (git-fixes).
   - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
     (git-fixes).
   - i2c: sh_mobile: implement atomic transfers (git-fixes).
   - igc: Fix not considering the TX delay for timestamps (bsc#1160634).
   - igc: Fix wrong timestamp latency numbers (bsc#1160634).
   - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting
     tablet-mode (git-fixes).
   - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
     (git-fixes).
   - iio: adc: mediatek: fix unset field (git-fixes).
   - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).
   - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
   - Input: i8042 - allow insmod to succeed on devices without an i8042
     controller (git-fixes).
   - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).
   - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER
     (git-fixes).
   - intel_idle: Customize IceLake server support (bsc#1178286).
   - ionic: check port ptr before use (bsc#1167773).
   - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).
   - kABI: revert use_mm name change (MM Functionality, bsc#1178426).
   - kABI workaround for HD-audio generic parser (git-fixes).
   - kABI workaround for HD-audio (git-fixes).
   - kABI workaround for USB audio driver (bsc#1178203).
   - kernel: better document the use_mm/unuse_mm API contract (MM
     Functionality, bsc#1178426).
   - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
   - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
     RPM_BUILD_ROOT is cleared before %%install. Do the unpack into
     RPM_BUILD_ROOT in %%install
   - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).
   - kgdb: Fix spurious true from in_dbg_master() (git-fixes).
   - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return
     SMCCC_RET_NOT_REQUIRED (git-fixes).
   - lan743x: fix issue causing intermittent kernel log warnings (git-fixes).
   - lan743x: prevent entire kernel HANG on open, for some platforms
     (git-fixes).
   - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).
   - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - lib/strncpy_from_user.c: Mask out bytes after NUL terminator
     (bsc#1155518).
   - mac80211: always wind down STA state (git-fixes).
   - mac80211: fix use of skb payload instead of header (git-fixes).
   - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
   - mac80211: minstrel: fix tx status processing corner case (git-fixes).
   - mac80211: minstrel: remove deferred sampling code (git-fixes).
   - mei: protect mei_cl_mtu from null dereference (git-fixes).
   - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).
   - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based
     Intel controllers (git-fixes).
   - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
     (MM Functionality, bsc#1178426).
   - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality,
     bsc#1178426).
   - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).
   - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586,
     LTC#188235).
   - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git
     fixes (mm/ksm)).
   - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610).
   - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes
     (mm/mempolicy)).
   - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).
   - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes
     (mm/vmscan)).
   - mm, THP, swap: fix allocating cluster for swapfile by mistake
     (bsc#1178755).
   - modsign: Add codeSigning EKU when generating X.509 key generation config
     (bsc#1177353, bsc#1179076).
   - net: ena: Capitalize all log strings and improve code readability
     (bsc#1177397).
   - net: ena: Change license into format to SPDX in all files (bsc#1177397).
   - net: ena: Change log message to netif/dev function (bsc#1177397).
   - net: ena: Change RSS related macros and variables names (bsc#1177397).
   - net: ena: ethtool: Add new device statistics (bsc#1177397).
   - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
   - net: ena: ethtool: convert stat_offset to 64 bit resolution
     (bsc#1177397).
   - net: ena: Fix all static chekers' warnings (bsc#1177397).
   - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
   - net: ena: handle bad request id in ena_netdev (bsc#1174852).
   - net: ena: Remove redundant print of placement policy (bsc#1177397).
   - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
   - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).
   - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).
   - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled
     (jsc#SLE-8464).
   - net: sctp: Rename fallthrough label to unhandled (bsc#1178203).
   - net/x25: prevent a couple of overflows (bsc#1178590).
   - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
   - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669
     bsc#1170139).
   - nvme: do not update disk info for multipathed device (bsc#1171558).
   - nvme-force-complete-cancelled-requests.patch:
     (bsc#1175995,bsc#1178756,jsc#SLE-15608).
   - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
   - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
   - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time
     (git-fixes).
   - platform/x86: toshiba_acpi: Fix the wrong variable assignment
     (git-fixes).
   - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM
     Functionality, bsc#1178426).
   - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).
   - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639
     ltc#189002).
   - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h
     (jsc#SLE-16360 jsc#SLE-16915).
   - powerpc/perf: Fix crash with is_sier_available when pmu is not set
     (bsc#1179578 ltc#189313).
   - powerpc/pmem: Add flush routines using new pmem store and sync
     instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Add new instructions for persistent storage and sync
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Update ppc64 to use the new barrier instruction
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869
     jsc#SLE-16321).
   - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score
     (jsc#SLE-16360 jsc#SLE-16915).
   - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869
     jsc#SLE-16321).
   - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality,
     bsc#1178426).
   - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293).
   - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).
   - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).
   - RDMA/hns: Fix the wrong value of rnr_retry when querying qp
     (jsc#SLE-8449).
   - RDMA/hns: Fix wrong field of SRQ number the device supports
     (jsc#SLE-8449).
   - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).
   - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).
   - RDMA/qedr: Fix return code if accept is called on a destroyed qp
     (jsc#SLE-8215).
   - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).
   - reboot: fix overflow parsing reboot cpu number (git-fixes).
   - regulator: avoid resolve_supply() infinite recursion (git-fixes).
   - regulator: fix memory leak with repeated set_machine_constraints()
     (git-fixes).
   - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200}
     (git-fixes).
   - regulator: ti-abb: Fix array out of bound read access on the first
     transition (git-fixes).
   - regulator: workaround self-referent regulators (git-fixes).
   - Restore the header of series.conf The header of series.conf was
     accidentally changed by abb50be8e6bc "(kABI: revert use_mm name change
     (MM Functionality, bsc#1178426))".
   - Revert "xfs: complain if anyone tries to create a too-large buffer"
     (bsc#1179425, bsc#1179550)
   - rfkill: Fix use-after-free in rfkill_resume() (git-fixes).
   - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author:
     Dominique Leuenberger -<dimstar at opensuse.org>
   - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)
     %split_extra still contained two.
   - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)
     egrep is only a deprecated bash wrapper for "grep -E". So use the latter
     instead.
   - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls
     (bsc#1178401)
   - rpm/kernel-{source,binary}.spec: do not include ghost symlinks
     (boo#1179082).
   - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit
     kernel due to various bugs (bsc#1178762 to name one). There is:
     ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's
     prjconf now. No other actively maintained distro (i.e. merging packaging
     branch) builds a x86_32 kernel, hence pushing to packaging directly.
   - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes).
   - s390/bpf: Fix multiple tail calls (git-fixes).
   - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918
     LTC#187935).
   - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
   - s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
   - s390/pkey: fix paes selftest failure with paes and pkey static build
     (git-fixes).
   - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).
   - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).
   - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).
   - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes
     (sched)).
   - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).
   - sched: Fix rq->nr_iowait ordering (git fixes (sched)).
   - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
   - scsi: libiscsi: Fix NOP race condition (bsc#1176481).
   - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).
   - spi: lpspi: Fix use-after-free on unbind (git-fixes).
   - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
     (git-fixes).
   - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
     (bsc#1154353).
   - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow()
     (git-fixes).
   - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
     (git-fixes).
   - thunderbolt: Fix memory leak if ida_simple_get() fails in
     enumerate_services() (git-fixes).
   - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes).
   - timer: Fix wheel index calculation on last level (git-fixes).
   - timer: Prevent base->clk from moving backward (git-fixes).
   - time/sched_clock: Mark sched_clock_read_begin/retry() as notrace
     (git-fixes).
   - tpm: efi: Do not create binary_bios_measurements file for an empty log
     (git-fixes).
   - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).
   - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).
   - tty: serial: imx: fix potential deadlock (git-fixes).
   - tty: serial: imx: keep console clocks always on (git-fixes).
   - uio: Fix use-after-free in uio_unregister_device() (git-fixes).
   - Update patches.suse/xfrm-Fix-memleak-on-xfrm-state-destroy.patch
     references (add bsc#1158775).
   - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
   - USB: core: Change %pK for __user pointers to %px (git-fixes).
   - USB: core: driver: fix stray tabs in error messages (git-fixes).
   - USB: core: Fix regression in Hercules audio card (git-fixes).
   - USB: gadget: f_fs: Use local copy of descriptors for userspace copy
     (git-fixes).
   - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
   - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
   - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).
   - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO
     built-in usb-audio card (git-fixes).
   - USB: serial: kl5kusb105: fix memleak on open (git-fixes).
   - USB: serial: kl5kusb105: fix memleak on open (git-fixes).
   - USB: serial: option: fix Quectel BG96 matching (git-fixes).
   - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
   - video: hyperv_fb: include vmalloc.h (git-fixes).
   - virtio: virtio_console: fix DMA memory allocation for rproc serial
     (git-fixes).
   - x86/hyperv: Clarify comment on x2apic mode (git-fixes).
   - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).
   - x86/microcode/intel: Check patch signature before saving microcode for
     early loading (bsc#1152489).
   - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak
     (bsc#1152489).
   - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount
     leak (bsc#1152489).
   - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with
     always-on STIBP (bsc#1152489).
   - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
     (bsc#1152489).
   - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
   - xfs: fix brainos in the refcount scrubber's rmap fragment processor
     (git-fixes).
   - xfs: fix flags argument to rmap lookup when converting shared file rmaps
     (git-fixes).
   - xfs: fix rmap key and record comparison functions (git-fixes).
   - xfs: prohibit fs freezing when using empty transactions (bsc#1179442).
   - xfs: revert "xfs: fix rmap key and record comparison functions"
     (git-fixes).
   - xfs: set the unwritten bit in rmap lookup flags in
     xchk_bmap_get_rmapextents (git-fixes).
   - xhci: Fix sizeof() mismatch (git-fixes).
   - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Realtime 15-SP2:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-3764=1



Package List:

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):

      cluster-md-kmp-rt-5.3.18-19.1
      cluster-md-kmp-rt-debuginfo-5.3.18-19.1
      dlm-kmp-rt-5.3.18-19.1
      dlm-kmp-rt-debuginfo-5.3.18-19.1
      gfs2-kmp-rt-5.3.18-19.1
      gfs2-kmp-rt-debuginfo-5.3.18-19.1
      kernel-rt-5.3.18-19.1
      kernel-rt-debuginfo-5.3.18-19.1
      kernel-rt-debugsource-5.3.18-19.1
      kernel-rt-devel-5.3.18-19.1
      kernel-rt-devel-debuginfo-5.3.18-19.1
      kernel-rt_debug-debuginfo-5.3.18-19.1
      kernel-rt_debug-debugsource-5.3.18-19.1
      kernel-rt_debug-devel-5.3.18-19.1
      kernel-rt_debug-devel-debuginfo-5.3.18-19.1
      kernel-syms-rt-5.3.18-19.1
      ocfs2-kmp-rt-5.3.18-19.1
      ocfs2-kmp-rt-debuginfo-5.3.18-19.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):

      kernel-devel-rt-5.3.18-19.1
      kernel-source-rt-5.3.18-19.1


References:

   https://www.suse.com/security/cve/CVE-2020-15436.html
   https://www.suse.com/security/cve/CVE-2020-15437.html
   https://www.suse.com/security/cve/CVE-2020-25669.html
   https://www.suse.com/security/cve/CVE-2020-25705.html
   https://www.suse.com/security/cve/CVE-2020-27777.html
   https://www.suse.com/security/cve/CVE-2020-27786.html
   https://www.suse.com/security/cve/CVE-2020-28915.html
   https://www.suse.com/security/cve/CVE-2020-28941.html
   https://www.suse.com/security/cve/CVE-2020-29369.html
   https://www.suse.com/security/cve/CVE-2020-29371.html
   https://www.suse.com/security/cve/CVE-2020-4788.html
   https://bugzilla.suse.com/1139944
   https://bugzilla.suse.com/1149032
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1158775
   https://bugzilla.suse.com/1160634
   https://bugzilla.suse.com/1161099
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1170139
   https://bugzilla.suse.com/1171558
   https://bugzilla.suse.com/1173504
   https://bugzilla.suse.com/1174852
   https://bugzilla.suse.com/1175721
   https://bugzilla.suse.com/1175918
   https://bugzilla.suse.com/1175995
   https://bugzilla.suse.com/1176109
   https://bugzilla.suse.com/1176200
   https://bugzilla.suse.com/1176481
   https://bugzilla.suse.com/1176586
   https://bugzilla.suse.com/1176855
   https://bugzilla.suse.com/1176956
   https://bugzilla.suse.com/1177066
   https://bugzilla.suse.com/1177070
   https://bugzilla.suse.com/1177353
   https://bugzilla.suse.com/1177397
   https://bugzilla.suse.com/1177666
   https://bugzilla.suse.com/1178182
   https://bugzilla.suse.com/1178203
   https://bugzilla.suse.com/1178227
   https://bugzilla.suse.com/1178286
   https://bugzilla.suse.com/1178401
   https://bugzilla.suse.com/1178426
   https://bugzilla.suse.com/1178590
   https://bugzilla.suse.com/1178634
   https://bugzilla.suse.com/1178635
   https://bugzilla.suse.com/1178653
   https://bugzilla.suse.com/1178669
   https://bugzilla.suse.com/1178740
   https://bugzilla.suse.com/1178755
   https://bugzilla.suse.com/1178756
   https://bugzilla.suse.com/1178762
   https://bugzilla.suse.com/1178782
   https://bugzilla.suse.com/1178838
   https://bugzilla.suse.com/1178853
   https://bugzilla.suse.com/1178886
   https://bugzilla.suse.com/1179001
   https://bugzilla.suse.com/1179012
   https://bugzilla.suse.com/1179014
   https://bugzilla.suse.com/1179015
   https://bugzilla.suse.com/1179045
   https://bugzilla.suse.com/1179076
   https://bugzilla.suse.com/1179082
   https://bugzilla.suse.com/1179107
   https://bugzilla.suse.com/1179140
   https://bugzilla.suse.com/1179141
   https://bugzilla.suse.com/1179160
   https://bugzilla.suse.com/1179201
   https://bugzilla.suse.com/1179211
   https://bugzilla.suse.com/1179217
   https://bugzilla.suse.com/1179419
   https://bugzilla.suse.com/1179424
   https://bugzilla.suse.com/1179425
   https://bugzilla.suse.com/1179426
   https://bugzilla.suse.com/1179427
   https://bugzilla.suse.com/1179429
   https://bugzilla.suse.com/1179432
   https://bugzilla.suse.com/1179442
   https://bugzilla.suse.com/1179550
   https://bugzilla.suse.com/1179578
   https://bugzilla.suse.com/1179601
   https://bugzilla.suse.com/1179639



More information about the sle-security-updates mailing list