SUSE-SU-2020:2102-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jul 31 13:14:33 MDT 2020
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2102-1
Rating: important
References: #1065729 #1152472 #1152489 #1153274 #1154353
#1154488 #1155518 #1155798 #1165933 #1167773
#1168959 #1169771 #1171857 #1171988 #1172201
#1173074 #1173849 #1173941 #1174072 #1174116
#1174126 #1174127 #1174128 #1174129 #1174185
#1174205 #1174247 #1174263 #1174264 #1174331
#1174332 #1174333 #1174356 #1174362 #1174396
#1174398 #1174407 #1174409 #1174411 #1174438
#1174462 #1174513 #1174527 #1174627 #1174645
Cross-References: CVE-2020-0305 CVE-2020-10135 CVE-2020-10781
CVE-2020-14331
Affected Products:
SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________
An update that solves four vulnerabilities and has 41 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-10781: Fixed a denial of service issue in the ZRAM
implementation (bnc#1173074).
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
use-after-free due to a race condition. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1174462).
- CVE-2020-10135: Legacy pairing and secure-connections pairing
authentication in bluetooth may have allowed an unauthenticated user to
complete authentication without pairing credentials via adjacent access.
An unauthenticated, adjacent attacker could impersonate a Bluetooth
BR/EDR master or slave to pair with a previously paired remote device to
successfully complete the authentication procedure without knowing the
link key (bnc#1171988).
- CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update()
(bnc#1174205).
The following non-security bugs were fixed:
- ACPICA: Dispatcher: add status checks (git-fixes).
- ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes).
- ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes).
- ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes).
- ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL
(jsc#SLE-13261).
- ALSA: hda/realtek - change to suitable link model for ASUS platform
(git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
ALC256 (git-fixes).
- ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401)
series with ALC289 (git-fixes).
- ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes).
- ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes).
- ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
Notebook Pen S (git-fixes).
- ALSA: hda/realtek - fixup for yet another Intel reference board
(git-fixes).
- ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
- ALSA: line6: Perform sanity check for each URB creation (git-fixes).
- ALSA: line6: Sync the pending work cancel at disconnection (git-fixes).
- ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight
S (git-fixes).
- ALSA: usb-audio: Fix race against the error recovery URB submission
(git-fixes).
- apparmor: ensure that dfa state tables have entries (git-fixes).
- apparmor: fix introspection of of task mode for unconfined tasks
(git-fixes).
- apparmor: Fix memory leak of profile proxy (git-fixes).
- apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes).
- apparmor: remove useless aafs_create_symlink (git-fixes).
- arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
(bsc#1174398).
- arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
(bsc#1174398).
- ASoC: codecs: max98373: Removed superfluous volume control from chip
default (git-fixes).
- ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend
(git-fixes).
- ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes).
- ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes).
- ASoC: rt286: fix unexpected interrupt happens (git-fixes).
- ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the
Lenovo Miix 2 10 (git-fixes).
- ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
- ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of
10 (git-fixes).
- ASoC: rt5682: Report the button event in the headset type only
(git-fixes).
- ASoC: topology: fix kernel oops on route addition error (git-fixes).
- ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes).
- ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes).
- ASoC: wm8974: remove unsupported clock mode (git-fixes).
- ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes).
- ath9k: Fix regression with Atheros 9271 (git-fixes).
- ax88172a: fix ax88172a_unbind() failures (git-fixes).
- blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
(bsc#1165933).
- bnxt_en: Init ethtool link settings after reading updated PHY
configuration (jsc#SLE-8371 bsc#1153274).
- bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518).
- brcmfmac: Transform compatible string for FW loading (bsc#1169771).
- bridge: Avoid infinite loop when suppressing NS messages with invalid
options (networking-stable-20_06_10).
- bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes).
- btrfs: add assertions for tree == inode->io_tree to extent IO helpers
(bsc#1174438).
- btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range
(bsc#1174438).
- btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
(bsc#1174438).
- btrfs: fix hang on snapshot creation after RWF_NOWAIT write
(bsc#1174438).
- btrfs: fix RWF_NOWAIT write not failling when we need to cow
(bsc#1174438).
- btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO
(bsc#1174438).
- btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
- bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes).
- dccp: Fix possible memleak in dccp_init and dccp_fini
(networking-stable-20_06_16).
- devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
- /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
- /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
- dmaengine: dmatest: stop completed threads when running without set
channel (git-fixes).
- dmaengine: dw: Initialize channel before each transfer (git-fixes).
- dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes).
- dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
(git-fixes).
- dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes).
- dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler
(git-fixes).
- dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes).
- dm: do not use waitqueue for request-based DM (bsc#1165933).
- dpaa_eth: FMan erratum A050385 workaround (bsc#1174396).
- dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396).
- drm/amd/display: Use kfree() to free rgb_user in
calculate_user_regamma_ramp() (git-fixes).
- drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes).
- drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes).
- drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes).
- drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes).
- drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472)
- drm/exynos: fix ref count leak in mic_pre_enable (git-fixes).
- drm/exynos: Properly propagate return value in drm_iommu_attach_device()
(git-fixes).
- drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489)
- drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes).
- drm/i915/gt: Only swap to a random sibling once upon creation
(bsc#1152489)
- drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.
(bsc#1152489)
- drm: mcde: Fix display initialization problem (git-fixes).
- drm/mediatek: Check plane visibility in atomic_update (git-fixes).
- drm/msm/dpu: allow initialization of encoder locks during encoder init
(git-fixes).
- drm/msm: fix potential memleak in error branch (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
(git-fixes).
- drm: panel-orientation-quirks: Use generic orientation-data for Acer
S1003 (git-fixes).
- drm/radeon: fix double free (git-fixes).
- drm: sun4i: hdmi: Fix inverted HPD result (git-fixes).
- drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes).
- drm/tegra: hub: Do not enable orphaned window group (git-fixes).
- exfat: add missing brelse() calls on error paths (git-fixes).
- exfat: fix incorrect update of stream entry in __exfat_truncate()
(git-fixes).
- exfat: fix memory leak in exfat_parse_param() (git-fixes).
- exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes).
- fpga: dfl: fix bug in port reset handshake (git-fixes).
- fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config
file
- fuse: copy_file_range should truncate cache (git-fixes).
- fuse: fix copy_file_range cache issues (git-fixes).
- geneve: fix an uninitialized value in geneve_changelink() (git-fixes).
- gpio: pca953x: disable regmap locking for automatic address incrementing
(git-fixes).
- gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes).
- gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
(git-fixes).
- gpu: host1x: Detach driver on unregister (git-fixes).
- habanalabs: increase timeout during reset (git-fixes).
- HID: logitech-hidpp: avoid repeated "multiplier = " log messages
(git-fixes).
- HID: magicmouse: do not set up autorepeat (git-fixes).
- HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes).
- HID: quirks: Ignore Simply Automated UPB PIM (git-fixes).
- HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
(git-fixes).
- hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
path (git-fixes).
- hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
(git-fixes).
- hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes).
- i2c: eg20t: Load module automatically if ID matches (git-fixes).
- i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes).
- i2c: rcar: always clear ICSAR to avoid side effects (git-fixes).
- i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes).
- i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes).
- i40iw: fix null pointer dereference on a null wqe pointer (git-fixes).
- i40iw: Report correct firmware version (git-fixes).
- IB/cma: Fix ports memory leak in cma_configfs (git-fixes).
- IB/core: Fix potential NULL pointer dereference in pkey cache
(git-fixes).
- IB/hfi1: Do not destroy hfi1_wq when the device is shut down
(bsc#1174409).
- IB/hfi1: Do not destroy link_wq when the device is shut down
(bsc#1174409).
- IB/hfi1: Ensure pq is not left on waitlist (git-fixes).
- IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411).
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration
(git-fixes).
- IB/hfi1: Fix module use count flaw due to leftover module put calls
(bsc#1174407).
- IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes).
- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
(git-fixes).
- IB/mad: Fix use after free when destroying MAD agent (git-fixes).
- IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes).
- IB/mlx5: Fix 50G per lane indication (git-fixes).
- IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
(git-fixes).
- IB/mlx5: Fix missing congestion control debugfs on rep rdma device
(git-fixes).
- IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads
(git-fixes).
- IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes).
- IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes).
- IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes).
- ieee802154: fix one possible memleak in adf7242_probe (git-fixes).
- iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()'
(git-fixes).
- iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes).
- iio:health:afe4404 Fix timestamp alignment and prevent data leak
(git-fixes).
- iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes).
- iio:humidity:hts221 Fix alignment and data leak issues (git-fixes).
- iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes).
- iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes).
- iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
(git-fixes).
- iio:pressure:ms5611 Fix buffer element alignment (git-fixes).
- iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes).
- Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes).
- Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes).
- Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes).
- Input: mms114 - add extra compatible for mms345l (git-fixes).
- intel_th: Fix a NULL dereference when hub driver is not loaded
(git-fixes).
- intel_th: pci: Add Emmitsburg PCH support (git-fixes).
- intel_th: pci: Add Jasper Lake CPU support (git-fixes).
- intel_th: pci: Add Tiger Lake PCH-H support (git-fixes).
- iommu/arm-smmu-v3: Do not reserve implementation defined register space
(bsc#1174126).
- iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127).
- iommu/vt-d: Update scalable mode paging structure coherency
(bsc#1174128).
- ionic: centralize queue reset code (bsc#1167773).
- ionic: fix up filter locks and debug msgs (bsc#1167773).
- ionic: keep rss hash after fw update (bsc#1167773).
- ionic: update filter id after replay (bsc#1167773).
- ionic: update the queue count on open (bsc#1167773).
- ionic: use mutex to protect queue operations (bsc#1167773).
- ionic: use offset for ethtool regs data (bsc#1167773).
- kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
- keys: asymmetric: fix error return code in software_key_query()
(git-fixes).
- KVM: nVMX: always update CR3 in VMCS (git-fixes).
- l2tp: add sk_family checks to l2tp_validate_socket
(networking-stable-20_06_07).
- l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
- lib: Reduce user_access_begin() boundaries in strncpy_from_user() and
strnlen_user() (bsc#1174331).
- media: cec: silence shift wrapping warning in __cec_s_log_addrs()
(git-fixes).
- mei: bus: do not clean driver pointer (git-fixes).
- mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602).
- mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3
(bsc#1154488).
- mlxsw: core: Use different get_trend() callbacks for different thermal
zones (networking-stable-20_06_10).
- mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
(git-fixes).
- mmc: sdhci: do not enable card detect interrupt for gpio cd type
(git-fixes).
- mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
(bsc#1174527).
- nbd: Fix memory leak in nbd_add_socket (git-fixes).
- net: be more gentle about silly gso requests coming from user
(networking-stable-20_06_07).
- net: check untrusted gso_size at kernel entry
(networking-stable-20_06_07).
- netdevsim: fix unbalaced locking in nsim_create() (git-fixes).
- net: dsa: bcm_sf2: Fix node reference count (git-fixes).
- net_failover: fixed rollback in net_failover_open()
(networking-stable-20_06_10).
- netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c
(bsc#1171857).
- netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and
exit helpers (bsc#1171857).
- netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c
(bsc#1171857).
- netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit
helpers (bsc#1171857).
- net: fsl/fman: treat all RGMII modes in memac_adjust_link()
(bsc#1174398).
- net: hns3: check reset pending after FLR prepare (bsc#1154353).
- net: hns3: fix error handling for desc filling (git-fixes).
- net: hns3: fix for not calculating TX BD send size correctly (git-fixes).
- net: hns3: fix return value error when query MAC link status fail
(git-fixes).
- net: ipv4: Fix wrong type conversion from hint to rt in
ip_route_use_hint() (bsc#1154353).
- net: macb: call pm_runtime_put_sync on failure path (git-fixes).
- net/mlx5: drain health workqueue in case of driver load error
(networking-stable-20_06_16).
- net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash
(jsc#SLE-8464).
- net/mlx5e: Fix repeated XSK usage on one channel
(networking-stable-20_06_16).
- net/mlx5e: Fix VXLAN configuration restore after function reload
(jsc#SLE-8464).
- net/mlx5: Fix fatal error handling during device load
(networking-stable-20_06_16).
- net: phy: realtek: add support for configuring the RX delay on RTL8211F
(bsc#1174398).
- net/smc: fix restoring of fallback changes (git-fixes).
- net: stmmac: do not attach interface until resume finishes (bsc#1174072).
- net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072).
- net: stmmac: dwc-qos: use generic device api (bsc#1174072).
- net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
v5.10a (networking-stable-20_06_07).
- net: stmmac: platform: fix probe for ACPI devices (bsc#1174072).
- net/tls: fix encryption error checking (git-fixes).
- net/tls: free record only on encryption error (git-fixes).
- net: usb: qmi_wwan: add Telit LE910C1-EUX composition
(networking-stable-20_06_07).
- nfc: nci: add missed destroy_workqueue in nci_register_device
(git-fixes).
- nfp: flower: fix used time of merge flow statistics
(networking-stable-20_06_07).
- NFS: Fix interrupted slots by sending a solo SEQUENCE operation
(bsc#1174264).
- NTB: Fix static check warning in perf_clear_test (git-fixes).
- NTB: Fix the default port and peer numbers for legacy drivers
(git-fixes).
- ntb: hw: remove the code that sets the DMA mask (git-fixes).
- NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes).
- NTB: ntb_test: Fix bug when counting remote files (git-fixes).
- NTB: ntb_tool: reading the link file should not end in a NULL byte
(git-fixes).
- NTB: perf: Do not require one more memory window than number of peers
(git-fixes).
- NTB: perf: Fix race condition when run with ntb_test (git-fixes).
- NTB: perf: Fix support for hardware that does not have port numbers
(git-fixes).
- ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes).
- NTB: Revert the change to use the NTB device dev for DMA allocations
(git-fixes).
- ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes).
- ovl: inode reference leak in ovl_is_inuse true case (git-fixes).
- padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes).
- padata: kABI fixup for struct padata_instance splitting nodes
(git-fixes).
- PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership
(bsc#1174356).
- PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
- PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513).
- PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2
(bsc#1172201).
- pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
- percpu: Separate decrypted varaibles anytime encryption can be enabled
(bsc#1174332).
- phy: sun4i-usb: fix dereference of pointer phy0 before it is null
checked (git-fixes).
- platform/x86: ISST: Increase timeout (bsc#1174185).
- powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable
pkey (bsc#1065729).
- powerpc/fadump: fix race between pstore write and fadump crash trigger
(bsc#1168959 ltc#185010).
- powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes).
- powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
- qed: suppress "do not support RoCE & iWARP" flooding on HW init
(git-fixes).
- qed: suppress false-positives interrupt error messages on HW init
(git-fixes).
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
(git-fixes).
- RDMA/cma: Protect bind_list and listen_list while finding matching cm id
(git-fixes).
- RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes).
- RDMA/cm: Fix checking for allowed duplicate listens (git-fixes).
- RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id()
(git-fixes).
- RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes).
- RDMA/cm: Remove a race freeing timewait_info (git-fixes).
- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
(git-fixes).
- RDMA/core: Fix double destruction of uobject (git-fixes).
- RDMA/core: Fix double put of resource (git-fixes).
- RDMA/core: Fix missing error check on dev_set_name() (git-fixes).
- RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes).
- RDMA/core: Fix race between destroy and release FD object (git-fixes).
- RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes).
- RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes).
- RDMA/counter: Query a counter before release (git-fixes).
- RDMA/efa: Set maximum pkeys device attribute (git-fixes).
- RDMA/hns: Bugfix for querying qkey (git-fixes).
- RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes).
- RDMA/iwcm: Fix iwcm work deallocation (git-fixes).
- RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes).
- RDMA/mad: Do not crash if the rdma device does not have a umad interface
(git-fixes).
- RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
(git-fixes).
- RDMA/mlx4: Initialize ib_spec on the stack (git-fixes).
- RDMA/mlx5: Add init2init as a modify command (git-fixes).
- RDMA/mlx5: Fix access to wrong pointer while performing flush due to
error (git-fixes).
- RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes).
- RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes).
- RDMA/mlx5: Prevent prefetch from racing with implicit destruction
(jsc#SLE-8446).
- RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes).
- RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes).
- RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes).
- RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
(git-fixes).
- RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes).
- RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
(git-fixes).
- RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes).
- RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes).
- RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes).
- RDMA/rxe: Set default vendor ID (git-fixes).
- RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
(git-fixes).
- RDMA/siw: Fix failure handling during device creation (git-fixes).
- RDMA/siw: Fix passive connection establishment (git-fixes).
- RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes).
- RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr()
(git-fixes).
- RDMA/siw: Fix reporting vendor_part_id (git-fixes).
- RDMA/siw: Fix setting active_mtu attribute (git-fixes).
- RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes).
- RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes).
- RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes).
- regmap: debugfs: Do not sleep while atomic for fast_io regmaps
(git-fixes).
- regmap: fix alignment issue (git-fixes).
- regmap: Fix memory leak from regmap_register_patch (git-fixes).
- Revert "i2c: cadence: Fix the hold bit setting" (git-fixes).
- Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes).
- Revert "thermal: mediatek: fix register index error" (git-fixes).
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
(git-fixes).
- rtnetlink: Fix memory(net_device) leak when ->newlink fails
(bsc#1154353).
- rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
- s390: fix syscall_get_error for compat processes (git-fixes).
- s390/ism: fix error return code in ism_probe() (git-fixes).
- s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes).
- s390/pci: Fix s390_mmio_read/write with MIO (git-fixes).
- s390/qdio: consistently restore the IRQ handler (git-fixes).
- s390/qdio: put thinint indicator after early error (git-fixes).
- s390/qdio: tear down thinint indicator after early error (git-fixes).
- s390/qeth: fix error handling for isolation mode cmds (git-fixes).
- sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU
scheduler functional and performance backports)).
- scsi: libfc: free response frame from GPN_ID (bsc#1173849).
- scsi: libfc: Handling of extra kref (bsc#1173849).
- scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849).
- scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted
(bsc#1173849).
- scsi: libfc: Skip additional kref updating work event (bsc#1173849).
- scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes).
- scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
(git-fixes).
- selftests/net: in rxtimestamp getopt_long needs terminating null entry
(networking-stable-20_06_16).
- selinux: fall back to ref-walk if audit is required (bsc#1174333).
- selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
(bsc#1174333).
- serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941).
- SMB3: Honor lease disabling for multiuser mounts (git-fixes).
- soundwire: intel: fix memory leak with devm_kasprintf (git-fixes).
- spi: spidev: fix a potential use-after-free in spidev_release()
(git-fixes).
- spi: spidev: fix a race between spidev_release and spidev_remove
(git-fixes).
- spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
(git-fixes).
- staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
(git-fixes).
- staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
(git-fixes).
- staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
(git-fixes).
- staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
(git-fixes).
- staging: comedi: verify array index is correct before using it
(git-fixes).
- SUNRPC dont update timeout value on connection reset (bsc#1174263).
- sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116).
- tcp: md5: allow changing MD5 keys in all socket states (git-fixes).
- thermal/drivers: imx: Fix missing of_node_put() at probe time
(git-fixes).
- thermal: int3403_thermal: Downgrade error message (git-fixes).
- tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362).
- tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
(git-fixes).
- tty: hvc_console, fix crashes on parallel open/close (git-fixes).
- udp: Copy has_conns in reuseport_grow() (git-fixes).
- udp: Improve load balancing for SO_REUSEPORT (git-fixes).
- USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes).
- usb: chipidea: core: add wakeup support for extcon (git-fixes).
- usb: dwc2: Fix shutdown callback in platform (git-fixes).
- usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
(git-fixes).
- usb: gadget: Fix issue with config_ep_by_speed function (git-fixes).
- usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes).
- usb: gadget: udc: atmel: fix uninitialized read in debug printk
(git-fixes).
- usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
(git-fixes).
- usbnet: smsc95xx: Fix use-after-free after removal (git-fixes).
- USB: serial: ch341: add new Product ID for CH340 (git-fixes).
- USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes).
- USB: serial: iuu_phoenix: fix memory corruption (git-fixes).
- USB: serial: option: add GosunCn GM500 series (git-fixes).
- USB: serial: option: add Quectel EG95 LTE modem (git-fixes).
- usb: tegra: Fix allocation for the FPCI context (git-fixes).
- usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129).
- virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc
serial (git-fixes).
- virt: vbox: Fix guest capabilities mask check (git-fixes).
- virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to
match upstream (git-fixes).
- vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
- vxlan: Avoid infinite loop when suppressing NS messages with invalid
options (networking-stable-20_06_10).
- watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202).
- workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes).
- xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Public Cloud 15-SP2:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1
Package List:
- SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
kernel-azure-5.3.18-18.12.1
kernel-azure-debuginfo-5.3.18-18.12.1
kernel-azure-debugsource-5.3.18-18.12.1
kernel-azure-devel-5.3.18-18.12.1
kernel-azure-devel-debuginfo-5.3.18-18.12.1
kernel-syms-azure-5.3.18-18.12.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
kernel-devel-azure-5.3.18-18.12.1
kernel-source-azure-5.3.18-18.12.1
References:
https://www.suse.com/security/cve/CVE-2020-0305.html
https://www.suse.com/security/cve/CVE-2020-10135.html
https://www.suse.com/security/cve/CVE-2020-10781.html
https://www.suse.com/security/cve/CVE-2020-14331.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1154488
https://bugzilla.suse.com/1155518
https://bugzilla.suse.com/1155798
https://bugzilla.suse.com/1165933
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1168959
https://bugzilla.suse.com/1169771
https://bugzilla.suse.com/1171857
https://bugzilla.suse.com/1171988
https://bugzilla.suse.com/1172201
https://bugzilla.suse.com/1173074
https://bugzilla.suse.com/1173849
https://bugzilla.suse.com/1173941
https://bugzilla.suse.com/1174072
https://bugzilla.suse.com/1174116
https://bugzilla.suse.com/1174126
https://bugzilla.suse.com/1174127
https://bugzilla.suse.com/1174128
https://bugzilla.suse.com/1174129
https://bugzilla.suse.com/1174185
https://bugzilla.suse.com/1174205
https://bugzilla.suse.com/1174247
https://bugzilla.suse.com/1174263
https://bugzilla.suse.com/1174264
https://bugzilla.suse.com/1174331
https://bugzilla.suse.com/1174332
https://bugzilla.suse.com/1174333
https://bugzilla.suse.com/1174356
https://bugzilla.suse.com/1174362
https://bugzilla.suse.com/1174396
https://bugzilla.suse.com/1174398
https://bugzilla.suse.com/1174407
https://bugzilla.suse.com/1174409
https://bugzilla.suse.com/1174411
https://bugzilla.suse.com/1174438
https://bugzilla.suse.com/1174462
https://bugzilla.suse.com/1174513
https://bugzilla.suse.com/1174527
https://bugzilla.suse.com/1174627
https://bugzilla.suse.com/1174645
More information about the sle-security-updates
mailing list