SUSE-SU-2020:3230-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 6 13:53:41 MST 2020
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3230-1
Rating: important
References: #1065600 #1155798 #1168468 #1171675 #1175599
#1175718 #1176019 #1176381 #1176588 #1176979
#1177027 #1177121 #1177193 #1177194 #1177206
#1177258 #1177283 #1177284 #1177285 #1177286
#1177297 #1177384 #1177511 #954532
Cross-References: CVE-2020-25212 CVE-2020-25641 CVE-2020-25643
CVE-2020-25645
Affected Products:
SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________
An update that solves four vulnerabilities and has 20 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25212: Fixed getxattr kernel panic and memory overflow
(bsc#1176381).
- CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).
- CVE-2020-25641: Allowed for_each_bvec to support zero len bvec
(bsc#1177121).
- CVE-2020-25645: Added transport ports in route lookup for geneve
(bsc#1177511).
The following non-security bugs were fixed:
- 9p: Fix memory leak in v9fs_mount (git-fixes).
- ACPI: EC: Reference count query handlers under lock (git-fixes).
- airo: Fix read overflows sending packets (git-fixes).
- ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).
- ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
(git-fixes).
- ASoC: kirkwood: fix IRQ error handling (git-fixes).
- ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect
functions (git-fixes).
- ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
(git-fixes).
- ath10k: fix array out-of-bounds access (git-fixes).
- ath10k: fix memory leak for tpc_stats_final (git-fixes).
- ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).
- Bluetooth: Fix refcount use-after-free issue (git-fixes).
- Bluetooth: guard against controllers sending zero'd events (git-fixes).
- Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
(git-fixes).
- Bluetooth: L2CAP: handle l2cap config request during open state
(git-fixes).
- Bluetooth: prefetch channel before killing sock (git-fixes).
- brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).
- btrfs: block-group: do not set the wrong READA flag for
btrfs_read_block_groups() (bsc#1176019).
- btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).
- btrfs: block-group: refactor how we delete one block group item
(bsc#1176019).
- btrfs: block-group: refactor how we insert a block group item
(bsc#1176019).
- btrfs: block-group: refactor how we read one block group item
(bsc#1176019).
- btrfs: block-group: rename write_one_cache_group() (bsc#1176019).
- btrfs: do not take an extra root ref at allocation time (bsc#1176019).
- btrfs: drop logs when we've aborted a transaction (bsc#1176019).
- btrfs: fix a race between scrub and block group removal/allocation
(bsc#1176019).
- btrfs: fix crash during unmount due to race with delayed inode workers
(bsc#1176019).
- btrfs: free block groups after free'ing fs trees (bsc#1176019).
- btrfs: hold a ref on the root on the dead roots list (bsc#1176019).
- btrfs: kill the subvol_srcu (bsc#1176019).
- btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019).
- btrfs: make inodes hold a ref on their roots (bsc#1176019).
- btrfs: make the extent buffer leak check per fs info (bsc#1176019).
- btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root
(bsc#1176019).
- btrfs: move the block group freeze/unfreeze helpers into block-group.c
(bsc#1176019).
- btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019).
- btrfs: remove no longer necessary chunk mutex locking cases
(bsc#1176019).
- btrfs: rename member 'trimming' of block group to a more generic name
(bsc#1176019).
- btrfs: scrub, only lookup for csums if we are dealing with a data extent
(bsc#1176019).
- bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host
removal (git-fixes).
- clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
(git-fixes).
- clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk
(git-fixes).
- clk: tegra: Always program PLL_E when enabled (git-fixes).
- clk/ti/adpll: allocate room for terminating null (git-fixes).
- clocksource/drivers/h8300_timer8: Fix wrong return value in
h8300_8timer_init() (git-fixes).
- clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes).
- cpuidle: Poll for a minimum of 30ns and poll for a tick if lower
c-states are disabled (bnc#1176588).
- crypto: dh - check validity of Z before export (bsc#1175718).
- crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).
- crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).
- crypto: ecdh - check validity of Z before export (bsc#1175718).
- dmaengine: mediatek: hsdma_probe: fixed a memory leak when
devm_request_irq fails (git-fixes).
- dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
(git-fixes).
- dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
(git-fixes).
- dmaengine: tegra-apb: Prevent race conditions on channel's freeing
(git-fixes).
- dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).
- dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
(git-fixes).
- drivers: char: tlclk.c: Avoid data race between init and interrupt
handler (git-fixes).
- drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
(git-fixes).
- drm/radeon: revert "Prefer lower feedback dividers" (bsc#1177384).
- e1000: Do not perform reset in reset_task if we are already down
(git-fixes).
- ftrace: Move RCU is watching check after recursion check (git-fixes).
- fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193).
- gpio: mockup: fix resource leak in error path (git-fixes).
- gpio: rcar: Fix runtime PM imbalance on error (git-fixes).
- gpio: siox: explicitly support only threaded irqs (git-fixes).
- gpio: sprd: Clear interrupt when setting the type as edge (git-fixes).
- gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).
- hwmon: (applesmc) check status earlier (git-fixes).
- i2c: aspeed: Mask IRQ status to relevant bits (git-fixes).
- i2c: core: Call i2c_acpi_install_space_handler() before
i2c_acpi_register_devices() (git-fixes).
- i2c: i801: Exclude device from suspend direct complete optimization
(git-fixes).
- i2c: tegra: Prevent interrupt triggering after transfer timeout
(git-fixes).
- i2c: tegra: Restore pinmux on system resume (git-fixes).
- ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).
- ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).
- iio: adc: qcom-spmi-adc5: fix driver name (git-fixes).
- Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532).
- Input: trackpoint - enable Synaptics trackpoints (git-fixes).
- iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE
(bsc#1177297).
- iommu/amd: Fix potential @entry null deref (bsc#1177283).
- iommu/amd: Re-factor guest virtual APIC (de-)activation code
(bsc#1177284).
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode
(bsc#1177285).
- iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
(bsc#1177286).
- kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing
PCI_COMMAND_MEMORY (bsc#1176979).
- leds: mlxreg: Fix possible buffer overflow (git-fixes).
- lib/mpi: Add mpi_sub_ui() (bsc#1175718).
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mac80211: do not allow bigger VHT MPDUs than the hardware supports
(git-fixes).
- mac80211: skip mpath lookup also for control port tx (git-fixes).
- mac802154: tx: fix use-after-free (git-fixes).
- media: mc-device.c: fix memleak in media_device_register_entity
(git-fixes).
- media: smiapp: Fix error handling at NVM reading (git-fixes).
- media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).
- mfd: mfd-core: Protect against NULL call-back function pointer
(git-fixes).
- mmc: core: Rework wp-gpio handling (git-fixes).
- mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS
models (git-fixes).
- mt76: add missing locking around ampdu action (git-fixes).
- mt76: clear skb pointers from rx aggregation reorder buffer during
cleanup (git-fixes).
- mt76: do not use devm API for led classdev (git-fixes).
- mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw
(git-fixes).
- mt76: fix LED link time failure (git-fixes).
- mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of
cfi_amdstd_setup() (git-fixes).
- mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes).
- mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes).
- net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes).
- nfs: Fix security label length not being reset (bsc#1176381).
- PCI: Avoid double hpmemsize MMIO window assignment (git-fixes).
- PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).
- PCI: tegra194: Fix runtime PM imbalance on error (git-fixes).
- PCI: tegra: Fix runtime PM imbalance on error (git-fixes).
- phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes).
- pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).
- Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes).
- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
(git-fixes).
- platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes).
- platform/x86: intel_pmc_core: do not create a static struct device
(git-fixes).
- platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE
reporting (bsc#1175599).
- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
(git-fixes).
- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
(git-fixes).
- power: supply: max17040: Correct voltage reading (git-fixes).
- Refresh
patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch
(bsc#1168468, bsc#1171675).
- rtc: ds1374: fix possible race condition (git-fixes).
- rtc: sa1100: fix possible race condition (git-fixes).
- s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY
(bsc#1176979).
- sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU
scheduler functional and performance backports)).
- sched/fair: Use dst group while checking imbalance for NUMA balancer
(bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/numa: Avoid creating large imbalances at task creation time
(bnc#1176588).
- sched/numa: Check numa balancing information only when enabled
(bnc#1176588).
- sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU
scheduler functional and performance backports)).
- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling
getpeername() (bsc#1177258).
- serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
(git-fixes).
- serial: 8250_omap: Fix sleeping function called from invalid context
during probe (git-fixes).
- serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).
- serial: uartps: Wait for tx_empty in console setup (git-fixes).
- spi: fsl-espi: Only process interrupts for expected events (git-fixes).
- staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
(git-fixes).
- thermal: rcar_thermal: Handle probe error gracefully (git-fixes).
- Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI
(bsc#1177194).
- usb: dwc3: Increase timeout for CmdAct cleared by device controller
(git-fixes).
- USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).
- USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
(git-fixes).
- USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).
- vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn
(bsc#1176979).
- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
- wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes).
- wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes).
- xen/events: do not use chip_data for legacy IRQs (bsc#1065600).
- yam: fix possible memory leak in yam_init_driver (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Realtime 15-SP2:
zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-3230=1
Package List:
- SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):
cluster-md-kmp-rt-5.3.18-13.1
cluster-md-kmp-rt-debuginfo-5.3.18-13.1
dlm-kmp-rt-5.3.18-13.1
dlm-kmp-rt-debuginfo-5.3.18-13.1
gfs2-kmp-rt-5.3.18-13.1
gfs2-kmp-rt-debuginfo-5.3.18-13.1
kernel-rt-5.3.18-13.1
kernel-rt-debuginfo-5.3.18-13.1
kernel-rt-debugsource-5.3.18-13.1
kernel-rt-devel-5.3.18-13.1
kernel-rt-devel-debuginfo-5.3.18-13.1
kernel-rt_debug-debuginfo-5.3.18-13.1
kernel-rt_debug-debugsource-5.3.18-13.1
kernel-rt_debug-devel-5.3.18-13.1
kernel-rt_debug-devel-debuginfo-5.3.18-13.1
kernel-syms-rt-5.3.18-13.1
ocfs2-kmp-rt-5.3.18-13.1
ocfs2-kmp-rt-debuginfo-5.3.18-13.1
- SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):
kernel-devel-rt-5.3.18-13.1
kernel-source-rt-5.3.18-13.1
References:
https://www.suse.com/security/cve/CVE-2020-25212.html
https://www.suse.com/security/cve/CVE-2020-25641.html
https://www.suse.com/security/cve/CVE-2020-25643.html
https://www.suse.com/security/cve/CVE-2020-25645.html
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1155798
https://bugzilla.suse.com/1168468
https://bugzilla.suse.com/1171675
https://bugzilla.suse.com/1175599
https://bugzilla.suse.com/1175718
https://bugzilla.suse.com/1176019
https://bugzilla.suse.com/1176381
https://bugzilla.suse.com/1176588
https://bugzilla.suse.com/1176979
https://bugzilla.suse.com/1177027
https://bugzilla.suse.com/1177121
https://bugzilla.suse.com/1177193
https://bugzilla.suse.com/1177194
https://bugzilla.suse.com/1177206
https://bugzilla.suse.com/1177258
https://bugzilla.suse.com/1177283
https://bugzilla.suse.com/1177284
https://bugzilla.suse.com/1177285
https://bugzilla.suse.com/1177286
https://bugzilla.suse.com/1177297
https://bugzilla.suse.com/1177384
https://bugzilla.suse.com/1177511
https://bugzilla.suse.com/954532
More information about the sle-security-updates
mailing list