SUSE-SU-2020:2906-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Oct 13 14:17:38 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2906-1
Rating:             important
References:         #1055186 #1065600 #1065729 #1094244 #1112178 
                    #1113956 #1154366 #1167527 #1169972 #1171688 
                    #1171742 #1173115 #1174899 #1175228 #1175749 
                    #1175882 #1176011 #1176022 #1176038 #1176235 
                    #1176242 #1176278 #1176316 #1176317 #1176318 
                    #1176319 #1176320 #1176321 #1176381 #1176423 
                    #1176482 #1176507 #1176536 #1176544 #1176545 
                    #1176546 #1176548 #1176659 #1176698 #1176699 
                    #1176700 #1176721 #1176722 #1176725 #1176732 
                    #1176788 #1176789 #1176869 #1176877 #1176935 
                    #1176950 #1176962 #1176966 #1176990 #1177030 
                    #1177041 #1177042 #1177043 #1177044 #1177121 
                    #1177206 #1177291 #1177293 #1177294 #1177295 
                    #1177296 
Cross-References:   CVE-2020-0404 CVE-2020-0427 CVE-2020-0431
                    CVE-2020-0432 CVE-2020-14381 CVE-2020-14390
                    CVE-2020-25212 CVE-2020-25284 CVE-2020-25641
                    CVE-2020-25643 CVE-2020-26088
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP1
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 55 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket
     creation could have been used by local attackers to create raw sockets,
     bypassing security mechanisms (bsc#1176990).
   - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
     corruption or a denial of service when changing screen size
     (bnc#1176235).
   - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow
     (bsc#1176721).
   - CVE-2020-0427: Fixed an out of bounds read due to a use after free
     (bsc#1176725).
   - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds
     check (bsc#1176722).
   - CVE-2020-0404: Fixed a linked list corruption due to an unusual root
     cause (bsc#1176423).
   - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow
     (bsc#1176381).
   - CVE-2020-25284: Fixed an incomplete permission checking for access to
     rbd devices, which could have been leveraged by local attackers to map
     or unmap rbd block devices (bsc#1176482).
   - CVE-2020-14381: Fixed requeue paths such that filp was valid when
     dropping the references (bsc#1176011).
   - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr
     function which could have led to memory corruption and read overflow
     (bsc#1177206).
   - CVE-2020-25641: Fixed ann issue where length bvec was causing
     softlockups (bsc#1177121).

   The following non-security bugs were fixed:

   - 9p: Fix memory leak in v9fs_mount (git-fixes).
   - ACPI: EC: Reference count query handlers under lock (git-fixes).
   - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE
     (git-fixes).
   - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).
   - airo: Fix read overflows sending packets (git-fixes).
   - ALSA: asihpi: fix iounmap in error handler (git-fixes).
   - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
     (git-fixes).
   - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
   - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
   - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
     (git-fixes).
   - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
     (git-fixes).
   - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
     (git-fixes).
   - altera-stapl: altera_get_note: prevent write beyond end of 'key'
     (git-fixes).
   - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).
   - arm64: KVM: Do not generate UNDEF when LORegion feature is present
     (jsc#SLE-4084).
   - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).
   - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).
   - ASoC: kirkwood: fix IRQ error handling (git-fixes).
   - ASoC: tegra: Fix reference count leaks (git-fixes).
   - ath10k: fix array out-of-bounds access (git-fixes).
   - ath10k: fix memory leak for tpc_stats_final (git-fixes).
   - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).
   - batman-adv: Add missing include for in_interrupt() (git-fixes).
   - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
   - batman-adv: bla: fix type misuse for backbone_gw hash indexing
     (git-fixes).
   - batman-adv: bla: use netif_rx_ni when not in interrupt context
     (git-fixes).
   - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
     (git-fixes).
   - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
     (git-fixes).
   - bcache: Convert pr_<level> uses to a more typical style (git fixes
     (block drivers)).
   - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).
   - bcm63xx_enet: correct clock usage (git-fixes).
   - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).
   - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes
     (bitfield)).
   - blktrace: fix debugfs use after free (git fixes (block drivers)).
   - block: add docs for gendisk / request_queue refcount helpers (git fixes
     (block drivers)).
   - block: revert back to synchronous request_queue removal (git fixes
     (block drivers)).
   - block: Use non _rcu version of list functions for tag_set_list
     (git-fixes).
   - Bluetooth: Fix refcount use-after-free issue (git-fixes).
   - Bluetooth: guard against controllers sending zero'd events (git-fixes).
   - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
     (git-fixes).
   - Bluetooth: L2CAP: handle l2cap config request during open state
     (git-fixes).
   - Bluetooth: prefetch channel before killing sock (git-fixes).
   - bnxt_en: Fix completion ring sizing with TPA enabled
     (networking-stable-20_07_29).
   - bonding: use nla_get_u64 to extract the value for
     IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).
   - btrfs: require only sector size alignment for parent eb bytenr
     (bsc#1176789).
   - btrfs: tree-checker: fix the error message for transid error
     (bsc#1176788).
   - ceph: do not allow setlease on cephfs (bsc#1177041).
   - ceph: fix potential mdsc use-after-free crash (bsc#1177042).
   - ceph: fix use-after-free for fsc->mdsc (bsc#1177043).
   - ceph: handle zero-length feature mask in session messages (bsc#1177044).
   - cfg80211: regulatory: reject invalid hints (bsc#1176699).
   - cifs: Fix leak when handling lease break for cached root fid
     (bsc#1176242).
   - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
   - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
   - clk: Add (devm_)clk_get_optional() functions (git-fixes).
   - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
   - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
     (git-fixes).
   - clk/ti/adpll: allocate room for terminating null (git-fixes).
   - clocksource/drivers/h8300_timer8: Fix wrong return value in
     h8300_8timer_init() (git-fixes).
   - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode
     (bsc#1176966).
   - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
     at_dma_xlate() (git-fixes).
   - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
     (git-fixes).
   - dmaengine: pl330: Fix burst length if burst size is smaller than bus
     width (git-fixes).
   - dmaengine: tegra-apb: Prevent race conditions on channel's freeing
     (git-fixes).
   - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).
   - dm crypt: avoid truncating the logical block size (git fixes (block
     drivers)).
   - dm: fix redundant IO accounting for bios that need splitting (git fixes
     (block drivers)).
   - dm integrity: fix a deadlock due to offloading to an incorrect workqueue
     (git fixes (block drivers)).
   - dm integrity: fix integrity recalculation that is improperly skipped
     (git fixes (block drivers)).
   - dm: report suspended device during destroy (git fixes (block drivers)).
   - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes
     (block drivers)).
   - dm: use noio when sending kobject event (git fixes (block drivers)).
   - dm writecache: add cond_resched to loop in persistent_memory_claim()
     (git fixes (block drivers)).
   - dm writecache: correct uncommitted_block when discarding uncommitted
     entry (git fixes (block drivers)).
   - dm zoned: assign max_io_len correctly (git fixes (block drivers)).
   - Drivers: char: tlclk.c: Avoid data race between init and interrupt
     handler (git-fixes).
   - Drivers: hv: Specify receive buffer size using Hyper-V page size
     (bsc#1176877).
   - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
   - drivers/net/wan/x25_asy: Fix to make it work
     (networking-stable-20_07_29).
   - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
     (git-fixes).
   - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
   - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
     (git-fixes).
   - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
   - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).
   - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
   - drm/amdgpu: increase atombios cmd timeout (git-fixes).
   - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
     (git-fixes).
   - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
     (git-fixes).
   - drm/amdkfd: fix a memory leak issue (git-fixes).
   - drm/amdkfd: Fix reference count leaks (git-fixes).
   - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
   - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
   - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) 	*
     context changes
   - drm/mediatek: Add exception handing in mtk_drm_probe() if component init
     fail (git-fixes).
   - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
     (git-fixes).
   - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).
   - drm/msm: add shutdown support for display platform_driver (git-fixes).
   - drm/msm: Disable preemption on all 5xx targets (git-fixes).
   - drm/msm: fix leaks if initialization fails (git-fixes).
   - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) 	* context changes
   - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).
   - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).
   - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
     (git-fixes).
   - drm/nouveau: Fix reference count leak in nouveau_connector_detect
     (git-fixes).
   - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
     (git-fixes).
   - drm/nouveau: fix runtime pm imbalance on error (git-fixes).
   - drm/omap: fix possible object reference leak (git-fixes).
   - drm/radeon: fix multiple reference count leak (git-fixes).
   - drm/radeon: Prefer lower feedback dividers (git-fixes).
   - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes).
   - drm/sun4i: Fix dsi dcs long write function (git-fixes).
   - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes).
   - drm/tve200: Stabilize enable/disable (git-fixes).
   - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes).
   - e1000: Do not perform reset in reset_task if we are already down
     (git-fixes).
   - fbcon: prevent user font height or width change from causing
     (bsc#1112178) 	* move from drivers/video/fbdev/fbcon to
     drivers/video/console 	* context changes
   - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).
   - ftrace: Move RCU is watching check after recursion check (git-fixes).
   - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).
   - gma/gma500: fix a memory disclosure bug due to uninitialized bytes
     (git-fixes).
   - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).
   - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
     (git-fixes).
   - gtp: fix Illegal context switch in RCU read-side critical section
     (git-fixes).
   - gtp: fix use-after-free in gtp_newlink() (git-fixes).
   - Hide e21a4f3a930c as of its duplication
   - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
     (git-fixes).
   - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
   - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
   - hv_utils: return error if host timesysnc update is stale (bsc#1176877).
   - hwmon: (applesmc) check status earlier (git-fixes).
   - i2c: core: Do not fail PRP0001 enumeration when no ID table exist
     (git-fixes).
   - i2c: cpm: Fix i2c_ram structure (git-fixes).
   - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
   - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).
   - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).
   - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
   - iio:accel:mma7455: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
   - iio: adc: mcp3422: fix locking on error path (git-fixes).
   - iio: adc: mcp3422: fix locking scope (git-fixes).
   - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
   - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
     (git-fixes).
   - iio: improve IIO_CONCENTRATION channel type description (git-fixes).
   - iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
   - iio:light:max44000 Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
   - include: add additional sizes (bsc#1094244 ltc#168122).
   - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE
     (bsc#1177293).
   - iommu/amd: Fix potential @entry null deref (bsc#1177294).
   - iommu/amd: Print extended features in one line to fix divergent log
     levels (bsc#1176316).
   - iommu/amd: Re-factor guest virtual APIC (de-)activation code
     (bsc#1177291).
   - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).
   - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode
     (bsc#1177295).
   - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).
   - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
     (bsc#1177296).
   - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
     (bsc#1176319).
   - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).
   - kernel-syms.spec.in: Also use bz compression (boo#1175882).
   - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).
   - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and
     non-VHE (jsc#SLE-4084).
   - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put
     for VHE (jsc#SLE-4084).
   - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put
     (jsc#SLE-4084).
   - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on
     VHE (jsc#SLE-4084).
   - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions
     (jsc#SLE-4084).
   - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).
   - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems
     (jsc#SLE-4084).
   - KVM: arm64: Factor out fault info population and gic workarounds
     (jsc#SLE-4084).
   - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).
   - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).
   - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).
   - KVM: arm64: Introduce framework for accessing deferred sysregs
     (jsc#SLE-4084).
   - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions
     (jsc#SLE-4084).
   - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).
   - KVM: arm64: Move common VHE/non-VHE trap config in separate functions
     (jsc#SLE-4084).
   - KVM: arm64: Move debug dirty flag calculation out of world switch
     (jsc#SLE-4084).
   - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag
     (jsc#SLE-4084).
   - KVM: arm64: Move userspace system registers into separate function
     (jsc#SLE-4084).
   - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers
     (jsc#SLE-4084).
   - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1
     (jsc#SLE-4084).
   - KVM: arm64: Remove kern_hyp_va() use in VHE switch function
     (jsc#SLE-4084).
   - KVM: arm64: Remove noop calls to timer save/restore from VHE switch
     (jsc#SLE-4084).
   - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).
   - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).
   - KVM: arm64: Rewrite system register accessors to read/write functions
     (jsc#SLE-4084).
   - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).
   - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions
     (jsc#SLE-4084).
   - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE
     (jsc#SLE-4084).
   - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN
     (jsc#SLE-4084).
   - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs
     (jsc#SLE-4084).
   - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084).
   - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on
     VHE (jsc#SLE-4084).
   - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init
     (jsc#SLE-4084).
   - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load
     (jsc#SLE-4084).
   - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1
     (jsc#SLE-4084).
   - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe
     (jsc#SLE-4084).
   - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate
     (jsc#SLE-4084).
   - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n
     (jsc#SLE-4084).
   - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code
     (jsc#SLE-4084).
   - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).
   - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM
     (bsc#1176321).
   - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).
   - libceph: allow setting abort_on_full for rbd (bsc#1169972).
   - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
   - libnvdimm: cover up struct nvdimm changes (bsc#1171742).
   - libnvdimm/security, acpi/nfit: unify zero-key for all security commands
     (bsc#1171742).
   - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
   - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
   - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block
     drivers)).
   - mac802154: tx: fix use-after-free (git-fixes).
   - md: raid0/linear: fix dereference before null check on pointer mddev
     (git fixes (block drivers)).
   - media: davinci: vpif_capture: fix potential double free (git-fixes).
   - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
     DMA value in debiirq() (git-fixes).
   - media: smiapp: Fix error handling at NVM reading (git-fixes).
   - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).
   - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
   - mfd: mfd-core: Protect against NULL call-back function pointer
     (git-fixes).
   - mm: Avoid calling build_all_zonelists_init under hotplug context
     (bsc#1154366).
   - mmc: cqhci: Add cqhci_deactivate() (git-fixes).
   - mmc: sdhci-msm: Add retries when all tuning phases are found valid
     (git-fixes).
   - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based
     controllers (git-fixes).
   - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS
     models (git-fixes).
   - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes
     (mm/pgalloc)).
   - mm/vmalloc.c: move 'area->pages' after if statement (git fixes
     (mm/vmalloc)).
   - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of
     cfi_amdstd_setup() (git-fixes).
   - mtd: lpddr: Fix a double free in probe() (git-fixes).
   - mtd: phram: fix a double free issue in error path (git-fixes).
   - mtd: properly check all write ioctls for permissions (git-fixes).
   - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).
   - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).
   - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).
   - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).
   - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).
   - net: dsa: mv88e6xxx: fix shift of FID bits in
     mv88e6185_g1_vtu_loadpurge() (git-fixes).
   - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).
   - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).
   - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).
   - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).
   - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
     (git-fixes).
   - net: fs_enet: do not call phy_stop() in interrupts (git-fixes).
   - net: initialize fastreuse on inet_inherit_port
     (networking-stable-20_08_15).
   - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).
   - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).
   - net: lio_core: fix potential sign-extension overflow on large shift
     (git-fixes).
   - net/mlx5: Add meaningful return codes to status_to_err function
     (git-fixes).
   - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).
   - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
     (git-fixes).
   - net: mvneta: fix mtu change on port without link (git-fixes).
   - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in
     ax_close()) (git-fixes).
   - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
   - net: qca_spi: Avoid packet drop during initial sync (git-fixes).
   - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).
   - net: refactor bind_bucket fastreuse into helper
     (networking-stable-20_08_15).
   - net/smc: fix dmb buffer shortage (git-fixes).
   - net/smc: fix restoring of fallback changes (git-fixes).
   - net/smc: fix sock refcounting in case of termination (git-fixes).
   - net/smc: improve close of terminated socket (git-fixes).
   - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).
   - net/smc: remove freed buffer from list (git-fixes).
   - net/smc: reset sndbuf_desc if freed (git-fixes).
   - net/smc: set rx_off for SMCR explicitly (git-fixes).
   - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
   - net/smc: tolerate future SMCD versions (git-fixes).
   - net: stmmac: call correct function in
     stmmac_mac_config_rx_queues_routing() (git-fixes).
   - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes).
   - net: stmmac: do not stop NAPI processing when dropping a packet
     (git-fixes).
   - net: stmmac: dwmac4: fix flow control issue (git-fixes).
   - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA
     reset function (git-fixes).
   - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array
     (git-fixes).
   - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration
     (git-fixes).
   - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
     (git-fixes).
   - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs
     (git-fixes).
   - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode
     (git-fixes).
   - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
     (git-fixes).
   - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()'
     (git-fixes).
   - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()'
     (git-fixes).
   - net: stmmac: rename dwmac4_tx_queue_routing() to match reality
     (git-fixes).
   - net: stmmac: set MSS for each tx DMA channel (git-fixes).
   - net: stmmac: Use correct values in TQS/RQS fields (git-fixes).
   - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
     (networking-stable-20_07_29).
   - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).
   - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb()
     (git-fixes).
   - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).
   - net: ucc_geth - fix Oops when changing number of buffers in the ring
     (git-fixes).
   - NFSv4: do not mark all open state for recovery when handling recallable
     state revoked flag (bsc#1176935).
   - nvme-fc: set max_segments to lldd max value (bsc#1176038).
   - nvme-pci: override the value of the controller's numa node (bsc#1176507).
   - ocfs2: give applications more IO opportunities during fstrim
     (bsc#1175228).
   - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
     (git-fixes).
   - PCI/ASPM: Allow re-enabling Clock PM (git-fixes).
   - PCI: Fix pci_create_slot() reference count leak (git-fixes).
   - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).
   - PCI: qcom: Add missing reset for ipq806x (git-fixes).
   - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).
   - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).
   - PCI: rcar: Fix incorrect programming of OB windows (git-fixes).
   - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes).
   - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).
   - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244
     ltc#168122).
   - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244
     ltc#168122).
   - powerpc/64s: Fix unrelocated interrupt trampoline address test
     (bsc#1094244 ltc#168122).
   - powerpc/64s: Include <asm/nmi.h> header file to fix a warning
     (bsc#1094244 ltc#168122).
   - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244
     ltc#168122).
   - powerpc/64s: sreset panic if there is no debugger or crash dump handlers
     (bsc#1094244 ltc#168122).
   - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244
     ltc#168122).
   - powerpc: Add cputime_to_nsecs() (bsc#1065729).
   - powerpc/book3s64/radix: Add kernel command line option to disable radix
     GTSE (bsc#1055186 ltc#153436).
   - powerpc/book3s64/radix: Fix boot failure with large amount of guest
     memory (bsc#1176022 ltc#187208).
   - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
   - powerpc/init: Do not advertise radix during client-architecture-support
     (bsc#1055186 ltc#153436 ).
   - powerpc/kernel: Cleanup machine check function declarations
     (bsc#1065729).
   - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests
     (bsc#1177030 ltc#187588).
   - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).
   - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only
     (bsc#1177030 ltc#187588).
   - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64
     (bsc#1176022 ltc#187208).
   - powerpc/powernv: Remove real mode access limit for early allocations
     (bsc#1176022 ltc#187208).
   - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186
     ltc#153436).
   - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244
     ltc#168122).
   - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).
   - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244
     ltc#168122).
   - powerpc/pseries: Machine check use rtas_call_unlocked() with args on
     stack (bsc#1094244 ltc#168122).
   - powerpc/pseries: radix is not subject to RMA limit, remove it
     (bsc#1176022 ltc#187208).
   - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths
     (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244
     ltc#168122).
   - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244
     ltc#168122).
   - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
   - powerpc/traps: fix recoverability of machine check handling on book3s/32
     (bsc#1094244 ltc#168122).
   - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244
     ltc#168122).
   - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S
     (bsc#1065729).
   - power: supply: max17040: Correct voltage reading (git-fixes).
   - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes
     (rcu)).
   - regulator: push allocation in set_consumer_device_supply() out of lock
     (git-fixes).
   - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules
     (bsc#1176869 ltc#188243).
   - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)
   - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857
     jsc#SLE-13618).
   - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115)
     To avoid the unnecessary key enrollment, when enrolling the signing key
     of the kernel package, "--ca-check" is added to mokutil so that mokutil
     will ignore the request if the CA of the signing key already exists in
     MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is
     only defined in a kernel module package (KMP), it's used to determine
     whether the %post script is running in a kernel package, or a kernel
     module package.
   - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
   - rpm/macros.kernel-source: pass -c proerly in kernel module package
     (bsc#1176698) The "-c" option wasn't passed down to
     %_kernel_module_package so the ueficert subpackage wasn't generated even
     if the certificate is specified in the spec file.
   - rtc: ds1374: fix possible race condition (git-fixes).
   - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
   - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
     (networking-stable-20_08_08).
   - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
     (networking-stable-20_07_29).
   - s390/mm: fix huge pte soft dirty copying (git-fixes).
   - s390/qeth: do not process empty bridge port events (git-fixes).
   - s390/qeth: integrate RX refill worker with NAPI (git-fixes).
   - s390/qeth: tolerate pre-filled RX buffer (git-fixes).
   - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
   - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962
     ltc#188304).
   - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
     (bsc#1176962 ltc#188304).
   - scsi: libfc: Fix for double free() (bsc#1174899).
   - scsi: libfc: free response frame from GPN_ID (bsc#1174899).
   - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
     (bsc#1174899).
   - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
   - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
   - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
   - scsi: qla2xxx: Fix the return value (bsc#1171688).
   - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call
     (bsc#1171688).
   - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
     (bsc#1171688).
   - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg()
     (bsc#1171688).
   - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).
   - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle()
     (bsc#1171688).
   - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
   - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
   - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
   - scsi: qla2xxx: Simplify return value logic in
     qla2x00_get_sp_from_handle() (bsc#1171688).
   - scsi: qla2xxx: Suppress two recently introduced compiler warnings
     (git-fixes).
   - scsi: qla2xxx: Warn if done() or free() are called on an already freed
     srb (bsc#1171688).
   - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186
     (git-fixes).
   - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210
     (git-fixes).
   - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
     (git-fixes).
   - serial: 8250_omap: Fix sleeping function called from invalid context
     during probe (git-fixes).
   - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).
   - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).
   - SMB3: Honor persistent/resilient handle flags for multiuser mounts
     (bsc#1176546).
   - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
   - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
   - tcp: apply a floor of 1 for RTT samples from TCP timestamps
     (networking-stable-20_08_08).
   - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
     (git-fixes).
   - tools/power/cpupower: Fix initializer override in hsw_ext_cstates
     (bsc#1112178).
   - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
   - USB: dwc3: Increase timeout for CmdAct cleared by device controller
     (git-fixes).
   - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).
   - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
     (git-fixes).
   - USB: Fix out of sync data toggle if a configured device is reconfigured
     (git-fixes).
   - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
   - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).
   - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).
   - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
   - USB: hso: check for return value in hso_serial_common_create()
     (networking-stable-20_08_08).
   - usblp: fix race between disconnect() and read() (git-fixes).
   - USB: lvtest: return proper error code in probe (git-fixes).
   - usbnet: ipheth: fix potential null pointer dereference in
     ipheth_carrier_set (git-fixes).
   - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes).
   - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
     (git-fixes).
   - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
     notebook (git-fixes).
   - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D
     (git-fixes).
   - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
   - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
     (git-fixes).
   - USB: serial: option: support dynamic Quectel USB compositions
     (git-fixes).
   - USB: sisusbvga: Fix a potential UB casued by left shifting a negative
     value (git-fixes).
   - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
   - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
   - USB: uas: Add quirk for PNY Pro Elite (git-fixes).
   - USB: UAS: fix disconnect by unplugging a hub (git-fixes).
   - USB: yurex: Fix bad gfp argument (git-fixes).
   - vgacon: remove software scrollback support (bsc#1176278).
   - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).
   - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes
     (block drivers)).
   - vrf: prevent adding upper devices (git-fixes).
   - vxge: fix return of a free'd memblock on a failed dma mapping
     (git-fixes).
   - xen: do not reschedule in preemption off sections (bsc#1175749).
   - xen/events: do not use chip_data for legacy IRQs (bsc#1065600).
   - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt
     XEN data pointer which contains XEN specific information (bsc#1065600).
   - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).
   - yam: fix possible memory leak in yam_init_driver (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2906=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch):

      kernel-devel-azure-4.12.14-8.47.1
      kernel-source-azure-4.12.14-8.47.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64):

      kernel-azure-4.12.14-8.47.1
      kernel-azure-base-4.12.14-8.47.1
      kernel-azure-base-debuginfo-4.12.14-8.47.1
      kernel-azure-debuginfo-4.12.14-8.47.1
      kernel-azure-devel-4.12.14-8.47.1
      kernel-syms-azure-4.12.14-8.47.1


References:

   https://www.suse.com/security/cve/CVE-2020-0404.html
   https://www.suse.com/security/cve/CVE-2020-0427.html
   https://www.suse.com/security/cve/CVE-2020-0431.html
   https://www.suse.com/security/cve/CVE-2020-0432.html
   https://www.suse.com/security/cve/CVE-2020-14381.html
   https://www.suse.com/security/cve/CVE-2020-14390.html
   https://www.suse.com/security/cve/CVE-2020-25212.html
   https://www.suse.com/security/cve/CVE-2020-25284.html
   https://www.suse.com/security/cve/CVE-2020-25641.html
   https://www.suse.com/security/cve/CVE-2020-25643.html
   https://www.suse.com/security/cve/CVE-2020-26088.html
   https://bugzilla.suse.com/1055186
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1112178
   https://bugzilla.suse.com/1113956
   https://bugzilla.suse.com/1154366
   https://bugzilla.suse.com/1167527
   https://bugzilla.suse.com/1169972
   https://bugzilla.suse.com/1171688
   https://bugzilla.suse.com/1171742
   https://bugzilla.suse.com/1173115
   https://bugzilla.suse.com/1174899
   https://bugzilla.suse.com/1175228
   https://bugzilla.suse.com/1175749
   https://bugzilla.suse.com/1175882
   https://bugzilla.suse.com/1176011
   https://bugzilla.suse.com/1176022
   https://bugzilla.suse.com/1176038
   https://bugzilla.suse.com/1176235
   https://bugzilla.suse.com/1176242
   https://bugzilla.suse.com/1176278
   https://bugzilla.suse.com/1176316
   https://bugzilla.suse.com/1176317
   https://bugzilla.suse.com/1176318
   https://bugzilla.suse.com/1176319
   https://bugzilla.suse.com/1176320
   https://bugzilla.suse.com/1176321
   https://bugzilla.suse.com/1176381
   https://bugzilla.suse.com/1176423
   https://bugzilla.suse.com/1176482
   https://bugzilla.suse.com/1176507
   https://bugzilla.suse.com/1176536
   https://bugzilla.suse.com/1176544
   https://bugzilla.suse.com/1176545
   https://bugzilla.suse.com/1176546
   https://bugzilla.suse.com/1176548
   https://bugzilla.suse.com/1176659
   https://bugzilla.suse.com/1176698
   https://bugzilla.suse.com/1176699
   https://bugzilla.suse.com/1176700
   https://bugzilla.suse.com/1176721
   https://bugzilla.suse.com/1176722
   https://bugzilla.suse.com/1176725
   https://bugzilla.suse.com/1176732
   https://bugzilla.suse.com/1176788
   https://bugzilla.suse.com/1176789
   https://bugzilla.suse.com/1176869
   https://bugzilla.suse.com/1176877
   https://bugzilla.suse.com/1176935
   https://bugzilla.suse.com/1176950
   https://bugzilla.suse.com/1176962
   https://bugzilla.suse.com/1176966
   https://bugzilla.suse.com/1176990
   https://bugzilla.suse.com/1177030
   https://bugzilla.suse.com/1177041
   https://bugzilla.suse.com/1177042
   https://bugzilla.suse.com/1177043
   https://bugzilla.suse.com/1177044
   https://bugzilla.suse.com/1177121
   https://bugzilla.suse.com/1177206
   https://bugzilla.suse.com/1177291
   https://bugzilla.suse.com/1177293
   https://bugzilla.suse.com/1177294
   https://bugzilla.suse.com/1177295
   https://bugzilla.suse.com/1177296



More information about the sle-security-updates mailing list