SUSE-SU-2020:2119-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Aug 4 13:12:55 MDT 2020

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2020:2119-1
Rating:             important
References:         #1051510 #1065729 #1104967 #1111666 #1112178 
                    #1113956 #1114279 #1150660 #1151927 #1152107 
                    #1152624 #1158983 #1159058 #1162002 #1163309 
                    #1167104 #1168959 #1169514 #1169771 #1169795 
                    #1170011 #1170442 #1170617 #1170618 #1171124 
                    #1171424 #1171529 #1171530 #1171558 #1171673 
                    #1171732 #1171739 #1171743 #1171753 #1171759 
                    #1171761 #1171835 #1171841 #1171868 #1171988 
                    #1172247 #1172257 #1172344 #1172484 #1172687 
                    #1172719 #1172871 #1172872 #1172999 #1173060 
                    #1173074 #1173146 #1173265 #1173280 #1173284 
                    #1173428 #1173462 #1173514 #1173567 #1173573 
                    #1173659 #1173746 #1173818 #1173820 #1173825 
                    #1173826 #1173833 #1173838 #1173839 #1173845 
                    #1173857 #1174113 #1174115 #1174122 #1174123 
                    #1174130 #1174186 #1174187 #1174205 #1174247 
                    #1174296 #1174343 #1174356 #1174409 #1174438 
                    #1174462 #1174543 #1174549 
Cross-References:   CVE-2019-16746 CVE-2019-20908 CVE-2020-0305
                    CVE-2020-10135 CVE-2020-10769 CVE-2020-10773
                    CVE-2020-10781 CVE-2020-12771 CVE-2020-12888
                    CVE-2020-14331 CVE-2020-14416 CVE-2020-15393
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5

   An update that solves 13 vulnerabilities and has 75 fixes
   is now available.


   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-15780: A lockdown bypass for loading unsigned modules using
     ACPI table injection was fixed. (bsc#1173573)
   - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
   - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in
     drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails
   - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
     disabled memory space (bnc#1171868).
   - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the
     cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999).
   - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the
     slip and slcan line discipline could lead to a use-after-free. This
     affects drivers/net/slip/slip.c and drivers/net/can/slcan.c
   - CVE-2020-0305: Fixed a possible use-after-free due to a race condition
     incdev_get of char_dev.c. This could lead to local escalation of
     privilege. User interaction is not needed for exploitation (bnc#1174462).
   - CVE-2020-10769: A buffer over-read flaw was found in
     crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
     Cryptographic algorithm's module, authenc. This flaw allowed a local
     attacker with user privileges to cause a denial of service (bnc#1173265).
   - CVE-2020-10781: Fixed a denial of service issue in the ZRAM
     implementation (bnc#1173074).
   - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt
     ACPI variable, which could be used by attackers to bypass lockdown or
     secure boot restrictions (bnc#1173567).
   - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c,
     related to invalid length checks for variable elements in a beacon head
   - CVE-2020-10135: Legacy pairing and secure-connections pairing
     authentication in Bluetooth may have allowed an unauthenticated user to
     complete authentication without pairing credentials via adjacent access.
     An unauthenticated, adjacent attacker could impersonate a Bluetooth
     BR/EDR master or slave to pair with a previously paired remote device to
     successfully complete the authentication procedure without knowing the
     link key (bnc#1171988).
   - CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update()

   The following non-security bugs were fixed:

   - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666).
   - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
   - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753).
   - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666).
   - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666).
   - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666).
   - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666).
   - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
   - ALSA: lx6464es - add support for LX6464ESe pci express variant
   - ALSA: opl3: fix infoleak in opl3 (bsc#1111666).
   - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666).
   - ALSA: usb-audio: Fix packet size calculation (bsc#1111666).
   - ALSA: usb-audio: Improve frames size computation (bsc#1111666).
   - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).
   - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666).
   - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666).
   - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666).
   - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
   - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27).
   - b43: Fix connection problem with WPA3 (bsc#1111666).
   - b43_legacy: Fix connection problem with WPA3 (bsc#1111666).
   - be2net: fix link failure after ethtool offline test (git-fixes).
   - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
   - block, bfq: postpone rq preparation to insert or merge (bsc#1104967
   - block: nr_sects_write(): Disable preemption on seqcount write
   - Bluetooth: Add SCO fallback for invalid LMP parameters error
   - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes).
   - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes).
   - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
   - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes).
   - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
   - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12).
   - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features()
   - bnxt_en: Improve AER slot reset (networking-stable-20_05_12).
   - brcmfmac: Transform compatible string for FW loading (bsc#1169771).
   - btrfs: add assertions for tree == inode->io_tree to extent IO helpers
   - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438).
   - btrfs: Always use a cached extent_state in
     btrfs_lock_and_flush_ordered_range (bsc#1174438).
   - btrfs: always wait on ordered extents at fsync time (bsc#1171761).
   - btrfs: clean up the left over logged_list usage (bsc#1171761).
   - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range
   - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range
   - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
   - btrfs: fix hang on snapshot creation after RWF_NOWAIT write
   - Btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
   - Btrfs: fix missing data checksums after a ranged fsync (msync)
   - btrfs: fix missing file extent item for hole after ranged fsync
   - Btrfs: fix missing hole after hole punching and fsync when using
     NO_HOLES (bsc#1171761).
   - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
   - Btrfs: fix rare chances for data loss when doing a fast fsync
   - btrfs: fix RWF_NOWAIT write not failling when we need to cow
   - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO
   - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after
     disable (bsc#1172247).
   - btrfs: Remove extra parentheses from condition in copy_items()
   - Btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
   - Btrfs: remove no longer used logged range variables when logging extents
   - Btrfs: remove no longer used 'sync' member from transaction handle
   - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
   - btrfs: remove the logged extents infrastructure (bsc#1171761).
   - btrfs: remove the wait ordered logic in the log_one_extent path
   - btrfs: Return EAGAIN if we can't start no snpashot write in
     check_can_nocow (bsc#1174438).
   - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
   - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range
   - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
   - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
   - carl9170: remove P2P_GO support (bsc#1111666).
   - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104).
   - ceph: request expedited service on session's last cap flush
   - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
   - clocksource: dw_apb_timer: Make CPU-affiliation being optional
   - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References:
   - crypto: algboss - do not wait during notifier callback (bsc#1111666).
   - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666).
   - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
     fully iterated (bsc#1111666).
   - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
     fully iterated (git-fixes).
   - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666).
   - crypto: talitos - fix IPsec cipher in length (git-fixes).
   - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes).
   - debugfs: Check module state before warning in {full/open}_proxy_open()
   - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
   - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
   - /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
   - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).
   - driver-core, libnvdimm: Let device subsystems add local lockdep coverage
   - Drivers: hv: Change flag to write log level in panic msg to false
     (bsc#1170617, bsc#1170618).
   - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666).
   - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956)  * context
   - drm: encoder_slave: fix refcouting error for modules (bsc#1111666).
   - drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
   - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
   - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956)  *
     context changes
   - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666).
   - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
   - drm: panel-orientation-quirks: Use generic orientation-data for Acer
     S1003 (bsc#1111666).
   - drm/qxl: Use correct notify port address when creating cursor ring
   - drm/radeon: fix double free (bsc#1113956)
   - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956)
   - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666).
   - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666).
   - drm/vkms: Hold gem object while still in-use (bsc#1113956)  * context
   - e1000: Distribute switch variables for initialization (bsc#1111666).
   - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
   - e1000e: Do not wake up the system via WOL if device wakeup is disabled
   - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666).
   - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
   - ext4: fix a data race at inode->i_blocks (bsc#1171835).
   - ext4: fix partial cluster initialization when splitting extent
   - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).
   - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error
     handlers (bsc#1173833).
   - fanotify: fix ignore mask logic for events on child and on dir
   - Fix boot crash with MD (bsc#1174343)
   - fix multiplication overflow in copy_fdtable() (bsc#1173825).
   - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
   - gpu: host1x: Detach driver on unregister (bsc#1111666).
   - HID: magicmouse: do not set up autorepeat (git-fixes).
   - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes).
   - hwmon: (acpi_power_meter) Fix potential memory leak in
     acpi_power_meter_add() (bsc#1111666).
   - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
   - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666).
   - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
   - i2c: eg20t: Load module automatically if ID matches (bsc#1111666).
   - i2c: mlxcpld: check correct size of maximum RECV_LEN packet
   - i40e: reduce stack usage in i40e_set_fc (git-fixes).
   - IB/hfi1: Do not destroy hfi1_wq when the device is shut down
   - IB/hfi1: Do not destroy link_wq when the device is shut down
   - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
   - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280
   - ibmvnic: Flush existing work items before device removal (bsc#1065729).
   - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
   - iio:health:afe4404 Fix timestamp alignment and prevent data leak
   - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666).
   - iio:magnetometer:ak8974: Fix alignment and data leak issues
   - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
   - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666).
   - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666).
   - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
   - input: i8042 - Remove special PowerPC handling (git-fixes).
   - Input: synaptics - add a second working PNP_ID for Lenovo T470s
   - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
   - intel_th: Fix a NULL dereference when hub driver is not loaded
   - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130).
   - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes).
   - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes).
   - jbd2: avoid leaking transaction credits when unreserving handle
   - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).
   - kabi: hv: prevent struct device_node to become defined (bsc#1172871).
   - kABI: protect struct mlx5_cmd_work_ent (kabi).
   - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
   - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666).
   - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS
   - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
   - KVM: x86: Fix APIC page invalidation race (bsc#1174122).
   - l2tp: add sk_family checks to l2tp_validate_socket
   - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
   - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
   - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113).
   - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146).
   - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
   - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
   - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
   - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753).
   - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759).
   - libnvdimm/dax: Pick the right alignment default when creating dax
     devices (bsc#1171759).
   - libnvdimm/label: Remove the dpa align check (bsc#1171759).
   - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739).
   - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct
     page size change (bsc#1171743).
   - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock
   - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid
   - libnvdimm/pmem: Advance namespace seed for specific probe errors
   - libnvdimm/region: Initialize bad block for volatile namespaces
     (bnc#1151927 5.3.6).
   - libnvdimm/region: Rewrite _probe_success() to _advance_seeds()
   - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759).
   - loop: replace kill_bdev with invalidate_bdev (bsc#1173820).
   - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530).
   - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo
   - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
   - media: si2157: Better check for running tuner in init (bsc#1111666).
   - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
   - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes).
   - mlxsw: pci: Return error on PCI reset timeout (git-fixes).
   - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
   - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
   - mlxsw: spectrum_dpipe: Add missing error path (git-fixes).
   - mlxsw: spectrum: Prevent force of 56G (git-fixes).
   - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead
   - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
   - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes).
   - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
   - mmc: sdhci: do not enable card detect interrupt for gpio cd type
   - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
   - mvpp2: remove misleading comment (git-fixes).
   - net: be more gentle about silly gso requests coming from user
   - net: check untrusted gso_size at kernel entry
   - net/cxgb4: Check the return from t4_query_params properly (git-fixes).
   - net: dsa: bcm_sf2: Fix node reference count (git-fixes).
   - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).
   - net: dsa: mt7530: fix roaming from DSA user ports
   - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
   - net: ena: add missing ethtool TX timestamping indication (git-fixes).
   - net: ena: avoid memory access violation by validating req_id properly
   - net: ena: do not wake up tx queue when down (git-fixes).
   - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes).
   - net: ena: ethtool: use correct value for crc32 hash (git-fixes).
   - net: ena: fix continuous keep-alive resets (git-fixes).
   - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes).
   - net: ena: fix default tx interrupt moderation interval (git-fixes).
   - net: ena: fix incorrect default RSS key (git-fixes).
   - net: ena: fix incorrectly saving queue numbers when setting RSS
     indirection table (git-fixes).
   - net: ena: fix issues in setting interrupt moderation params in ethtool
   - net: ena: fix potential crash when rxfh key is NULL (git-fixes).
   - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
   - net: ena: fix uses of round_jiffies() (git-fixes).
   - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes).
   - net: ena: reimplement set/get_coalesce() (git-fixes).
   - net: ena: rss: do not allocate key when not supported (git-fixes).
   - net: ena: rss: fix failure to get indirection table (git-fixes).
   - net: ena: rss: store hash function as values and not bits (git-fixes).
   - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
   - net: fix a potential recursive NETDEV_FEAT_CHANGE
   - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
   - net: ipip: fix wrong address family in init error path
   - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
   - net: macsec: preserve ingress frame ordering
   - net/mlx4_core: drop useless LIST_HEAD (git-fixes).
   - net/mlx4_core: fix a memory leak bug (git-fixes).
   - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
   - net/mlx5: Add command entry handling completion
   - net/mlx5: Avoid panic when setting vport rate (git-fixes).
   - net/mlx5: Continue driver initialization despite debugfs failure
   - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes).
   - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes).
   - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes).
   - net/mlx5e: Update netdev txq on completions during closure
   - net/mlx5: Fix command entry leak in Internal Error State
   - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07).
   - net/mlx5: Fix forced completion access non initialized command entry
   - net: mvmdio: allow up to four clocks to be specified for orion-mdio
   - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift
   - net: phy: fix aneg restart in phy_ethtool_set_eee
   - netprio_cgroup: Fix unlimited memory leak of v2 cgroups
   - net: qede: stop adding events on an already destroyed workqueue
   - net: qed: fix excessive QM ILT lines consumption (git-fixes).
   - net: qed: fix NVMe login fails over VFs (git-fixes).
   - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
   - net: revert "net: get rid of an signed integer overflow in
     ip_idents_reserve()" (networking-stable-20_05_27).
   - net sched: fix reporting the first-time use timestamp
   - net: stricter validation of untrusted gso packets
   - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
   - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
   - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).
   - net: usb: qmi_wwan: add Telit 0x1050 composition
   - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
   - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
     vmxnet3_get_rss() (bsc#1172484).
   - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes).
   - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
   - nvdimm: Avoid race between probe and reading device attributes
   - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558
   - nvme: do not update multipath disk information if the controller is down
     (bcs#1171558 bsc#1159058).
   - objtool: Clean instruction state before each function validation
   - objtool: Ignore empty alternatives (bsc#1169514).
   - ocfs2: no need try to truncate file beyond i_size (bsc#1171841).
   - padata: ensure the reorder timer callback runs on the correct CPU
   - padata: reorder work kABI fixup (git-fixes).
   - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership
   - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
   - PCI: Generalize multi-function power dependency device links
   - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871,
   - PCI: hv: Fix the PCI HyperV probe failure path to release resource
     properly (bsc#1172871, bsc#1172872).
   - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872).
   - PCI: hv: Move hypercall related definitions into tlfs header
     (bsc#1172871, bsc#1172872).
   - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871,
   - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871,
   - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871,
   - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes).
   - PCI: pciehp: Support interrupts sent from D3hot (git-fixes).
   - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
   - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
   - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
   - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus
     precise RIP validity (git-fixes).
   - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus
     precise RIP validity (git-fixes).
   - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
   - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
   - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family
     (10h) (git-fixes).
   - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family
     (10h) (git-fixes).
   - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static
   - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static
   - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3
     PMCs (git-fixes stable).
   - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3
     PMCs (git-fixes stable).
   - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
   - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
   - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf
     events (git-fixes stable).
   - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf
     events (git-fixes stable).
   - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
   - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
   - perf/x86: Fix incorrect PEBS_REGS (git-fixes).
   - perf/x86: Fix incorrect PEBS_REGS (git-fixes).
   - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
   - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
   - perf/x86/intel: Add proper condition to run sched_task callbacks
   - perf/x86/intel: Add proper condition to run sched_task callbacks
   - perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
   - perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
   - perf/x86/intel: Fix PT PMI handling (git-fixes).
   - perf/x86/intel: Fix PT PMI handling (git-fixes).
   - perf/x86/intel: Move branch tracing setup to the Intel-specific source
     file (git-fixes).
   - perf/x86/intel: Move branch tracing setup to the Intel-specific source
     file (git-fixes).
   - perf/x86/intel/uncore: Add Node ID mask (git-fixes).
   - perf/x86/intel/uncore: Add Node ID mask (git-fixes).
   - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
   - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
   - perf/x86/intel/uncore: Handle invalid event coding for free-running
     counter (git-fixes).
   - perf/x86/uncore: Fix event group support (git-fixes).
   - perf/x86/uncore: Fix event group support (git-fixes).
   - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
   - PM / Domains: Allow genpd users to specify default active wakeup
     behavior (git-fixes).
   - powerpc/book3s64: Export has_transparent_hugepage() related functions
   - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable
     pkey (bsc#1065729).
   - powerpc/fadump: fix race between pstore write and fadump crash trigger
     (bsc#1168959 ltc#185010).
   - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
   - power: vexpress: add suppress_bind_attrs to true (bsc#1111666).
   - pppoe: only process PADT targeted at local interfaces
   - qed: reduce maximum stack frame size (git-fixes).
   - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).
   - r8152: support additional Microsoft Surface Ethernet Adapter variant
   - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666)
   - README.BRANCH: Add Takashi Iwai as primary maintainer.
   - regmap: debugfs: Do not sleep while atomic for fast_io regmaps
   - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102")
   - Revert "thermal: mediatek: fix register index error" (bsc#1111666).
   - rpm/ Require python-packaging for build.
   - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
   - s390: fix syscall_get_error for compat processes (git-fixes).
   - s390/qdio: consistently restore the IRQ handler (git-fixes).
   - s390/qdio: lock device while installing IRQ handler (git-fixes).
   - s390/qdio: put thinint indicator after early error (git-fixes).
   - s390/qdio: tear down thinint indicator after early error (git-fixes).
   - s390/qeth: fix error handling for isolation mode cmds (git-fixes).
   - sch_choke: avoid potential panic in choke_reset()
   - sch_sfq: validate silly quantum values (networking-stable-20_05_12).
   - scripts/git_sort/ add bluetooth/bluetooth-next.git repository
   - scsi: aacraid: fix a signedness bug (bsc#1174296).
   - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296).
   - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687
   - scsi: lpfc: Add support to display if adapter dumps are available
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Allow applications to issue Common Set Features mailbox
     command (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset()
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix inconsistent indenting (bsc#1158983).
   - scsi: lpfc: Fix interrupt assignments when multiple vectors are
     supported on same CPU (bsc#1158983).
   - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix language in 0373 message to reflect non-error message
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix less-than-zero comparison of unsigned value
   - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687
   - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687
   - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687
   - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Update lpfc version to (bsc#1158983).
   - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296).
   - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296).
   - scsi: qedf: Add port_id getter (bsc#1150660).
   - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs()
   - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request
   - sctp: Do not add the shutdown timer if its already been added
   - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state
     and socket is closed (networking-stable-20_05_27).
   - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666).
   - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666).
   - spi: spidev: fix a race between spidev_release and spidev_remove
   - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
   - staging: comedi: verify array index is correct before using it
   - SUNRPC: The TCP back channel mustn't disappear while requests are
     outstanding (bsc#1152624).
   - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
   - timers: Add a function to start/reduce a timer
   - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
   - tpm_tis: Remove the HID IFX0102 (bsc#1111666).
   - tracing: Fix event trigger to accept redundant spaces (git-fixes).
   - tty: hvc_console, fix crashes on parallel open/close (git-fixes).
   - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
   - ubifs: remove broken lazytime support (bsc#1173826).
   - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).
   - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666).
   - usb: chipidea: core: add wakeup support for extcon (bsc#1111666).
   - usb: dwc2: Fix shutdown callback in platform (bsc#1111666).
   - usb: dwc3: gadget: introduce cancelled_list (git-fixes).
   - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes).
   - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes).
   - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes).
   - USB: ehci: reopen solution for Synopsys HC bug (git-fixes).
   - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666).
   - usb: gadget: udc: atmel: fix uninitialized read in debug printk
   - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
   - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666).
   - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
   - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666).
   - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666).
   - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666).
   - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666).
   - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666).
   - USB: serial: option: add GosunCn GM500 series (bsc#1111666).
   - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123).
   - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6).
   - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc
     serial (git-fixes).
   - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
   - vmxnet3: add support to get/set rx flow hash (bsc#1172484).
   - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
   - vmxnet3: avoid format strint overflow warning (bsc#1172484).
   - vmxnet3: prepare for version 4 changes (bsc#1172484).
   - vmxnet3: Remove always false conditional statement (bsc#1172484).
   - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
   - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter
   - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
   - vmxnet3: update to version 4 (bsc#1172484).
   - vmxnet3: use correct hdr reference when packet is encapsulated
   - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
   - vxlan: Avoid infinite loop when suppressing NS messages with invalid
     options (git-fixes).
   - wil6210: make sure Rx ring sizes are correlated (git-fixes).
   - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309).
   - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS
   - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS
   - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
     poisoned (bsc#1172257).
   - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
   - xhci: Fix incorrect EP_STATE_MASK (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2119=1

Package List:

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):


   - SUSE Linux Enterprise Server 12-SP5 (noarch):



More information about the sle-security-updates mailing list