SUSE-SU-2020:3717-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Wed Dec 9 07:15:40 MST 2020

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2020:3717-1
Rating:             important
References:         #1050549 #1067665 #1111666 #1112178 #1158775 
                    #1170139 #1170630 #1172542 #1172873 #1174726 
                    #1175306 #1175721 #1175916 #1176109 #1176855 
                    #1176983 #1177304 #1177397 #1177703 #1177805 
                    #1177808 #1177809 #1177819 #1177820 #1178123 
                    #1178182 #1178393 #1178589 #1178607 #1178635 
                    #1178669 #1178686 #1178765 #1178782 #1178838 
                    #1178853 #1178854 #1178878 #1178886 #1178897 
                    #1178940 #1178962 #1179107 #1179140 #1179141 
                    #1179211 #1179213 #1179259 #1179424 #1179426 
                    #1179427 #1179429 #927455 
Cross-References:   CVE-2020-15436 CVE-2020-15437 CVE-2020-25668
                    CVE-2020-25669 CVE-2020-25704 CVE-2020-25705
                    CVE-2020-27777 CVE-2020-28915 CVE-2020-28974
Affected Products:
                    SUSE Linux Enterprise Live Patching 12-SP5

   An update that solves 10 vulnerabilities and has 43 fixes
   is now available.


   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
     which could have allowed local users to gain privileges or cause a
     denial of service (bsc#1179141).
   - CVE-2020-15437: Fixed a null pointer dereference which could have
     allowed local users to cause a denial of service(bsc#1179140).
   - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op
   - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()
   - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()
   - CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107)
   - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
     have been used by local attackers to read kernel memory (bsc#1178886).
   - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could
     have been used by local attackers to read privileged information or
     potentially crash the kernel (bsc#1178589).
   - CVE-2020-29371: Fixed uninitialized memory leaks to userspace
   - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan
     open UDP ports. This flaw allowed an off-path remote user to effectively
     bypassing source port UDP randomization (bsc#1175721).

   The following non-security bugs were fixed:

   - 9P: Cast to loff_t before multiplying (git-fixes).
   - ACPI: GED: fix -Wformat (git-fixes).
   - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
   - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
   - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
   - ALSA: hda - Fix the return value if cb func is already registered
   - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
   - ALSA: mixart: Fix mutex deadlock (git-fixes).
   - arm64: KVM: Fix system register enumeration (bsc#1174726).
   - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
   - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
   - ath10k: Acquire tx_lock in tx error paths (git-fixes).
   - batman-adv: set .owner to THIS_MODULE (git-fixes).
   - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth
     controllers (git-fixes).
   - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
   - bpf: Zero-fill re-used per-cpu map element (git-fixes).
   - btrfs: account ticket size at add/delete time (bsc#1178897).
   - btrfs: add helper to obtain number of devices with ongoing dev-replace
   - btrfs: check rw_devices, not num_devices for balance (bsc#1178897).
   - btrfs: do not delete mismatched root refs (bsc#1178962).
   - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).
   - btrfs: fix force usage in inc_block_group_ro (bsc#1178897).
   - btrfs: fix invalid removal of root ref (bsc#1178962).
   - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
   - btrfs: fix reclaim_size counter leak after stealing from global reserve
   - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).
   - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).
   - btrfs: split dev-replace locking helpers for read and write
   - can: af_can: prevent potential access of uninitialized member in
     canfd_rcv() (git-fixes).
   - can: af_can: prevent potential access of uninitialized member in
     can_rcv() (git-fixes).
   - can: can_create_echo_skb(): fix echo skb generation: always use
     skb_clone() (git-fixes).
   - can: dev: __can_get_echo_skb(): fix real payload length return value for
     RTR frames (git-fixes).
   - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
     context (git-fixes).
   - can: dev: can_restart(): post buffer from the right context (git-fixes).
   - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
   - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1
   - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
   - can: m_can: m_can_stop(): set device to software init mode before
     closing (git-fixes).
   - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to
     can_put_echo_skb() (git-fixes).
   - can: peak_canfd: pucan_handle_can_rx(): fix echo management when
     loopback is on (git-fixes).
   - can: peak_usb: add range checking in decode operations (git-fixes).
   - can: peak_usb: fix potential integer overflow on shift of a int
   - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
   - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
   - ceph: add check_session_state() helper and make it global (bsc#1179259).
   - ceph: check session state after bumping session->s_seq (bsc#1179259).
   - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
   - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
   - cifs: remove bogus debug code (bsc#1179427).
   - cifs: Return the error from crypt_message when enc/dec key not found
   - Convert trailing spaces and periods in path components (bsc#1179424).
   - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).
   - docs: ABI: stable: remove a duplicated documentation (git-fixes).
   - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
   - drbd: code cleanup by using sendpage_ok() to check page for
     kernel_sendpage() (bsc#1172873).
   - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context
   - drm/i915: Break up error capture compression loops with cond_resched()
   - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
   - drm/imx: tve remove extraneous type qualifier (git-fixes).
   - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind()
   - drm/vc4: drv: Add error handding for bind (git-fixes).
   - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838).
   - efi: cper: Fix possible out-of-bounds access (git-fixes).
   - efi/efivars: Add missing kobject_put() in sysfs entry creation error
     path (git-fixes).
   - efi/esrt: Fix reference count leak in esre_create_sysfs_entry
   - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
   - efivarfs: fix memory leak in efivarfs_create() (git-fixes).
   - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes).
   - efi/x86: Do not panic or BUG() on non-critical error conditions
   - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).
   - efi/x86: Ignore the memory attributes table on i386 (git-fixes).
   - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
   - fs/proc/array.c: allow reporting eip/esp for all coredumping threads
   - ftrace: Fix recursion check for NMI test (git-fixes).
   - ftrace: Handle tracing when switching between context (git-fixes).
   - fuse: fix page dereference after free (bsc#1179213).
   - futex: Do not enable IRQs unconditionally in put_pi_state()
   - futex: Handle transient "ownerless" rtmutex state correctly
   - hv_balloon: disable warning when floor reached (git-fixes).
   - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).
   - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819,
   - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819,
   - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853,
   - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).
   - hyperv_fb: Update screen_info after removing old framebuffer
   - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
   - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
   - i40iw: Report correct firmware version (bsc#1111666)
   - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
   - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
   - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
   - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
   - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
   - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
   - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
   - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)
   - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
   - IB/hfi1: Define variables as unsigned long to fix KASAN warning
   - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
   - IB/hfi1: Fix memory leaks in sysfs registration and unregistration
   - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
   - IB/hfi1: Handle port down properly in pio (bsc#1111666)
   - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
   - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
   - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
   - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
   - IB/hfi1: Remove unused define (bsc#1111666)
   - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
   - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
   - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
   - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
   - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
   - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)
   - IB/iser: Fix dma_nents type definition (bsc#1111666)
   - IB/iser: Pass the correct number of entries for dma mapped SGL
   - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
   - IB/mlx4: Add and improve logging (bsc#1111666)
   - IB/mlx4: Add support for MRA (bsc#1111666)
   - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
   - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)
   - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
   - IB/mlx4: Fix race condition between catas error reset and aliasguid
     flows (bsc#1111666)
   - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
   - IB/mlx4: Follow mirror sequence of device add during device removal
   - IB/mlx4: Remove unneeded NULL check (bsc#1111666)
   - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
   - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
   - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
   - IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
   - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
   - IB/mlx5: Fix implicit MR release flow (bsc#1111666)
   - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
   - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
   - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
   - IB/mlx5: Improve ODP debugging messages (bsc#1111666)
   - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
   - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
   - IB/mlx5: Reset access mask when looping inside page fault handler
   - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
   - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
   - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
   - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
   - IB/mthca: fix return value of error branch in mthca_init_cq()
   - IB/qib: Call kobject_put() when kobject_init_and_add() fails
   - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)
   - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)
   - IB/qib: Remove a set-but-not-used variable (bsc#1111666)
   - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
   - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)
   - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
   - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
   - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
   - IB/rxe: Make counters thread safe (bsc#1111666)
   - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
   - IB/umad: Avoid additional device reference during open()/close()
   - IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
   - IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
   - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
   - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)
   - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
   - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
   - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
   - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting
     tablet-mode (git-fixes).
   - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
   - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
   - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
   - ipmi: use vzalloc instead of kmalloc for user creation (bsc#1178607).
   - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
   - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
   - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497
     bsc#1176109 ltc#187964).
   - kthread_worker: prevent queuing delayed work from timer_fn when it is
     being canceled (git-fixes).
   - KVM: arm64: Add missing #include of -<linux/string.h> in guest.c
   - KVM: arm64: Factor out core register ID enumeration (bsc#1174726).
   - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
   - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance
   - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus
   - KVM host: kabi fixes for psci_version (bsc#1174726).
   - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
   - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - locking/lockdep: Add debug_locks check in __lock_downgrade()
   - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count
   - locktorture: Print ratio of acquisitions, not failures (bsc#1050549).
   - mac80211: always wind down STA state (git-fixes).
   - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
   - mac80211: minstrel: fix tx status processing corner case (git-fixes).
   - mac80211: minstrel: remove deferred sampling code (git-fixes).
   - memcg: fix NULL pointer dereference in
     __mem_cgroup_usage_unregister_event (bsc#1177703).
   - mm: always have io_remap_pfn_range() set pgprot_decrypted()
   - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs
   - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
   - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send
   - net: ena: Capitalize all log strings and improve code readability
   - net: ena: Change license into format to SPDX in all files (bsc#1177397).
   - net: ena: Change log message to netif/dev function (bsc#1177397).
   - net: ena: Change RSS related macros and variables names (bsc#1177397).
   - net: ena: ethtool: Add new device statistics (bsc#1177397).
   - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
   - net: ena: ethtool: convert stat_offset to 64 bit resolution
   - net: ena: Fix all static chekers' warnings (bsc#1177397).
   - net: ena: Remove redundant print of placement policy (bsc#1177397).
   - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
   - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878).
   - net: introduce helper sendpage_ok() in include/linux/net.h
     (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h
   - net/mlx4_core: Fix init_hca fields offset (git-fixes).
   - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
   - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
   - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
   - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669
   - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION
   - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()
   - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).
   - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
   - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
   - pinctrl: aspeed: Fix GPI only function problem (git-fixes).
   - pinctrl: intel: Set default bias in case no particular value given
   - platform/x86: toshiba_acpi: Fix the wrong variable assignment
   - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range()
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/64: reuse PPC32 static inline flush_dcache_range()
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc: Chunk calls to flush_dcache_range in arch_*_memory
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).
   - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Add flush routines using new pmem store and sync
     instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Add new instructions for persistent storage and sync
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Fix kernel crash due to wrong range value usage in
     flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402
     jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pmem: Update ppc64 to use the new barrier instruction
     (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
   - powerpc/pseries/cpuidle: add polling idle for shared processor guests
     (bsc#1178765 ltc#188968).
   - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293).
   - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293).
   - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)
   - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
   - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl.
   - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message
   - RDMA/cma: add missed unregister_pernet_subsys in init failure
   - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
   - RDMA/cma: Fix false error message (bsc#1111666)
   - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)
   - RDMA/cma: Protect bind_list and listen_list while finding matching cm id
   - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
   - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
   - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
   - RDMA/core: Do not depend device ODP capabilities on kconfig option
   - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)
   - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)
   - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)
   - RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
   - RDMA/core: Fix race when resolving IP address (bsc#1111666)
   - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
   - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function
   - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)
   - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)
   - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)
   - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)
   - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
   - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)
   - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)
   - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)
   - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)
   - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)
   - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)
   - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)
   - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)
   - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)
   - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)
   - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)
   - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
   - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
   - RDMA/mlx4: Read pkey table length instead of hardcoded value
   - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)
   - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW
     completion (bsc#1111666)
   - RDMA/mlx5: Fix access to wrong pointer while performing flush due to
     error (bsc#1111666)
   - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR
   - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)
   - RDMA/mlx5: Return proper error value (bsc#1111666)
   - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
   - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
   - RDMA/nes: Remove second wait queue initialization call (bsc#1111666)
   - RDMA/netlink: Do not always generate an ACK for some netlink operations
   - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)
   - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)
   - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)
   - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
   - RDMA/qedr: Fix doorbell setting (bsc#1111666)
   - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)
   - RDMA/qedr: Fix reported firmware version (bsc#1111666)
   - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
   - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)
   - RDMA/qedr: SRQ's bug fixes (bsc#1111666)
   - RDMA/qib: Delete extra line (bsc#1111666)
   - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)
   - RDMA/qib: Validate ->show()/store() callbacks before calling them
   - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)
   - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)
   - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)
   - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)
   - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later
   - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq
   - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
   - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send
     queue (bsc#1111666)
   - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)
   - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)
   - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)
   - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)
   - RDMA/rxe: Set default vendor ID (bsc#1111666)
   - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
   - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
   - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)
   - RDMA/srp: Rework SCSI device reset handling (bsc#1111666)
   - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)
   - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)
   - RDMA/ucma: Add missing locking around rdma_leave_multicast()
   - RDMA/ucma: Put a lock around every call to the rdma_cm layer
   - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
   - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)
   - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)
   - regulator: avoid resolve_supply() infinite recursion (git-fixes).
   - regulator: defer probe when trying to get voltage from unresolved supply
   - regulator: fix memory leak with repeated set_machine_constraints()
   - regulator: resolve supply after creating regulator (git-fixes).
   - regulator: ti-abb: Fix array out of bound read access on the first
     transition (git-fixes).
   - regulator: workaround self-referent regulators (git-fixes).
   - Revert "cdc-acm: hardening against malicious devices" (git-fixes).
   - ring-buffer: Fix recursion protection transitions between interrupt
     context (git-fixes).
   - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
   - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)
   - rxe: fix error completion wr_id and qp_num (bsc#1111666)
   - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
     (bsc#1177805 LTC#188737).
   - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916
   - s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809
   - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).
   - s390: kernel/uv: handle length extension properly (bsc#1178940
   - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).
   - sched/x86: SaveFLAGS on context switch (bsc#1112178).
   - scripts/git_sort/ add ceph maintainers git tree
   - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map()
   - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported
   - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)
   - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode
   - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
   - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
   - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes).
   - tty: serial: imx: keep console clocks always on (git-fixes).
   - Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455
   - Update references in patches.suse/net-smc-tolerate-future-smcd-versions
     (bsc#1172542 LTC#186070 git-fixes).
   - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
   - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
   - USB: cdc-acm: fix cooldown mechanism (git-fixes).
   - USB: core: driver: fix stray tabs in error messages (git-fixes).
   - USB: core: Fix regression in Hercules audio card (git-fixes).
   - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
   - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
   - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
   - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes).
   - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
   - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).
   - USB: serial: cyberjack: fix write-URB completion race (git-fixes).
   - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
   - USB: serial: option: add Cellient MPL200 card (git-fixes).
   - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
   - USB: serial: option: add Quectel EC200T module support (git-fixes).
   - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
   - USB: serial: option: Add Telit FT980-KS composition (git-fixes).
   - USB: serial: pl2303: add device-id for HP GC device (git-fixes).
   - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).
   - USB: xhci: force all memory allocations to node (git-fixes).
   - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
   - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host
   - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer
     driver (bsc#1175306).
   - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs
   - vt: Disable KD_FONT_OP_COPY (bsc#1178589).
   - x86/hyperv: Clarify comment on x2apic mode (git-fixes).
   - x86/hyperv: Make vapic support x2apic mode (git-fixes).
   - x86/kexec: Use up-to-dated screen_info copy to fill boot params
   - x86/microcode/intel: Check patch signature before saving microcode for
     early loading (bsc#1112178).
   - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).
   - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
   - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).
   - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with
     always-on STIBP (bsc#1112178).
   - x86/sysfb_efi: Add quirks for some devices with swapped width and height
   - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
   - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
   - xfs: fix flags argument to rmap lookup when converting shared file rmaps
   - xfs: fix rmap key and record comparison functions (git-fixes).
   - xfs: flush new eof page on truncate to avoid post-eof corruption
   - xfs: revert "xfs: fix rmap key and record comparison functions"
   - xhci: do not create endpoint debugfs entry before ring buffer is set
   - xhci: Fix sizeof() mismatch (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1

Package List:

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):



More information about the sle-security-updates mailing list