SUSE-SU-2020:2102-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jul 31 13:14:33 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2102-1
Rating:             important
References:         #1065729 #1152472 #1152489 #1153274 #1154353 
                    #1154488 #1155518 #1155798 #1165933 #1167773 
                    #1168959 #1169771 #1171857 #1171988 #1172201 
                    #1173074 #1173849 #1173941 #1174072 #1174116 
                    #1174126 #1174127 #1174128 #1174129 #1174185 
                    #1174205 #1174247 #1174263 #1174264 #1174331 
                    #1174332 #1174333 #1174356 #1174362 #1174396 
                    #1174398 #1174407 #1174409 #1174411 #1174438 
                    #1174462 #1174513 #1174527 #1174627 #1174645 
                    
Cross-References:   CVE-2020-0305 CVE-2020-10135 CVE-2020-10781
                    CVE-2020-14331
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________

   An update that solves four vulnerabilities and has 41 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-10781: Fixed a denial of service issue in the ZRAM
     implementation (bnc#1173074).
   - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
     use-after-free due to a race condition. This could lead to local
     escalation of privilege with System execution privileges needed. User
     interaction is not needed for exploitation (bnc#1174462).
   - CVE-2020-10135: Legacy pairing and secure-connections pairing
     authentication in bluetooth may have allowed an unauthenticated user to
     complete authentication without pairing credentials via adjacent access.
     An unauthenticated, adjacent attacker could impersonate a Bluetooth
     BR/EDR master or slave to pair with a previously paired remote device to
     successfully complete the authentication procedure without knowing the
     link key (bnc#1171988).
   - CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update()
     (bnc#1174205).

   The following non-security bugs were fixed:

   - ACPICA: Dispatcher: add status checks (git-fixes).
   - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes).
   - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes).
   - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes).
   - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL
     (jsc#SLE-13261).
   - ALSA: hda/realtek - change to suitable link model for ASUS platform
     (git-fixes).
   - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
     ALC256 (git-fixes).
   - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401)
     series with ALC289 (git-fixes).
   - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes).
   - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes).
   - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
     Notebook Pen S (git-fixes).
   - ALSA: hda/realtek - fixup for yet another Intel reference board
     (git-fixes).
   - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
   - ALSA: line6: Perform sanity check for each URB creation (git-fixes).
   - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes).
   - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight
     S (git-fixes).
   - ALSA: usb-audio: Fix race against the error recovery URB submission
     (git-fixes).
   - apparmor: ensure that dfa state tables have entries (git-fixes).
   - apparmor: fix introspection of of task mode for unconfined tasks
     (git-fixes).
   - apparmor: Fix memory leak of profile proxy (git-fixes).
   - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes).
   - apparmor: remove useless aafs_create_symlink (git-fixes).
   - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
     (bsc#1174398).
   - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
     (bsc#1174398).
   - ASoC: codecs: max98373: Removed superfluous volume control from chip
     default (git-fixes).
   - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend
     (git-fixes).
   - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes).
   - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes).
   - ASoC: rt286: fix unexpected interrupt happens (git-fixes).
   - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the
     Lenovo Miix 2 10 (git-fixes).
   - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
   - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of
     10 (git-fixes).
   - ASoC: rt5682: Report the button event in the headset type only
     (git-fixes).
   - ASoC: topology: fix kernel oops on route addition error (git-fixes).
   - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes).
   - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes).
   - ASoC: wm8974: remove unsupported clock mode (git-fixes).
   - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes).
   - ath9k: Fix regression with Atheros 9271 (git-fixes).
   - ax88172a: fix ax88172a_unbind() failures (git-fixes).
   - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
     (bsc#1165933).
   - bnxt_en: Init ethtool link settings after reading updated PHY
     configuration (jsc#SLE-8371 bsc#1153274).
   - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518).
   - brcmfmac: Transform compatible string for FW loading (bsc#1169771).
   - bridge: Avoid infinite loop when suppressing NS messages with invalid
     options (networking-stable-20_06_10).
   - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes).
   - btrfs: add assertions for tree == inode->io_tree to extent IO helpers
     (bsc#1174438).
   - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range
     (bsc#1174438).
   - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
     (bsc#1174438).
   - btrfs: fix hang on snapshot creation after RWF_NOWAIT write
     (bsc#1174438).
   - btrfs: fix RWF_NOWAIT write not failling when we need to cow
     (bsc#1174438).
   - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO
     (bsc#1174438).
   - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
   - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes).
   - dccp: Fix possible memleak in dccp_init and dccp_fini
     (networking-stable-20_06_16).
   - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
   - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
   - /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
   - dmaengine: dmatest: stop completed threads when running without set
     channel (git-fixes).
   - dmaengine: dw: Initialize channel before each transfer (git-fixes).
   - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes).
   - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
     (git-fixes).
   - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes).
   - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler
     (git-fixes).
   - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes).
   - dm: do not use waitqueue for request-based DM (bsc#1165933).
   - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396).
   - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396).
   - drm/amd/display: Use kfree() to free rgb_user in
     calculate_user_regamma_ramp() (git-fixes).
   - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes).
   - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes).
   - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes).
   - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes).
   - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472)
   - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes).
   - drm/exynos: Properly propagate return value in drm_iommu_attach_device()
     (git-fixes).
   - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489)
   - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes).
   - drm/i915/gt: Only swap to a random sibling once upon creation
     (bsc#1152489)
   - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.
     (bsc#1152489)
   - drm: mcde: Fix display initialization problem (git-fixes).
   - drm/mediatek: Check plane visibility in atomic_update (git-fixes).
   - drm/msm/dpu: allow initialization of encoder locks during encoder init
     (git-fixes).
   - drm/msm: fix potential memleak in error branch (git-fixes).
   - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
     (git-fixes).
   - drm: panel-orientation-quirks: Use generic orientation-data for Acer
     S1003 (git-fixes).
   - drm/radeon: fix double free (git-fixes).
   - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes).
   - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes).
   - drm/tegra: hub: Do not enable orphaned window group (git-fixes).
   - exfat: add missing brelse() calls on error paths (git-fixes).
   - exfat: fix incorrect update of stream entry in __exfat_truncate()
     (git-fixes).
   - exfat: fix memory leak in exfat_parse_param() (git-fixes).
   - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes).
   - fpga: dfl: fix bug in port reset handshake (git-fixes).
   - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config
     file
   - fuse: copy_file_range should truncate cache (git-fixes).
   - fuse: fix copy_file_range cache issues (git-fixes).
   - geneve: fix an uninitialized value in geneve_changelink() (git-fixes).
   - gpio: pca953x: disable regmap locking for automatic address incrementing
     (git-fixes).
   - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes).
   - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
     (git-fixes).
   - gpu: host1x: Detach driver on unregister (git-fixes).
   - habanalabs: increase timeout during reset (git-fixes).
   - HID: logitech-hidpp: avoid repeated "multiplier = " log messages
     (git-fixes).
   - HID: magicmouse: do not set up autorepeat (git-fixes).
   - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes).
   - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes).
   - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
     (git-fixes).
   - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
     path (git-fixes).
   - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
     (git-fixes).
   - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes).
   - i2c: eg20t: Load module automatically if ID matches (git-fixes).
   - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes).
   - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes).
   - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes).
   - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes).
   - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes).
   - i40iw: Report correct firmware version (git-fixes).
   - IB/cma: Fix ports memory leak in cma_configfs (git-fixes).
   - IB/core: Fix potential NULL pointer dereference in pkey cache
     (git-fixes).
   - IB/hfi1: Do not destroy hfi1_wq when the device is shut down
     (bsc#1174409).
   - IB/hfi1: Do not destroy link_wq when the device is shut down
     (bsc#1174409).
   - IB/hfi1: Ensure pq is not left on waitlist (git-fixes).
   - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411).
   - IB/hfi1: Fix memory leaks in sysfs registration and unregistration
     (git-fixes).
   - IB/hfi1: Fix module use count flaw due to leftover module put calls
     (bsc#1174407).
   - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes).
   - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
     (git-fixes).
   - IB/mad: Fix use after free when destroying MAD agent (git-fixes).
   - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes).
   - IB/mlx5: Fix 50G per lane indication (git-fixes).
   - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
     (git-fixes).
   - IB/mlx5: Fix missing congestion control debugfs on rep rdma device
     (git-fixes).
   - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads
     (git-fixes).
   - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes).
   - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes).
   - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes).
   - ieee802154: fix one possible memleak in adf7242_probe (git-fixes).
   - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()'
     (git-fixes).
   - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes).
   - iio:health:afe4404 Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes).
   - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes).
   - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes).
   - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes).
   - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
     (git-fixes).
   - iio:pressure:ms5611 Fix buffer element alignment (git-fixes).
   - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes).
   - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes).
   - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes).
   - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes).
   - Input: mms114 - add extra compatible for mms345l (git-fixes).
   - intel_th: Fix a NULL dereference when hub driver is not loaded
     (git-fixes).
   - intel_th: pci: Add Emmitsburg PCH support (git-fixes).
   - intel_th: pci: Add Jasper Lake CPU support (git-fixes).
   - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes).
   - iommu/arm-smmu-v3: Do not reserve implementation defined register space
     (bsc#1174126).
   - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127).
   - iommu/vt-d: Update scalable mode paging structure coherency
     (bsc#1174128).
   - ionic: centralize queue reset code (bsc#1167773).
   - ionic: fix up filter locks and debug msgs (bsc#1167773).
   - ionic: keep rss hash after fw update (bsc#1167773).
   - ionic: update filter id after replay (bsc#1167773).
   - ionic: update the queue count on open (bsc#1167773).
   - ionic: use mutex to protect queue operations (bsc#1167773).
   - ionic: use offset for ethtool regs data (bsc#1167773).
   - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
   - keys: asymmetric: fix error return code in software_key_query()
     (git-fixes).
   - KVM: nVMX: always update CR3 in VMCS (git-fixes).
   - l2tp: add sk_family checks to l2tp_validate_socket
     (networking-stable-20_06_07).
   - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
   - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and
     strnlen_user() (bsc#1174331).
   - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
     (git-fixes).
   - mei: bus: do not clean driver pointer (git-fixes).
   - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602).
   - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3
     (bsc#1154488).
   - mlxsw: core: Use different get_trend() callbacks for different thermal
     zones (networking-stable-20_06_10).
   - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
     (git-fixes).
   - mmc: sdhci: do not enable card detect interrupt for gpio cd type
     (git-fixes).
   - mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
     (bsc#1174527).
   - nbd: Fix memory leak in nbd_add_socket (git-fixes).
   - net: be more gentle about silly gso requests coming from user
     (networking-stable-20_06_07).
   - net: check untrusted gso_size at kernel entry
     (networking-stable-20_06_07).
   - netdevsim: fix unbalaced locking in nsim_create() (git-fixes).
   - net: dsa: bcm_sf2: Fix node reference count (git-fixes).
   - net_failover: fixed rollback in net_failover_open()
     (networking-stable-20_06_10).
   - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c
     (bsc#1171857).
   - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and
     exit helpers (bsc#1171857).
   - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c
     (bsc#1171857).
   - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit
     helpers (bsc#1171857).
   - net: fsl/fman: treat all RGMII modes in memac_adjust_link()
     (bsc#1174398).
   - net: hns3: check reset pending after FLR prepare (bsc#1154353).
   - net: hns3: fix error handling for desc filling (git-fixes).
   - net: hns3: fix for not calculating TX BD send size correctly (git-fixes).
   - net: hns3: fix return value error when query MAC link status fail
     (git-fixes).
   - net: ipv4: Fix wrong type conversion from hint to rt in
     ip_route_use_hint() (bsc#1154353).
   - net: macb: call pm_runtime_put_sync on failure path (git-fixes).
   - net/mlx5: drain health workqueue in case of driver load error
     (networking-stable-20_06_16).
   - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash
     (jsc#SLE-8464).
   - net/mlx5e: Fix repeated XSK usage on one channel
     (networking-stable-20_06_16).
   - net/mlx5e: Fix VXLAN configuration restore after function reload
     (jsc#SLE-8464).
   - net/mlx5: Fix fatal error handling during device load
     (networking-stable-20_06_16).
   - net: phy: realtek: add support for configuring the RX delay on RTL8211F
     (bsc#1174398).
   - net/smc: fix restoring of fallback changes (git-fixes).
   - net: stmmac: do not attach interface until resume finishes (bsc#1174072).
   - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072).
   - net: stmmac: dwc-qos: use generic device api (bsc#1174072).
   - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
     v5.10a (networking-stable-20_06_07).
   - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072).
   - net/tls: fix encryption error checking (git-fixes).
   - net/tls: free record only on encryption error (git-fixes).
   - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
     (networking-stable-20_06_07).
   - nfc: nci: add missed destroy_workqueue in nci_register_device
     (git-fixes).
   - nfp: flower: fix used time of merge flow statistics
     (networking-stable-20_06_07).
   - NFS: Fix interrupted slots by sending a solo SEQUENCE operation
     (bsc#1174264).
   - NTB: Fix static check warning in perf_clear_test (git-fixes).
   - NTB: Fix the default port and peer numbers for legacy drivers
     (git-fixes).
   - ntb: hw: remove the code that sets the DMA mask (git-fixes).
   - NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes).
   - NTB: ntb_test: Fix bug when counting remote files (git-fixes).
   - NTB: ntb_tool: reading the link file should not end in a NULL byte
     (git-fixes).
   - NTB: perf: Do not require one more memory window than number of peers
     (git-fixes).
   - NTB: perf: Fix race condition when run with ntb_test (git-fixes).
   - NTB: perf: Fix support for hardware that does not have port numbers
     (git-fixes).
   - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes).
   - NTB: Revert the change to use the NTB device dev for DMA allocations
     (git-fixes).
   - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes).
   - ovl: inode reference leak in ovl_is_inuse true case (git-fixes).
   - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes).
   - padata: kABI fixup for struct padata_instance splitting nodes
     (git-fixes).
   - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership
     (bsc#1174356).
   - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
   - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513).
   - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2
     (bsc#1172201).
   - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
   - percpu: Separate decrypted varaibles anytime encryption can be enabled
     (bsc#1174332).
   - phy: sun4i-usb: fix dereference of pointer phy0 before it is null
     checked (git-fixes).
   - platform/x86: ISST: Increase timeout (bsc#1174185).
   - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable
     pkey (bsc#1065729).
   - powerpc/fadump: fix race between pstore write and fadump crash trigger
     (bsc#1168959 ltc#185010).
   - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes).
   - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
   - qed: suppress "do not support RoCE & iWARP" flooding on HW init
     (git-fixes).
   - qed: suppress false-positives interrupt error messages on HW init
     (git-fixes).
   - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
     (git-fixes).
   - RDMA/cma: Protect bind_list and listen_list while finding matching cm id
     (git-fixes).
   - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes).
   - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes).
   - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id()
     (git-fixes).
   - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes).
   - RDMA/cm: Remove a race freeing timewait_info (git-fixes).
   - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
     (git-fixes).
   - RDMA/core: Fix double destruction of uobject (git-fixes).
   - RDMA/core: Fix double put of resource (git-fixes).
   - RDMA/core: Fix missing error check on dev_set_name() (git-fixes).
   - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes).
   - RDMA/core: Fix race between destroy and release FD object (git-fixes).
   - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes).
   - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes).
   - RDMA/counter: Query a counter before release (git-fixes).
   - RDMA/efa: Set maximum pkeys device attribute (git-fixes).
   - RDMA/hns: Bugfix for querying qkey (git-fixes).
   - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes).
   - RDMA/iwcm: Fix iwcm work deallocation (git-fixes).
   - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes).
   - RDMA/mad: Do not crash if the rdma device does not have a umad interface
     (git-fixes).
   - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
     (git-fixes).
   - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes).
   - RDMA/mlx5: Add init2init as a modify command (git-fixes).
   - RDMA/mlx5: Fix access to wrong pointer while performing flush due to
     error (git-fixes).
   - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes).
   - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes).
   - RDMA/mlx5: Prevent prefetch from racing with implicit destruction
     (jsc#SLE-8446).
   - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes).
   - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes).
   - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes).
   - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
     (git-fixes).
   - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes).
   - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
     (git-fixes).
   - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes).
   - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes).
   - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes).
   - RDMA/rxe: Set default vendor ID (git-fixes).
   - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
     (git-fixes).
   - RDMA/siw: Fix failure handling during device creation (git-fixes).
   - RDMA/siw: Fix passive connection establishment (git-fixes).
   - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes).
   - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr()
     (git-fixes).
   - RDMA/siw: Fix reporting vendor_part_id (git-fixes).
   - RDMA/siw: Fix setting active_mtu attribute (git-fixes).
   - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes).
   - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes).
   - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes).
   - regmap: debugfs: Do not sleep while atomic for fast_io regmaps
     (git-fixes).
   - regmap: fix alignment issue (git-fixes).
   - regmap: Fix memory leak from regmap_register_patch (git-fixes).
   - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes).
   - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes).
   - Revert "thermal: mediatek: fix register index error" (git-fixes).
   - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
     (git-fixes).
   - rtnetlink: Fix memory(net_device) leak when ->newlink fails
     (bsc#1154353).
   - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
   - s390: fix syscall_get_error for compat processes (git-fixes).
   - s390/ism: fix error return code in ism_probe() (git-fixes).
   - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes).
   - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes).
   - s390/qdio: consistently restore the IRQ handler (git-fixes).
   - s390/qdio: put thinint indicator after early error (git-fixes).
   - s390/qdio: tear down thinint indicator after early error (git-fixes).
   - s390/qeth: fix error handling for isolation mode cmds (git-fixes).
   - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU
     scheduler functional and performance backports)).
   - scsi: libfc: free response frame from GPN_ID (bsc#1173849).
   - scsi: libfc: Handling of extra kref (bsc#1173849).
   - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849).
   - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted
     (bsc#1173849).
   - scsi: libfc: Skip additional kref updating work event (bsc#1173849).
   - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes).
   - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
     (git-fixes).
   - selftests/net: in rxtimestamp getopt_long needs terminating null entry
     (networking-stable-20_06_16).
   - selinux: fall back to ref-walk if audit is required (bsc#1174333).
   - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
     (bsc#1174333).
   - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941).
   - SMB3: Honor lease disabling for multiuser mounts (git-fixes).
   - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes).
   - spi: spidev: fix a potential use-after-free in spidev_release()
     (git-fixes).
   - spi: spidev: fix a race between spidev_release and spidev_remove
     (git-fixes).
   - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
     (git-fixes).
   - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
     (git-fixes).
   - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
     (git-fixes).
   - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
     (git-fixes).
   - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
     (git-fixes).
   - staging: comedi: verify array index is correct before using it
     (git-fixes).
   - SUNRPC dont update timeout value on connection reset (bsc#1174263).
   - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116).
   - tcp: md5: allow changing MD5 keys in all socket states (git-fixes).
   - thermal/drivers: imx: Fix missing of_node_put() at probe time
     (git-fixes).
   - thermal: int3403_thermal: Downgrade error message (git-fixes).
   - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362).
   - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
     (git-fixes).
   - tty: hvc_console, fix crashes on parallel open/close (git-fixes).
   - udp: Copy has_conns in reuseport_grow() (git-fixes).
   - udp: Improve load balancing for SO_REUSEPORT (git-fixes).
   - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes).
   - usb: chipidea: core: add wakeup support for extcon (git-fixes).
   - usb: dwc2: Fix shutdown callback in platform (git-fixes).
   - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
     (git-fixes).
   - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes).
   - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes).
   - usb: gadget: udc: atmel: fix uninitialized read in debug printk
     (git-fixes).
   - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
     (git-fixes).
   - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes).
   - USB: serial: ch341: add new Product ID for CH340 (git-fixes).
   - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes).
   - USB: serial: iuu_phoenix: fix memory corruption (git-fixes).
   - USB: serial: option: add GosunCn GM500 series (git-fixes).
   - USB: serial: option: add Quectel EG95 LTE modem (git-fixes).
   - usb: tegra: Fix allocation for the FPCI context (git-fixes).
   - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129).
   - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc
     serial (git-fixes).
   - virt: vbox: Fix guest capabilities mask check (git-fixes).
   - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to
     match upstream (git-fixes).
   - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
   - vxlan: Avoid infinite loop when suppressing NS messages with invalid
     options (networking-stable-20_06_10).
   - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202).
   - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes).
   - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):

      kernel-azure-5.3.18-18.12.1
      kernel-azure-debuginfo-5.3.18-18.12.1
      kernel-azure-debugsource-5.3.18-18.12.1
      kernel-azure-devel-5.3.18-18.12.1
      kernel-azure-devel-debuginfo-5.3.18-18.12.1
      kernel-syms-azure-5.3.18-18.12.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):

      kernel-devel-azure-5.3.18-18.12.1
      kernel-source-azure-5.3.18-18.12.1


References:

   https://www.suse.com/security/cve/CVE-2020-0305.html
   https://www.suse.com/security/cve/CVE-2020-10135.html
   https://www.suse.com/security/cve/CVE-2020-10781.html
   https://www.suse.com/security/cve/CVE-2020-14331.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1154488
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1155798
   https://bugzilla.suse.com/1165933
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1168959
   https://bugzilla.suse.com/1169771
   https://bugzilla.suse.com/1171857
   https://bugzilla.suse.com/1171988
   https://bugzilla.suse.com/1172201
   https://bugzilla.suse.com/1173074
   https://bugzilla.suse.com/1173849
   https://bugzilla.suse.com/1173941
   https://bugzilla.suse.com/1174072
   https://bugzilla.suse.com/1174116
   https://bugzilla.suse.com/1174126
   https://bugzilla.suse.com/1174127
   https://bugzilla.suse.com/1174128
   https://bugzilla.suse.com/1174129
   https://bugzilla.suse.com/1174185
   https://bugzilla.suse.com/1174205
   https://bugzilla.suse.com/1174247
   https://bugzilla.suse.com/1174263
   https://bugzilla.suse.com/1174264
   https://bugzilla.suse.com/1174331
   https://bugzilla.suse.com/1174332
   https://bugzilla.suse.com/1174333
   https://bugzilla.suse.com/1174356
   https://bugzilla.suse.com/1174362
   https://bugzilla.suse.com/1174396
   https://bugzilla.suse.com/1174398
   https://bugzilla.suse.com/1174407
   https://bugzilla.suse.com/1174409
   https://bugzilla.suse.com/1174411
   https://bugzilla.suse.com/1174438
   https://bugzilla.suse.com/1174462
   https://bugzilla.suse.com/1174513
   https://bugzilla.suse.com/1174527
   https://bugzilla.suse.com/1174627
   https://bugzilla.suse.com/1174645



More information about the sle-security-updates mailing list