SUSE-SU-2020:1663-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jun 18 07:37:50 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1663-1
Rating:             important
References:         #1050244 #1051510 #1051858 #1058115 #1061840 
                    #1065600 #1065729 #1071995 #1085030 #1086301 
                    #1086313 #1086314 #1089895 #1109911 #1114279 
                    #1118338 #1120386 #1134973 #1143959 #1144333 
                    #1151910 #1151927 #1153917 #1154243 #1154824 
                    #1156286 #1157155 #1157157 #1157692 #1158013 
                    #1158021 #1158026 #1158265 #1158819 #1159028 
                    #1159198 #1159271 #1159285 #1159394 #1159483 
                    #1159484 #1159569 #1159588 #1159841 #1159908 
                    #1159909 #1159910 #1159911 #1159955 #1160195 
                    #1160210 #1160211 #1160218 #1160433 #1160442 
                    #1160476 #1160560 #1160755 #1160756 #1160784 
                    #1160787 #1160802 #1160803 #1160804 #1160917 
                    #1160966 #1161087 #1161514 #1161518 #1161522 
                    #1161523 #1161549 #1161552 #1161555 #1161674 
                    #1161931 #1161933 #1161934 #1161935 #1161936 
                    #1161937 #1161951 #1162067 #1162109 #1162139 
                    #1162928 #1162929 #1162931 #1163971 #1164051 
                    #1164069 #1164078 #1164705 #1164712 #1164727 
                    #1164728 #1164729 #1164730 #1164731 #1164732 
                    #1164733 #1164734 #1164735 #1164871 #1165111 
                    #1165741 #1165873 #1165881 #1165984 #1165985 
                    #1166969 #1167421 #1167423 #1167629 #1168075 
                    #1168276 #1168295 #1168424 #1168670 #1168829 
                    #1168854 #1169390 #1169514 #1169625 #1170056 
                    #1170345 #1170617 #1170618 #1170621 #1170778 
                    #1170901 #1171098 #1171189 #1171191 #1171195 
                    #1171202 #1171205 #1171217 #1171218 #1171219 
                    #1171220 #1171689 #1171982 #1171983 #1172221 
                    #1172317 #1172453 #1172458 
Cross-References:   CVE-2018-1000199 CVE-2019-14615 CVE-2019-14896
                    CVE-2019-14897 CVE-2019-16994 CVE-2019-19036
                    CVE-2019-19045 CVE-2019-19054 CVE-2019-19318
                    CVE-2019-19319 CVE-2019-19447 CVE-2019-19462
                    CVE-2019-19768 CVE-2019-19770 CVE-2019-19965
                    CVE-2019-19966 CVE-2019-20054 CVE-2019-20095
                    CVE-2019-20096 CVE-2019-20810 CVE-2019-20812
                    CVE-2019-3701 CVE-2019-9455 CVE-2019-9458
                    CVE-2020-0543 CVE-2020-10690 CVE-2020-10711
                    CVE-2020-10720 CVE-2020-10732 CVE-2020-10751
                    CVE-2020-10757 CVE-2020-10942 CVE-2020-11494
                    CVE-2020-11608 CVE-2020-11609 CVE-2020-11669
                    CVE-2020-12114 CVE-2020-12464 CVE-2020-12652
                    CVE-2020-12653 CVE-2020-12654 CVE-2020-12655
                    CVE-2020-12656 CVE-2020-12657 CVE-2020-12769
                    CVE-2020-13143 CVE-2020-2732 CVE-2020-7053
                    CVE-2020-8428 CVE-2020-8647 CVE-2020-8648
                    CVE-2020-8649 CVE-2020-8834 CVE-2020-8992
                    CVE-2020-9383
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that solves 55 vulnerabilities and has 93 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 kernel was updated receive various security
   and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-0543: Fixed a side channel attack against special registers
     which could have resulted in leaking of read values to cores other than
     the one which called it. This attack is known as Special Register Buffer
     Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824).
   - CVE-2020-9383: Fixed an out-of-bounds read due to improper error
     condition check of FDC index (bsc#1165111).
   - CVE-2020-8992: Fixed an issue which could have allowed attackers to
     cause a soft lockup via a crafted journal size (bsc#1164069).
   - CVE-2020-8834: Fixed a stack corruption which could have lead to kernel
     panic (bsc#1168276).
   - CVE-2020-8649: Fixed a use-after-free in the vgacon_invert_region
     function in drivers/video/console/vgacon.c (bsc#1162931).
   - CVE-2020-8648: Fixed a use-after-free in the n_tty_receive_buf_common
     function in drivers/tty/n_tty.c (bsc#1162928).
   - CVE-2020-8647: Fixed a use-after-free in the vc_do_resize function in
     drivers/tty/vt/vt.c (bsc#1162929).
   - CVE-2020-8428: Fixed a use-after-free which could have allowed local
     users to cause a denial of service (bsc#1162109).
   - CVE-2020-7053: Fixed a use-after-free in the i915_ppgtt_close function
     in drivers/gpu/drm/i915/i915_gem_gtt.c (bsc#1160966).
   - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may
     trick the L0 hypervisor into accessing sensitive L1 resources
     (bsc#1163971).
   - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store
     in drivers/usb/gadget/configfs.c (bsc#1171982).
   - CVE-2020-12769: Fixed an issue which could have allowed attackers to
     cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one
     (bsc#1171983).
   - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).
   - CVE-2020-12656: Fixed an improper handling of certain domain_release
     calls leadingch could have led to a memory leak (bsc#1171219).
   - CVE-2020-12655: Fixed an issue which could have allowed attackers to
     trigger a sync of excessive duration via an XFS v5 image with crafted
     metadata (bsc#1171217).
   - CVE-2020-12654: Fixed an issue in he wifi driver which could have
     allowed a remote AP to trigger a heap-based buffer overflow
     (bsc#1171202).
   - CVE-2020-12653: Fixed an issue in the wifi driver which could have
     allowed local users to gain privileges or cause a denial of service
     (bsc#1171195).
   - CVE-2020-12652: Fixed an issue which could have allowed local users to
     hold an incorrect lock during the ioctl operation and trigger a race
     condition (bsc#1171218).
   - CVE-2020-12464: Fixed a use-after-free due to a transfer without a
     reference (bsc#1170901).
   - CVE-2020-12114: Fixed a pivot_root race condition which could have
     allowed local users to cause a denial of service (panic) by corrupting a
     mountpoint reference counter (bsc#1171098).
   - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S
     did not have save/restore functionality for PNV_POWERSAVE_AMR,
     PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
   - CVE-2020-11609: Fixed a null pointer dereference due to improper
     handling of descriptors (bsc#1168854).
   - CVE-2020-11608: Fixed a null pointer dereferences via a crafted USB
     (bsc#1168829).
   - CVE-2020-11494: Fixed an issue which could have allowed attackers to
     read uninitialized can_frame data (bsc#1168424).
   - CVE-2020-10942: Fixed a kernel stack corruption via crafted system calls
     (bsc#1167629).
   - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap
     could have caused user PTE access (bsc#1172317).
   - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook
     where it was assumed that an skb would only contain a single netlink
     message (bsc#1171189).
   - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to
     uninitialized data (bsc#1171220).
   - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags()
     (bsc#1170778).
   - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem
     which could have allowed a remote network user to crash the kernel
     resulting in a denial of service (bsc#1171191).
   - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev
     (bsc#1170056).
   - CVE-2019-9458: Fixed a use after free due to a race condition which
     could have led to privilege escalation of privilege (bsc#1168295).
   - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a
     video driver. This could lead to local information disclosure with
     System execution privileges needed (bsc#1170345).
   - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a
     system crash (bsc#1120386).
   - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could
     have resulted in a denial of service (bsc#1172453).
   - CVE-2019-20810: Fixed a memory leak in due to not calling of
     snd_card_free (bsc#1172458).
   - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in
     net/dccp/feat.c, which could have caused denial of service (bsc#1159908).
   - CVE-2019-20095: Fixed an improper error-handling cases that did not free
     allocated hostcmd memory which was causing memory leak (bsc#1159909).
   - CVE-2019-20054: Fixed a null pointer dereference in drop_sysctl_table()
     in fs/proc/proc_sysctl.c, related to put_links (bsc#1159910).
   - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() which could have
     caused denial of service (bsc#1159841).
   - CVE-2019-19965: Fixed a null pointer dereference, due to mishandling of
     port disconnection during discovery (bsc#1159911).
   - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function
     (bsc#1159198).
   - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function
     in kernel/trace/blktrace.c (bsc#1159285).
   - CVE-2019-19462: Fixed an issue which could have allowed local user to
     cause denial of service (bsc#1158265).
   - CVE-2019-19447: Fixed a user after free via a crafted ext4 filesystem
     image (bsc#1158819).
   - CVE-2019-19319: Fixed a user after free when a large old_size value is
     used in a memset call (bsc#1158021).
   - CVE-2019-19318: Fixed a use after free via a crafted btrfs image
     (bsc#1158026).
   - CVE-2019-19054: Fixed a memory leak in the cx23888_ir_probe() which
     could have allowed attackers to cause a denial of service (bsc#1161518).
   - CVE-2019-19045: Fixed a memory leak in which could have allowed
     attackers to cause a denial of service (bsc#1161522).
   - CVE-2019-19036: Fixed a null pointer dereference in btrfs_root_node
     (bsc#1157692).
   - CVE-2019-16994: Fixed a memory leak which might have caused denial of
     service (bsc#1161523).
   - CVE-2019-14897: Fixed a stack overflow in Marvell Wifi Driver
     (bsc#1157155).
   - CVE-2019-14896: Fixed a heap overflow in Marvell Wifi Driver
     (bsc#1157157).
   - CVE-2019-14615: Fixed an improper control flow in certain data
     structures which could have led to information disclosure (bsc#1160195).
   - CVE-2018-1000199: Fixed a potential local code execution via ptrace
     (bsc#1089895).

   The following non-security bugs were fixed:

   - 6pack,mkiss: fix possible deadlock (bsc#1051510).
   - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510).
   - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
     (bsc#1051510).
   - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
     (bsc#1051510).
   - af_packet: set defaule value for tmo (bsc#1051510).
   - ALSA: control: remove useless assignment in .info callback of PCM chmap
     element (git-fixes).
   - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes).
   - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
     (git-fixes).
   - ALSA: hda/analog - Minor optimization for SPDIF mux connections
     (git-fixes).
   - ALSA: hda/ca0132 - Avoid endless loop (git-fixes).
   - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes).
   - ALSA: hda/ca0132 - Keep power on during processing DSP response
     (git-fixes).
   - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes).
   - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes).
   - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510).
   - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510).
   - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
     (bsc#1051510).
   - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes).
   - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
   - ALSA: sh: Fix compile warning wrt const (git-fixes).
   - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510).
   - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
   - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510).
   - arm64: Revert support for execute-only user mappings (bsc#1160218).
   - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
   - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510).
   - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
     (bsc#1051510).
   - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
     (bsc#1051510).
   - ASoC: wm8962: fix lambda value (git-fixes).
   - ath10k: fix fw crash by moving chip reset after napi disabled
     (bsc#1051510).
   - ath9k: fix storage endpoint lookup (git-fixes).
   - a typo in %kernel_base_conflicts macro name
   - batman-adv: Fix DAT candidate selection on little endian systems
     (bsc#1051510).
   - bcma: remove set but not used variable 'sizel' (git-fixes).
   - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
   - blktrace: fix dereference after null check (bsc#1159285).
   - blktrace: fix trace mutex deadlock (bsc#1159285).
   - bonding: fix active-backup transition after link failure (git-fixes).
   - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510).
   - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510).
   - brcmfmac: fix interface sanity check (git-fixes).
   - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes).
   - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes).
   - btrfs: abort transaction after failed inode updates in create_subvol
     (bsc#1161936).
   - btrfs: add missing extents release on file extent cluster relocation
     error (bsc#1159483).
   - btrfs: avoid fallback to transaction commit during fsync of files with
     holes (bsc#1159569).
   - btrfs: dev-replace: remove warning for unknown return codes when
     finished (dependency for bsc#1162067).
   - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934).
   - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910).
   - btrfs: fix block group remaining RO forever after error during device
     replace (bsc#1160442).
   - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243).
   - btrfs: fix infinite loop during nocow writeback due to race
     (bsc#1160804).
   - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
   - btrfs: fix missing data checksums after replaying a log tree
     (bsc#1161931).
   - btrfs: fix negative subv_writers counter and data space leak after
     buffered write (bsc#1160802).
   - btrfs: fix removal logic of the tree mod log that leads to
     use-after-free issues (bsc#1160803).
   - btrfs: fix selftests failure due to uninitialized i_mode in test inodes
     (Fix for dependency of bsc#1157692).
   - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937).
   - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973).
   - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
     (dependency for bsc#1157692).
   - btrfs: make tree checker detect checksum items with overlapping ranges
     (bsc#1161931).
   - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
     (dependency for bsc#1157692).
   - btrfs: record all roots for rename exchange on a subvol (bsc#1161933).
   - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
   - btrfs: scrub: Require mandatory block group RO for dev-replace
     (bsc#1162067).
   - btrfs: send, skip backreference walking for extents with many references
     (bsc#1162139).
   - btrfs: skip log replay on orphaned roots (bsc#1161935).
   - btrfs: tree-checker: Check chunk item at tree block read time
     (dependency for bsc#1157692).
   - btrfs: tree-checker: Check level for leaves and nodes (dependency for
     bsc#1157692).
   - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
     (dependency for bsc#1157692).
   - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency
     of bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_block_group_item
     (dependency for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_extent_data_item
     (dependency for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN
     instead of EIO (dependency for bsc#1157692).
   - btrfs: tree-checker: Make chunk item checker messages more readable
     (dependency for bsc#1157692).
   - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
   - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
   - btrfs: volumes: Use more straightforward way to calculate map length
     (bsc#1151910).
   - can: can_dropped_invalid_skb(): ensure an initialized headroom in
     outgoing CAN sk_buffs (bsc#1051510).
   - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
     (bsc#1051510).
   - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from
     polling to irq mode (bsc#1051510).
   - can, slip: Protect tty->disc_data in write_wakeup and close with RCU
     (bsc#1051510).
   - cfg80211: check for set_wiphy_params (bsc#1051510).
   - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
   - cfg80211/mac80211: make ieee80211_send_layer2_update a public function
     (bsc#1051510).
   - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
   - CIFS: add support for flock (bsc#1144333).
   - CIFS: Close cached root handle only if it had a lease (bsc#1144333).
   - CIFS: Close open handle after interrupted close (bsc#1144333).
   - CIFS: close the shared root handle on tree disconnect (bsc#1144333).
   - CIFS: Do not miss cancelled OPEN responses (bsc#1144333).
   - CIFS: Fix lookup of root ses in DFS referral cache (bsc#1144333).
   - CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd()
     (bsc#1144333).
   - CIFS: Fix mount options set in automount (bsc#1144333).
   - CIFS: Fix NULL pointer dereference in mid callback (bsc#1144333).
   - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
     (bsc#1144333).
   - CIFS: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
   - CIFS: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
   - CIFS: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
   - CIFS: Properly process SMB3 lease breaks (bsc#1144333).
   - CIFS: remove set but not used variables 'cinode' and 'netfid'
     (bsc#1144333).
   - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
   - clk: Do not try to enable critical clocks if prepare failed
     (bsc#1051510).
   - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
   - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
   - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
     (bsc#1051510).
   - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
   - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls
     (bsc#1051510).
   - clocksource/drivers/bcm2835_timer: Fix memory leak of timer
     (bsc#1051510).
   - clocksource/drivers/hyper-v: Set TSC clocksource as default w/
     InvariantTSC (bsc#1170621).
   - copy/pasted "Recommends:" instead of "Provides:", "Obsoletes:" and
     "Conflicts:
   - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510).
   - crypto: api - Check spawn->alg under lock in crypto_drop_spawn
     (bsc#1051510).
   - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510).
   - crypto: atmel-sha - fix error handling when setting hmac key
     (bsc#1051510).
   - crypto: ccp - fix uninitialized list head (bsc#1051510).
   - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510).
   - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
     (bsc#1051510).
   - crypto: picoxcell - adjust the position of tasklet_init and fix missed
     tasklet_kill (bsc#1051510).
   - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix).
   - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198
     bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: call debugfs_real_fops() only after debugfs_file_get()
     (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198
     bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation
     (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198).
     Prerequisite for bsc#1159198.
   - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198
     bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911).
     Prerequisite for bsc#1159198.
   - debugfs: implement per-file removal protection (bsc#1159198
     bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: purge obsolete SRCU based removal protection (bsc#1159198
     bsc#1109911). Prerequisite for bsc#1159198.
   - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite
     for bsc#1159198.
   - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510).
   - dmaengine: coh901318: Remove unused variable (bsc#1051510).
   - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510).
   - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510).
   - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup
     (bsc#1159955 ltc#182993).
   - drivers/base/memory.c: do not access uninitialized memmaps in
     soft_offline_page_store() (bsc#1051510).
   - drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic
     (bsc#1170617).
   - drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr
     (bsc#1170617).
   - drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618).
   - drivers: hv: vmus: Fix the check for return value from kmsg get dump
     buffer (bsc#1170617).
   - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind'
     (bsc#1051510).
   - drm/amdgpu: remove 4 set but not used variable in
     amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510).
   - drm/amdgpu: remove always false comparison in
     'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510).
   - drm/amdgpu: remove set but not used variable 'amdgpu_connector'
     (bsc#1051510).
   - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510).
   - drm/amdgpu: remove set but not used variable 'dig_connector'
     (bsc#1051510).
   - drm/amdgpu: remove set but not used variable 'mc_shared_chmap'
     (bsc#1051510).
   - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from
     'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510).
   - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510).
   - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
   - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
   - drm/i810: Prevent underflow in ioctl (bsc#1114279)
   - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510).
   - drm/i915: Fix pid leak with banned clients (bsc#1114279)
   - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).
   - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510).
   - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
     (bsc#1051510).
   - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
     (bsc#1051510).
   - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
   - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)
   - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510).
   - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510).
   - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
     (bsc#1051510).
   - exit: panic before exit_mm() on global init exit (bsc#1161549).
   - extcon: max8997: Fix lack of path setting in USB device mode
     (bsc#1051510).
   - firestream: fix memory leaks (bsc#1051510).
   - fix autofs regression caused by follow_managed() changes (bsc#1159271).
   - fix dget_parent() fastpath race (bsc#1159271).
   - Fix partial checked out tree build ... so that bisection does not break.
   - fjes: fix missed check in fjes_acpi_add (bsc#1051510).
   - fs: cifs: Fix atime update check vs mtime (bsc#1144333).
   - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271).
   - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271).
   - fs/xfs: fix f_ffree value for statfs when project quota is set
     (bsc#1165985).
   - ftrace: Avoid potential division by zero in function profiler
     (bsc#1160784).
   - futex: Prevent robust futex exit race (bsc#1161555).
   - gpio: Fix error message on out-of-range GPIO in lookup table
     (bsc#1051510).
   - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
   - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
   - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).
   - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
   - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
     (bsc#1051510).
   - hwmon: (core) Do not use device managed functions for memory allocations
     (bsc#1051510).
   - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510).
   - i2c: imx: do not print error message on probe defer (bsc#1051510).
   - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198
     bsc#1109911). Prerequisite for bsc#1159198.
   - ibmveth: Detect unsupported packets before sending to the hypervisor
     (bsc#1159484 ltc#182983).
   - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625
     ltc#184611).
   - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510).
   - iio: buffer: align the size of scan bytes to size of the largest element
     (bsc#1051510).
   - inet: protect against too small mtu values (networking-stable-19_12_16).
   - Input: add safety guards to input_set_keycode() (bsc#1168075).
   - Input: aiptek - fix endpoint sanity check (bsc#1051510).
   - Input: cyttsp4_core - fix use after free bug (bsc#1051510).
   - Input: goodix - add upside-down quirk for Teclast X89 tablet
     (bsc#1051510).
   - Input: gtco - fix endpoint sanity check (bsc#1051510).
   - Input: keyspan-remote - fix control-message timeouts (bsc#1051510).
   - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510).
   - Input: pm8xxx-vib - fix handling of separate enable register
     (bsc#1051510).
   - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510).
   - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register
     (bsc#1051510).
   - Input: sur40 - fix interface sanity checks (bsc#1051510).
   - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers
     (bsc#1051510).
   - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510).
   - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510).
   - iommu: Remove device link to group on failure (bsc#1160755).
   - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).
   - iwlegacy: ensure loop counter addr does not wrap and cause an infinite
     loop (git-fixes).
   - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510).
   - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510).
   - kABI: protect struct sctp_ep_common (kabi).
   - kABI: restore debugfs_remove_recursive() (bsc#1159198).
   - kABI workaround for can/skb.h inclusion (bsc#1051510).
   - kernel/trace: Fix do not unregister tracepoints when register
     sched_migrate_task fail (bsc#1160787).
   - KEYS: reaching the keys quotas correctly (bsc#1171689).
   - KVM: fix spectrev1 gadgets (bsc#1164705).
   - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD
     (bsc#1160476).
   - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF
     attacks (bsc#1164734).
   - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
     (bsc#1164728).
   - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
     (bsc#1164729).
   - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF
     attacks (bsc#1164712).
   - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
     (bsc#1164730).
   - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF
     attacks in x86.c (bsc#1164733).
   - KVM: x86: Protect MSR-based index computations in
     fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731).
   - KVM: x86: Protect MSR-based index computations in pmu.h from
     Spectre-v1/L1TF attacks (bsc#1164732).
   - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735).
   - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
     (bsc#1164705).
   - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
     (bsc#1164727).
   - leds: Allow to call led_classdev_unregister() unconditionally
     (bsc#1161674).
   - leds: class: ensure workqueue is initialized before setting brightness
     (bsc#1161674).
   - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510).
   - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
     (bsc#1051510).
   - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly
     (bsc#1071995).
   - livepatch/selftest: Clean up shadow variable names and type
     (bsc#1071995).
   - mac80211: Do not send Layer 2 Update frame before authorization
     (bsc#1051510).
   - macvlan: do not assume mac_header is set in macvlan_broadcast()
     (bsc#1051510).
   - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
     (bsc#1051510).
   - md/raid0: Fix buffer overflow at debug print (bsc#1164051).
   - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510).
   - media: cec: report Vendor ID after initialization (bsc#1051510).
   - media: iguanair: fix endpoint sanity check (bsc#1051510).
   - media: ov519: add missing endpoint sanity checks (bsc#1168829).
   - media: pulse8-cec: return 0 when invalidating the logical address
     (bsc#1051510).
   - media: stkwebcam: Bugfix for wrong return values (bsc#1051510).
   - media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
   - media: uvcvideo: Avoid cyclic entity chains due to malformed USB
     descriptors (bsc#1051510).
   - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510).
   - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
     (bsc#1051510).
   - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b
     ("rpm/kernel-subpackage-spec: Unify dependency handling.") Fixes:
     3fd22e219f77 ("rpm/kernel-subpackage-spec: Fix empty Recommends tag
     (bsc#1143959)")
   - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510).
   - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510).
   - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510).
   - mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204
     support" (bsc#1051510).
   - mmc: tegra: fix SDR50 tuning override (bsc#1051510).
   - mm: memory_hotplug: use put_device() if device_register fail
     (bsc#1159955 ltc#182993).
   - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
     (bsc#1159394).
   - mwifiex: drop most magic numbers from
     mwifiex_process_tdls_action_frame() (git-fixes).
   - net: bridge: deny dev_set_mac_address() when unregistering
     (networking-stable-19_12_16).
   - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421,
     bsc#1167423).
   - net: ethernet: ti: cpsw: fix extra rx interrupt
     (networking-stable-19_12_16).
   - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes).
   - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).
   - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).
   - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).
   - net: psample: fix skb_over_panic (networking-stable-19_12_03).
   - net: rtnetlink: prevent underflows in do_setvfinfo()
     (networking-stable-19_11_25).
   - net/sched: act_pedit: fix WARN() in the traffic path
     (networking-stable-19_11_25).
   - net: sched: fix `tc -s class show` no bstats on class with nolock
     subqueues (networking-stable-19_12_03).
   - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).
   - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
     (networking-stable-19_11_18).
   - new helper: lookup_positive_unlocked() (bsc#1159271).
   - NFC: pn533: fix bulk-message timeout (bsc#1051510).
   - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes).
   - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514).
   - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
     (networking-stable-19_12_03).
   - openvswitch: remove another BUG_ON() (networking-stable-19_12_03).
   - openvswitch: support asymmetric conntrack (networking-stable-19_12_16).
   - orinoco_usb: fix interface sanity check (git-fixes).
   - PCI: Do not disable bridge BARs when assigning bus resources
     (bsc#1051510).
   - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510).
   - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510).
   - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510).
   - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
     (bsc#1051510).
   - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
     (bsc#1051510).
   - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
     (bsc#1051510).
   - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI
     table (bsc#1051510).
   - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges
     >4GB (bnc#1151927 5.3.17).
   - powerpc: Allow flush_icache_range to work across ranges >4GB
     (bnc#1151927 5.3.17).
   - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729).
   - powerpc: Fix vDSO clock_getres() (bsc#1065729).
   - powerpc/irq: fix stack overflow verification (bsc#1065729).
   - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).
   - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2
     (bsc#1061840).
   - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).
   - powerpc/powernv: Disable native PCIe port management (bsc#1065729).
   - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).
   - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal
     delivery (bsc#1118338 ltc#173734).
   - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).
   - powerpc/xive: Discard ESB load value when interrupt is invalid
     (bsc#1085030).
   - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts
     (bsc#1085030).
   - powerpc/xmon: do not access ASDR in VMs (bsc#1065729).
   - ppp: Adjust indentation into ppp_async_input (git-fixes).
   - prevent active file list thrashing due to refault detection (VM
     Performance, bsc#1156286).
   - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510).
   - qede: Disable hardware gro when xdp prog is installed (bsc#1086314
     bsc#1086313 bsc#1086301 ).
   - r8152: add missing endpoint sanity check (bsc#1051510).
   - random: always use batched entropy for get_random_u{32,64} (bsc#1164871).
   - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
   - regulator: Fix return value of _set_load() stub (bsc#1051510).
   - regulator: rk808: Lower log level on optional GPIOs being not available
     (bsc#1051510).
   - regulator: rn5t618: fix module aliases (bsc#1051510).
   - Revert "Input: synaptics-rmi4 - do not increment rmiaddr for SMBus
     transfers" (bsc#1051510).
   - Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
     (bsc#1172221).
   - Revert "mmc: sdhci: Fix incorrect switch to HS mode" (bsc#1051510).
   - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510).
   - rtc: max8997: Fix the returned value in case of error in
     'max8997_rtc_read_alarm()' (bsc#1051510).
   - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510).
   - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510).
   - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510).
   - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot
     (bsc#1161951 ltc#183551).
   - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
   - scsi: qla2xxx: Add a shadow variable to hold disc_state history of
     fcport (bsc#1158013).
   - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs
     (bsc#1158013).
   - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).
   - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).
   - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).
   - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).
   - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).
   - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).
   - scsi: qla2xxx: Fix stuck login session using prli_pend_timer
     (bsc#1158013).
   - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).
   - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return
     type (bsc#1158013).
   - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).
   - scsi: qla2xxx: Improve readability of the code that handles
     qla_flt_header (bsc#1158013).
   - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss
     (bsc#1158013).
   - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).
   - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).
   - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these
     functions (bsc#1158013).
   - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).
   - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind
     (bsc#1051510).
   - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510).
   - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510).
   - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510).
   - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510).
   - sfc: Only cancel the PPS workqueue if it exists
     (networking-stable-19_11_25).
   - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers
     (bsc#1051510).
   - sh_eth: fix dumping ARSTR (bsc#1051510).
   - sh_eth: fix invalid context bug while calling auto-negotiation by
     ethtool (bsc#1051510).
   - sh_eth: fix invalid context bug while changing link options by ethtool
     (bsc#1051510).
   - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510).
   - sh_eth: fix TXALCR1 offsets (bsc#1051510).
   - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510).
   - smb3: Fix crash in SMB2_open_init due to uninitialized field in
     compounding path (bsc#1144333).
   - smb3: Fix persistent handles reconnect (bsc#1144333).
   - smb3: fix refcount underflow warning on unmount when no directory leases
     (bsc#1144333).
   - smb3: remove confusing dmesg when mounting with encryption ("seal")
     (bsc#1144333).
   - soc: renesas: rcar-sysc: Add goto to of_node_put() before return
     (bsc#1051510).
   - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510).
   - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510).
   - spi: tegra114: fix for unpacked mode transfers (bsc#1051510).
   - spi: tegra114: flush fifos (bsc#1051510).
   - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510).
   - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
     (bsc#1051510).
   - Staging: iio: adt7316: Fix i2c data reading, set the data field
     (bsc#1051510).
   - staging: rtl8188eu: fix interface sanity check (bsc#1051510).
   - staging: wlan-ng: ensure error return is actually returned (bsc#1051510).
   - tcp: clear tp->packets_out when purging write queue (bsc#1160560).
   - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable
     4.14.159).
   - tcp: md5: fix potential overestimation of TCP option space
     (networking-stable-19_12_16).
   - tracing: Have the histogram compare functions convert to u64 first
     (bsc#1160210).
   - tracing: xen: Ordered comparison of function pointers (git-fixes).
   - tty: n_hdlc: fix build on SPARC (bsc#1051510).
   - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510).
   - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510).
   - tty: vt: keyboard: reject invalid keycodes (bsc#1051510).
   - USB: Allow USB device to be warm reset in suspended state (bsc#1051510).
   - USB: atm: ueagle-atm: add missing endpoint check (bsc#1051510).
   - USB: chipidea: host: Disable port power only if previously enabled
     (bsc#1051510).
   - USB: core: hub: Improved device recognition on remote wakeup
     (bsc#1051510).
   - USB: core: urb: fix URB structure initialization function (bsc#1051510).
   - USB: documentation: flags on usb-storage versus UAS (bsc#1051510).
   - USB: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510).
   - USB: dwc3: do not log probe deferrals; but do log other error codes
     (bsc#1051510).
   - USB: dwc3: ep0: Clear started flag on completion (bsc#1051510).
   - USB: dwc3: turn off VBUS when leaving host mode (bsc#1051510).
   - USB: gadget: f_ecm: Use atomic_t to track in-flight request
     (bsc#1051510).
   - USB: gadget: f_ncm: Use atomic_t to track in-flight request
     (bsc#1051510).
   - USB: gadget: pch_udc: fix use after free (bsc#1051510).
   - USB: gadget: u_serial: add missing port entry locking (bsc#1051510).
   - USB: gadget: Zero ffs_io_data (bsc#1051510).
   - USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510).
   - usbip: Fix receive error in vhci-hcd when using scatter-gather
     (bsc#1051510).
   - USB: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510).
   - USB: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510).
   - USB: musb: fix idling for suspend after disconnect interrupt
     (bsc#1051510).
   - USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
   - USB: serial: io_edgeport: add missing active-port sanity check
     (bsc#1051510).
   - USB: serial: io_edgeport: handle unbound ports on URB completion
     (bsc#1051510).
   - USB: serial: io_edgeport: use irqsave() in USB's complete callback
     (bsc#1051510).
   - USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510).
   - USB: serial: ir-usb: fix IrLAP framing (bsc#1051510).
   - USB: serial: ir-usb: fix link-speed handling (bsc#1051510).
   - USB: serial: keyspan: handle unbound ports (bsc#1051510).
   - USB: serial: opticon: fix control-message timeouts (bsc#1051510).
   - USB: serial: option: Add support for Quectel RM500Q (bsc#1051510).
   - USB: serial: quatech2: handle unbound ports (bsc#1051510).
   - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
     (bsc#1051510).
   - USB: serial: suppress driver bind attributes (bsc#1051510).
   - USB: typec: tcpci: mask event interrupts when remove driver
     (bsc#1051510).
   - USB: uas: heed CAPACITY_HEURISTICS (bsc#1051510).
   - USB: uas: honor flag to avoid CAPACITY16 (bsc#1051510).
   - USB: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510).
   - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).
   - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115).
   - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115).
   - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115).
   - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115).
   - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170621).
   - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump
     (bsc#1170617).
   - x86/Hyper-V: Report crash data in die() when panic_on_oops is set
     (bsc#1170617).
   - x86/Hyper-V: Report crash register data or kmsg before running crash
     kernel (bsc#1170617).
   - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is
     not set (bsc#1170617).
   - x86/Hyper-V: report value of misc_features (git-fixes).
   - x86/Hyper-V: Trigger crash enlightenment only once during system crash
     (bsc#1170617).
   - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617).
   - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).
   - x86/mce/AMD: Allow any CPU to initialize the smca_banks array
     (bsc#1114279).
   - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks
     (bsc#1114279).
   - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure()
     (bsc#1114279).
   - x86/mce: Fix possibly incorrect severity calculation on AMD
     (bsc#1114279).
   - x86/mm: Split vmalloc_sync_all() (bsc#1165741).
   - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).
   - x86/resctrl: Fix potential memory leak (bsc#1114279).
   - x86/unwind/orc: Do not skip the first frame for inactive tasks
     (bsc#1058115).
   - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115).
   - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115).
   - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
     (bsc#1058115).
   - x86/unwind/orc: Prevent unwinding before ORC initialization
     (bsc#1058115).
   - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115).
   - x86/xen: fix booting 32-bit pv guest (bsc#1071995).
   - x86/xen: Make the boot CPU idle task reliable (bsc#1071995).
   - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995).
   - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).
   - xen-blkfront: switch kcalloc to kvcalloc for large array allocation
     (bsc#1160917).
   - xfrm: Fix transport mode skb control buffer usage (bsc#1161552).
   - xfs: also remove cached ACLs when removing the underlying attr
     (bsc#1165873).
   - xfs: bulkstat should copy lastip whenever userspace supplies one
     (bsc#1165984).
   - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087,
     bsc#1153917).
   - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510).
   - xhci: fix USB3 device initiated resume race with roothub autosuspend
     (bsc#1051510).
   - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour
     (bsc#1051510).
   - xhci: make sure interrupts are restored to correct state (bsc#1051510).
   - zd1211rw: fix storage endpoint lookup (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1663=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1663=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-1663=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1663=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1663=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2020-1663=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      kernel-default-4.12.14-150.52.1
      kernel-default-base-4.12.14-150.52.1
      kernel-default-debuginfo-4.12.14-150.52.1
      kernel-default-debugsource-4.12.14-150.52.1
      kernel-default-devel-4.12.14-150.52.1
      kernel-default-devel-debuginfo-4.12.14-150.52.1
      kernel-obs-build-4.12.14-150.52.1
      kernel-obs-build-debugsource-4.12.14-150.52.1
      kernel-syms-4.12.14-150.52.1
      kernel-vanilla-base-4.12.14-150.52.1
      kernel-vanilla-base-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debugsource-4.12.14-150.52.1
      reiserfs-kmp-default-4.12.14-150.52.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.52.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      kernel-devel-4.12.14-150.52.1
      kernel-docs-4.12.14-150.52.1
      kernel-macros-4.12.14-150.52.1
      kernel-source-4.12.14-150.52.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      kernel-default-4.12.14-150.52.1
      kernel-default-base-4.12.14-150.52.1
      kernel-default-debuginfo-4.12.14-150.52.1
      kernel-default-debugsource-4.12.14-150.52.1
      kernel-default-devel-4.12.14-150.52.1
      kernel-default-devel-debuginfo-4.12.14-150.52.1
      kernel-obs-build-4.12.14-150.52.1
      kernel-obs-build-debugsource-4.12.14-150.52.1
      kernel-syms-4.12.14-150.52.1
      kernel-vanilla-base-4.12.14-150.52.1
      kernel-vanilla-base-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debugsource-4.12.14-150.52.1
      reiserfs-kmp-default-4.12.14-150.52.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.52.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      kernel-devel-4.12.14-150.52.1
      kernel-docs-4.12.14-150.52.1
      kernel-macros-4.12.14-150.52.1
      kernel-source-4.12.14-150.52.1

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      kernel-default-man-4.12.14-150.52.1
      kernel-zfcpdump-debuginfo-4.12.14-150.52.1
      kernel-zfcpdump-debugsource-4.12.14-150.52.1

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150.52.1
      kernel-default-debugsource-4.12.14-150.52.1
      kernel-default-livepatch-4.12.14-150.52.1
      kernel-livepatch-4_12_14-150_52-default-1-1.5.1
      kernel-livepatch-4_12_14-150_52-default-debuginfo-1-1.5.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-150.52.1
      kernel-default-base-4.12.14-150.52.1
      kernel-default-debuginfo-4.12.14-150.52.1
      kernel-default-debugsource-4.12.14-150.52.1
      kernel-default-devel-4.12.14-150.52.1
      kernel-default-devel-debuginfo-4.12.14-150.52.1
      kernel-obs-build-4.12.14-150.52.1
      kernel-obs-build-debugsource-4.12.14-150.52.1
      kernel-syms-4.12.14-150.52.1
      kernel-vanilla-base-4.12.14-150.52.1
      kernel-vanilla-base-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debugsource-4.12.14-150.52.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      kernel-devel-4.12.14-150.52.1
      kernel-docs-4.12.14-150.52.1
      kernel-macros-4.12.14-150.52.1
      kernel-source-4.12.14-150.52.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-150.52.1
      kernel-default-base-4.12.14-150.52.1
      kernel-default-debuginfo-4.12.14-150.52.1
      kernel-default-debugsource-4.12.14-150.52.1
      kernel-default-devel-4.12.14-150.52.1
      kernel-default-devel-debuginfo-4.12.14-150.52.1
      kernel-obs-build-4.12.14-150.52.1
      kernel-obs-build-debugsource-4.12.14-150.52.1
      kernel-syms-4.12.14-150.52.1
      kernel-vanilla-base-4.12.14-150.52.1
      kernel-vanilla-base-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debuginfo-4.12.14-150.52.1
      kernel-vanilla-debugsource-4.12.14-150.52.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      kernel-devel-4.12.14-150.52.1
      kernel-docs-4.12.14-150.52.1
      kernel-macros-4.12.14-150.52.1
      kernel-source-4.12.14-150.52.1

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150.52.1
      cluster-md-kmp-default-debuginfo-4.12.14-150.52.1
      dlm-kmp-default-4.12.14-150.52.1
      dlm-kmp-default-debuginfo-4.12.14-150.52.1
      gfs2-kmp-default-4.12.14-150.52.1
      gfs2-kmp-default-debuginfo-4.12.14-150.52.1
      kernel-default-debuginfo-4.12.14-150.52.1
      kernel-default-debugsource-4.12.14-150.52.1
      ocfs2-kmp-default-4.12.14-150.52.1
      ocfs2-kmp-default-debuginfo-4.12.14-150.52.1


References:

   https://www.suse.com/security/cve/CVE-2018-1000199.html
   https://www.suse.com/security/cve/CVE-2019-14615.html
   https://www.suse.com/security/cve/CVE-2019-14896.html
   https://www.suse.com/security/cve/CVE-2019-14897.html
   https://www.suse.com/security/cve/CVE-2019-16994.html
   https://www.suse.com/security/cve/CVE-2019-19036.html
   https://www.suse.com/security/cve/CVE-2019-19045.html
   https://www.suse.com/security/cve/CVE-2019-19054.html
   https://www.suse.com/security/cve/CVE-2019-19318.html
   https://www.suse.com/security/cve/CVE-2019-19319.html
   https://www.suse.com/security/cve/CVE-2019-19447.html
   https://www.suse.com/security/cve/CVE-2019-19462.html
   https://www.suse.com/security/cve/CVE-2019-19768.html
   https://www.suse.com/security/cve/CVE-2019-19770.html
   https://www.suse.com/security/cve/CVE-2019-19965.html
   https://www.suse.com/security/cve/CVE-2019-19966.html
   https://www.suse.com/security/cve/CVE-2019-20054.html
   https://www.suse.com/security/cve/CVE-2019-20095.html
   https://www.suse.com/security/cve/CVE-2019-20096.html
   https://www.suse.com/security/cve/CVE-2019-20810.html
   https://www.suse.com/security/cve/CVE-2019-20812.html
   https://www.suse.com/security/cve/CVE-2019-3701.html
   https://www.suse.com/security/cve/CVE-2019-9455.html
   https://www.suse.com/security/cve/CVE-2019-9458.html
   https://www.suse.com/security/cve/CVE-2020-0543.html
   https://www.suse.com/security/cve/CVE-2020-10690.html
   https://www.suse.com/security/cve/CVE-2020-10711.html
   https://www.suse.com/security/cve/CVE-2020-10720.html
   https://www.suse.com/security/cve/CVE-2020-10732.html
   https://www.suse.com/security/cve/CVE-2020-10751.html
   https://www.suse.com/security/cve/CVE-2020-10757.html
   https://www.suse.com/security/cve/CVE-2020-10942.html
   https://www.suse.com/security/cve/CVE-2020-11494.html
   https://www.suse.com/security/cve/CVE-2020-11608.html
   https://www.suse.com/security/cve/CVE-2020-11609.html
   https://www.suse.com/security/cve/CVE-2020-11669.html
   https://www.suse.com/security/cve/CVE-2020-12114.html
   https://www.suse.com/security/cve/CVE-2020-12464.html
   https://www.suse.com/security/cve/CVE-2020-12652.html
   https://www.suse.com/security/cve/CVE-2020-12653.html
   https://www.suse.com/security/cve/CVE-2020-12654.html
   https://www.suse.com/security/cve/CVE-2020-12655.html
   https://www.suse.com/security/cve/CVE-2020-12656.html
   https://www.suse.com/security/cve/CVE-2020-12657.html
   https://www.suse.com/security/cve/CVE-2020-12769.html
   https://www.suse.com/security/cve/CVE-2020-13143.html
   https://www.suse.com/security/cve/CVE-2020-2732.html
   https://www.suse.com/security/cve/CVE-2020-7053.html
   https://www.suse.com/security/cve/CVE-2020-8428.html
   https://www.suse.com/security/cve/CVE-2020-8647.html
   https://www.suse.com/security/cve/CVE-2020-8648.html
   https://www.suse.com/security/cve/CVE-2020-8649.html
   https://www.suse.com/security/cve/CVE-2020-8834.html
   https://www.suse.com/security/cve/CVE-2020-8992.html
   https://www.suse.com/security/cve/CVE-2020-9383.html
   https://bugzilla.suse.com/1050244
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1051858
   https://bugzilla.suse.com/1058115
   https://bugzilla.suse.com/1061840
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1086301
   https://bugzilla.suse.com/1086313
   https://bugzilla.suse.com/1086314
   https://bugzilla.suse.com/1089895
   https://bugzilla.suse.com/1109911
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1118338
   https://bugzilla.suse.com/1120386
   https://bugzilla.suse.com/1134973
   https://bugzilla.suse.com/1143959
   https://bugzilla.suse.com/1144333
   https://bugzilla.suse.com/1151910
   https://bugzilla.suse.com/1151927
   https://bugzilla.suse.com/1153917
   https://bugzilla.suse.com/1154243
   https://bugzilla.suse.com/1154824
   https://bugzilla.suse.com/1156286
   https://bugzilla.suse.com/1157155
   https://bugzilla.suse.com/1157157
   https://bugzilla.suse.com/1157692
   https://bugzilla.suse.com/1158013
   https://bugzilla.suse.com/1158021
   https://bugzilla.suse.com/1158026
   https://bugzilla.suse.com/1158265
   https://bugzilla.suse.com/1158819
   https://bugzilla.suse.com/1159028
   https://bugzilla.suse.com/1159198
   https://bugzilla.suse.com/1159271
   https://bugzilla.suse.com/1159285
   https://bugzilla.suse.com/1159394
   https://bugzilla.suse.com/1159483
   https://bugzilla.suse.com/1159484
   https://bugzilla.suse.com/1159569
   https://bugzilla.suse.com/1159588
   https://bugzilla.suse.com/1159841
   https://bugzilla.suse.com/1159908
   https://bugzilla.suse.com/1159909
   https://bugzilla.suse.com/1159910
   https://bugzilla.suse.com/1159911
   https://bugzilla.suse.com/1159955
   https://bugzilla.suse.com/1160195
   https://bugzilla.suse.com/1160210
   https://bugzilla.suse.com/1160211
   https://bugzilla.suse.com/1160218
   https://bugzilla.suse.com/1160433
   https://bugzilla.suse.com/1160442
   https://bugzilla.suse.com/1160476
   https://bugzilla.suse.com/1160560
   https://bugzilla.suse.com/1160755
   https://bugzilla.suse.com/1160756
   https://bugzilla.suse.com/1160784
   https://bugzilla.suse.com/1160787
   https://bugzilla.suse.com/1160802
   https://bugzilla.suse.com/1160803
   https://bugzilla.suse.com/1160804
   https://bugzilla.suse.com/1160917
   https://bugzilla.suse.com/1160966
   https://bugzilla.suse.com/1161087
   https://bugzilla.suse.com/1161514
   https://bugzilla.suse.com/1161518
   https://bugzilla.suse.com/1161522
   https://bugzilla.suse.com/1161523
   https://bugzilla.suse.com/1161549
   https://bugzilla.suse.com/1161552
   https://bugzilla.suse.com/1161555
   https://bugzilla.suse.com/1161674
   https://bugzilla.suse.com/1161931
   https://bugzilla.suse.com/1161933
   https://bugzilla.suse.com/1161934
   https://bugzilla.suse.com/1161935
   https://bugzilla.suse.com/1161936
   https://bugzilla.suse.com/1161937
   https://bugzilla.suse.com/1161951
   https://bugzilla.suse.com/1162067
   https://bugzilla.suse.com/1162109
   https://bugzilla.suse.com/1162139
   https://bugzilla.suse.com/1162928
   https://bugzilla.suse.com/1162929
   https://bugzilla.suse.com/1162931
   https://bugzilla.suse.com/1163971
   https://bugzilla.suse.com/1164051
   https://bugzilla.suse.com/1164069
   https://bugzilla.suse.com/1164078
   https://bugzilla.suse.com/1164705
   https://bugzilla.suse.com/1164712
   https://bugzilla.suse.com/1164727
   https://bugzilla.suse.com/1164728
   https://bugzilla.suse.com/1164729
   https://bugzilla.suse.com/1164730
   https://bugzilla.suse.com/1164731
   https://bugzilla.suse.com/1164732
   https://bugzilla.suse.com/1164733
   https://bugzilla.suse.com/1164734
   https://bugzilla.suse.com/1164735
   https://bugzilla.suse.com/1164871
   https://bugzilla.suse.com/1165111
   https://bugzilla.suse.com/1165741
   https://bugzilla.suse.com/1165873
   https://bugzilla.suse.com/1165881
   https://bugzilla.suse.com/1165984
   https://bugzilla.suse.com/1165985
   https://bugzilla.suse.com/1166969
   https://bugzilla.suse.com/1167421
   https://bugzilla.suse.com/1167423
   https://bugzilla.suse.com/1167629
   https://bugzilla.suse.com/1168075
   https://bugzilla.suse.com/1168276
   https://bugzilla.suse.com/1168295
   https://bugzilla.suse.com/1168424
   https://bugzilla.suse.com/1168670
   https://bugzilla.suse.com/1168829
   https://bugzilla.suse.com/1168854
   https://bugzilla.suse.com/1169390
   https://bugzilla.suse.com/1169514
   https://bugzilla.suse.com/1169625
   https://bugzilla.suse.com/1170056
   https://bugzilla.suse.com/1170345
   https://bugzilla.suse.com/1170617
   https://bugzilla.suse.com/1170618
   https://bugzilla.suse.com/1170621
   https://bugzilla.suse.com/1170778
   https://bugzilla.suse.com/1170901
   https://bugzilla.suse.com/1171098
   https://bugzilla.suse.com/1171189
   https://bugzilla.suse.com/1171191
   https://bugzilla.suse.com/1171195
   https://bugzilla.suse.com/1171202
   https://bugzilla.suse.com/1171205
   https://bugzilla.suse.com/1171217
   https://bugzilla.suse.com/1171218
   https://bugzilla.suse.com/1171219
   https://bugzilla.suse.com/1171220
   https://bugzilla.suse.com/1171689
   https://bugzilla.suse.com/1171982
   https://bugzilla.suse.com/1171983
   https://bugzilla.suse.com/1172221
   https://bugzilla.suse.com/1172317
   https://bugzilla.suse.com/1172453
   https://bugzilla.suse.com/1172458



More information about the sle-security-updates mailing list