SUSE-SU-2020:1699-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jun 22 07:12:19 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1699-1
Rating:             important
References:         #1051510 #1065729 #1071995 #1085030 #1111666 
                    #1113956 #1114279 #1144333 #1148868 #1158983 
                    #1161016 #1162063 #1166985 #1168081 #1169194 
                    #1170592 #1171904 #1172458 #1172472 #1172537 
                    #1172538 #1172759 #1172775 #1172781 #1172782 
                    #1172783 #1172884 
Cross-References:   CVE-2019-20810 CVE-2020-10766 CVE-2020-10767
                    CVE-2020-10768 CVE-2020-13974
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 22 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-10768: The prctl() function could be used to enable indirect
     branch speculation even after it has been disabled. (bnc#1172783)
   - CVE-2020-10766: A bug in the logic handling could allow an attacker with
     a local account to disable SSBD protection. (bnc#1172781)
   - CVE-2020-10767: A IBPB would be disabled when STIBP was not available or
     when Enhanced Indirect Branch Restricted Speculation (IBRS) was
     available. This is unexpected behaviour could leave the system open to a
     spectre v2 style attack (bnc#1172782)
   - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if
     k_ascii was called several times in a row (bnc#1172775)
   - CVE-2019-20810: go7007_snd_init did not call snd_card_free for a failure
     path, which caused a memory leak (bnc#1172458)

   The following non-security bugs were fixed:

   - ACPI: PM: Avoid using power resources if there are none for D0
     (bsc#1051510).
   - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
   - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio
     (bsc#1111666).
   - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666).
   - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666).
   - ALSA: hda/realtek - Fix unused variable warning w/o
     CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666).
   - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO
     (bsc#1111666).
   - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
     (bsc#1111666).
   - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666).
   - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up
     (bsc#1111666).
   - ALSA: pcm: disallow linking stream to itself (bsc#1111666).
   - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666).
   - ALSA: usb-audio: Add duplex sound support for USB devices using implicit
     feedback (bsc#1111666).
   - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
     Dock (bsc#1111666).
   - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666).
   - ALSA: usb-audio: Fix inconsistent card PM state after resume
     (bsc#1111666).
   - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666).
   - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666).
   - ALSA: usb-audio: Use the new macro for HP Dock rename quirks
     (bsc#1111666).
   - CDC-ACM: heed quirk also in error handling (git-fixes).
   - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
   - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
     (bsc#1171904).
   - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
   - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
     (bsc#1170592).
   - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
   - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes).
   - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
     (bsc#1051510).
   - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
   - PCI: Fix pci_register_host_bridge() device_register() error handling
     (bsc#1051510).
   - PCI: Program MPS for RCiEP devices (bsc#1051510).
   - RDMA/efa: Fix setting of wrong bit in get/set_feature commands
     (bsc#1111666)
   - RDMA/efa: Support remote read access in MR registration (bsc#1111666)
   - RDMA/efa: Unified getters/setters for device structs bitmask access
     (bsc#1111666)
   - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
     s3c2410_udc_nuke (bsc#1051510).
   - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
     (bsc#1051510).
   - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
   - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510).
   - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
     (bsc#1051510).
   - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
     (git-fixes).
   - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423).
   - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
   - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
   - block: sed-opal: fix sparse warning: convert __be64 data (git fixes
     (block drivers)).
   - brcmfmac: fix wrong location to get firmware feature (bsc#1111666).
   - btrfs: do not zero f_bavail if we have available space (bsc#1168081).
   - btrfs: do not zero f_bavail if we have available space (bsc#1168081).
   - char/random: Add a newline at the end of the file (jsc#SLE-12423).
   - cifs: get rid of unused parameter in reconn_setup_dfs_targets()
     (bsc#1144333).
   - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333
     bsc#1161016).
   - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333
     bsc#1161016).
   - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
   - clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
   - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
   - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block
     drivers)).
   - compat_ioctl: block: handle Persistent Reservations (git fixes (block
     drivers)).
   - copy_{to,from}_user(): consolidate object size checks (git fixes).
   - crypto: caam - update xts sector size for large input length
     (bsc#1111666).
   - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666).
   - dm btree: increase rebalance threshold in __rebalance2() (git fixes
     (block drivers)).
   - dm cache: fix a crash due to incorrect work item cancelling (git fixes
     (block drivers)).
   - dm crypt: fix benbi IV constructor crash if used in authenticated mode
     (git fixes (block drivers)).
   - dm space map common: fix to ensure new block isn't already in use (git
     fixes (block drivers)).
   - dm verity fec: fix hash block number in verity_fec_decode (git fixes
     (block drivers)).
   - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block
     drivers)).
   - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block
     drivers)).
   - dm: various cleanups to md->queue initialization code (git fixes).
   - dmaengine: tegra210-adma: Fix an error handling path in
     'tegra_adma_probe()' (bsc#1111666).
   - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static
     (bsc#1051510).
   - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
     (bsc#1111666).
   - drm: amd/display: fix Kconfig help text (bsc#1113956)
   - efi/random: Increase size of firmware supplied randomness
     (jsc#SLE-12423).
   - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness
     (jsc#SLE-12423).
   - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423).
   - efi: Reorder pr_notice() with add_device_randomness() call
     (jsc#SLE-12423).
   - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
   - evm: Fix a small race in init_desc() (bsc#1051510).
   - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
     (bsc#1051510).
   - fdt: Update CRC check for rng-seed (jsc#SLE-12423).
   - fdt: add support for rng-seed (jsc#SLE-12423).
   - firmware: imx: scu: Fix corruption of header (git-fixes).
   - firmware: imx: scu: Fix possible memory leak in imx_scu_probe()
     (bsc#1111666).
   - fpga: dfl: afu: Corrected error handling levels (git-fixes).
   - fs/reiserfs: Reenabled reiserfs (bsc#1172884)
   - gpiolib: Document that GPIO line names are not globally unique
     (bsc#1051510).
   - gpu: ipu-v3: pre: do not trigger update if buffer address does not
     change (bsc#1111666).
   - iio: buffer: Do not allow buffers without any channels enabled to be
     activated (bsc#1051510).
   - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
   - ima: Directly assign the ima_default_policy pointer to ima_rules
     (bsc#1051510).
   - ima: Fix ima digest hash table key calculation (bsc#1051510).
   - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
     (bsc#1148868).
   - kabi: ppc64le: prevent struct dma_map_ops to become defined
     (jsc#SLE-12423).
   - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
   - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
   - livepatch: Disallow vmlinux.ko (bsc#1071995).
   - livepatch: Make klp_apply_object_relocs static (bsc#1071995).
   - livepatch: Prevent module-specific KLP rela sections from referencing
     vmlinux symbols (bsc#1071995).
   - livepatch: Remove .klp.arch (bsc#1071995).
   - mac80211: add option for setting control flags (bsc#1111666).
   - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX
     (bsc#1111666).
   - mailbox: imx: Disable the clock on devm_mbox_controller_register()
     failure (git-fixes).
   - md: Avoid namespace collision with bitmap API (git fixes (block
     drivers)).
   - md: use memalloc scope APIs in mddev_suspend()/mddev_resume()
     (bsc#1166985)).
   - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes
     (block drivers)).
   - mdraid: fix read/write bytes accounting (bsc#1172537).
   - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666).
   - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666).
   - mmc: fix compilation of user API (bsc#1051510).
   - netfilter: connlabels: prefer static lock initialiser (git-fixes).
   - netfilter: not mark a spinlock as __read_mostly (git-fixes).
   - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666).
   - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983
     bsc#1172538).
   - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed
     (bsc#1158983 bsc#1172538).
   - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983
     bsc#1172538).
   - overflow.h: Add arithmetic shift helper (git fixes).
   - overflow: Fix -Wtype-limits compilation warnings (git fixes).
   - p54usb: add AirVasT USB stick device-id (bsc#1051510).
   - pcm_native: result of put_user() needs to be checked (bsc#1111666).
   - perf, pt, coresight: Fix address filters for vmas with non-zero offset
     (git-fixes).
   - perf, pt, coresight: Fix address filters for vmas with non-zero offset
     (git-fixes).
   - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
   - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
   - perf/core: Add sanity check to deal with pinned event failure
     (git-fixes).
   - perf/core: Add sanity check to deal with pinned event failure
     (git-fixes).
   - perf/core: Avoid freeing static PMU contexts when PMU is unregistered
     (git-fixes).
   - perf/core: Avoid freeing static PMU contexts when PMU is unregistered
     (git-fixes).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
   - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
   - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
   - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent
     patch)).
   - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent
     patch)).
   - perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
   - perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
   - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
   - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
   - perf/core: Fix error handling in perf_event_alloc() (git-fixes).
   - perf/core: Fix error handling in perf_event_alloc() (git-fixes).
   - perf/core: Fix exclusive events' grouping (git-fixes).
   - perf/core: Fix exclusive events' grouping (git-fixes).
   - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
   - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
   - perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
   - perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
   - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes
     (dependent patch for 18736eef1213)).
   - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes
     (dependent patch for 18736eef1213)).
   - perf/core: Fix locking for children siblings group read (git-fixes).
   - perf/core: Fix locking for children siblings group read (git-fixes).
   - perf/core: Fix perf_event_read_value() locking (git-fixes).
   - perf/core: Fix perf_event_read_value() locking (git-fixes).
   - perf/core: Fix perf_pmu_unregister() locking (git-fixes).
   - perf/core: Fix perf_pmu_unregister() locking (git-fixes).
   - perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
   - perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
   - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
   - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
   - perf/core: Fix race between close() and fork() (git-fixes).
   - perf/core: Fix race between close() and fork() (git-fixes).
   - perf/core: Fix the address filtering fix (git-fixes).
   - perf/core: Fix the address filtering fix (git-fixes).
   - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
   - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
   - perf/core: Force USER_DS when recording user stack data (git-fixes).
   - perf/core: Force USER_DS when recording user stack data (git-fixes).
   - perf/core: Restore mmap record type correctly (git-fixes).
   - perf/core: Restore mmap record type correctly (git-fixes).
   - perf/ioctl: Add check for the sample_period value (git-fixes).
   - perf/ioctl: Add check for the sample_period value (git-fixes).
   - perf/x86/pt, coresight: Clean up address filter structure (git fixes
     (dependent patch)).
   - perf: Allocate context task_ctx_data for child event (git-fixes).
   - perf: Allocate context task_ctx_data for child event (git-fixes).
   - perf: Copy parent's address filter offsets on clone (git-fixes).
   - perf: Copy parent's address filter offsets on clone (git-fixes).
   - perf: Fix header.size for namespace events (git-fixes).
   - perf: Fix header.size for namespace events (git-fixes).
   - perf: Return proper values for user stack errors (git-fixes).
   - perf: Return proper values for user stack errors (git-fixes).
   - pid: Improve the comment about waiting in zap_pid_ns_processes (git
     fixes)).
   - pinctrl: freescale: imx: Fix an error handling path in
     'imx_pinctrl_probe()' (bsc#1051510).
   - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
     (bsc#1051510).
   - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE
     GPIOs (bsc#1051510).
   - platform/x86: dell-laptop: do not register micmute LED if there is no
     token (bsc#1111666).
   - pnp: Use list_for_each_entry() instead of open coding (git fixes).
   - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with
     select (bsc#1051510).
   - power: supply: lp8788: Fix an error handling path in
     'lp8788_charger_probe()' (bsc#1051510).
   - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
   - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
   - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
     (bsc#1065729).
   - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
   - raid5: remove gfp flags from scribble_alloc() (bsc#1166985).
   - raid5: remove gfp flags from scribble_alloc() (git fixes (block
     drivers)).
   - resolve KABI warning for perf-pt-coresight (git-fixes).
   - resolve KABI warning for perf-pt-coresight (git-fixes).
   - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
   - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM
     (bsc#1172759 ltc#184814).
   - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510).
   - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666).
   - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
   - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
   - tty: n_gsm: Fix SOF skipping (bsc#1051510).
   - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
   - tty: n_gsm: Fix waking up upper tty layer when room available
     (bsc#1051510).
   - usb: dwc2: gadget: move gadget resume after the core is in L0 state
     (bsc#1051510).
   - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null
     check (bsc#1051510).
   - usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
   - usb: musb: start session in resume for host port (bsc#1051510).
   - virtio-blk: handle block_device_operations callbacks after hot unplug
     (git fixes (block drivers)).
   - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
     (bsc#1051510).
   - watchdog: sp805: fix restart handler (bsc#1111666).
   - wil6210: add general initialization/size checks (bsc#1111666).
   - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666).
   - wil6210: ignore HALP ICR if already handled (bsc#1111666).
   - work around mvfs bug (bsc#1162063).
   - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
   - x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
   - xfrm: fix error in comment (git fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1699=1



Package List:

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-azure-4.12.14-16.19.1
      kernel-azure-base-4.12.14-16.19.1
      kernel-azure-base-debuginfo-4.12.14-16.19.1
      kernel-azure-debuginfo-4.12.14-16.19.1
      kernel-azure-debugsource-4.12.14-16.19.1
      kernel-azure-devel-4.12.14-16.19.1
      kernel-syms-azure-4.12.14-16.19.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-azure-4.12.14-16.19.1
      kernel-source-azure-4.12.14-16.19.1


References:

   https://www.suse.com/security/cve/CVE-2019-20810.html
   https://www.suse.com/security/cve/CVE-2020-10766.html
   https://www.suse.com/security/cve/CVE-2020-10767.html
   https://www.suse.com/security/cve/CVE-2020-10768.html
   https://www.suse.com/security/cve/CVE-2020-13974.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1111666
   https://bugzilla.suse.com/1113956
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1144333
   https://bugzilla.suse.com/1148868
   https://bugzilla.suse.com/1158983
   https://bugzilla.suse.com/1161016
   https://bugzilla.suse.com/1162063
   https://bugzilla.suse.com/1166985
   https://bugzilla.suse.com/1168081
   https://bugzilla.suse.com/1169194
   https://bugzilla.suse.com/1170592
   https://bugzilla.suse.com/1171904
   https://bugzilla.suse.com/1172458
   https://bugzilla.suse.com/1172472
   https://bugzilla.suse.com/1172537
   https://bugzilla.suse.com/1172538
   https://bugzilla.suse.com/1172759
   https://bugzilla.suse.com/1172775
   https://bugzilla.suse.com/1172781
   https://bugzilla.suse.com/1172782
   https://bugzilla.suse.com/1172783
   https://bugzilla.suse.com/1172884



More information about the sle-security-updates mailing list