SUSE-SU-2020:0605-1: moderate: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Mar 6 07:13:38 MST 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0605-1
Rating:             moderate
References:         #1050244 #1051510 #1051858 #1065600 #1065729 
                    #1071995 #1083647 #1085030 #1086301 #1086313 
                    #1086314 #1104745 #1109837 #1111666 #1112178 
                    #1112374 #1113956 #1114279 #1114685 #1123328 
                    #1144333 #1151927 #1153917 #1154601 #1157155 
                    #1157157 #1157692 #1158013 #1158026 #1158071 
                    #1159028 #1159096 #1159377 #1159394 #1159588 
                    #1159911 #1160147 #1160195 #1160210 #1160211 
                    #1160433 #1160442 #1160469 #1160470 #1160476 
                    #1160560 #1160618 #1160678 #1160755 #1160756 
                    #1160784 #1160787 #1160802 #1160803 #1160804 
                    #1160917 #1160966 #1161087 #1161243 #1161472 
                    #1161514 #1161518 #1161522 #1161523 #1161549 
                    #1161674 #1161875 #1162028 
Cross-References:   CVE-2019-14615 CVE-2019-14896 CVE-2019-14897
                    CVE-2019-16994 CVE-2019-19036 CVE-2019-19045
                    CVE-2019-19054 CVE-2019-19318 CVE-2019-19927
                    CVE-2019-19965 CVE-2020-7053
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 57 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 real-time kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2019-14615: An information disclosure vulnerability existed due to
     insufficient control flow in certain data structures for some Intel(R)
     Processors (bnc#1160195).
   - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function
     of the Marvell Wifi Driver (bsc#1157157).
   - CVE-2019-14897: A stack overflow was found in the
     lbs_ibss_join_existing() function of the Marvell Wifi Driver
     (bsc#1157155).
   - CVE-2019-16994: A memory leak existed in sit_init_net() in
     net/ipv6/sit.c which might have caused denial of service, aka
     CID-07f12b26e21a (bnc#1161523).
   - CVE-2019-19036: An issue discovered in btrfs_root_node in
     fs/btrfs/ctree.c allowed a NULL pointer dereference because
     rcu_dereference(root->node) can be zero (bnc#1157692).
   - CVE-2019-19045: A memory leak in
     drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to
     cause a denial of service (memory consumption) by triggering
     mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).
   - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in
     drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a
     denial of service (memory consumption) by triggering kfifo_alloc()
     failures, aka CID-a7b2df76b42b (bnc#1161518).
   - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a
     use-after-free (bnc#1158026).
   - CVE-2019-19927: A slab-out-of-bounds read access could have been caused
     when mounting a crafted f2fs filesystem image and performing some
     operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147).
   - CVE-2019-19965: There was a NULL pointer dereference in
     drivers/scsi/libsas/sas_discover.c because of mishandling of port
     disconnection during discovery, related to a PHY down race condition,
     aka CID-f70267f379b5 (bnc#1159911).
   - CVE-2020-7053: There was a use-after-free (write) in the
     i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka
     CID-7dc40713618c (bnc#1160966).


   The following non-security bugs were fixed:

   - ALSA: hda - Apply sync-write workaround to old Intel platforms, too
     (bsc#1111666).
   - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
     (bsc#1111666).
   - ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666).
   - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th
     gen (bsc#1111666).
   - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
     (bsc#1111666).
   - ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666).
   - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
   - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
     (bsc#1111666).
   - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
   - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
   - ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI
     (bsc#1111666).
   - Fix partial checked out tree build ... so that bisection does not break.
   - Fix the locking in dcache_readdir() and friends (bsc#1123328).
   - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
   - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
   - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
   - IB/hfi1: Do not cancel unused work item (bsc#1114685 ).
   - NFC: pn533: fix bulk-message timeout (bsc#1051510).
   - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
   - Temporary workaround for bsc#1159096 should no longer be needed.
   - USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
   - USB: serial: io_edgeport: add missing active-port sanity check
     (bsc#1051510).
   - USB: serial: keyspan: handle unbound ports (bsc#1051510).
   - USB: serial: opticon: fix control-message timeouts (bsc#1051510).
   - USB: serial: quatech2: handle unbound ports (bsc#1051510).
   - USB: serial: suppress driver bind attributes (bsc#1051510).
   - blk-mq: avoid sysfs buffer overflow with too many CPU cores
     (bsc#1159377).
   - blk-mq: make sure that line break can be printed (bsc#1159377).
   - bnxt: apply computed clamp value for coalece parameter (bsc#1104745).
   - bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ).
   - bnxt_en: Return error if FW returns more data than dump length
     (bsc#1104745).
   - bpf/sockmap: Read psock ingress_msg before sk_receive_queue
     (bsc#1083647).
   - bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647).
   - bpf: Reject indirect var_off stack access in raw mode (bsc#1160618).
   - bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618).
   - bpf: Sanity check max value for var_off stack access (bco#1160618).
   - bpf: Support variable offset stack access from helpers (bco#1160618).
   - bpf: add self-check logic to liveness analysis (bsc#1160618).
   - bpf: add verifier stats and log_level bit 2 (bsc#1160618).
   - bpf: improve stacksafe state comparison (bco#1160618).
   - bpf: improve verification speed by droping states (bsc#1160618).
   - bpf: improve verification speed by not remarking live_read (bsc#1160618).
   - bpf: improve verifier branch analysis (bsc#1160618).
   - bpf: increase complexity limit and maximum program size (bsc#1160618).
   - bpf: increase verifier log limit (bsc#1160618).
   - bpf: speed up stacksafe check (bco#1160618).
   - bpf: verifier: teach the verifier to reason about the BPF_JSET
     instruction (bco#1160618).
   - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
     (dependency for bsc#1157692).
   - btrfs: fix block group remaining RO forever after error during device
     replace (bsc#1160442).
   - btrfs: fix infinite loop during nocow writeback due to race
     (bsc#1160804).
   - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
   - btrfs: fix negative subv_writers counter and data space leak after
     buffered write (bsc#1160802).
   - btrfs: fix removal logic of the tree mod log that leads to
     use-after-free issues (bsc#1160803).
   - btrfs: fix selftests failure due to uninitialized i_mode in test inodes
     (Fix for dependency of bsc#1157692).
   - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
     (dependency for bsc#1157692).
   - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
   - btrfs: tree-checker: Check chunk item at tree block read time
     (dependency for bsc#1157692).
   - btrfs: tree-checker: Check level for leaves and nodes (dependency for
     bsc#1157692).
   - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
     (dependency for bsc#1157692).
   - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency
     of bsc#1157692).
   - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN
     instead of EIO (dependency for bsc#1157692).
   - btrfs: tree-checker: Make chunk item checker messages more readable
     (dependency for bsc#1157692).
   - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
   - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_block_group_item
     (dependency for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_extent_data_item
     (dependency for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for
     bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency
     for bsc#1157692).
   - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for
     bsc#1157692).
   - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
     (bsc#1051510).
   - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from
     polling to irq mode (bsc#1051510).
   - cfg80211/mac80211: make ieee80211_send_layer2_update a public function
     (bsc#1051510).
   - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
   - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
   - cifs: Close cached root handle only if it had a lease (bsc#1144333).
   - cifs: Close open handle after interrupted close (bsc#1144333).
   - cifs: Do not miss cancelled OPEN responses (bsc#1144333).
   - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333).
   - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks
     (bsc#1144333).
   - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333).
   - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd()
     (bsc#1144333).
   - cifs: Fix mount options set in automount (bsc#1144333).
   - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
   - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
   - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
   - cifs: Properly process SMB3 lease breaks (bsc#1144333).
   - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
   - cifs: add support for flock (bsc#1144333).
   - cifs: close the shared root handle on tree disconnect (bsc#1144333).
   - cifs: remove set but not used variables 'cinode' and 'netfid'
     (bsc#1144333).
   - clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes).
   - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
   - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
   - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
     (bsc#1051510).
   - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
   - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
   - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
   - drm/i810: Prevent underflow in ioctl (bsc#1114279)
   - drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178)
   - drm/i915/gvt: set guest display buffer as readonly (bsc#1112178)
   - drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178)
   - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510).
   - drm/i915: Fix pid leak with banned clients (bsc#1114279)
   - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
   - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
   - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)
   - drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956)
   - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).
   - exit: panic before exit_mm() on global init exit (bsc#1161549).
   - extcon: max8997: Fix lack of path setting in USB device mode
     (bsc#1051510).
   - fjes: fix missed check in fjes_acpi_add (bsc#1051510).
   - fs: cifs: Fix atime update check vs mtime (bsc#1144333).
   - ftrace: Avoid potential division by zero in function profiler
     (bsc#1160784).
   - gpio: Fix error message on out-of-range GPIO in lookup table
     (bsc#1051510).
   - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).
   - iio: buffer: align the size of scan bytes to size of the largest element
     (bsc#1051510).
   - inet: protect against too small mtu values (networking-stable-19_12_16).
   - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11178).
   - iommu/iova: Init the struct iova to fix the possible memleak
     (bsc#1160469).
   - iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470).
   - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).
   - iommu: Remove device link to group on failure (bsc#1160755).
   - iwlwifi: change monitor DMA to be coherent (bsc#1161243).
   - kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678).
   - kABI: Protest new fields in BPF structs (bsc#1160618).
   - kABI: protect struct sctp_ep_common (kabi).
   - kernel/trace: Fix do not unregister tracepoints when register
     sched_migrate_task fail (bsc#1160787).
   - kvm: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD
     (bsc#1160476).
   - leds: Allow to call led_classdev_unregister() unconditionally
     (bsc#1161674).
   - leds: class: ensure workqueue is initialized before setting brightness
     (bsc#1161674).
   - livepatch: Simplify stack trace retrieval (jsc#SLE-11178).
   - mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374).
   - mm, debug_pagealloc: do not rely on static keys too early (VM debuging
     functionality, bsc#1159096).
   - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
     (bsc#1159394).
   - mmc: sdhci: Add a quirk for broken command queuing (git-fixes).
   - mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes).
   - net, sysctl: Fix compiler warning when only cBPF is present
     (bsc#1109837).
   - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).
   - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).
   - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).
   - net/sched: act_pedit: fix WARN() in the traffic path
     (networking-stable-19_11_25).
   - net: bridge: deny dev_set_mac_address() when unregistering
     (networking-stable-19_12_16).
   - net: ethernet: ti: cpsw: fix extra rx interrupt
     (networking-stable-19_12_16).
   - net: psample: fix skb_over_panic (networking-stable-19_12_03).
   - net: rtnetlink: prevent underflows in do_setvfinfo()
     (networking-stable-19_11_25).
   - net: sched: fix `tc -s class show` no bstats on class with nolock
     subqueues (networking-stable-19_12_03).
   - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).
   - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
     (networking-stable-19_11_18).
   - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
     (networking-stable-19_12_03).
   - openvswitch: remove another BUG_ON() (networking-stable-19_12_03).
   - openvswitch: support asymmetric conntrack (networking-stable-19_12_16).
   - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
     (bsc#1051510).
   - powerpc/irq: fix stack overflow verification (bsc#1065729).
   - powerpc/livepatch: return -ERRNO values in
     save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875).
   - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).
   - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).
   - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028
     ltc#181740).
   - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()
     (git-fixes).
   - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).
   - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).
   - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts
     (bsc#1085030).
   - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges
     >4GB (bnc#1151927 5.3.17).
   - powerpc: Allow flush_icache_range to work across ranges >4GB
     (bnc#1151927 5.3.17).
   - qede: Disable hardware gro when xdp prog is installed (bsc#1086314
     bsc#1086313 bsc#1086301 ).
   - r8152: add missing endpoint sanity check (bsc#1051510).
   - s390/ftrace: save traced function caller (jsc#SLE-11178).
   - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11178).
   - s390/head64: correct init_task stack setup (jsc#SLE-11178).
   - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11178).
   - s390/kasan: avoid report in get_wchan (jsc#SLE-11178).
   - s390/livepatch: Implement reliable stack tracing for the consistency
     model (jsc#SLE-11178).
   - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11178).
   - s390/stacktrace: use common arch_stack_walk infrastructure
     (jsc#SLE-11178).
   - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11178).
   - s390/test_unwind: print verbose unwinding results (jsc#SLE-11178).
   - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11178).
   - s390/unwind: always inline get_stack_pointer (jsc#SLE-11178).
   - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11178).
   - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11178).
   - s390/unwind: correct stack switching during unwind (jsc#SLE-11178).
   - s390/unwind: drop unnecessary code around calling
     ftrace_graph_ret_addr() (jsc#SLE-11178).
   - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11178).
   - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11178).
   - s390/unwind: fix mixing regs and sp (jsc#SLE-11178).
   - s390/unwind: introduce stack unwind API (jsc#SLE-11178).
   - s390/unwind: make reuse_sp default when unwinding pt_regs
     (jsc#SLE-11178).
   - s390/unwind: remove stack recursion warning (jsc#SLE-11178).
   - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11178).
   - s390/unwind: start unwinding from reliable state (jsc#SLE-11178).
   - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11178).
   - s390/unwind: stop gracefully at user mode pt_regs in irq stack
     (jsc#SLE-11178).
   - s390/unwind: unify task is current checks (jsc#SLE-11178).
   - s390: add stack switch helper (jsc#SLE-11178).
   - s390: add support for virtually mapped kernel stacks (jsc#SLE-11178).
   - s390: always inline current_stack_pointer() (jsc#SLE-11178).
   - s390: always inline disabled_wait (jsc#SLE-11178).
   - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11178).
   - s390: clean up stacks setup (jsc#SLE-11178).
   - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11178).
   - s390: disable preemption when switching to nodat stack with
     CALL_ON_STACK (jsc#SLE-11178).
   - s390: fine-tune stack switch helper (jsc#SLE-11178).
   - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11178).
   - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11178).
   - s390: kabi workaround for lowcore changes due to vmap stack
     (jsc#SLE-11178).
   - s390: kabi workaround for reliable stack tracing (jsc#SLE-11178).
   - s390: preserve kabi for stack unwind API (jsc#SLE-11178).
   - s390: unify stack size definitions (jsc#SLE-11178).
   - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601).
   - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs
     (bsc#1158013).
   - scsi: qla2xxx: Add a shadow variable to hold disc_state history of
     fcport (bsc#1158013).
   - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).
   - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).
   - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).
   - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).
   - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).
   - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).
   - scsi: qla2xxx: Fix stuck login session using prli_pend_timer
     (bsc#1158013).
   - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).
   - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return
     type (bsc#1158013).
   - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).
   - scsi: qla2xxx: Improve readability of the code that handles
     qla_flt_header (bsc#1158013).
   - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss
     (bsc#1158013).
   - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).
   - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).
   - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these
     functions (bsc#1158013).
   - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).
   - sfc: Only cancel the PPS workqueue if it exists
     (networking-stable-19_11_25).
   - sfc: Remove 'PCIE error reporting unavailable' (bsc#1161472).
   - smb3: Fix crash in SMB2_open_init due to uninitialized field in
     compounding path (bsc#1144333).
   - smb3: Fix persistent handles reconnect (bsc#1144333).
   - smb3: fix refcount underflow warning on unmount when no directory leases
     (bsc#1144333).
   - smb3: remove confusing dmesg when mounting with encryption ("seal")
     (bsc#1144333).
   - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11178).
   - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11178).
   - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11178).
   - stacktrace: Provide common infrastructure (jsc#SLE-11178).
   - stacktrace: Provide helpers for common stack trace operations
     (jsc#SLE-11178).
   - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11178).
   - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11178).
   - tcp: clear tp->packets_out when purging write queue (bsc#1160560).
   - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable
     4.14.159).
   - tcp: md5: fix potential overestimation of TCP option space
     (networking-stable-19_12_16).
   - tracing: Cleanup stack trace code (jsc#SLE-11178).
   - tracing: Have the histogram compare functions convert to u64 first
     (bsc#1160210).
   - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).
   - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks
     (bsc#1114279).
   - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure()
     (bsc#1114279).
   - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).
   - x86/mce/AMD: Allow any CPU to initialize the smca_banks array
     (bsc#1114279).
   - x86/mce: Fix possibly incorrect severity calculation on AMD
     (bsc#1114279).
   - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).
   - x86/resctrl: Fix potential memory leak (bsc#1114279).
   - xen-blkfront: switch kcalloc to kvcalloc for large array allocation
     (bsc#1160917).
   - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).
   - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087,
     bsc#1153917).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2020-605=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):

      kernel-devel-rt-4.12.14-6.3.1
      kernel-source-rt-4.12.14-6.3.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):

      cluster-md-kmp-rt-4.12.14-6.3.1
      dlm-kmp-rt-4.12.14-6.3.1
      gfs2-kmp-rt-4.12.14-6.3.1
      kernel-rt-4.12.14-6.3.1
      kernel-rt-base-4.12.14-6.3.1
      kernel-rt-devel-4.12.14-6.3.1
      kernel-rt_debug-4.12.14-6.3.1
      kernel-rt_debug-devel-4.12.14-6.3.1
      kernel-syms-rt-4.12.14-6.3.1
      ocfs2-kmp-rt-4.12.14-6.3.1


References:

   https://www.suse.com/security/cve/CVE-2019-14615.html
   https://www.suse.com/security/cve/CVE-2019-14896.html
   https://www.suse.com/security/cve/CVE-2019-14897.html
   https://www.suse.com/security/cve/CVE-2019-16994.html
   https://www.suse.com/security/cve/CVE-2019-19036.html
   https://www.suse.com/security/cve/CVE-2019-19045.html
   https://www.suse.com/security/cve/CVE-2019-19054.html
   https://www.suse.com/security/cve/CVE-2019-19318.html
   https://www.suse.com/security/cve/CVE-2019-19927.html
   https://www.suse.com/security/cve/CVE-2019-19965.html
   https://www.suse.com/security/cve/CVE-2020-7053.html
   https://bugzilla.suse.com/1050244
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1051858
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1083647
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1086301
   https://bugzilla.suse.com/1086313
   https://bugzilla.suse.com/1086314
   https://bugzilla.suse.com/1104745
   https://bugzilla.suse.com/1109837
   https://bugzilla.suse.com/1111666
   https://bugzilla.suse.com/1112178
   https://bugzilla.suse.com/1112374
   https://bugzilla.suse.com/1113956
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1114685
   https://bugzilla.suse.com/1123328
   https://bugzilla.suse.com/1144333
   https://bugzilla.suse.com/1151927
   https://bugzilla.suse.com/1153917
   https://bugzilla.suse.com/1154601
   https://bugzilla.suse.com/1157155
   https://bugzilla.suse.com/1157157
   https://bugzilla.suse.com/1157692
   https://bugzilla.suse.com/1158013
   https://bugzilla.suse.com/1158026
   https://bugzilla.suse.com/1158071
   https://bugzilla.suse.com/1159028
   https://bugzilla.suse.com/1159096
   https://bugzilla.suse.com/1159377
   https://bugzilla.suse.com/1159394
   https://bugzilla.suse.com/1159588
   https://bugzilla.suse.com/1159911
   https://bugzilla.suse.com/1160147
   https://bugzilla.suse.com/1160195
   https://bugzilla.suse.com/1160210
   https://bugzilla.suse.com/1160211
   https://bugzilla.suse.com/1160433
   https://bugzilla.suse.com/1160442
   https://bugzilla.suse.com/1160469
   https://bugzilla.suse.com/1160470
   https://bugzilla.suse.com/1160476
   https://bugzilla.suse.com/1160560
   https://bugzilla.suse.com/1160618
   https://bugzilla.suse.com/1160678
   https://bugzilla.suse.com/1160755
   https://bugzilla.suse.com/1160756
   https://bugzilla.suse.com/1160784
   https://bugzilla.suse.com/1160787
   https://bugzilla.suse.com/1160802
   https://bugzilla.suse.com/1160803
   https://bugzilla.suse.com/1160804
   https://bugzilla.suse.com/1160917
   https://bugzilla.suse.com/1160966
   https://bugzilla.suse.com/1161087
   https://bugzilla.suse.com/1161243
   https://bugzilla.suse.com/1161472
   https://bugzilla.suse.com/1161514
   https://bugzilla.suse.com/1161518
   https://bugzilla.suse.com/1161522
   https://bugzilla.suse.com/1161523
   https://bugzilla.suse.com/1161549
   https://bugzilla.suse.com/1161674
   https://bugzilla.suse.com/1161875
   https://bugzilla.suse.com/1162028



More information about the sle-security-updates mailing list