SUSE-SU-2020:0836-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Mar 31 16:16:40 MDT 2020

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2020:0836-1
Rating:             important
References:         #1044231 #1051510 #1051858 #1056686 #1060463 
                    #1065729 #1103990 #1103992 #1104353 #1104745 
                    #1109837 #1111666 #1111974 #1112178 #1112374 
                    #1113956 #1114279 #1114685 #1119680 #1127611 
                    #1133021 #1134090 #1136157 #1141895 #1144333 
                    #1146539 #1156510 #1157424 #1158187 #1159285 
                    #1160659 #1161561 #1161951 #1162928 #1162929 
                    #1162931 #1164078 #1164507 #1165111 #1165404 
                    #1165488 #1165527 #1165741 #1165813 #1165873 
                    #1165929 #1165950 #1165980 #1165984 #1165985 
                    #1166003 #1166101 #1166102 #1166103 #1166104 
                    #1166632 #1166658 #1166730 #1166731 #1166732 
                    #1166733 #1166734 #1166735 
Cross-References:   CVE-2019-19768 CVE-2020-8647 CVE-2020-8648
                    CVE-2020-8649 CVE-2020-9383
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP1
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                    SUSE Linux Enterprise Module for Legacy Software 15-SP1
                    SUSE Linux Enterprise Module for Development Tools 15-SP1
                    SUSE Linux Enterprise Module for Basesystem 15-SP1
                    SUSE Linux Enterprise High Availability 15-SP1

   An update that solves 5 vulnerabilities and has 58 fixes is
   now available.


   The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-8647: Fixed a use-after-free in the vc_do_resize function in
     drivers/tty/vt/vt.c (bsc#1162929).
   - CVE-2020-8649: Fixed a use-after-free in the vgacon_invert_region
     function in drivers/video/console/vgacon.c (bsc#1162931).
   - CVE-2020-8648: Fixed a use-after-free in the n_tty_receive_buf_common
     function in drivers/tty/n_tty.c (bsc#1162928).
   - CVE-2020-9383: Fixed an out-of-bounds read due to improper error
     condition check of FDC index (bsc#1165111).
   - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function
     in kernel/trace/blktrace.c (bnc#1159285).

   The following non-security bugs were fixed:

   - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1
   - ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
   - ALSA: hda/realtek - Add more codec supported Headset Button
   - ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
   - ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
   - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294
   - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1
   - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
   - ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
   - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000
   - ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
   - ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82
   - ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65
     headset (bsc#1111666).
   - ALSA: usb-audio: fix Corsair Virtuoso mixer label collision
   - ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666).
   - ALSA: usb-audio: unlock on error in probe (bsc#1111666).
   - ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666).
   - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
   - amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956)
   - ASoC: dapm: Correct DAPM handling of active widgets during shutdown
   - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
   - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
   - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).
   - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).
   - atm: zatm: Fix empty body Clang warnings (bsc#1051510).
   - b43legacy: Fix -Wcast-function-type (bsc#1051510).
   - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
   - blktrace: fix dereference after null check (bsc#1159285).
   - blktrace: fix trace mutex deadlock (bsc#1159285).
   - bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ).
   - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05).
   - bnxt_en: Improve device shutdown method (bsc#1104745 ).
   - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs
     (bsc#1134090 jsc#SLE-5954).
   - bonding/alb: properly access headers in bond_alb_xmit()
   - bpf, offload: Replace bitwise AND by logical AND in
     bpf_prog_offload_info_fill (bsc#1109837).
   - CIFS: add a debug macro that prints \\server\share for errors
   - CIFS: add missing mount option to /proc/mounts (bsc#1144333).
   - CIFS: add new debugging macro cifs_server_dbg (bsc#1144333).
   - CIFS: add passthrough for smb2 setinfo (bsc#1144333).
   - CIFS: add SMB2_open() arg to return POSIX data (bsc#1144333).
   - CIFS: add smb2 POSIX info level (bsc#1144333).
   - CIFS: add SMB3 change notification support (bsc#1144333).
   - CIFS: add support for fallocate mode 0 for non-sparse files
   - CIFS: Add support for setting owner info, dos attributes, and create
     time (bsc#1144333).
   - CIFS: Add tracepoints for errors on flush or fsync (bsc#1144333).
   - CIFS: Adjust indentation in smb2_open_file (bsc#1144333).
   - CIFS: allow chmod to set mode bits using special sid (bsc#1144333).
   - CIFS: Avoid doing network I/O while holding cache lock (bsc#1144333).
   - CIFS: call wake_up(server->response_q) inside of cifs_reconnect()
   - CIFS: Clean up DFS referral cache (bsc#1144333).
   - CIFS: create a helper function to parse the query-directory response
     buffer (bsc#1144333).
   - CIFS: do d_move in rename (bsc#1144333).
   - CIFS: Do not display RDMA transport on reconnect (bsc#1144333).
   - CIFS: do not ignore the SYNC flags in getattr (bsc#1144333).
   - CIFS: do not leak -EAGAIN for stat() during reconnect (bsc#1144333).
   - CIFS: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333).
   - CIFS: enable change notification for SMB2.1 dialect (bsc#1144333).
   - CIFS: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333).
   - CIFS: fix a comment for the timeouts when sending echos (bsc#1144333).
   - CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1144333).
   - CIFS: fix dereference on ses before it is null checked (bsc#1144333).
   - CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd()
   - CIFS: fix mode bits from dir listing when mounted with modefromsid
   - CIFS: Fix mode output in debugging statements (bsc#1144333).
   - CIFS: Fix mount options set in automount (bsc#1144333).
   - CIFS: fix NULL dereference in match_prepath (bsc#1144333).
   - CIFS: Fix potential deadlock when updating vol in cifs_reconnect()
   - CIFS: fix potential mismatch of UNC paths (bsc#1144333).
   - CIFS: fix rename() by ensuring source handle opened with DELETE bit
   - CIFS: Fix return value in __update_cache_entry (bsc#1144333).
   - CIFS: fix soft mounts hanging in the reconnect code (bsc#1144333).
   - CIFS: fix soft mounts hanging in the reconnect code (bsc#1144333).
   - CIFS: Fix task struct use-after-free on reconnect (bsc#1144333).
   - CIFS: fix unitialized variable poential problem with network I/O cache
     lock patch (bsc#1144333).
   - CIFS: get mode bits from special sid on stat (bsc#1144333).
   - CIFS: Get rid of kstrdup_const()'d paths (bsc#1144333).
   - CIFS: handle prefix paths in reconnect (bsc#1144333).
   - CIFS: Introduce helpers for finding TCP connection (bsc#1144333).
   - CIFS: log warning message (once) if out of disk space (bsc#1144333).
   - CIFS: make sure we do not overflow the max EA buffer size (bsc#1144333).
   - CIFS: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333).
   - CIFS: Merge is_path_valid() into get_normalized_path() (bsc#1144333).
   - CIFS: modefromsid: make room for 4 ACE (bsc#1144333).
   - CIFS: modefromsid: write mode ACE first (bsc#1144333).
   - CIFS: Optimize readdir on reparse points (bsc#1144333).
   - CIFS: plumb smb2 POSIX dir enumeration (bsc#1144333).
   - CIFS: potential unintitliazed error code in cifs_getattr() (bsc#1144333).
   - CIFS: prepare SMB2_query_directory to be used with compounding
   - CIFS: print warning once if mounting with vers=1.0 (bsc#1144333).
   - CIFS: refactor cifs_get_inode_info() (bsc#1144333).
   - CIFS: remove redundant assignment to pointer pneg_ctxt (bsc#1144333).
   - CIFS: remove redundant assignment to variable rc (bsc#1144333).
   - CIFS: remove set but not used variables (bsc#1144333).
   - CIFS: remove set but not used variable 'server' (bsc#1144333).
   - CIFS: remove unused variable (bsc#1144333).
   - CIFS: remove unused variable 'sid_user' (bsc#1144333).
   - CIFS: rename a variable in SendReceive() (bsc#1144333).
   - CIFS: rename posix create rsp (bsc#1144333).
   - CIFS: replace various strncpy with strscpy and similar (bsc#1144333).
   - CIFS: Return directly after a failed build_path_from_dentry() in
     cifs_do_create() (bsc#1144333).
   - CIFS: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333).
   - CIFS: smbd: Add messages on RDMA session destroy and reconnection
   - CIFS: smbd: Invalidate and deregister memory registration on re-send for
     direct I/O (bsc#1144333).
   - CIFS: smbd: Only queue work for error recovery on memory registration
   - CIFS: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333).
   - CIFS: smbd: Return -ECONNABORTED when trasnport is not in connected
     state (bsc#1144333).
   - CIFS: smbd: Return -EINVAL when the number of iovs exceeds
     SMBDIRECT_MAX_SGE (bsc#1144333).
   - CIFS: Use common error handling code in smb2_ioctl_query_info()
   - CIFS: use compounding for open and first query-dir for readdir()
   - CIFS: Use #define in cifs_dbg (bsc#1144333).
   - CIFS: Use memdup_user() rather than duplicating its implementation
   - CIFS: use mod_delayed_work() for server->reconnect if already queued
   - CIFS: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333).
   - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05).
   - core: Do not skip generic XDP program execution for cloned SKBs
   - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729).
   - cpufreq: powernv: Fix use-after-free (bsc#1065729).
   - crypto: pcrypt - Fix user-after-free on module unload (git-fixes).
   - devlink: report 0 after hitting end in region read (bsc#1109837).
   - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
   - driver core: platform: fix u32 greater or equal to zero comparison
   - driver core: platform: Prevent resouce overflow from causing infinite
     loops (bsc#1051510).
   - driver core: Print device when resources present in really_probe()
   - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET
   - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET
   - drm/amd/dm/mst: Ignore payload update failures (bsc#1112178)
   - drm/amdkfd: fix a use after free race with mmu_notifer unregister
   - drm: atmel-hlcdc: enable clock before configuring timing engine
   - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279)
   - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510).
   - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes).
   - drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits
   - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279)
   - drm/i915: Program MBUS with rmw during initialization (git-fixes).
   - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279)
   - drm/i915/userptr: fix size calculation (bsc#1114279)
   - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)
   - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279)
   - drm/mediatek: Add gamma property according to hardware capability
   - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279)
   - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510).
   - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279)
   - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
   - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
   - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from
     fw (bsc#1051510).
   - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets
   - drm: rcar-du: Recognize "renesas,vsps" in addition to "vsps"
   - drm: remove the newline for CRC source name (bsc#1051510).
   - EDAC/mc: Fix use-after-free and memleaks during device removal
   - Enabled the following two patches in series.conf, and refresh the KABI
     patch due to previous md commit (bsc#1119680)
   - ethtool: Factored out similar ethtool link settings for virtual devices
     to core (bsc#1136157 ltc#177197).
   - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003).
   - firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes).
   - firmware: imx: scu: Ensure sequential TX (git-fixes).
   - firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes).
   - Fixed memory leak in large read decrypt offload (bsc#1144333).
   - Fixed some regressions (bsc#1165527 ltc#184149).
   - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333).
   - fs: cifs: cifsssmb: remove redundant assignment to variable ret
   - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333).
   - fs: cifs: mute -Wunused-const-variable message (bsc#1144333).
   - fs/cifs/sess.c: Remove set but not used variable 'capabilities'
   - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333).
   - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333).
   - fs/xfs: fix f_ffree value for statfs when project quota is set
   - gtp: make sure only SOCK_DGRAM UDP sockets are accepted
   - gtp: use __GFP_NOWARN to avoid memalloc warning
   - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510).
   - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes).
   - hv_netvsc: Fix memory leak when removing rndis device
   - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510).
   - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ).
   - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
   - ibmvnic: Do not process device remove during device reset (bsc#1065729).
   - ibmvnic: Warn unknown speed message only when carrier is present
   - Input: edt-ft5x06 - work around first register access error
   - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510).
   - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
   - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510).
   - iommu/amd: Check feature support bit before accessing MSI capability
     registers (bsc#1166101).
   - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102).
   - iommu/amd: Remap the IOMMU device table with the memory encryption mask
     for kdump (bsc#1141895).
   - iommu/dma: Fix MSI reservation allocation (bsc#1166730).
   - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
   - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
   - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103).
   - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733).
   - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734).
   - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn
     + add_taint (bsc#1166735).
   - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes).
   - ipv6: restrict IPV6_ADDRFORM operation (bsc#1109837).
   - iwlegacy: Fix -Wcast-function-type (bsc#1051510).
   - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
   - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510).
   - kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled
   - kernel/module.c: Only return -EEXIST for modules that have finished
     loading (bsc#1165488).
   - kernel/module.c: wakeup processes in module_wq on module unload
   - kexec: Allocate decrypted control pages for kdump if SME is enabled
   - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021).
   - KVM: s390: do not clobber registers during guest reset/store status
   - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021).
   - KVM: VMX: check descriptor table exits on instruction emulation
   - l2tp: Allow duplicate session creation with UDP
   - libnvdimm/pfn_dev: Do not clear device memmap area during generic
     namespace probe (bsc#1165929 bsc#1165950).
   - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
   - libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929).
   - lib/raid6: add missing include for raid6test (bsc#1166003).
   - lib/raid6: add option to skip algo benchmarking (bsc#1166003).
   - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003).
   - md: add __acquires/__releases annotations to handle_active_stripes
   - md: add __acquires/__releases annotations to (un)lock_two_stripes
   - md: add a missing endianness conversion in check_sb_changes
   - md: add bitmap_abort label in md_run (bsc#1166003).
   - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003).
   - md: allow last device to be forcibly removed from RAID1/RAID10
   - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003).
   - md/bitmap: avoid race window between md_bitmap_resize and
     bitmap_file_clear_bit (bsc#1166003).
   - md-bitmap: create and destroy wb_info_pool with the change of backlog
   - md-bitmap: create and destroy wb_info_pool with the change of bitmap
   - md-bitmap: small cleanups (bsc#1166003).
   - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003).
   - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during
     reshaping stage (bsc#1166003).
   - md-cluster: introduce resync_info_get interface for sanity check
   - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003).
   - md-cluster/raid10: do not call remove_and_add_spares during reshaping
     stage (bsc#1166003).
   - md-cluster/raid10: resize all the bitmaps before start reshape
   - md-cluster/raid10: support add disk under grow mode (bsc#1166003).
   - md-cluster: remove suspend_info (bsc#1166003).
   - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted
   - md: convert to kvmalloc (bsc#1166003).
   - md: do not call spare_active in md_reap_sync_thread if all member
     devices can't work (bsc#1166003).
   - md: do not set In_sync if array is frozen (bsc#1166003).
   - md: fix a typo s/creat/create (bsc#1166003).
   - md: fix for divide error in status_resync (bsc#1166003).
   - md: fix spelling typo and add necessary space (bsc#1166003).
   - md: introduce mddev_create/destroy_wb_pool for the change of member
     device (bsc#1166003).
   - md-linear: use struct_size() in kzalloc() (bsc#1166003).
   - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003).
   - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003).
   - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show
   - md: no longer compare spare disk superblock events in super_load
   - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003).
   - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is
     gone (bsc#1166003).
   - md/raid10: end bio when the device faulty (bsc#1166003).
   - md/raid10: Fix raid10 replace hang when new added disk faulty
   - md/raid10: prevent access of uninitialized resync_pages offset
   - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003).
   - md: raid10: Use struct_size() in kmalloc() (bsc#1166003).
   - md/raid1: avoid soft lockup under high load (bsc#1166003).
   - md: raid1: check rdev before reference in raid1_sync_request func
   - md/raid1: end bio when the device faulty (bsc#1166003).
   - md/raid1: fail run raid1 array when active disk less than one
   - md/raid1: Fix a warning message in remove_wb() (bsc#1166003).
   - md/raid1: fix potential data inconsistency issue with write behind
     device (bsc#1166003).
   - md/raid1: get rid of extra blank line and space (bsc#1166003).
   - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003).
   - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003).
   - md: remove set but not used variable 'bi_rdev' (bsc#1166003).
   - md: rename wb stuffs (bsc#1166003).
   - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003).
   - md: use correct type in super_1_load (bsc#1166003).
   - md: use correct type in super_1_sync (bsc#1166003).
   - md: use correct types in md_bitmap_print_sb (bsc#1166003).
   - media: uvcvideo: Refactor teardown of uvc on USB disconnect
   - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters (bsc#1112374).
   - mlxsw: spectrum: Wipe xstats.backlog of down ports (bsc#1112374).
   - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
   - net: dsa: mv88e6xxx: Preserve priority when setting CPU port
   - net: dsa: tag_qca: fix doubled Tx statistics
   - net/ethtool: Introduce link_ksettings API for virtual network devices
     (bsc#1136157 ltc#177197).
   - net: Fix Tx hash bound checking (bsc#1109837).
   - net: hns3: fix a copying IPv6 address error in
     hclge_fd_get_flow_tuples() (bsc#1104353).
   - net: hns: fix soft lockup when there is not enough memory
   - net: hsr: fix possible NULL deref in hsr_handle_frame()
   - net: ip6_gre: fix moving ip6gre between namespaces
   - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27).
   - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27).
   - net: macb: Limit maximum GEM TX length in TSO
   - net: macb: Remove unnecessary alignment check for TSO
   - net/mlx5: Fix lowest FDB pool size (bsc#1103990).
   - net/mlx5: IPsec, Fix esp modify function attribute (bsc#1103990 ).
   - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx
   - net/mlx5: Update the list of the PCI supported devices (bsc#1127611).
   - net/mlxfw: Verify FSM error code translation does not exceed array size
   - net: mvneta: move rx_dropped and rx_errors in per-cpu stats
   - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
   - net_sched: ematch: reject invalid TCF_EM_SIMPLE
   - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05).
   - net_sched: fix a resource leak in tcindex_set_parms()
   - net_sched: fix datalen for ematch (networking-stable-20_01_27).
   - net: sch_prio: When ungrafting, replace with FIFO
   - net/smc: add fallback check to connect() (git-fixes).
   - net/smc: fix cleanup for linkgroup setup failures (git-fixes).
   - net/smc: no peer ID in CLC decline for SMCD (git-fixes).
   - net/smc: transfer fasync_list in case of fallback (git-fixes).
   - net: stmmac: dwmac-sunxi: Allow all RGMII modes
   - net-sysfs: Fix reference count leak (networking-stable-20_01_27).
   - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
   - net/tls: fix async operation (bsc#1109837).
   - net/tls: free the record on encryption error (bsc#1109837).
   - net/tls: take into account that bpf_exec_tx_verdict() may free the
     record (bsc#1109837).
   - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27).
   - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11).
   - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
   - NFC: pn544: Fix a typo in a debug message (bsc#1051510).
   - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
     le16_add_cpu() (bsc#1051510).
   - nvme: Fix parsing of ANA log page (bsc#1166658).
   - nvme: resync include/linux/nvme.h with nvmecli (bsc#1156510).
   - nvme: Translate more status codes to blk_status_t (bsc#1156510).
   - orinoco: avoid assertion in case of NULL pointer (bsc#1051510).
   - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes).
   - PCI/AER: Clear device status bits during ERR_COR handling (bsc#1161561).
   - PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL
   - PCI/AER: Clear only ERR_FATAL status bits during fatal recovery
   - PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery
   - PCI/AER: Do not clear AER bits if error handling is Firmware-First
   - PCI/AER: Do not read upstream ports below fatal errors (bsc#1161561).
   - PCI/AER: Factor out ERR_NONFATAL status bit clearing (bsc#1161561).
   - PCI/AER: Take reference on error devices (bsc#1161561).
   - PCI/ERR: Run error recovery callbacks for all affected devices
   - PCI/ERR: Use slot reset if available (bsc#1161561).
   - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
   - pinctrl: imx: scu: Align imx sc msg structs to 4 (git-fixes).
   - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510).
   - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510).
   - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
   - platform/mellanox: fix potential deadlock in the tmfifo driver
     (bsc#1136333 jsc#SLE-4994).
   - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode
     systems (bsc#1056686).
   - powerpc/pseries: Avoid NULL pointer dereference when drmem is
     unavailable (bsc#1160659).
   - powerpc/pseries: fix of_read_drc_info_cell() to point at next record
     (bsc#1165980 ltc#183834).
   - powerpc/pseries: group lmb operation and memblock's (bsc#1165404
   - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR
     request (bsc#1165404 ltc#183498).
   - powerpc/pseries: update device tree before ejecting hotplug uevents
     (bsc#1165404 ltc#183498).
   - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091).
   - ptr_ring: add include of linux/mm.h (bsc#1109837).
   - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510).
   - raid10: refactor common wait code from regular read/write request
   - raid1: factor out a common routine to handle the completion of sync
     write (bsc#1166003).
   - raid1: simplify raid1_error function (bsc#1166003).
   - raid1: use an int as the return value of raise_barrier() (bsc#1166003).
   - raid5: block failing device if raid will be failed (bsc#1166003).
   - raid5: do not increment read_errors on EILSEQ return (bsc#1166003).
   - raid5: do not set STRIPE_HANDLE to stripe which is in batch list
   - raid5 improve too many read errors msg by adding limits (bsc#1166003).
   - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003).
   - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003).
   - raid5: remove worker_cnt_per_group argument from alloc_thread_groups
   - raid5: set write hint for PPL (bsc#1166003).
   - raid5: use bio_end_sector in r5_next_bio (bsc#1166003).
   - raid6/test: fix a compilation error (bsc#1166003).
   - raid6/test: fix a compilation warning (bsc#1166003).
   - RDMA/cma: Fix unbalanced cm_id reference count during address resolve
   - RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create
   - RDMA/uverbs: Verify MR access flags (bsc#1103992).
   - remoteproc: Initialize rproc_class before use (bsc#1051510).
   - Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS" (git-fixes).
   - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510).
   - rxrpc: Fix insufficient receive notification generation
   - s390/pci: Fix unexpected write combine on resource (git-fixes).
   - s390/uv: Fix handling of length extensions (git-fixes).
   - scsi: fnic: do not queue commands during fwreset (bsc#1146539).
   - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951
   - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot
     (bsc#1161951 ltc#183551).
   - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951
   - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551).
   - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
   - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951
   - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id
     (bsc#1161951 ltc#183551).
   - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951
   - scsi: ibmvfc: Remove "failed" from logged errors (bsc#1161951
   - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551).
   - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951
   - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
   - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work
     (bsc#1161951 ltc#183551).
   - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951
   - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551).
   - scsi: ibmvscsi: redo driver work thread to use enum action states
     (bsc#1161951 ltc#183551).
   - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template
     (bsc#1161951 ltc#183551).
   - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424).
   - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424).
   - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP
   - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP
   - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424).
   - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424).
   - scsi: qla2xxx: add more FW debug information (bsc#1157424).
   - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424).
   - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data
   - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424).
   - scsi: qla2xxx: Add vendor extended RDP additions and amendments
   - scsi: qla2xxx: Avoid setting firmware options twice in
     24xx_update_fw_options (bsc#1157424).
   - scsi: qla2xxx: Check locking assumptions at runtime in
     qla2x00_abort_srb() (bsc#1157424).
   - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424).
   - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline
     function (bsc#1157424).
   - scsi: qla2xxx: Correction to selection of loopback/echo test
   - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424).
   - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424).
   - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424).
   - scsi: qla2xxx: fix FW resource count values (bsc#1157424).
   - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424).
   - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424).
   - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424).
   - scsi: qla2xxx: Fix RDP response size (bsc#1157424).
   - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424).
   - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking
     code (bsc#1157424).
   - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424).
   - scsi: qla2xxx: Handle cases for limiting RDP response payload length
   - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424).
   - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424).
   - scsi: qla2xxx: Move free of fcport out of interrupt context
   - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry()
   - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424).
   - scsi: qla2xxx: Return appropriate failure through BSG Interface
   - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424).
   - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424).
   - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424).
   - scsi: qla2xxx: Show correct port speed capabilities for RDP command
   - scsi: qla2xxx: Simplify the code for aborting SCSI commands
   - scsi: qla2xxx: Suppress endianness complaints in
     qla2x00_configure_local_loop() (bsc#1157424).
   - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424).
   - scsi: qla2xxx: Update driver version to (bsc#1157424).
   - scsi: qla2xxx: Update driver version to (bsc#1157424).
   - scsi: qla2xxx: Use a dedicated interrupt handler for
     'handshake-required' ISPs (bsc#1157424).
   - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424).
   - scsi: qla2xxx: Use endian macros to assign static fields in fwdump
     header (bsc#1157424).
   - scsi: qla2xxx: Use FC generic update firmware options routine for
     ISP27xx (bsc#1157424).
   - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424).
   - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag
   - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
   - smb3: add debug messages for closing unmatched open (bsc#1144333).
   - smb3: Add defines for new information level, FileIdInformation
   - smb3: add dynamic tracepoints for flush and close (bsc#1144333).
   - smb3: add missing flag definitions (bsc#1144333).
   - smb3: Add missing reparse tags (bsc#1144333).
   - smb3: add missing worker function for SMB3 change notify (bsc#1144333).
   - smb3: add mount option to allow forced caching of read only share
   - smb3: add mount option to allow RW caching of share accessed by only 1
     client (bsc#1144333).
   - smb3: add one more dynamic tracepoint missing from strict fsync path
   - smb3: add some more descriptive messages about share when mounting
     cache=ro (bsc#1144333).
   - smb3: allow decryption keys to be dumped by admin for debugging
   - smb3: allow disabling requesting leases (bsc#1144333).
   - smb3: allow parallelizing decryption of reads (bsc#1144333).
   - smb3: allow skipping signature verification for perf sensitive
     configurations (bsc#1144333).
   - smb3: Backup intent flag missing from some more ops (bsc#1144333).
   - smb3: cleanup some recent endian errors spotted by updated sparse
   - smb3: display max smb3 requests in flight at any one time (bsc#1144333).
   - smb3: dump in_send and num_waiters stats counters by default
   - smb3: enable offload of decryption of large reads via mount option
   - smb3: fix default permissions on new files when mounting with
     modefromsid (bsc#1144333).
   - smb3: fix mode passed in on create for modetosid mount option
   - smb3: fix performance regression with setting mtime (bsc#1144333).
   - smb3: fix potential null dereference in decrypt offload (bsc#1144333).
   - smb3: fix problem with null cifs super block with previous patch
   - smb3: Fix regression in time handling (bsc#1144333).
   - smb3: improve check for when we send the security descriptor context on
     create (bsc#1144333).
   - smb3: log warning if CSC policy conflicts with cache mount option
   - smb3: missing ACL related flags (bsc#1144333).
   - smb3: only offload decryption of read responses if multiple requests
   - smb3: pass mode bits into create calls (bsc#1144333).
   - smb3: print warning once if posix context returned on open
   - smb3: query attributes on file close (bsc#1144333).
   - smb3: remove noisy debug message and minor cleanup (bsc#1144333).
   - smb3: remove unused flag passed into close functions (bsc#1144333).
   - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510).
   - staging: rtl8188eu: Fix potential security hole (bsc#1051510).
   - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510).
   - staging: rtl8723bs: Fix potential security hole (bsc#1051510).
   - SUNRPC: Fix svcauth_gss_proxy_init() (bsc#1103992).
   - tcp_bbr: improve arithmetic division in bbr_update_bw()
   - tcp: clear tp->data_segs{in|out} in tcp_disconnect()
   - tcp: clear tp->delivered in tcp_disconnect()
   - tcp: clear tp->segs_{in|out} in tcp_disconnect()
   - tcp: clear tp->total_retrans in tcp_disconnect()
   - tcp: fix marked lost packets not being retransmitted
   - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
   - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes).
   - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231).
   - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on
     failure (git-fixes).
   - tools: Update include/uapi/linux/fcntl.h copy from the kernel
   - ttyprintk: fix a potential deadlock in interrupt context issue
   - tun: add mutex_unlock() call and napi.skb clearing in tun_get_user()
   - Updated block layer, timers and md code for SLE15-SP1 kernel
   - Updated "drm/i915: Wean off drm_pci_alloc/drm_pci_free" (bsc#1114279)
   - USB: core: add endpoint-blacklist quirk (git-fixes).
   - USBip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit()
   - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes).
   - uvcvideo: Refactor teardown of uvc on USB disconnect
     ( (bsc#1164507)
   - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279)
   - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes).
   - vlan: fix memory leak in vlan_dev_set_egress_priority
   - vlan: vlan_changelink() should propagate errors
   - vxlan: fix tos value before xmit (networking-stable-20_01_11).
   - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
   - x86/ioremap: Add an ioremap_encrypted() helper (bsc#1141895).
   - x86/kdump: Export the SME mask to vmcoreinfo (bsc#1141895).
   - x86/mce/amd: Fix kobject lifetime (bsc#1114279).
   - x86/mce/amd: Publish the bank pointer only after setup has succeeded
   - x86/mm: Split vmalloc_sync_all() (bsc#1165741).
   - xfs: also remove cached ACLs when removing the underlying attr
   - xfs: bulkstat should copy lastip whenever userspace supplies one
   - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510).
   - xhci: Force Maximum Packet size for Full-speed bulk devices to valid
     range (bsc#1051510).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP1:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-836=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-836=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-836=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-836=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-836=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-836=1

Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x):


   - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):


   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):


   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):


   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):



More information about the sle-security-updates mailing list