SUSE-SU-2020:3122-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Nov 3 07:31:04 MST 2020
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3122-1
Rating: important
References: #1055014 #1055186 #1061843 #1065729 #1077428
#1129923 #1134760 #1152489 #1174748 #1174969
#1175052 #1175898 #1176485 #1176713 #1177086
#1177353 #1177410 #1177411 #1177470 #1177739
#1177749 #1177750 #1177754 #1177755 #1177765
#1177814 #1177817 #1177854 #1177855 #1177856
#1177861 #1178002 #1178079 #1178246
Cross-References: CVE-2020-14351 CVE-2020-16120 CVE-2020-25285
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________
An update that solves three vulnerabilities and has 31
fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25285: A race condition between hugetlb sysctl handlers in
mm/hugetlb.c could be used by local attackers to corrupt memory, cause a
NULL pointer dereference, or possibly have unspecified other impact
(bnc#1176485).
- CVE-2020-16120: Fixed permission check to open real file when using
overlayfs. It was possible to have a file not readable by an
unprivileged user be copied to a mountpoint controlled by that user and
then be able to access the file. (bsc#1177470)
- CVE-2020-14351: Fixed a race condition in the perf_mmap_close() function
(bsc#1177086).
The following non-security bugs were fixed:
- ACPI: Always build evged in (git-fixes).
- ACPI: button: fix handling lid state changes when input device closed
(git-fixes).
- ACPI: configfs: Add missing config_item_put() to fix refcount leak
(git-fixes).
- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
- ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
- Add CONFIG_CHECK_CODESIGN_EKU
- ALSA: ac97: (cosmetic) align argument names (git-fixes).
- ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
- ALSA: asihpi: fix spellint typo in comments (git-fixes).
- ALSA: atmel: ac97: clarify operator precedence (git-fixes).
- ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
- ALSA: compress_offload: remove redundant initialization (git-fixes).
- ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
- ALSA: core: pcm: simplify locking for timers (git-fixes).
- ALSA: core: timer: clarify operator precedence (git-fixes).
- ALSA: core: timer: remove redundant assignment (git-fixes).
- ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock
(git-fixes).
- ALSA: fireworks: use semicolons rather than commas to separate
statements (git-fixes).
- ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
- ALSA: hda: (cosmetic) align function parameters (git-fixes).
- ALSA: hda - Do not register a cb func if it is registered already
(git-fixes).
- ALSA: hda - Fix the return value if cb func is already registered
(git-fixes).
- ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).
- ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7
(git-fixes).
- ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
(git-fixes).
- ALSA: hda/realtek - set mic to auto detect on a HP AIO machine
(git-fixes).
- ALSA: hda/realtek - The front Mic on a HP machine does not work
(git-fixes).
- ALSA: hda: use semicolons rather than commas to separate statements
(git-fixes).
- ALSA: hdspm: Fix typo arbitary (git-fixes).
- ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
- ALSA: portman2x4: fix repeated word 'if' (git-fixes).
- ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
- ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
- ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).
- ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
- ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
- ALSA: usb-audio: fix spelling mistake "Frequence" -> "Frequency"
(git-fixes).
- ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk
(git-fixes).
- ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).
- ALSA: vx: vx_core: clarify operator precedence (git-fixes).
- ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).
- ASoC: fsl: imx-es8328: add missing put_device() call in
imx_es8328_probe() (git-fixes).
- ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes).
- ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
- ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
- ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits
(git-fixes).
- ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).
- ata: sata_rcar: Fix DMA boundary mask (git-fixes).
- ath10k: Fix the size used in a 'dma_free_coherent()' call in an error
handling path (git-fixes).
- ath10k: provide survey info as accumulated data (git-fixes).
- ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
(git-fixes).
- ath6kl: wmi: prevent a shift wrapping bug in
ath6kl_wmi_delete_pstream_cmd() (git-fixes).
- ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
(git-fixes).
- ath9k_htc: Use appropriate rs_datalen type (git-fixes).
- backlight: sky81452-backlight: Fix refcount imbalance on error
(git-fixes).
- blk-mq: order adding requests to hctx->dispatch and checking
SCHED_RESTART (bsc#1177750).
- block: ensure bdi->io_pages is always initialized (bsc#1177749).
- block: Fix page_is_mergeable() for compound pages (bsc#1177814).
- Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
- Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
- brcmfmac: check ndev pointer (git-fixes).
- btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854).
- btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations
(bsc#1177856).
- btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
(bsc#1177855).
- btrfs: tree-checker: fix false alert caused by legacy btrfs root item
(bsc#1177861).
- can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
- can: flexcan: remove ack_grp and ack_bit handling from driver
(git-fixes).
- can: softing: softing_card_shutdown(): add braces around empty body in
an 'if' statement (git-fixes).
- clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).
- clk: at91: remove the checking of parent_name (git-fixes).
- clk: bcm2835: add missing release if devm_clk_hw_register fails
(git-fixes).
- clk: imx8mq: Fix usdhc parents order (git-fixes).
- clk: keystone: sci-clk: fix parsing assigned-clock data during probe
(git-fixes).
- clk: meson: g12a: mark fclk_div2 as critical (git-fixes).
- clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).
- cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
- dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817).
- dma-direct: add missing set_memory_decrypted() for coherent mapping
(bsc#1175898, ECO-2743).
- dma-direct: always align allocation size in dma_direct_alloc_pages()
(bsc#1175898, ECO-2743).
- dma-direct: atomic allocations must come from atomic coherent pools
(bsc#1175898, ECO-2743).
- dma-direct: check return value when encrypting or decrypting memory
(bsc#1175898, ECO-2743).
- dma-direct: consolidate the error handling in dma_direct_alloc_pages
(bsc#1175898, ECO-2743).
- dma-direct: make uncached_kernel_address more general (bsc#1175898,
ECO-2743).
- dma-direct: provide function to check physical memory area validity
(bsc#1175898, ECO-2743).
- dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898,
ECO-2743).
- dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails
(bsc#1175898, ECO-2743).
- dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743).
- dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages
(bsc#1175898, ECO-2743).
- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
- dmaengine: dmatest: Check list for emptiness before access its last
entry (git-fixes).
- dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743).
- dma-mapping: always use VM_DMA_COHERENT for generic DMA remap
(bsc#1175898, ECO-2743).
- dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR
(bsc#1175898, ECO-2743).
- dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898,
ECO-2743).
- dma-mapping: merge the generic remapping helpers into dma-direct
(bsc#1175898, ECO-2743).
- dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743).
- dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).
- dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898,
ECO-2743).
- dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).
- dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898,
ECO-2743).
- dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).
- dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).
- dma-pool: Fix an uninitialized variable bug in atomic_pool_expand()
(bsc#1175898, ECO-2743).
- dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898,
ECO-2743).
- dma-pool: fix too large DMA pools on medium memory size systems
(bsc#1175898, ECO-2743).
- dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743).
- dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743).
- dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).
- dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898,
ECO-2743).
- dma-pool: scale the default DMA coherent pool size with memory capacity
(bsc#1175898, ECO-2743).
- dma-remap: separate DMA atomic pools from direct remap code
(bsc#1175898, ECO-2743).
- dm: Call proper helper to determine dax support (bsc#1177817).
- dm/dax: Fix table reference counts (bsc#1178246).
- docs: driver-api: remove a duplicated index entry (git-fixes).
- EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489).
- extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips
(git-fixes).
- HID: hid-input: fix stylus battery reporting (git-fixes).
- HID: roccat: add bounds checking in kone_sysfs_write_settings()
(git-fixes).
- HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
(git-fixes).
- i2c: core: Restore acpi_walk_dep_device_list() getting called after
registering the ACPI i2c devs (git-fixes).
- i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
- i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).
- i3c: master add i3c_master_attach_boardinfo to preserve boardinfo
(git-fixes).
- i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes).
- ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
- ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760
ltc#177449 git-fixes).
- ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).
- ida: Free allocated bitmap in error path (git-fixes).
- iio:accel:bma180: Fix use of true when should be iio_shared_by enum
(git-fixes).
- iio: adc: gyroadc: fix leak of device node iterator (git-fixes).
- iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling
(git-fixes).
- iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
- iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
- iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).
- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak
(git-fixes).
- iio:light:si1145: Fix timestamp alignment and prevent data leak
(git-fixes).
- iio:magn:hmc5843: Fix passing true where iio_shared_by enum required
(git-fixes).
- ima: Do not ignore errors from crypto_shash_update() (git-fixes).
- ima: Remove semicolon at the end of ima_get_binary_runtime_size()
(git-fixes).
- Input: ati_remote2 - add missing newlines when printing module
parameters (git-fixes).
- Input: ep93xx_keypad - fix handling of platform_get_irq() error
(git-fixes).
- Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
(git-fixes).
- Input: omap4-keypad - fix handling of platform_get_irq() error
(git-fixes).
- Input: stmfts - fix a & vs && typo (git-fixes).
- Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).
- Input: twl4030_keypad - fix handling of platform_get_irq() error
(git-fixes).
- iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).
- iommu/vt-d: Gracefully handle DMAR units with no supported address
widths (bsc#1177739).
- ipmi_si: Fix wrong return value in try_smi_init() (git-fixes).
- iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
- kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353).
- leds: mt6323: move period calculation (git-fixes).
- lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
- memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
(git-fixes).
- memory: omap-gpmc: Fix a couple off by ones (git-fixes).
- memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes).
- mfd: sm501: Fix leaks in probe() (git-fixes).
- misc: mic: scif: Fix error handling path (git-fixes).
- mm: do not panic when links can't be created in sysfs (bsc#1178002).
- mm: do not rely on system state to detect hot-plug operations
(bsc#1178002).
- mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
- mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes
(mm/mempolicy)).
- mm/page-writeback.c: avoid potential division by zero in
wb_min_max_ratio() (git-fixes (mm/writeback)).
- mm/page-writeback.c: improve arithmetic divisions (git-fixes
(mm/writeback)).
- mm: replace memmap_context by meminit_context (bsc#1178002).
- mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
- mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes
(mm/zsmalloc)).
- mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).
- mtd: lpddr: fix excessive stack usage with clang (git-fixes).
- mtd: mtdoops: Do not write panic data twice (git-fixes).
- mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes).
- mtd: rawnand: vf610: disable clk on error handling path in probe
(git-fixes).
- mtd: spinand: gigadevice: Add QE Bit (git-fixes).
- mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes).
- mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).
- mwifiex: fix double free (git-fixes).
- mwifiex: remove function pointer check (git-fixes).
- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
(git-fixes).
- net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
(git-fixes).
- nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
nfc_genl_fw_download() (git-fixes).
- nl80211: fix non-split wiphy information (git-fixes).
- NTB: hw: amd: fix an issue about leak system resources (git-fixes).
- ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes).
- nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).
- nvme-rdma: fix crash when connect rejected (bsc#1174748).
- overflow: Include header file with SIZE_MAX declaration (git-fixes).
- PCI: aardvark: Check for errors from pci_bridge_emul_init() call
(git-fixes).
- percpu: fix first chunk size calculation for populated bitmap (git-fixes
(mm/percpu)).
- perf/x86/amd: Fix sampling Large Increment per Cycle events
(bsc#1152489).
- perf/x86: Fix n_pair for cancelled txn (bsc#1152489).
- pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes).
- pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes).
- PKCS#7: Check codeSigning EKU for kernel module and kexec pe
verification (bsc#1177353).
- platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
- PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079).
- powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186
ltc#153436 git-fixes).
- powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load
emulation (bsc#1065729).
- powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).
- powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).
- powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).
- powerpc/papr_scm: Fix warning triggered by perf_stats_show()
(bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
- powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).
- powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).
- powerpc/powernv/elog: Fix race while processing OPAL error log event
(bsc#1065729).
- powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246
git-fixes).
- powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
(bsc#1077428 ltc#163882 git-fixes).
- powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).
- pwm: img: Fix null pointer access in probe (git-fixes).
- pwm: lpss: Add range limit check for the base_unit register value
(git-fixes).
- pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
(git-fixes).
- qtnfmac: fix resource leaks on unsupported iftype error return path
(git-fixes).
- r8169: fix operation under forced interrupt threading (git-fixes).
- rapidio: fix the missed put_device() for rio_mport_add_riodev
(git-fixes).
- reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
- ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).
- rtc: rx8010: do not modify the global rtc ops (git-fixes).
- scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).
- scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations
(bsc#1175898, ECO-2743).
- slimbus: core: check get_addr before removing laddr ida (git-fixes).
- slimbus: core: do not enter to clock pause mode in core (git-fixes).
- slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
(git-fixes).
- soc: fsl: qbman: Fix return value on success (git-fixes).
- staging: comedi: check validity of wMaxPacketSize of usb endpoints found
(git-fixes).
- staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes).
- tracing: Check return value of __create_val_fields() before using its
result (git-fixes).
- tracing: Save normal string variables (git-fixes).
- USB: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).
- USB: dwc2: Fix parameter type in function pointer prototype (git-fixes).
- USB: dwc3: core: add phy cleanup for probe error handling (git-fixes).
- USB: dwc3: core: do not trigger runtime pm when remove driver
(git-fixes).
- USB: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).
- USB: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes).
- USB: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM
functionality (git-fixes).
- USB: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).
- USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well
(git-fixes).
- usblp: fix race between disconnect() and read() (git-fixes).
- USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
(git-fixes).
- USB: serial: option: add Cellient MPL200 card (git-fixes).
- USB: serial: option: Add Telit FT980-KS composition (git-fixes).
- USB: serial: pl2303: add device-id for HP GC device (git-fixes).
- USB: serial: qcserial: fix altsetting probing (git-fixes).
- usb: xhci-mtk: Fix typo (git-fixes).
- VMCI: check return value of get_user_pages_fast() for errors (git-fixes).
- w1: mxc_w1: Fix timeout resolution problem leading to bus error
(git-fixes).
- watchdog: Fix memleak in watchdog_cdev_register (git-fixes).
- watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes).
- watchdog: Use put_device on error (git-fixes).
- wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
(git-fixes).
- writeback: Avoid skipping inode writeback (bsc#1177755).
- writeback: Fix sync livelock due to b_dirty_time processing
(bsc#1177755).
- writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).
- X.509: Add CodeSigning extended key usage parsing (bsc#1177353).
- x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489).
- x86/ioapic: Unbreak check_timer() (bsc#1152489).
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and
poisoned (bsc#1177765).
- x86/mm: unencrypted non-blocking DMA allocations use coherent pools
(bsc#1175898, ECO-2743).
- x86/xen: disable Firmware First mode for correctable memory errors
(bsc#1176713).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/events: add a new "late EOI" evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332
bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331
bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332
bsc#1177411).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332
bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332
bsc#1177411).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xfs: force the log after remapping a synchronous-writes file (git-fixes).
- xhci: do not create endpoint debugfs entry before ring buffer is set
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3122=1
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3122=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3122=1
- SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3122=1
- SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3122=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3122=1
Package List:
- SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.34.1
kernel-default-debugsource-5.3.18-24.34.1
kernel-default-extra-5.3.18-24.34.1
kernel-default-extra-debuginfo-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-24.34.1
kernel-default-debugsource-5.3.18-24.34.1
kernel-default-livepatch-5.3.18-24.34.1
kernel-default-livepatch-devel-5.3.18-24.34.1
kernel-livepatch-5_3_18-24_34-default-1-5.3.2
kernel-livepatch-5_3_18-24_34-default-debuginfo-1-5.3.2
kernel-livepatch-SLE15-SP2_Update_6-debugsource-1-5.3.2
- SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-24.34.1
kernel-default-debugsource-5.3.18-24.34.1
reiserfs-kmp-default-5.3.18-24.34.1
reiserfs-kmp-default-debuginfo-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-24.34.1
kernel-obs-build-debugsource-5.3.18-24.34.1
kernel-syms-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.34.1
kernel-preempt-debugsource-5.3.18-24.34.1
kernel-preempt-devel-5.3.18-24.34.1
kernel-preempt-devel-debuginfo-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.34.1
kernel-source-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-24.34.1
kernel-default-base-5.3.18-24.34.1.9.11.2
kernel-default-debuginfo-5.3.18-24.34.1
kernel-default-debugsource-5.3.18-24.34.1
kernel-default-devel-5.3.18-24.34.1
kernel-default-devel-debuginfo-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.34.1
kernel-preempt-debuginfo-5.3.18-24.34.1
kernel-preempt-debugsource-5.3.18-24.34.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.34.1
kernel-macros-5.3.18-24.34.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-24.34.1
cluster-md-kmp-default-debuginfo-5.3.18-24.34.1
dlm-kmp-default-5.3.18-24.34.1
dlm-kmp-default-debuginfo-5.3.18-24.34.1
gfs2-kmp-default-5.3.18-24.34.1
gfs2-kmp-default-debuginfo-5.3.18-24.34.1
kernel-default-debuginfo-5.3.18-24.34.1
kernel-default-debugsource-5.3.18-24.34.1
ocfs2-kmp-default-5.3.18-24.34.1
ocfs2-kmp-default-debuginfo-5.3.18-24.34.1
References:
https://www.suse.com/security/cve/CVE-2020-14351.html
https://www.suse.com/security/cve/CVE-2020-16120.html
https://www.suse.com/security/cve/CVE-2020-25285.html
https://bugzilla.suse.com/1055014
https://bugzilla.suse.com/1055186
https://bugzilla.suse.com/1061843
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1077428
https://bugzilla.suse.com/1129923
https://bugzilla.suse.com/1134760
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1174748
https://bugzilla.suse.com/1174969
https://bugzilla.suse.com/1175052
https://bugzilla.suse.com/1175898
https://bugzilla.suse.com/1176485
https://bugzilla.suse.com/1176713
https://bugzilla.suse.com/1177086
https://bugzilla.suse.com/1177353
https://bugzilla.suse.com/1177410
https://bugzilla.suse.com/1177411
https://bugzilla.suse.com/1177470
https://bugzilla.suse.com/1177739
https://bugzilla.suse.com/1177749
https://bugzilla.suse.com/1177750
https://bugzilla.suse.com/1177754
https://bugzilla.suse.com/1177755
https://bugzilla.suse.com/1177765
https://bugzilla.suse.com/1177814
https://bugzilla.suse.com/1177817
https://bugzilla.suse.com/1177854
https://bugzilla.suse.com/1177855
https://bugzilla.suse.com/1177856
https://bugzilla.suse.com/1177861
https://bugzilla.suse.com/1178002
https://bugzilla.suse.com/1178079
https://bugzilla.suse.com/1178246
More information about the sle-security-updates
mailing list