SUSE-SU-2020:3273-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Nov 10 16:16:08 MST 2020

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2020:3273-1
Rating:             important
References:         #1065600 #1066382 #1149032 #1163592 #1164648 
                    #1170415 #1175749 #1176354 #1177281 #1177766 
                    #1177799 #1177801 #1178166 #1178173 #1178175 
                    #1178176 #1178177 #1178183 #1178184 #1178185 
                    #1178186 #1178190 #1178191 #1178255 #1178307 
                    #1178330 #1178395 
Cross-References:   CVE-2020-25656 CVE-2020-8694
Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP2

   An update that solves two vulnerabilities and has 25 fixes
   is now available.


   The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
   security and bug fixes.

   The following security bugs were fixed:

   - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl
   - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).

   The following non-security bugs were fixed:

   - act_ife: load meta modules before tcf_idr_check_alloc()
   - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
   - ath9k: hif_usb: fix race condition between usb_get_urb() and
     usb_kill_anchored_urbs() (git-fixes).
   - block: Set same_page to false in __bio_try_merge_page if ret is false
   - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb
   - Bluetooth: Only mark socket zapped after unlocking (git-fixes).
   - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex
   - bonding: show saner speed for broadcast mode
   - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
   - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
   - btrfs: allocate scrub workqueues outside of locks (bsc#1178183).
   - btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
   - btrfs: drop path before adding new uuid tree entry (bsc#1178176).
   - btrfs: fix filesystem corruption after a device replace (bsc#1178395).
   - btrfs: fix NULL pointer dereference after failure to create snapshot
   - btrfs: fix overflow when copying corrupt csums for a message
   - btrfs: fix space cache memory leak after transaction abort (bsc#1178173).
   - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks
   - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing
   - btrfs: set the correct lockdep class for new nodes (bsc#1178184).
   - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).
   - can: flexcan: flexcan_chip_stop(): add error handling and propagate
     error value (git-fixes).
   - ceph: promote to unsigned long long before shifting (bsc#1178175).
   - crypto: ccp - fix error handling (git-fixes).
   - cxgb4: fix memory leak during module unload (networking-stable-20_09_24).
   - cxgb4: Fix offset when clearing filter byte counters
   - Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not
     really useful for KMP, and rather confusing, so let's disable it at
     building out-of-tree codes
   - Disable module compression on SLE15 SP2 (bsc#1178307)
   - dmaengine: dw: Activate FIFO-mode for memory peripherals only
   - eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
   - futex: Adjust absolute futex timeouts with per time namespace offset
   - futex: Consistently use fshared as boolean (bsc#1149032).
   - futex: Fix incorrect should_fail_futex() handling (bsc#1149032).
   - futex: Remove put_futex_key() (bsc#1149032).
   - futex: Remove unused or redundant includes (bsc#1149032).
   - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
   - gtp: add GTPA_LINK info to msg sent to userspace
   - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).
   - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
   - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
   - icmp: randomize the global rate limiter (git-fixes).
   - ip: fix tos reflection in ack and reset packets
   - ipv4: Initialize flowi4_multipath_hash in data path
   - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
   - ipv4: Update exception handling for multipath routes via same device
   - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24).
   - ipv6: Fix sysctl max for fib_multipath_hash_policy
   - ipvlan: fix device features (networking-stable-20_08_24).
   - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes).
   - kbuild: enforce -Werror=return-type (bsc#1177281).
   - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering
     lpages (git-fixes).
   - libceph: clear con->out_msg on Policy::stateful_server faults
   - mac80211: handle lack of sband->bitrates in rates (git-fixes).
   - mailbox: avoid timer start from callback (git-fixes).
   - media: ati_remote: sanity check for both endpoints (git-fixes).
   - media: bdisp: Fix runtime PM imbalance on error (git-fixes).
   - media: exynos4-is: Fix a reference count leak (git-fixes).
   - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
   - media: exynos4-is: Fix several reference count leaks due to
     pm_runtime_get_sync (git-fixes).
   - media: firewire: fix memory leak (git-fixes).
   - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).
   - media: i2c: ov5640: Remain in power down for DVP mode unless streaming
   - media: i2c: ov5640: Separate out mipi configuration from s_power
   - media: media/pci: prevent memory leak in bttv_probe (git-fixes).
   - media: platform: s3c-camif: Fix runtime PM imbalance on error
   - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
   - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes).
   - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).
   - media: saa7134: avoid a shift overflow (git-fixes).
   - media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
   - media: sti: Fix reference count leaks (git-fixes).
   - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
   - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).
   - media: vsp1: Fix runtime PM imbalance on error (git-fixes).
   - mic: vop: copy data to kernel space then write to io memory (git-fixes).
   - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
   - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
   - mm: fix a race during THP splitting (bsc#1178255).
   - mm: madvise: fix vma user-after-free (git-fixes).
   - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
   - module: Correctly truncate sysfs sections output (git-fixes).
   - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).
   - module: Refactor section attr into bin attribute (git-fixes).
   - module: statically initialize init section freeing data (git-fixes).
   - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).
   - net/core: check length before updating Ethertype in skb_mpls_{push,pop}
   - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).
   - net/mlx5e: Enable adding peer miss rules only if merged eswitch is
     supported (networking-stable-20_09_24).
   - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported
   - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments()
     error flow (networking-stable-20_08_24).
   - net/smc: Prevent kernel-infoleak in __smc_diag_dump()
   - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group
     under RCU (networking-stable-20_09_24).
   - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
   - net: disable netpoll on fresh napis (networking-stable-20_09_11).
   - net: dsa: b53: check for timeout (networking-stable-20_08_24).
   - net: dsa: rtl8366: Properly clear member config
   - net: fec: correct the error path for regulator disable in probe
   - net: Fix bridge enslavement failure (networking-stable-20_09_24).
   - net: Fix potential wrong skb->protocol in skb_vlan_untag()
   - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).
   - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
   - net: lantiq: Disable IRQs only if NAPI gets scheduled
   - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24).
   - net: lantiq: use netif_tx_napi_add() for TX NAPI
   - net: lantiq: Wake TX queue again (networking-stable-20_09_24).
   - net: phy: Avoid NPD upon phy_detach() when driver is unbound
   - net: phy: Do not warn in phy_stop() on PHY_DOWN
   - net: qrtr: fix usage of idr in port assignment to socket
   - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant
   - net: sctp: Fix negotiation of the number of data streams
   - net: systemport: Fix memleak in bcm_sysport_probe
   - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
   - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
   - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
   - netlabel: fix problems with mapping removal (networking-stable-20_09_11).
   - nfp: use correct define to return NONE fec (networking-stable-20_09_24).
   - PM: hibernate: remove the bogus call to get_gendisk() in
     software_resume() (git-fixes).
   - r8169: fix issue with forced threading in combination with shared
     interrupts (git-fixes).
   - rpm/ Fix compressed module handling for in-tree
     KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have
     a different scriptlet that is embedded in rather
     than *.sh files.
   - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
   - rtl8xxxu: prevent potential memory leak (git-fixes).
   - rtw88: increse the size of rx buffer size (git-fixes).
   - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
     (bsc#1177799 LTC#188733).
   - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).
   - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166
   - sctp: not disable bh in the whole sctp_get_port_local()
   - selftests/timers: Turn off timeout setting (git-fixes).
   - spi: spi-s3c64xx: Check return values (git-fixes).
   - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and
     s3c64xx_enable_datapath() (git-fixes).
   - taprio: Fix allowing too small intervals (networking-stable-20_09_24).
   - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648).
   - tipc: fix memory leak caused by tipc_buf_append() (git-fixes).
   - tipc: Fix memory leak in tipc_group_create_member()
   - tipc: fix shutdown() of connection oriented socket
   - tipc: fix shutdown() of connectionless socket
   - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).
   - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
   - tipc: use skb_unshare() instead in tipc_buf_append()
   - tty: ipwireless: fix error handling (git-fixes).
   - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).
   - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
   - usb: cdc-acm: handle broken union descriptors (git-fixes).
   - usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync()
   - usb: core: Solve race condition in anchor cleanup functions (git-fixes).
   - usb: dwc3: simple: add support for Hikey 970 (git-fixes).
   - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets
   - usb: gadget: function: printer: fix use-after-free in __lock_acquire
   - usb: ohci: Default to per-port over-current protection (git-fixes).
   - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).
   - xen/gntdev.c: Mark pages as dirty (bsc#1065600).
   - xfs: fix high key handling in the rt allocator's query_range function
   - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt
     files (git-fixes).
   - xfs: limit entries returned when counting fsmap records (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3273=1

Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):



More information about the sle-security-updates mailing list