SUSE-SU-2020:3281-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Nov 11 07:17:34 MST 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3281-1
Rating:             important
References:         #1055014 #1061843 #1065600 #1065729 #1066382 
                    #1077428 #1112178 #1114648 #1131277 #1134760 
                    #1140683 #1152624 #1157424 #1163592 #1168468 
                    #1171558 #1171675 #1172538 #1172757 #1173432 
                    #1174748 #1175520 #1175716 #1176354 #1176381 
                    #1176395 #1176400 #1176410 #1176485 #1176560 
                    #1176713 #1176723 #1176946 #1177027 #1177086 
                    #1177101 #1177258 #1177271 #1177281 #1177340 
                    #1177359 #1177410 #1177411 #1177470 #1177511 
                    #1177685 #1177687 #1177719 #1177724 #1177725 
                    #1177740 #1177749 #1177750 #1177753 #1177754 
                    #1177755 #1177766 #1177855 #1177856 #1177861 
                    #1178027 #1178166 #1178185 #1178187 #1178188 
                    #1178202 #1178234 #1178330 #936888 
Cross-References:   CVE-2020-0430 CVE-2020-12351 CVE-2020-12352
                    CVE-2020-14351 CVE-2020-16120 CVE-2020-25212
                    CVE-2020-25285 CVE-2020-25645 CVE-2020-25656
                    CVE-2020-27673 CVE-2020-27675
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 58 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl
     (bnc#1177766).
   - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers
     in mm/hugetlb.c (bnc#1176485).
   - CVE-2020-0430: Fixed an OOB read in skb_headlen of
     /include/linux/skbuff.h (bnc#1176723).
   - CVE-2020-14351: Fixed a race in the perf_mmap_close() function
     (bsc#1177086).
   - CVE-2020-16120: Fixed a permissions issue in ovl_path_open()
     (bsc#1177470).
   - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops
     filter addition (bsc#1177724).
   - CVE-2020-12352: Fixed an information leak when processing certain AMP
     packets aka "BleedingTooth" (bsc#1177725).
   - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code
     (bnc#1176381).
   - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between
     two Geneve endpoints to be unencrypted (bnc#1177511).
   - CVE-2020-27673: Fixed an issue where rogue guests could have caused
     denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
   - CVE-2020-27675: Fixed a race condition in event handler which may crash
     dom0 (XSA-331 bsc#1177410).

   The following non-security bugs were fixed:

   - ACPI: dock: fix enum-conversion warning (git-fixes).
   - ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
   - ALSA: compress_offload: remove redundant initialization (git-fixes).
   - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
   - ALSA: core: pcm: simplify locking for timers (git-fixes).
   - ALSA: core: timer: clarify operator precedence (git-fixes).
   - ALSA: core: timer: remove redundant assignment (git-fixes).
   - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock
     (git-fixes).
   - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
   - ALSA: hda - Do not register a cb func if it is registered already
     (git-fixes).
   - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7
     (git-fixes).
   - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
     (git-fixes).
   - ALSA: hda/realtek - The front Mic on a HP machine does not work
     (git-fixes).
   - ALSA: hda: use semicolons rather than commas to separate statements
     (git-fixes).
   - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
   - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
   - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
   - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
   - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
   - ALSA: usb-audio: fix spelling mistake "Frequence" -> "Frequency"
     (git-fixes).
   - amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).
   - amd-xgbe: Add additional dynamic debug messages (git-fixes).
   - amd-xgbe: Add additional ethtool statistics (git-fixes).
   - amd-xgbe: Add ethtool show/set channels support (git-fixes).
   - amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).
   - amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).
   - amd-xgbe: Add hardware features debug output (git-fixes).
   - amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).
   - amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).
   - amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).
   - amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).
   - amd-xgbe: Always attempt link training in KR mode (git-fixes).
   - amd-xgbe: Be sure driver shuts down cleanly on module removal
     (git-fixes).
   - amd-xgbe: Convert to generic power management (git-fixes).
   - amd-xgbe: Fix debug output of max channel counts (git-fixes).
   - amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).
   - amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).
   - amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).
   - amd-xgbe: fix spelling mistake: "avialable" -> "available" (git-fixes).
   - amd-xgbe: Handle return code from software reset function (git-fixes).
   - amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).
   - amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).
   - amd-xgbe: Limit the I2C error messages that are output (git-fixes).
   - amd-xgbe: Mark expected switch fall-throughs (git-fixes).
   - amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).
   - amd-xgbe: Prepare for ethtool set-channel support (git-fixes).
   - amd-xgbe: Read and save the port property registers during probe
     (git-fixes).
   - amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).
   - amd-xgbe: remove unnecessary conversion to bool (git-fixes).
   - amd-xgbe: Remove use of comm_owned field (git-fixes).
   - amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).
   - amd-xgbe: Simplify the burst length settings (git-fixes).
   - amd-xgbe: use devm_platform_ioremap_resource() to simplify code
     (git-fixes).
   - amd-xgbe: use dma_mapping_error to check map errors (git-fixes).
   - amd-xgbe: Use __napi_schedule() in BH context (git-fixes).
   - amd-xgbe: Use the proper register during PTP initialization (git-fixes).
   - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
   - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
   - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
   - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error
     handling path (git-fixes).
   - ath10k: provide survey info as accumulated data (git-fixes).
   - ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
     (git-fixes).
   - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
     (git-fixes).
   - ath9k: hif_usb: fix race condition between usb_get_urb() and
     usb_kill_anchored_urbs() (git-fixes).
   - backlight: sky81452-backlight: Fix refcount imbalance on error
     (git-fixes).
   - blk-mq: order adding requests to hctx->dispatch and checking
     SCHED_RESTART (bsc#1177750).
   - block: ensure bdi->io_pages is always initialized (bsc#1177749).
   - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
   - Bluetooth: Only mark socket zapped after unlocking (git-fixes).
   - bnxt: do not enable NAPI until rings are ready
     (networking-stable-20_09_11).
   - bnxt_en: Check for zero dir entries in NVRAM
     (networking-stable-20_09_11).
   - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
   - brcmfmac: check ndev pointer (git-fixes).
   - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
   - btrfs: check the right error variable in btrfs_del_dir_entries_in_log
     (bsc#1177687).
   - btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
   - btrfs: do not set the full sync flag on the inode during page release
     (bsc#1177687).
   - btrfs: fix incorrect updating of log root tree (bsc#1177687).
   - btrfs: fix race between page release and a fast fsync (bsc#1177687).
   - btrfs: only commit delayed items at fsync if we are logging a directory
     (bsc#1177687).
   - btrfs: only commit the delayed inode when doing a full fsync
     (bsc#1177687).
   - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations
     (bsc#1177856).
   - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
     (bsc#1177855).
   - btrfs: reduce contention on log trees when logging checksums
     (bsc#1177687).
   - btrfs: release old extent maps during page release (bsc#1177687).
   - btrfs: remove no longer needed use of log_writers for the log root tree
     (bsc#1177687).
   - btrfs: remove root usage from can_overcommit (bsc#1131277).
   - btrfs: stop incremening log_batch for the log root tree when syncing log
     (bsc#1177687).
   - btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).
   - btrfs: tree-checker: fix false alert caused by legacy btrfs root item
     (bsc#1177861).
   - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
   - can: flexcan: flexcan_chip_stop(): add error handling and propagate
     error value (git-fixes).
   - can: softing: softing_card_shutdown(): add braces around empty body in
     an 'if' statement (git-fixes).
   - ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).
   - ceph: map snapid to anonymous bdev ID (bsc#1178234).
   - ceph: promote to unsigned long long before shifting (bsc#1178187).
   - clk: at91: remove the checking of parent_name (git-fixes).
   - clk: bcm2835: add missing release if devm_clk_hw_register fails
     (git-fixes).
   - clk: imx8mq: Fix usdhc parents order (git-fixes).
   - coredump: fix crash when umh is disabled (bsc#1177753).
   - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
   - crypto: ccp - fix error handling (git-fixes).
   - crypto: dh - check validity of Z before export (bsc#1175716).
   - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175716).
   - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175716).
   - crypto: ecdh - check validity of Z before export (bsc#1175716).
   - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
     (git-fixes).
   - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
     (git-fixes).
   - crypto: omap-sham - fix digcnt register handling with export/import
     (git-fixes).
   - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
   - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
   - device property: Do not clear secondary pointer for shared primary
     firmware node (git-fixes).
   - device property: Keep secondary firmware node secondary by type
     (git-fixes).
   - Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable
     CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid
     confusion and unwanted values due to fragment config files.
   - Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not
     really useful for KMP, and rather confusing, so let's disable it at
     building out-of-tree codes
   - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
   - drivers: net: add missing interrupt.h include (git-fixes).
   - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).
   - drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
   - drm/gma500: fix error check (git-fixes).
   - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).
   - drm/nouveau/mem: guard against NULL pointer access in mem_del
     (git-fixes).
   - drm/sun4i: mixer: Extend regmap max_register (git-fixes).
   - ea43d9709f72 ("nvme: fix identify error status silent ignore")
   - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).
   - eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
   - ext4: fix dir_nlink behaviour (bsc#1177359).
   - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
     (networking-stable-20_08_24).
   - gtp: add GTPA_LINK info to msg sent to userspace
     (networking-stable-20_09_11).
   - HID: roccat: add bounds checking in kone_sysfs_write_settings()
     (git-fixes).
   - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
     (git-fixes).
   - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
   - i2c: meson: fix clock setting overwrite (git-fixes).
   - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
   - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
   - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
   - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760
     ltc#177449 git-fixes).
   - icmp: randomize the global rate limiter (git-fixes).
   - iio:accel:bma180: Fix use of true when should be iio_shared_by enum
     (git-fixes).
   - iio:adc:max1118 Fix alignment of timestamp and data leak issues
     (git-fixes).
   - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
   - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
   - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).
   - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:light:si1145: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required
     (git-fixes).
   - ima: Remove semicolon at the end of ima_get_binary_runtime_size()
     (git-fixes).
   - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes
     (mm/swap)).
   - Input: ep93xx_keypad - fix handling of platform_get_irq() error
     (git-fixes).
   - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes).
   - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
     (git-fixes).
   - Input: omap4-keypad - fix handling of platform_get_irq() error
     (git-fixes).
   - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).
   - Input: twl4030_keypad - fix handling of platform_get_irq() error
     (git-fixes).
   - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).
   - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
   - ip: fix tos reflection in ack and reset packets
     (networking-stable-20_09_24).
   - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
   - kbuild: enforce -Werror=return-type (bsc#1177281).
   - leds: mt6323: move period calculation (git-fixes).
   - libceph: clear con->out_msg on Policy::stateful_server faults
     (bsc#1178188).
   - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
   - lib/mpi: Add mpi_sub_ui() (bsc#1175716).
   - mac80211: do not allow bigger VHT MPDUs than the hardware supports
     (git-fixes).
   - mac80211: handle lack of sband->bitrates in rates (git-fixes).
   - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).
   - mailbox: avoid timer start from callback (git-fixes).
   - media: ati_remote: sanity check for both endpoints (git-fixes).
   - media: bdisp: Fix runtime PM imbalance on error (git-fixes).
   - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
     (git-fixes).
   - media: exynos4-is: Fix a reference count leak (git-fixes).
   - media: exynos4-is: Fix several reference count leaks due to
     pm_runtime_get_sync (git-fixes).
   - media: firewire: fix memory leak (git-fixes).
   - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).
   - media: media/pci: prevent memory leak in bttv_probe (git-fixes).
   - media: omap3isp: Fix memleak in isp_probe (git-fixes).
   - media: platform: fcp: Fix a reference count leak (git-fixes).
   - media: platform: s3c-camif: Fix runtime PM imbalance on error
     (git-fixes).
   - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
   - media: Revert "media: exynos4-is: Add missed check for
     pinctrl_lookup_state()" (git-fixes).
   - media: s5p-mfc: Fix a reference count leak (git-fixes).
   - media: saa7134: avoid a shift overflow (git-fixes).
   - media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
   - media: sti: Fix reference count leaks (git-fixes).
   - media: tc358743: initialize variable (git-fixes).
   - media: ti-vpe: Fix a missing check and reference count leak (git-fixes).
   - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).
   - media: usbtv: Fix refcounting mixup (git-fixes).
   - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
   - media: vsp1: Fix runtime PM imbalance on error (git-fixes).
   - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
     (git-fixes).
   - memory: omap-gpmc: Fix a couple off by ones (git-fixes).
   - mfd: sm501: Fix leaks in probe() (git-fixes).
   - mic: vop: copy data to kernel space then write to io memory (git-fixes).
   - misc: mic: scif: Fix error handling path (git-fixes).
   - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
   - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
     (git-fixes).
   - mlx5 PPC ringsize workaround (bsc#1173432).
   - mlx5: remove support for ib_get_vector_affinity (bsc#1174748).
   - mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
   - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
   - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
   - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
   - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
     (git-fixes (mm/hugetlb)).
   - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node()
     (git-fixes (mm/hugetlb)).
   - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
     (bsc#1177685).
   - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes
     (mm/mempolicy)).
   - mm/mempolicy.c: use match_string() helper to simplify the code
     (git-fixes (mm/mempolicy)).
   - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when
     marking page tables prot_numa (git-fixes (mm/numa)).
   - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages
     (git-fixes (mm/debug)).
   - mm/page-writeback.c: avoid potential division by zero in
     wb_min_max_ratio() (git-fixes (mm/writeback)).
   - mm/page-writeback.c: improve arithmetic divisions (git-fixes
     (mm/writeback)).
   - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide
     (git-fixes (mm/writeback)).
   - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
   - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes
     (mm/zsmalloc)).
   - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes
     (mm/zsmalloc)).
   - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes
     (mm/zsmalloc)).
   - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
     (git-fixes (mm/zsmalloc)).
   - Move the upstreamed bluetooth fix into sorted section
   - mtd: lpddr: fix excessive stack usage with clang (git-fixes).
   - mtd: mtdoops: Do not write panic data twice (git-fixes).
   - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).
   - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).
   - mwifiex: fix double free (git-fixes).
   - mwifiex: remove function pointer check (git-fixes).
   - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
     (git-fixes).
   - net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).
   - net: amd: fix return type of ndo_start_xmit function (git-fixes).
   - net/amd: Remove useless driver version (git-fixes).
   - net: amd-xgbe: fix comparison to bitshift when dealing with a mask
     (git-fixes).
   - net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).
   - net: apple: Fix manufacturer name in Kconfig help text (git-fixes).
   - net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).
   - net: disable netpoll on fresh napis (networking-stable-20_09_11).
   - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
     (git-fixes).
   - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
   - net: Fix potential wrong skb->protocol in skb_vlan_untag()
     (networking-stable-20_08_24).
   - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).
   - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
     (networking-stable-20_09_24).
   - netlabel: fix problems with mapping removal (networking-stable-20_09_11).
   - net/mlx5e: Take common TIR context settings into a function
     (bsc#1177740).
   - net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740).
   - net: mvmdio: defer probe of orion-mdio if a clock is not ready
     (git-fixes).
   - net: phy: Avoid NPD upon phy_detach() when driver is unbound
     (networking-stable-20_09_24).
   - net: qrtr: fix usage of idr in port assignment to socket
     (networking-stable-20_08_24).
   - net: systemport: Fix memleak in bcm_sysport_probe
     (networking-stable-20_09_11).
   - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
     (git-fixes).
   - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
     (networking-stable-20_09_11).
   - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
   - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
     (git-fixes).
   - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
     (git-fixes).
   - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
     nfc_genl_fw_download() (git-fixes).
   - NFS: On fatal writeback errors, we need to call
     nfs_inode_remove_request() (bsc#1177340).
   - NFS: Revalidate the file mapping on all fatal writeback errors
     (bsc#1177340).
   - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
   - nl80211: fix non-split wiphy information (git-fixes).
   - NTB: hw: amd: fix an issue about leak system resources (git-fixes).
   - nvme: add a Identify Namespace Identification Descriptor list quirk
     (bsc#1174748). add two previous futile attempts to fix the bug to
     blacklist.conf
   - nvme: do not update disk info for multipathed device (bsc#1171558).
   - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).
   - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).
   - nvme: fix possible io failures when removing multipathed ns
     (bsc#1174748).
   - nvme: make nvme_identify_ns propagate errors back (bsc#1174748).
   - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).
   - nvme-multipath: do not reset on unknown status (bsc#1174748).
   - nvme: Namepace identification descriptor list is optional (bsc#1174748).
   - nvme: pass status to nvme_error_status (bsc#1174748).
   - nvme-rdma: Avoid double freeing of async event data (bsc#1174748).
   - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).
   - nvme-rdma: fix crash when connect rejected (bsc#1174748).
   - nvme: return error from nvme_alloc_ns() (bsc#1174748).
   - perf/x86/amd: Fix sampling Large Increment per Cycle events
     (bsc#1114648).
   - perf/x86: Fix n_pair for cancelled txn (bsc#1114648).
   - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
     (git-fixes).
   - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
   - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
     (git-fixes).
   - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
     (git-fixes).
   - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).
   - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load
     emulation (bsc#1065729).
   - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).
   - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).
   - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).
   - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).
   - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).
   - powerpc/powernv/elog: Fix race while processing OPAL error log event
     (bsc#1065729).
   - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
     (bsc#1077428 ltc#163882 git-fixes).
   - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).
   - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes).
   - pwm: lpss: Add range limit check for the base_unit register value
     (git-fixes).
   - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
     (git-fixes).
   - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).
   - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
   - rtl8xxxu: prevent potential memory leak (git-fixes).
   - scsi: fnic: Do not call 'scsi_done()' for unhandled commands
     (bsc#1168468, bsc#1171675).
   - scsi: hisi_sas: Add debugfs ITCT file and add file operations
     (bsc#1140683).
   - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).
   - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32()
     (bsc#1140683).
   - scsi: hisi_sas: Change return variable type in phy_up_v3_hw()
     (bsc#1140683).
   - scsi: hisi_sas: Correct memory allocation size for DQ debugfs
     (bsc#1140683).
   - scsi: hisi_sas: Do some more tidy-up (bsc#1140683).
   - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
     (bsc#1140683).
   - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs
     code (bsc#1140683). Refresh:
   - scsi: hisi_sas: No need to check return value of debugfs_create
     functions (bsc#1140683). Update:
   - scsi: hisi_sas: Some misc tidy-up (bsc#1140683).
   - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).
   - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166
     ltc#188226).
   - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling
     getpeername() (bsc#1177258).
   - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix I/O failures during remote port toggle testing
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Make tgt_port_database available in initiator mode
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520
     bsc#1172538).
   - sctp: not disable bh in the whole sctp_get_port_local()
     (networking-stable-20_09_11).
   - spi: fsl-espi: Only process interrupts for expected events (git-fixes).
   - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271).
   - target-use-scsi_set_sense_information-helper-on-misc.patch:
     (bsc#1177719).
   - tg3: Fix soft lockup when tg3_reset_task() fails
     (networking-stable-20_09_11).
   - tipc: fix memory leak caused by tipc_buf_append() (git-fixes).
   - tipc: fix shutdown() of connectionless socket
     (networking-stable-20_09_11).
   - tipc: fix shutdown() of connection oriented socket
     (networking-stable-20_09_24).
   - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).
   - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
     (networking-stable-20_08_24).
   - tipc: use skb_unshare() instead in tipc_buf_append()
     (networking-stable-20_09_24).
   - tty: ipwireless: fix error handling (git-fixes).
   - tty: serial: earlycon dependency (git-fixes).
   - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).
   - USB: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
   - USB: cdc-acm: handle broken union descriptors (git-fixes).
   - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync()
     (git-fixes).
   - USB: core: Solve race condition in anchor cleanup functions (git-fixes).
   - USB: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).
   - USB: dwc2: Fix parameter type in function pointer prototype (git-fixes).
   - USB: dwc3: core: add phy cleanup for probe error handling (git-fixes).
   - USB: dwc3: core: do not trigger runtime pm when remove driver
     (git-fixes).
   - USB: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).
   - USB: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets
     (git-fixes).
   - USB: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).
   - USB: gadget: function: printer: fix use-after-free in __lock_acquire
     (git-fixes).
   - USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well
     (git-fixes).
   - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
   - USB: ohci: Default to per-port over-current protection (git-fixes).
   - USB: serial: qcserial: fix altsetting probing (git-fixes).
   - vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202).
   - video: fbdev: sis: fix null ptr dereference (git-fixes).
   - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value
     error (git-fixes).
   - VMCI: check return value of get_user_pages_fast() for errors (git-fixes).
   - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
   - w1: mxc_w1: Fix timeout resolution problem leading to bus error
     (git-fixes).
   - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
   - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
   - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
     (git-fixes).
   - writeback: Avoid skipping inode writeback (bsc#1177755).
   - writeback: Fix sync livelock due to b_dirty_time processing
     (bsc#1177755).
   - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).
   - x86/apic: Unify duplicated local apic timer clockevent initialization
     (bsc#1112178).
   - x86, fakenuma: Fix invalid starting node ID (git-fixes
     (mm/x86/fakenuma)).
   - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178).
   - x86/xen: disable Firmware First mode for correctable memory errors
     (bsc#1176713).
   - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
   - xen/events: add a new "late EOI" evtchn framework (XSA-332 bsc#1177411).
   - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332
     bsc#1177411).
   - xen/events: avoid removing an event channel while handling it (XSA-331
     bsc#1177410).
   - xen/events: block rogue events for some time (XSA-332 bsc#1177411).
   - xen/events: defer eoi in case of excessive number of events (XSA-332
     bsc#1177411).
   - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
   - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
   - xen/events: switch user event channels to lateeoi model (XSA-332
     bsc#1177411).
   - xen/events: use a common cpu hotplug hook for event channels (XSA-332
     bsc#1177411).
   - xen/gntdev.c: Mark pages as dirty (bsc#1065600).
   - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
   - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
   - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
   - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt
     XEN data pointer which contains XEN specific information (XSA-332
     bsc#1065600).
   - xfs: avoid infinite loop when cancelling CoW blocks after writeback
     failure (bsc#1178027).
   - xfs: limit entries returned when counting fsmap records (git-fixes).
   - xgbe: no need to check return value of debugfs_create functions
     (git-fixes).
   - xgbe: switch to more generic VxLAN detection (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3281=1



Package List:

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-azure-4.12.14-16.34.1
      kernel-source-azure-4.12.14-16.34.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-azure-4.12.14-16.34.1
      kernel-azure-base-4.12.14-16.34.1
      kernel-azure-base-debuginfo-4.12.14-16.34.1
      kernel-azure-debuginfo-4.12.14-16.34.1
      kernel-azure-debugsource-4.12.14-16.34.1
      kernel-azure-devel-4.12.14-16.34.1
      kernel-syms-azure-4.12.14-16.34.1


References:

   https://www.suse.com/security/cve/CVE-2020-0430.html
   https://www.suse.com/security/cve/CVE-2020-12351.html
   https://www.suse.com/security/cve/CVE-2020-12352.html
   https://www.suse.com/security/cve/CVE-2020-14351.html
   https://www.suse.com/security/cve/CVE-2020-16120.html
   https://www.suse.com/security/cve/CVE-2020-25212.html
   https://www.suse.com/security/cve/CVE-2020-25285.html
   https://www.suse.com/security/cve/CVE-2020-25645.html
   https://www.suse.com/security/cve/CVE-2020-25656.html
   https://www.suse.com/security/cve/CVE-2020-27673.html
   https://www.suse.com/security/cve/CVE-2020-27675.html
   https://bugzilla.suse.com/1055014
   https://bugzilla.suse.com/1061843
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1066382
   https://bugzilla.suse.com/1077428
   https://bugzilla.suse.com/1112178
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1131277
   https://bugzilla.suse.com/1134760
   https://bugzilla.suse.com/1140683
   https://bugzilla.suse.com/1152624
   https://bugzilla.suse.com/1157424
   https://bugzilla.suse.com/1163592
   https://bugzilla.suse.com/1168468
   https://bugzilla.suse.com/1171558
   https://bugzilla.suse.com/1171675
   https://bugzilla.suse.com/1172538
   https://bugzilla.suse.com/1172757
   https://bugzilla.suse.com/1173432
   https://bugzilla.suse.com/1174748
   https://bugzilla.suse.com/1175520
   https://bugzilla.suse.com/1175716
   https://bugzilla.suse.com/1176354
   https://bugzilla.suse.com/1176381
   https://bugzilla.suse.com/1176395
   https://bugzilla.suse.com/1176400
   https://bugzilla.suse.com/1176410
   https://bugzilla.suse.com/1176485
   https://bugzilla.suse.com/1176560
   https://bugzilla.suse.com/1176713
   https://bugzilla.suse.com/1176723
   https://bugzilla.suse.com/1176946
   https://bugzilla.suse.com/1177027
   https://bugzilla.suse.com/1177086
   https://bugzilla.suse.com/1177101
   https://bugzilla.suse.com/1177258
   https://bugzilla.suse.com/1177271
   https://bugzilla.suse.com/1177281
   https://bugzilla.suse.com/1177340
   https://bugzilla.suse.com/1177359
   https://bugzilla.suse.com/1177410
   https://bugzilla.suse.com/1177411
   https://bugzilla.suse.com/1177470
   https://bugzilla.suse.com/1177511
   https://bugzilla.suse.com/1177685
   https://bugzilla.suse.com/1177687
   https://bugzilla.suse.com/1177719
   https://bugzilla.suse.com/1177724
   https://bugzilla.suse.com/1177725
   https://bugzilla.suse.com/1177740
   https://bugzilla.suse.com/1177749
   https://bugzilla.suse.com/1177750
   https://bugzilla.suse.com/1177753
   https://bugzilla.suse.com/1177754
   https://bugzilla.suse.com/1177755
   https://bugzilla.suse.com/1177766
   https://bugzilla.suse.com/1177855
   https://bugzilla.suse.com/1177856
   https://bugzilla.suse.com/1177861
   https://bugzilla.suse.com/1178027
   https://bugzilla.suse.com/1178166
   https://bugzilla.suse.com/1178185
   https://bugzilla.suse.com/1178187
   https://bugzilla.suse.com/1178188
   https://bugzilla.suse.com/1178202
   https://bugzilla.suse.com/1178234
   https://bugzilla.suse.com/1178330
   https://bugzilla.suse.com/936888



More information about the sle-security-updates mailing list