SUSE-SU-2020:2879-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Oct 8 10:27:57 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2879-1
Rating:             important
References:         #1055186 #1058115 #1065600 #1065729 #1094244 
                    #1136666 #1152148 #1152472 #1152489 #1153274 
                    #1154353 #1155518 #1155798 #1156395 #1167527 
                    #1170232 #1170774 #1171000 #1171068 #1171073 
                    #1171558 #1171688 #1171742 #1172419 #1172757 
                    #1172873 #1173017 #1173060 #1173115 #1173267 
                    #1173746 #1174029 #1174110 #1174111 #1174358 
                    #1174484 #1174486 #1174899 #1175263 #1175667 
                    #1175718 #1175749 #1175787 #1175882 #1175952 
                    #1175996 #1175997 #1175998 #1175999 #1176000 
                    #1176001 #1176019 #1176022 #1176038 #1176063 
                    #1176137 #1176235 #1176236 #1176237 #1176242 
                    #1176278 #1176357 #1176358 #1176359 #1176360 
                    #1176361 #1176362 #1176363 #1176364 #1176365 
                    #1176366 #1176367 #1176381 #1176423 #1176449 
                    #1176482 #1176486 #1176507 #1176536 #1176537 
                    #1176538 #1176539 #1176540 #1176541 #1176542 
                    #1176544 #1176545 #1176546 #1176548 #1176558 
                    #1176559 #1176587 #1176588 #1176659 #1176698 
                    #1176699 #1176700 #1176721 #1176722 #1176725 
                    #1176732 #1176763 #1176775 #1176788 #1176789 
                    #1176833 #1176869 #1176877 #1176925 #1176962 
                    #1176980 #1176990 #1177021 #1177030 
Cross-References:   CVE-2020-0404 CVE-2020-0427 CVE-2020-0431
                    CVE-2020-0432 CVE-2020-14385 CVE-2020-14390
                    CVE-2020-2521 CVE-2020-25284 CVE-2020-26088
                   
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP2
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

   An update that solves 9 vulnerabilities and has 105 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket
     creation could have been used by local attackers to create raw sockets,
     bypassing security mechanisms (bsc#1176990).
   - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
     corruption or a denial of service when changing screen size
     (bnc#1176235).
   - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow
     (bsc#1176721).
   - CVE-2020-0427: Fixed an out of bounds read due to a use after free
     (bsc#1176725).
   - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds
     check (bsc#1176722).
   - CVE-2020-0404: Fixed a linked list corruption due to an unusual root
     cause (bsc#1176423).
   - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow
     (bsc#1176381).
   - CVE-2020-25284: Fixed an incomplete permission checking for access to
     rbd devices, which could have been leveraged by local attackers to map
     or unmap rbd block devices (bsc#1176482).
   - CVE-2020-14385: Fixed a failure of the file system metadata validator in
     XFS which could have caused an inode with a valid, user-creatable
     extended attribute to be flagged as corrupt (bsc#1176137).

   The following non-security bugs were fixed:

   - ALSA: asihpi: fix iounmap in error handler (git-fixes).
   - ALSA: ca0106: fix error code handling (git-fixes).
   - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
     (git-fixes).
   - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
   - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
   - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
     (git-fixes).
   - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A
     PRO (git-fixes).
   - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes).
   - ALSA: hda: hdmi - add Rocketlake support (git-fixes).
   - ALSA: hda/hdmi: always check pin power status in i915 pin fixup
     (git-fixes).
   - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
     (git-fixes).
   - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
     (git-fixes).
   - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
     P520 (git-fixes).
   - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
     (git-fixes).
   - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes).
   - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes).
   - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
     (git-fixes).
   - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2
     (git-fixes).
   - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes).
   - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620
     (git-fixes).
   - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833).
   - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes).
   - ASoC: img-parallel-out: Fix a reference count leak (git-fixes).
   - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes).
   - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes).
   - ASoC: qcom: Set card->owner to avoid warnings (git-fixes).
   - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes).
   - ASoC: tegra: Fix reference count leaks (git-fixes).
   - ata: ahci: use ata_link_info() instead of ata_link_printk()
     (jsc#SLE-14459).
   - batman-adv: Add missing include for in_interrupt() (git-fixes).
   - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
   - batman-adv: bla: fix type misuse for backbone_gw hash indexing
     (git-fixes).
   - batman-adv: bla: use netif_rx_ni when not in interrupt context
     (git-fixes).
   - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes).
   - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
     (git-fixes).
   - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
     (git-fixes).
   - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
     (git-fixes).
   - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
     (git-fixes).
   - bcache: allocate meta data pages as compound pages (bsc#1172873).
   - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes
     (bitfield)).
   - blktrace: fix debugfs use after free (git fixes (block drivers)).
   - block: add docs for gendisk / request_queue refcount helpers (git fixes
     (block drivers)).
   - block: check queue's limits.discard_granularity in
     __blkdev_issue_discard() (bsc#1152148).
   - block: improve discard bio alignment in __blkdev_issue_discard()
     (bsc#1152148).
   - block: revert back to synchronous request_queue removal (git fixes
     (block drivers)).
   - block: Use non _rcu version of list functions for tag_set_list
     (git-fixes).
   - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021).
   - bnxt: do not enable NAPI until rings are ready (git-fixes).
   - bnxt_en: Check for zero dir entries in NVRAM (git-fixes).
   - bnxt_en: Do not query FW when netif_running() is false (git-fixes).
   - bnxt_en: Fix completion ring sizing with TPA enabled
     (networking-stable-20_07_29).
   - bnxt_en: fix HWRM error when querying VF temperature (git-fixes).
   - bnxt_en: Fix PCI AER error recovery flow (git-fixes).
   - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371
     bsc#1153274).
   - bnxt_en: Fix race when modifying pause settings
     (networking-stable-20_07_29).
   - bonding: check error value of register_netdevice() immediately
     (networking-stable-20_07_29).
   - bonding: check return value of register_netdevice() in bond_newlink()
     (networking-stable-20_07_29).
   - bonding: fix a potential double-unregister (git-fixes).
   - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518).
   - bpf: map_seq_next should always increase position index (bsc#1155518).
   - btrfs: add a leak check for roots (bsc#1176019).
   - btrfs: add __cold attribute to more functions (bsc#1176019).
   - btrfs: add dedicated members for start and length of a block group
     (bsc#1176019).
   - btrfs: Add read_backup_root (bsc#1176019).
   - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019).
   - btrfs: block-group: Reuse the item key from caller of
     read_one_block_group() (bsc#1176019).
   - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019).
   - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root
     (bsc#1176019).
   - btrfs: do not init a reloc root if we are not relocating (bsc#1176019).
   - btrfs: Do not use objectid_mutex during mount (bsc#1176019).
   - btrfs: drop block from cache on error in relocation (bsc#1176019).
   - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019).
   - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019).
   - btrfs: export and rename free_fs_info (bsc#1176019).
   - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019).
   - btrfs: Factor out tree roots initialization during mount (bsc#1176019).
   - btrfs: fix setting last_trans for reloc roots (bsc#1176019).
   - btrfs: free more things in btrfs_free_fs_info (bsc#1176019).
   - btrfs: free the reloc_control in a consistent way (bsc#1176019).
   - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019).
   - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019).
   - btrfs: hold a ref on fs roots while they're in the radix tree
     (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry
     (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info
     (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019).
   - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user
     (bsc#1176019).
   - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019).
   - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019).
   - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019).
   - btrfs: hold a ref on the root in create_subvol (bsc#1176019).
   - btrfs: hold a ref on the root in find_data_references (bsc#1176019).
   - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019).
   - btrfs: hold a ref on the root in get_subvol_name_from_objectid
     (bsc#1176019).
   - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019).
   - btrfs: hold a ref on the root in open_ctree (bsc#1176019).
   - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019).
   - btrfs: hold a ref on the root in record_reloc_root_in_trans
     (bsc#1176019).
   - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019).
   - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019).
   - btrfs: hold a ref on the root in search_ioctl (bsc#1176019).
   - btrfs: hold a ref on the root->reloc_root (bsc#1176019).
   - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019).
   - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019).
   - btrfs: implement full reflink support for inline extents (bsc#1176019).
   - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019).
   - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019).
   - btrfs: make the fs root init functions static (bsc#1176019).
   - btrfs: make the init of static elements in fs_info separate
     (bsc#1176019).
   - btrfs: move all reflink implementation code into its own file
     (bsc#1176019).
   - btrfs: move block_group_item::flags to block group (bsc#1176019).
   - btrfs: move block_group_item::used to block group (bsc#1176019).
   - btrfs: move fs_info init work into it's own helper function
     (bsc#1176019).
   - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019).
   - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019).
   - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019).
   - btrfs: push grab_fs_root into read_fs_root (bsc#1176019).
   - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019).
   - btrfs: reloc: clean dirty subvols if we fail to start a transaction
     (bsc#1176019).
   - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019).
   - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019).
   - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019).
   - btrfs: remove embedded block_group_cache::item (bsc#1176019).
   - btrfs: Remove newest_gen argument from find_oldest_super_backup
     (bsc#1176019).
   - btrfs: Remove unused next_root_backup function (bsc#1176019).
   - btrfs: rename block_group_item on-stack accessors to follow naming
     (bsc#1176019).
   - btrfs: rename btrfs_block_group_cache (bsc#1176019).
   - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019).
   - btrfs: rename extent buffer block group item accessors (bsc#1176019).
   - btrfs: Rename find_oldest_super_backup to init_backup_root_slot
     (bsc#1176019).
   - btrfs: require only sector size alignment for parent eb bytenr
     (bsc#1176789).
   - btrfs: reset tree root pointer after error in init_tree_roots
     (bsc#1176019).
   - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019).
   - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019).
   - btrfs: Streamline btrfs_fs_info::backup_root_index semantics
     (bsc#1176019).
   - btrfs: tree-checker: fix the error message for transid error
     (bsc#1176788).
   - btrfs: unset reloc control if we fail to recover (bsc#1176019).
   - btrfs: use bool argument in free_root_pointers() (bsc#1176019).
   - btrfs: use btrfs_block_group_cache_done in update_block_group
     (bsc#1176019).
   - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019).
   - ceph: do not allow setlease on cephfs (bsc#1176537).
   - ceph: fix potential mdsc use-after-free crash (bsc#1176538).
   - ceph: fix use-after-free for fsc->mdsc (bsc#1176539).
   - ceph: handle zero-length feature mask in session messages (bsc#1176540).
   - ceph: set sec_context xattr on symlink creation (bsc#1176541).
   - ceph: use frag's MDS in either mode (bsc#1176542).
   - cfg80211: regulatory: reject invalid hints (bsc#1176699).
   - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
   - cifs: Fix leak when handling lease break for cached root fid
     (bsc#1176242).
   - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
   - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
   - clk: davinci: Use the correct size when allocating memory (git-fixes).
   - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
   - crypto: ecdh - check validity of Z before export (bsc#1175718).
   - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).
   - crypto: dh - check validity of Z before export (bsc#1175718).
   - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).
   - cxgb4: fix thermal zone device registration (git-fixes).
   - dax: do not print error message for non-persistent memory block device
     (bsc#1171073).
   - dax: print error message by pr_info() in __generic_fsdax_supported()
     (bsc#1171073).
   - debugfs: Fix module state check condition (bsc#1173746).
   - debugfs: Fix module state check condition (git-fixes).
   - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29).
   - device property: Fix the secondary firmware node handling in
     set_primary_fwnode() (git-fixes).
   - dmaengine: acpi: Put the CSRT table after using it (git-fixes).
   - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
     at_dma_xlate() (git-fixes).
   - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes).
   - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
     (git-fixes).
   - dmaengine: pl330: Fix burst length if burst size is smaller than bus
     width (git-fixes).
   - dm: do not call report zones for more than the user requested (git fixes
     (block drivers)).
   - dm integrity: fix integrity recalculation that is improperly skipped
     (git fixes (block drivers)).
   - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes
     (block drivers)).
   - dm writecache: add cond_resched to loop in persistent_memory_claim()
     (git fixes (block drivers)).
   - dm writecache: correct uncommitted_block when discarding uncommitted
     entry (git fixes (block drivers)).
   - dm zoned: assign max_io_len correctly (git fixes (block drivers)).
   - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning
     (networking-stable-20_08_08).
   - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).
   - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486
     ltc#188130).
   - Drivers: hv: Specify receive buffer size using Hyper-V page size
     (bsc#1176877).
   - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
   - Drivers: hv: vmbus: hibernation: do not hang forever in
     vmbus_bus_resume() (git-fixes).
   - drivers/net/wan/x25_asy: Fix to make it work
     (networking-stable-20_07_29).
   - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
   - drm/amd/display: Switch to immediate mode for updating infopackets
     (git-fixes).
   - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
     (git-fixes).
   - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
   - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
     (git-fixes).
   - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
   - drm/amdgpu/gfx10: refine mgcg setting (git-fixes).
   - drm/amdkfd: Fix reference count leaks (git-fixes).
   - drm/amd/pm: correct the thermal alert temperature limit settings
     (git-fixes).
   - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
   - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
   - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes).
   - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading
     (git-fixes).
   - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes).
   - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).
   - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) 	*
     context changes
   - drm/mgag200: Remove declaration of mgag200_mmap() from header file
     (bsc#1152472) 	* context changes
   - drm/msm/a6xx: fix crashdec section name typo (git-fixes).
   - drm/msm/adreno: fix updating ring fence (git-fixes).
   - drm/msm/gpu: make ringbuffer readonly (git-fixes).
   - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
     (git-fixes).
   - drm/nouveau: Fix reference count leak in nouveau_connector_detect
     (git-fixes).
   - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
     (git-fixes).
   - drm/radeon: fix multiple reference count leak (git-fixes).
   - drm/radeon: Prefer lower feedback dividers (git-fixes).
   - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes).
   - drm/sun4i: add missing put_device() call in (bsc#1152472)
   - drm/sun4i: backend: Disable alpha on the lowest plane on the A20
     (bsc#1152472)
   - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472)
   - drm/sun4i: Fix dsi dcs long write function (bsc#1152472)
   - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) 	* context
     changes
   - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
   - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489).
   - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489).
   - EDAC: Fix reference count leaks (bsc#1152489).
   - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110,
     bsc#1174111).
   - efi: avoid error message when booting under Xen (bsc#1172419).
   - efi/efivars: Expose RT service availability via efivars abstraction
     (bsc#1174029, bsc#1174110, bsc#1174111).
   - efi: libstub/tpm: enable tpm eventlog function for ARM platforms
     (bsc#1173267).
   - efi: Mark all EFI runtime services as unsupported on non-EFI boot
     (bsc#1174029, bsc#1174110, bsc#1174111).
   - efi: Register EFI rtc platform device only when available (bsc#1174029,
     bsc#1174110, bsc#1174111).
   - efi: Store mask of supported runtime services in struct efi
     (bsc#1174029, bsc#1174110, bsc#1174111).
   - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110,
     bsc#1174111).
   - efi: Use more granular check for availability for variable services
     (bsc#1174029, bsc#1174110, bsc#1174111).
   - enetc: Remove the mdio bus on PF probe bailout
     (networking-stable-20_07_29).
   - epoll: atomically remove wait entry on wake up (bsc#1176236).
   - epoll: call final ep_events_available() check under the lock
     (bsc#1176237).
   - ext4: handle read only external journal device (bsc#1176063).
   - fbcon: prevent user font height or width change from causing potential
     out-of-bounds access (git-fixes).
   - felix: Fix initialization of ioremap resources (bsc#1175997).
   - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600).
   - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775).
   - HID: core: Correctly handle ReportSize being zero (git-fixes).
   - HID: core: fix dmesg flooding if report field larger than 32bit
     (bsc#1176775).
   - HID: core: reformat and reduce hid_printk macros (bsc#1176775).
   - HID: core: Sanitize event code and type when mapping input (git-fixes).
   - HID: elan: Fix memleak in elan_input_configured (git-fixes).
   - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
     (git-fixes).
   - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands
     (git-fixes).
   - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller
     (git-fixes).
   - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes).
   - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes).
   - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
     (git-fixes).
   - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
   - hv_netvsc: do not use VF device if link is down (git-fixes).
   - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes).
   - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes).
   - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
   - hv_utils: return error if host timesysnc update is stale (bsc#1176877).
   - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
   - i2c: core: Do not fail PRP0001 enumeration when no ID table exist
     (git-fixes).
   - i2c: i801: Fix resume bug (git-fixes).
   - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes).
   - i2c: rcar: in slave mode, clear NACK earlier (git-fixes).
   - i40e: Fix crash during removing i40e driver (git-fixes).
   - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).
   - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
   - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
   - iio:accel:mma7455: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:accel:mma8452: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
   - iio:adc:max1118 Fix alignment of timestamp and data leak issues
     (git-fixes).
   - iio: adc: mcp3422: fix locking on error path (git-fixes).
   - iio: adc: mcp3422: fix locking scope (git-fixes).
   - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
   - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes).
   - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
     (git-fixes).
   - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
     (git-fixes).
   - iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
   - iio:light:max44000 Fix timestamp alignment and prevent data leak
     (git-fixes).
   - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
   - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak
     (git-fixes).
   - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes).
   - include/linux/bitops.h: avoid clang shift-count-overflow warnings
     (git-fixes).
   - include/linux/poison.h: remove obsolete comment (git-fixes).
   - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029,
     bsc#1174110, bsc#1174111).
   - initramfs: remove clean_rootfs (git-fixes).
   - initramfs: remove the populate_initrd_image and clean_rootfs stubs
     (git-fixes).
   - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
     (git-fixes).
   - Input: trackpoint - add new trackpoint variant IDs (git-fixes).
   - integrity: Check properly whether EFI GetVariable() is available
     (bsc#1174029, bsc#1174110, bsc#1174111).
   - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358).
   - iommu/amd: Do not use IOMMUv2 functionality when SME is active
     (bsc#1174358).
   - iommu/amd: Print extended features in one line to fix divergent log
     levels (bsc#1176357).
   - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358).
   - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359).
   - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
     (bsc#1176360).
   - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361).
   - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362).
   - iommu/vt-d: Handle non-page aligned address (bsc#1176367).
   - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363).
   - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364).
   - iommu/vt-d: Support flushing more translation cache types (bsc#1176365).
   - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08).
   - ipv6: fix memory leaks on IPV6_ADDRFORM path
     (networking-stable-20_08_08).
   - ipv6: Fix nexthop refcnt leak when creating ipv6 route info
     (networking-stable-20_08_08).
   - irqdomain/treewide: Free firmware node after domain removal (git-fixes).
   - irqdomain/treewide: Keep firmware node unconditionally allocated
     (git-fixes).
   - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029,
     bsc#1174110, bsc#1174111).
   - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi).
   - kabi/severities: ignore kABI for net/ethernet/mscc/ References:
     bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/
     are only used by drivers/net/dsa/ocelot/
   - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).
   - kernel-syms.spec.in: Also use bz compression (boo#1175882).
   - libnvdimm: cover up struct nvdimm changes (bsc#1171742).
   - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
   - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
   - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
   - libbpf: Fix readelf output parsing on powerpc with recent binutils
     (bsc#1155518).
   - libbpf: Fix readelf output parsing for Fedora (bsc#1155518).
   - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
     (jsc#SLE-14459).
   - lib/mpi: Add mpi_sub_ui() (bsc#1175718).
   - md: raid0/linear: fix dereference before null check on pointer mddev
     (git fixes (block drivers)).
   - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes).
   - media: davinci: vpif_capture: fix potential double free (git-fixes).
   - media: gpio-ir-tx: improve precision of transmitted signal due to
     scheduling (git-fixes).
   - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
     DMA value in debiirq() (git-fixes).
   - mei: fix CNL itouch device number to match the spec (bsc#1175952).
   - mei: me: disable mei interface on LBG servers (bsc#1175952).
   - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).
   - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
   - mlx4: disable device on shutdown (git-fixes).
   - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
     (networking-stable-20_07_29).
   - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings
     (git-fixes).
   - mmc: mediatek: add optional module reset property (git-fixes).
   - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes).
   - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).
   - mmc: sdhci-msm: Add retries when all tuning phases are found valid
     (git-fixes).
   - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt
     (git-fixes).
   - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes).
   - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)).
   - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes
     (mm/pgalloc)).
   - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)).
   - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes
     (mm/compaction)).
   - mm/shuffle: do not move pages between zones and do not read garbage
     memmaps (git fixes (mm/pgalloc)).
   - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes
     (mm/pgalloc)).
   - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).
   - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).
   - net: dsa: microchip: call phy_remove_link_mode during probe
     (networking-stable-20_07_29).
   - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).
   - net: enetc: fix an issue about leak system resources (bsc#1176000).
   - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
     (git-fixes).
   - net: ethernet: mtk_eth_soc: fix MTU warnings
     (networking-stable-20_08_08).
   - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587).
   - net: Fix potential memory leak in proto_register()
     (networking-stable-20_08_15).
   - net: gre: recompute gre csum for sctp over gre tunnels
     (networking-stable-20_08_08).
   - net: initialize fastreuse on inet_inherit_port
     (networking-stable-20_08_15).
   - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan
     aware bridge (bsc#1176001).
   - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
   - net: refactor bind_bucket fastreuse into helper
     (networking-stable-20_08_15).
   - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353).
   - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15).
   - net/smc: put slot when connection is killed (git-fixes).
   - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
     (networking-stable-20_07_29).
   - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
     (networking-stable-20_08_08).
   - net/tls: Fix kmap usage (networking-stable-20_08_15).
   - net: udp: Fix wrong clean up for IS_UDPLITE macro
     (networking-stable-20_07_29).
   - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
   - nvme-fc: set max_segments to lldd max value (bsc#1176038).
   - nvme-pci: override the value of the controller's numa node (bsc#1176507).
   - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
   - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
     (git-fixes).
   - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
     (networking-stable-20_08_08).
   - PCI: Add device even if driver attach failed (git-fixes).
   - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).
   - PCI: Fix pci_create_slot() reference count leak (git-fixes).
   - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).
   - platform/x86: dcdbas: Check SMBIOS for protected buffer address
     (jsc#SLE-14407).
   - PM: sleep: core: Fix the handling of pending runtime resume requests
     (git-fixes).
   - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395).
   - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244
     ltc#168122).
   - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244
     ltc#168122).
   - powerpc: Add cputime_to_nsecs() (bsc#1065729).
   - powerpc/book3s64/radix: Add kernel command line option to disable radix
     GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512).
   - powerpc/book3s64/radix: Fix boot failure with large amount of guest
     memory (bsc#1176022 ltc#187208).
   - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962).
   - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
   - powerpc/kernel: Cleanup machine check function declarations
     (bsc#1065729).
   - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests
     (bsc#1177030 ltc#187588).
   - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436
     jsc#SLE-13512).
   - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only
     (bsc#1177030 ltc#187588).
   - powerpc/mm/radix: Create separate mappings for hot-plugged memory
     (bsc#1055186 ltc#153436).
   - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table
     mappings (bsc#1055186 ltc#153436).
   - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186
     ltc#153436).
   - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436).
   - powerpc/numa: Early request for home node associativity (bsc#1171068
     ltc#183935).
   - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935).
   - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935).
   - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068
     ltc#183935).
   - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068
     ltc#183935).
   - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
     (bsc#1176486 ltc#188130).
   - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395).
   - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186
     ltc#153436 jsc#SLE-13512).
   - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244
     ltc#168122).
   - powerpc/pseries: Machine check use rtas_call_unlocked() with args on
     stack (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths
     (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244
     ltc#168122).
   - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244
     ltc#168122).
   - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
   - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244
     ltc#168122).
   - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S
     (bsc#1065729).
   - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29).
   - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017).
   - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017).
   - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774).
   - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds
     (bsc#1170774).
   - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017).
   - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774).
   - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes).
   - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381).
   - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive()
     (git-fixes).
   - regulator: fix memory leak on error path of regulator_register()
     (git-fixes).
   - regulator: plug of_node leak in regulator_register()'s error path
     (git-fixes).
   - regulator: push allocation in regulator_ena_gpio_request() out of lock
     (git-fixes).
   - regulator: push allocation in regulator_init_coupling() outside of lock
     (git-fixes).
   - regulator: push allocation in set_consumer_device_supply() out of lock
     (git-fixes).
   - regulator: push allocations in create_regulator() outside of lock
     (git-fixes).
   - regulator: pwm: Fix machine constraints application (git-fixes).
   - regulator: remove superfluous lock in regulator_resolve_coupling()
     (git-fixes).
   - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE"
     (bsc#1065600).
   - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules
     (bsc#1176869 ltc#188243).
   - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857
     jsc#SLE-13618).
   - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When
     -fdump-ipa-clones option is enabled, GCC reports about its cloning
     operation during IPA optimizations. We use the information for live
     patches preparation, because it is crucial to know if and how functions
     are optimized. Currently, we create the needed .ipa-clones dump files
     manually. It is unnecessary, because the files may be created
     automatically during our kernel build. Prepare for the step and provide
     the resulting files in -livepatch-devel package.
   - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115)
     To avoid the unnecessary key enrollment, when enrolling the signing key
     of the kernel package, "--ca-check" is added to mokutil so that mokutil
     will ignore the request if the CA of the signing key already exists in
     MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is
     only defined in a kernel module package (KMP), it's used to determine
     whether the %post script is running in a kernel package, or a kernel
     module package.
   - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
   - rpm/macros.kernel-source: pass -c proerly in kernel module package
     (bsc#1176698) The "-c" option wasn't passed down to
     %_kernel_module_package so the ueficert subpackage wasn't generated even
     if the certificate is specified in the spec file.
   - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
   - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
     (networking-stable-20_08_08).
   - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
     (networking-stable-20_07_29).
   - s390: Change s390_kernel_write() return type to match memcpy()
     (bsc#1176449). Prerequisite for bsc#1176449.
   - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes).
   - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes).
   - s390/maccess: add no DAT mode to kernel_write (bsc#1176449).
   - s390/mm: fix huge pte soft dirty copying (git-fixes).
   - s390/qeth: do not process empty bridge port events (git-fixes).
   - s390/qeth: integrate RX refill worker with NAPI (git-fixes).
   - s390/qeth: tolerate pre-filled RX buffer (git-fixes).
   - s390/setup: init jump labels before command line parsing (git-fixes).
   - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes
     (block drivers)).
   - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU
     scheduler functional and performance backports)).
   - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and
     performance backports)).
   - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler
     functional and performance backports)).
   - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU
     scheduler functional and performance backports)).
   - sched/debug: Fix the alignment of the show-state debug output
     (bnc#1155798 (CPU scheduler functional and performance backports)).
   - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler
     functional and performance backports)).
   - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity()
     (bnc#1155798 (CPU scheduler functional and performance backports)).
   - sched/fair: update_pick_idlest() Select group with lowest group_util
     when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and
     performance backports)).
   - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU
     scheduler functional and performance backports)).
   - sched: nohz: stop passing around unused "ticks" parameter (bnc#1155798
     (CPU scheduler functional and performance backports)).
   - sched/numa: Check numa balancing information only when enabled
     (bsc#1176588).
   - sched/numa: Avoid creating large imbalances at task creation time
     (bsc#1176588).
   - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU
     scheduler functional and performance backports)).
   - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
   - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962
     ltc#188304).
   - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
     (bsc#1176962 ltc#188304).
   - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029,
     bsc#1174110, bsc#1174111).
   - scsi: libfc: Fix for double free() (bsc#1174899).
   - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
     (bsc#1174899).
   - scsi: lpfc: Add and rename a whole bunch of function parameter
     descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787
     bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
   - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset()
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Ensure variable has the same stipulations as code using it
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix oops when unloading driver while running mds diags
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
   - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558
     bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
     jsc#SLE-15449).
   - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060
     bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
     targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param
     (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000
     jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486
     bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666
     bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
   - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
   - scsi: qla2xxx: Fix the return value (bsc#1171688).
   - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call
     (bsc#1171688).
   - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
     (bsc#1171688).
   - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg()
     (bsc#1171688).
   - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle()
     (bsc#1171688).
   - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
   - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
   - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
   - scsi: qla2xxx: Simplify return value logic in
     qla2x00_get_sp_from_handle() (bsc#1171688).
   - scsi: qla2xxx: Suppress two recently introduced compiler warnings
     (git-fixes).
   - scsi: qla2xxx: Warn if done() or free() are called on an already freed
     srb (bsc#1171688).
   - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes).
   - sctp: shrink stream outq only when new outcnt < old outcnt
     (networking-stable-20_07_29).
   - sctp: shrink stream outq when fails to do addstream reconf
     (networking-stable-20_07_29).
   - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes).
   - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186
     (git-fixes).
   - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210
     (git-fixes).
   - selftests/net: relax cpu affinity requirement in msg_zerocopy test
     (networking-stable-20_08_08).
   - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
   - Set VIRTIO_CONSOLE=y (bsc#1175667).
   - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
   - SMB3: Honor persistent/resilient handle flags for multiuser mounts
     (bsc#1176546).
   - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
   - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
   - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
   - soundwire: fix double free of dangling pointer (git-fixes).
   - spi: Fix memory leak on splited transfers (git-fixes).
   - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
   - spi: stm32: always perform registers configuration prior to transfer
     (git-fixes).
   - spi: stm32: clear only asserted irq flags on interrupt (git-fixes).
   - spi: stm32: fix fifo threshold level in case of short transfer
     (git-fixes).
   - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes).
   - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate
     (git-fixes).
   - spi: stm32h7: fix race condition at end of transfer (git-fixes).
   - taprio: Fix using wrong queues in gate mask (bsc#1154353).
   - tcp: apply a floor of 1 for RTT samples from TCP timestamps
     (networking-stable-20_08_08).
   - tcp: correct read of TFO keys on big endian systems
     (networking-stable-20_08_15).
   - test_kmod: avoid potential double free in trigger_config_run_type()
     (git-fixes).
   - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes).
   - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes).
   - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
     (git-fixes).
   - tracing: fix double free (git-fixes).
   - Update
     patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch
     (bsc#1176019).
   - Update
     patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch
     (bsc#1174484).
   - USB: cdc-acm: rework notification_buffer resizing (git-fixes).
   - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
   - USB: Fix out of sync data toggle if a configured device is reconfigured
     (git-fixes).
   - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
   - USB: gadget: f_tcm: Fix some resource leaks in some error paths
     (git-fixes).
   - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).
   - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
   - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
     (git-fixes).
   - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes).
   - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).
   - USB: lvtest: return proper error code in probe (git-fixes).
   - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
     (git-fixes).
   - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
     notebook (git-fixes).
   - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D
     (git-fixes).
   - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).
   - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
   - USB: serial: ftdi_sio: clean up receive processing (git-fixes).
   - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).
   - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).
   - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
     (git-fixes).
   - USB: serial: option: support dynamic Quectel USB compositions
     (git-fixes).
   - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative
     value (git-fixes).
   - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
   - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
   - USB: typec: ucsi: Prevent mode overrun (git-fixes).
   - USB: uas: Add quirk for PNY Pro Elite (git-fixes).
   - USB: UAS: fix disconnect by unplugging a hub (git-fixes).
   - USB: yurex: Fix bad gfp argument (git-fixes).
   - vfio-pci: Avoid recursive read-lock usage (bsc#1176366).
   - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes
     (block drivers)).
   - virtio_pci_modern: Fix the comment of virtio_pci_find_capability()
     (git-fixes).
   - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer
     (networking-stable-20_07_29).
   - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes).
   - vxlan: Ensure FDB dump is performed under RCU
     (networking-stable-20_08_08).
   - wireguard: noise: take lock when removing handshake entry from table
     (git-fixes).
   - wireguard: peerlookup: take lock before checking hash in replace
     operation (git-fixes).
   - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs
     (bsc#1176763).
   - x86/hotplug: Silence APIC only after all interrupts are migrated
     (git-fixes).
   - x86/ima: Use EFI GetVariable only when available (bsc#1174029,
     bsc#1174110, bsc#1174111).
   - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489).
   - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq
     gives 0 (bsc#1176925).
   - x86, sched: Bail out of frequency invariance if turbo frequency is
     unknown (bsc#1176925).
   - x86, sched: check for counters overflow in frequency invariant
     accounting (bsc#1176925).
   - x86/stacktrace: Fix reliable check for empty user task stacks
     (bsc#1058115).
   - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
   - xen/balloon: fix accounting in alloc_xenballooned_pages error path
     (bsc#1065600).
   - xen/balloon: make the balloon wait interruptible (bsc#1065600).
   - xen: do not reschedule in preemption off sections (bsc#1175749).
   - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600).
   - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt
     XEN data pointer which contains XEN specific information (bsc#1065600).
   - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed
     (git-fixes).
   - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP2:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2879=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2879=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2879=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2879=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2879=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2879=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):

      kernel-default-debuginfo-5.3.18-24.24.1
      kernel-default-debugsource-5.3.18-24.24.1
      kernel-default-extra-5.3.18-24.24.1
      kernel-default-extra-debuginfo-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-24.24.1
      kernel-default-debugsource-5.3.18-24.24.1
      kernel-default-livepatch-5.3.18-24.24.1
      kernel-default-livepatch-devel-5.3.18-24.24.1
      kernel-livepatch-5_3_18-24_24-default-1-5.3.6
      kernel-livepatch-5_3_18-24_24-default-debuginfo-1-5.3.6
      kernel-livepatch-SLE15-SP2_Update_4-debugsource-1-5.3.6

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-24.24.1
      kernel-default-debugsource-5.3.18-24.24.1
      reiserfs-kmp-default-5.3.18-24.24.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-24.24.1
      kernel-obs-build-debugsource-5.3.18-24.24.1
      kernel-syms-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-24.24.1
      kernel-preempt-debugsource-5.3.18-24.24.1
      kernel-preempt-devel-5.3.18-24.24.1
      kernel-preempt-devel-debuginfo-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):

      kernel-docs-5.3.18-24.24.1
      kernel-source-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-24.24.1
      kernel-default-base-5.3.18-24.24.1.9.7.6
      kernel-default-debuginfo-5.3.18-24.24.1
      kernel-default-debugsource-5.3.18-24.24.1
      kernel-default-devel-5.3.18-24.24.1
      kernel-default-devel-debuginfo-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):

      kernel-preempt-5.3.18-24.24.1
      kernel-preempt-debuginfo-5.3.18-24.24.1
      kernel-preempt-debugsource-5.3.18-24.24.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      kernel-devel-5.3.18-24.24.1
      kernel-macros-5.3.18-24.24.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-24.24.1
      cluster-md-kmp-default-debuginfo-5.3.18-24.24.1
      dlm-kmp-default-5.3.18-24.24.1
      dlm-kmp-default-debuginfo-5.3.18-24.24.1
      gfs2-kmp-default-5.3.18-24.24.1
      gfs2-kmp-default-debuginfo-5.3.18-24.24.1
      kernel-default-debuginfo-5.3.18-24.24.1
      kernel-default-debugsource-5.3.18-24.24.1
      ocfs2-kmp-default-5.3.18-24.24.1
      ocfs2-kmp-default-debuginfo-5.3.18-24.24.1


References:

   https://www.suse.com/security/cve/CVE-2020-0404.html
   https://www.suse.com/security/cve/CVE-2020-0427.html
   https://www.suse.com/security/cve/CVE-2020-0431.html
   https://www.suse.com/security/cve/CVE-2020-0432.html
   https://www.suse.com/security/cve/CVE-2020-14385.html
   https://www.suse.com/security/cve/CVE-2020-14390.html
   https://www.suse.com/security/cve/CVE-2020-2521.html
   https://www.suse.com/security/cve/CVE-2020-25284.html
   https://www.suse.com/security/cve/CVE-2020-26088.html
   https://bugzilla.suse.com/1055186
   https://bugzilla.suse.com/1058115
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1136666
   https://bugzilla.suse.com/1152148
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1155798
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1167527
   https://bugzilla.suse.com/1170232
   https://bugzilla.suse.com/1170774
   https://bugzilla.suse.com/1171000
   https://bugzilla.suse.com/1171068
   https://bugzilla.suse.com/1171073
   https://bugzilla.suse.com/1171558
   https://bugzilla.suse.com/1171688
   https://bugzilla.suse.com/1171742
   https://bugzilla.suse.com/1172419
   https://bugzilla.suse.com/1172757
   https://bugzilla.suse.com/1172873
   https://bugzilla.suse.com/1173017
   https://bugzilla.suse.com/1173060
   https://bugzilla.suse.com/1173115
   https://bugzilla.suse.com/1173267
   https://bugzilla.suse.com/1173746
   https://bugzilla.suse.com/1174029
   https://bugzilla.suse.com/1174110
   https://bugzilla.suse.com/1174111
   https://bugzilla.suse.com/1174358
   https://bugzilla.suse.com/1174484
   https://bugzilla.suse.com/1174486
   https://bugzilla.suse.com/1174899
   https://bugzilla.suse.com/1175263
   https://bugzilla.suse.com/1175667
   https://bugzilla.suse.com/1175718
   https://bugzilla.suse.com/1175749
   https://bugzilla.suse.com/1175787
   https://bugzilla.suse.com/1175882
   https://bugzilla.suse.com/1175952
   https://bugzilla.suse.com/1175996
   https://bugzilla.suse.com/1175997
   https://bugzilla.suse.com/1175998
   https://bugzilla.suse.com/1175999
   https://bugzilla.suse.com/1176000
   https://bugzilla.suse.com/1176001
   https://bugzilla.suse.com/1176019
   https://bugzilla.suse.com/1176022
   https://bugzilla.suse.com/1176038
   https://bugzilla.suse.com/1176063
   https://bugzilla.suse.com/1176137
   https://bugzilla.suse.com/1176235
   https://bugzilla.suse.com/1176236
   https://bugzilla.suse.com/1176237
   https://bugzilla.suse.com/1176242
   https://bugzilla.suse.com/1176278
   https://bugzilla.suse.com/1176357
   https://bugzilla.suse.com/1176358
   https://bugzilla.suse.com/1176359
   https://bugzilla.suse.com/1176360
   https://bugzilla.suse.com/1176361
   https://bugzilla.suse.com/1176362
   https://bugzilla.suse.com/1176363
   https://bugzilla.suse.com/1176364
   https://bugzilla.suse.com/1176365
   https://bugzilla.suse.com/1176366
   https://bugzilla.suse.com/1176367
   https://bugzilla.suse.com/1176381
   https://bugzilla.suse.com/1176423
   https://bugzilla.suse.com/1176449
   https://bugzilla.suse.com/1176482
   https://bugzilla.suse.com/1176486
   https://bugzilla.suse.com/1176507
   https://bugzilla.suse.com/1176536
   https://bugzilla.suse.com/1176537
   https://bugzilla.suse.com/1176538
   https://bugzilla.suse.com/1176539
   https://bugzilla.suse.com/1176540
   https://bugzilla.suse.com/1176541
   https://bugzilla.suse.com/1176542
   https://bugzilla.suse.com/1176544
   https://bugzilla.suse.com/1176545
   https://bugzilla.suse.com/1176546
   https://bugzilla.suse.com/1176548
   https://bugzilla.suse.com/1176558
   https://bugzilla.suse.com/1176559
   https://bugzilla.suse.com/1176587
   https://bugzilla.suse.com/1176588
   https://bugzilla.suse.com/1176659
   https://bugzilla.suse.com/1176698
   https://bugzilla.suse.com/1176699
   https://bugzilla.suse.com/1176700
   https://bugzilla.suse.com/1176721
   https://bugzilla.suse.com/1176722
   https://bugzilla.suse.com/1176725
   https://bugzilla.suse.com/1176732
   https://bugzilla.suse.com/1176763
   https://bugzilla.suse.com/1176775
   https://bugzilla.suse.com/1176788
   https://bugzilla.suse.com/1176789
   https://bugzilla.suse.com/1176833
   https://bugzilla.suse.com/1176869
   https://bugzilla.suse.com/1176877
   https://bugzilla.suse.com/1176925
   https://bugzilla.suse.com/1176962
   https://bugzilla.suse.com/1176980
   https://bugzilla.suse.com/1176990
   https://bugzilla.suse.com/1177021
   https://bugzilla.suse.com/1177030



More information about the sle-security-updates mailing list