SUSE-SU-2020:2908-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Oct 13 14:05:32 MDT 2020

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2020:2908-1
Rating:             important
References:         #1055186 #1058115 #1065600 #1065729 #1094244 
                    #1152472 #1152489 #1153274 #1154353 #1155518 
                    #1156395 #1167527 #1170774 #1171068 #1171688 
                    #1171742 #1172757 #1173017 #1173115 #1173746 
                    #1174358 #1174899 #1175749 #1175882 #1176019 
                    #1176038 #1176137 #1176235 #1176236 #1176237 
                    #1176242 #1176278 #1176357 #1176358 #1176359 
                    #1176360 #1176361 #1176362 #1176363 #1176364 
                    #1176365 #1176366 #1176367 #1176381 #1176423 
                    #1176449 #1176482 #1176486 #1176507 #1176536 
                    #1176537 #1176538 #1176539 #1176540 #1176541 
                    #1176542 #1176544 #1176545 #1176546 #1176548 
                    #1176558 #1176559 #1176587 #1176659 #1176698 
                    #1176699 #1176700 #1176721 #1176722 #1176725 
                    #1176732 #1176763 #1176775 #1176788 #1176789 
                    #1176833 #1176869 #1176877 #1176925 #1176962 
                    #1176980 #1176990 #1177021 #1177030 
Cross-References:   CVE-2020-0404 CVE-2020-0427 CVE-2020-0431
                    CVE-2020-0432 CVE-2020-14385 CVE-2020-14390
                    CVE-2020-25212 CVE-2020-25284 CVE-2020-26088
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP2

   An update that solves 9 vulnerabilities and has 75 fixes is
   now available.


   The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket
     creation could have been used by local attackers to create raw sockets,
     bypassing security mechanisms (bsc#1176990).
   - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
     corruption or a denial of service when changing screen size
   - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow
   - CVE-2020-0427: Fixed an out of bounds read due to a use after free
   - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds
     check (bsc#1176722).
   - CVE-2020-0404: Fixed a linked list corruption due to an unusual root
     cause (bsc#1176423).
   - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow
   - CVE-2020-25284: Fixed an incomplete permission checking for access to
     rbd devices, which could have been leveraged by local attackers to map
     or unmap rbd block devices (bsc#1176482).
   - CVE-2020-14385: Fixed a failure of the file system metadata validator in
     XFS which could have caused an inode with a valid, user-creatable
     extended attribute to be flagged as corrupt (bsc#1176137).

   The following non-security bugs were fixed:

   - ALSA: asihpi: fix iounmap in error handler (git-fixes).
   - ALSA: ca0106: fix error code handling (git-fixes).
   - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
   - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
   - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
   - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
   - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A
     PRO (git-fixes).
   - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes).
   - ALSA: hda: hdmi - add Rocketlake support (git-fixes).
   - ALSA: hda/hdmi: always check pin power status in i915 pin fixup
   - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
   - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
   - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
     P520 (git-fixes).
   - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
   - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes).
   - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes).
   - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
   - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2
   - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes).
   - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620
   - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833).
   - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes).
   - ASoC: img-parallel-out: Fix a reference count leak (git-fixes).
   - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes).
   - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes).
   - ASoC: qcom: Set card->owner to avoid warnings (git-fixes).
   - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes).
   - ASoC: tegra: Fix reference count leaks (git-fixes).
   - ata: ahci: use ata_link_info() instead of ata_link_printk()
   - batman-adv: Add missing include for in_interrupt() (git-fixes).
   - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
   - batman-adv: bla: fix type misuse for backbone_gw hash indexing
   - batman-adv: bla: use netif_rx_ni when not in interrupt context
   - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes).
   - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
   - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
   - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
   - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
   - bcache: Convert pr_<level> uses to a more typical style (git fixes
     (block drivers)).
   - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes
   - blktrace: fix debugfs use after free (git fixes (block drivers)).
   - block: add docs for gendisk / request_queue refcount helpers (git fixes
     (block drivers)).
   - block: revert back to synchronous request_queue removal (git fixes
     (block drivers)).
   - block: Use non _rcu version of list functions for tag_set_list
   - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021).
   - bnxt: do not enable NAPI until rings are ready (git-fixes).
   - bnxt_en: Check for zero dir entries in NVRAM (git-fixes).
   - bnxt_en: Do not query FW when netif_running() is false (git-fixes).
   - bnxt_en: Fix completion ring sizing with TPA enabled
   - bnxt_en: fix HWRM error when querying VF temperature (git-fixes).
   - bnxt_en: Fix PCI AER error recovery flow (git-fixes).
   - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371
   - bnxt_en: Fix race when modifying pause settings
   - bonding: check error value of register_netdevice() immediately
   - bonding: check return value of register_netdevice() in bond_newlink()
   - bonding: fix a potential double-unregister (git-fixes).
   - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518).
   - bpf: map_seq_next should always increase position index (bsc#1155518).
   - btrfs: add a leak check for roots (bsc#1176019).
   - btrfs: add __cold attribute to more functions (bsc#1176019).
   - btrfs: add dedicated members for start and length of a block group
   - btrfs: Add read_backup_root (bsc#1176019).
   - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019).
   - btrfs: block-group: Reuse the item key from caller of
     read_one_block_group() (bsc#1176019).
   - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019).
   - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root
   - btrfs: do not init a reloc root if we are not relocating (bsc#1176019).
   - btrfs: Do not use objectid_mutex during mount (bsc#1176019).
   - btrfs: drop block from cache on error in relocation (bsc#1176019).
   - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019).
   - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019).
   - btrfs: export and rename free_fs_info (bsc#1176019).
   - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019).
   - btrfs: Factor out tree roots initialization during mount (bsc#1176019).
   - btrfs: fix setting last_trans for reloc roots (bsc#1176019).
   - btrfs: free more things in btrfs_free_fs_info (bsc#1176019).
   - btrfs: free the reloc_control in a consistent way (bsc#1176019).
   - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019).
   - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019).
   - btrfs: hold a ref on fs roots while they're in the radix tree
   - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry
   - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info
   - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019).
   - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019).
   - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user
   - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019).
   - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019).
   - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019).
   - btrfs: hold a ref on the root in create_subvol (bsc#1176019).
   - btrfs: hold a ref on the root in find_data_references (bsc#1176019).
   - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019).
   - btrfs: hold a ref on the root in get_subvol_name_from_objectid
   - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019).
   - btrfs: hold a ref on the root in open_ctree (bsc#1176019).
   - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019).
   - btrfs: hold a ref on the root in record_reloc_root_in_trans
   - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019).
   - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019).
   - btrfs: hold a ref on the root in search_ioctl (bsc#1176019).
   - btrfs: hold a ref on the root->reloc_root (bsc#1176019).
   - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019).
   - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019).
   - btrfs: implement full reflink support for inline extents (bsc#1176019).
   - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019).
   - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019).
   - btrfs: make the fs root init functions static (bsc#1176019).
   - btrfs: make the init of static elements in fs_info separate
   - btrfs: move all reflink implementation code into its own file
   - btrfs: move block_group_item::flags to block group (bsc#1176019).
   - btrfs: move block_group_item::used to block group (bsc#1176019).
   - btrfs: move fs_info init work into it's own helper function
   - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019).
   - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019).
   - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019).
   - btrfs: push grab_fs_root into read_fs_root (bsc#1176019).
   - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019).
   - btrfs: reloc: clean dirty subvols if we fail to start a transaction
   - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019).
   - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019).
   - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019).
   - btrfs: remove embedded block_group_cache::item (bsc#1176019).
   - btrfs: Remove newest_gen argument from find_oldest_super_backup
   - btrfs: Remove unused next_root_backup function (bsc#1176019).
   - btrfs: rename block_group_item on-stack accessors to follow naming
   - btrfs: rename btrfs_block_group_cache (bsc#1176019).
   - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019).
   - btrfs: rename extent buffer block group item accessors (bsc#1176019).
   - btrfs: Rename find_oldest_super_backup to init_backup_root_slot
   - btrfs: require only sector size alignment for parent eb bytenr
   - btrfs: reset tree root pointer after error in init_tree_roots
   - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019).
   - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019).
   - btrfs: Streamline btrfs_fs_info::backup_root_index semantics
   - btrfs: tree-checker: fix the error message for transid error
   - btrfs: unset reloc control if we fail to recover (bsc#1176019).
   - btrfs: use bool argument in free_root_pointers() (bsc#1176019).
   - btrfs: use btrfs_block_group_cache_done in update_block_group
   - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019).
   - ceph: do not allow setlease on cephfs (bsc#1176537).
   - ceph: fix potential mdsc use-after-free crash (bsc#1176538).
   - ceph: fix use-after-free for fsc->mdsc (bsc#1176539).
   - ceph: handle zero-length feature mask in session messages (bsc#1176540).
   - ceph: set sec_context xattr on symlink creation (bsc#1176541).
   - ceph: use frag's MDS in either mode (bsc#1176542).
   - cfg80211: regulatory: reject invalid hints (bsc#1176699).
   - cifs: Fix leak when handling lease break for cached root fid
   - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
   - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
   - clk: davinci: Use the correct size when allocating memory (git-fixes).
   - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
   - cxgb4: fix thermal zone device registration (git-fixes).
   - debugfs: Fix module state check condition (bsc#1173746).
   - debugfs: Fix module state check condition (git-fixes).
   - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29).
   - dmaengine: acpi: Put the CSRT table after using it (git-fixes).
   - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
     at_dma_xlate() (git-fixes).
   - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes).
   - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
   - dmaengine: pl330: Fix burst length if burst size is smaller than bus
     width (git-fixes).
   - dm: do not call report zones for more than the user requested (git fixes
     (block drivers)).
   - dm integrity: fix integrity recalculation that is improperly skipped
     (git fixes (block drivers)).
   - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes
     (block drivers)).
   - dm writecache: add cond_resched to loop in persistent_memory_claim()
     (git fixes (block drivers)).
   - dm writecache: correct uncommitted_block when discarding uncommitted
     entry (git fixes (block drivers)).
   - dm zoned: assign max_io_len correctly (git fixes (block drivers)).
   - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning
   - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486
   - Drivers: hv: Specify receive buffer size using Hyper-V page size
   - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
   - Drivers: hv: vmbus: hibernation: do not hang forever in
     vmbus_bus_resume() (git-fixes).
   - drivers/net/wan/x25_asy: Fix to make it work
   - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
   - drm/amd/display: Switch to immediate mode for updating infopackets
   - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
   - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
   - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
   - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
   - drm/amdgpu/gfx10: refine mgcg setting (git-fixes).
   - drm/amdkfd: Fix reference count leaks (git-fixes).
   - drm/amd/pm: correct the thermal alert temperature limit settings
   - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
   - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
   - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes).
   - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading
   - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes).
   - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) 	*
     context changes
   - drm/mgag200: Remove declaration of mgag200_mmap() from header file
     (bsc#1152472) 	* context changes
   - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
   - drm/nouveau: Fix reference count leak in nouveau_connector_detect
   - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
   - drm/radeon: fix multiple reference count leak (git-fixes).
   - drm/radeon: Prefer lower feedback dividers (git-fixes).
   - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes).
   - drm/sun4i: add missing put_device() call in (bsc#1152472)
   - drm/sun4i: backend: Disable alpha on the lowest plane on the A20
   - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472)
   - drm/sun4i: Fix dsi dcs long write function (bsc#1152472)
   - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) 	* context
   - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489).
   - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489).
   - EDAC: Fix reference count leaks (bsc#1152489).
   - enetc: Remove the mdio bus on PF probe bailout
   - epoll: atomically remove wait entry on wake up (bsc#1176236).
   - epoll: call final ep_events_available() check under the lock
   - fbcon: prevent user font height or width change from causing potential
     out-of-bounds access (git-fixes).
   - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).
   - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775).
   - HID: core: Correctly handle ReportSize being zero (git-fixes).
   - HID: core: fix dmesg flooding if report field larger than 32bit
   - HID: core: reformat and reduce hid_printk macros (bsc#1176775).
   - HID: core: Sanitize event code and type when mapping input (git-fixes).
   - HID: elan: Fix memleak in elan_input_configured (git-fixes).
   - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
   - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands
   - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller
   - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes).
   - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes).
   - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
   - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
   - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
   - hv_utils: return error if host timesysnc update is stale (bsc#1176877).
   - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
   - i2c: i801: Fix resume bug (git-fixes).
   - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes).
   - i40e: Fix crash during removing i40e driver (git-fixes).
   - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).
   - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
   - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak
   - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
   - iio:accel:mma7455: Fix timestamp alignment and prevent data leak
   - iio:accel:mma8452: Fix timestamp alignment and prevent data leak
   - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
   - iio:adc:max1118 Fix alignment of timestamp and data leak issues
   - iio: adc: mcp3422: fix locking on error path (git-fixes).
   - iio: adc: mcp3422: fix locking scope (git-fixes).
   - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
   - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes).
   - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
   - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak
   - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
   - iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
   - iio:light:max44000 Fix timestamp alignment and prevent data leak
   - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
   - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak
   - include/asm-generic/ align ro_after_init (git-fixes).
   - include/linux/bitops.h: avoid clang shift-count-overflow warnings
   - include/linux/poison.h: remove obsolete comment (git-fixes).
   - initramfs: remove clean_rootfs (git-fixes).
   - initramfs: remove the populate_initrd_image and clean_rootfs stubs
   - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
   - Input: trackpoint - add new trackpoint variant IDs (git-fixes).
   - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358).
   - iommu/amd: Do not use IOMMUv2 functionality when SME is active
   - iommu/amd: Print extended features in one line to fix divergent log
     levels (bsc#1176357).
   - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358).
   - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359).
   - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
   - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361).
   - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362).
   - iommu/vt-d: Handle non-page aligned address (bsc#1176367).
   - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363).
   - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364).
   - iommu/vt-d: Support flushing more translation cache types (bsc#1176365).
   - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08).
   - ipv6: fix memory leaks on IPV6_ADDRFORM path
   - ipv6: Fix nexthop refcnt leak when creating ipv6 route info
   - irqdomain/treewide: Free firmware node after domain removal (git-fixes).
   - irqdomain/treewide: Keep firmware node unconditionally allocated
   - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi).
   - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).
   - Also use bz compression (boo#1175882).
   - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
   - libbpf: Fix readelf output parsing for Fedora (bsc#1155518).
   - libbpf: Fix readelf output parsing on powerpc with recent binutils
   - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
   - libnvdimm: cover up struct nvdimm changes (bsc#1171742).
   - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
   - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
   - md: raid0/linear: fix dereference before null check on pointer mddev
     (git fixes (block drivers)).
   - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes).
   - media: davinci: vpif_capture: fix potential double free (git-fixes).
   - media: gpio-ir-tx: improve precision of transmitted signal due to
     scheduling (git-fixes).
   - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
     DMA value in debiirq() (git-fixes).
   - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
   - mlx4: disable device on shutdown (git-fixes).
   - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
   - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes).
   - mmc: sdhci-msm: Add retries when all tuning phases are found valid
   - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt
   - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes).
   - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)).
   - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes
   - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)).
   - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes
   - mm/shuffle: do not move pages between zones and do not read garbage
     memmaps (git fixes (mm/pgalloc)).
   - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes
   - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).
   - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
     configuration (networking-stable-20_07_29).
   - net: dsa: microchip: call phy_remove_link_mode during probe
   - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
   - net: ethernet: mtk_eth_soc: fix MTU warnings
   - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587).
   - net: Fix potential memory leak in proto_register()
   - net: gre: recompute gre csum for sctp over gre tunnels
   - net: initialize fastreuse on inet_inherit_port
   - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
   - net: refactor bind_bucket fastreuse into helper
   - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353).
   - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15).
   - net/smc: put slot when connection is killed (git-fixes).
   - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
   - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
   - net/tls: Fix kmap usage (networking-stable-20_08_15).
   - net: udp: Fix wrong clean up for IS_UDPLITE macro
   - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
   - nvme-fc: set max_segments to lldd max value (bsc#1176038).
   - nvme-pci: override the value of the controller's numa node (bsc#1176507).
   - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
   - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
   - PCI: Fix pci_create_slot() reference count leak (git-fixes).
   - platform/x86: dcdbas: Check SMBIOS for protected buffer address
   - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395).
   - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244
   - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244
   - powerpc: Add cputime_to_nsecs() (bsc#1065729).
   - powerpc/book3s64/radix: Add kernel command line option to disable radix
     GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512).
   - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962).
   - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
   - powerpc/kernel: Cleanup machine check function declarations
   - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests
     (bsc#1177030 ltc#187588).
   - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436
   - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only
     (bsc#1177030 ltc#187588).
   - powerpc/mm/radix: Create separate mappings for hot-plugged memory
     (bsc#1055186 ltc#153436).
   - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table
     mappings (bsc#1055186 ltc#153436).
   - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186
   - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436).
   - powerpc/numa: Early request for home node associativity (bsc#1171068
   - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935).
   - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935).
   - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068
   - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068
   - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
     (bsc#1176486 ltc#188130).
   - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186
     ltc#153436 jsc#SLE-13512).
   - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244
   - powerpc/pseries: Machine check use rtas_call_unlocked() with args on
     stack (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths
     (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244
   - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244
   - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
   - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244
   - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S
   - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29).
   - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017).
   - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017).
   - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774).
   - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds
   - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017).
   - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774).
   - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes).
   - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381).
   - Remove patch causing regression (bsc#1094244 ltc#168122).
   - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules
     (bsc#1176869 ltc#188243).
   - rpm/ recognize also kernel-source-azure (bsc#1176732)
   - rpm/ Also sign ppc64 kernels (jsc#SLE-15857
   - rpm/ pack .ipa-clones files for live patching When
     -fdump-ipa-clones option is enabled, GCC reports about its cloning
     operation during IPA optimizations. We use the information for live
     patches preparation, because it is crucial to know if and how functions
     are optimized. Currently, we create the needed .ipa-clones dump files
     manually. It is unnecessary, because the files may be created
     automatically during our kernel build. Prepare for the step and provide
     the resulting files in -livepatch-devel package.
   - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115)
     To avoid the unnecessary key enrollment, when enrolling the signing key
     of the kernel package, "--ca-check" is added to mokutil so that mokutil
     will ignore the request if the CA of the signing key already exists in
     MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is
     only defined in a kernel module package (KMP), it's used to determine
     whether the %post script is running in a kernel package, or a kernel
     module package.
   - rpm/ Also use bz compression (boo#1175882).
   - rpm/macros.kernel-source: pass -c proerly in kernel module package
     (bsc#1176698) The "-c" option wasn't passed down to
     %_kernel_module_package so the ueficert subpackage wasn't generated even
     if the certificate is specified in the spec file.
   - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
   - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
   - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
   - s390: Change s390_kernel_write() return type to match memcpy()
     (bsc#1176449). Prerequisite for bsc#1176449.
   - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes).
   - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes).
   - s390/maccess: add no DAT mode to kernel_write (bsc#1176449).
   - s390/mm: fix huge pte soft dirty copying (git-fixes).
   - s390/qeth: do not process empty bridge port events (git-fixes).
   - s390/qeth: integrate RX refill worker with NAPI (git-fixes).
   - s390/qeth: tolerate pre-filled RX buffer (git-fixes).
   - s390/setup: init jump labels before command line parsing (git-fixes).
   - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes
     (block drivers)).
   - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
   - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962
   - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
     (bsc#1176962 ltc#188304).
   - scsi: libfc: Fix for double free() (bsc#1174899).
   - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
   - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
   - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
   - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
   - scsi: qla2xxx: Fix the return value (bsc#1171688).
   - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call
   - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
   - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg()
   - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).
   - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle()
   - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
   - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
   - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
   - scsi: qla2xxx: Simplify return value logic in
     qla2x00_get_sp_from_handle() (bsc#1171688).
   - scsi: qla2xxx: Suppress two recently introduced compiler warnings
   - scsi: qla2xxx: Warn if done() or free() are called on an already freed
     srb (bsc#1171688).
   - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes).
   - sctp: shrink stream outq only when new outcnt < old outcnt
   - sctp: shrink stream outq when fails to do addstream reconf
   - selftests/net: relax cpu affinity requirement in msg_zerocopy test
   - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
   - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
   - SMB3: Honor persistent/resilient handle flags for multiuser mounts
   - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
   - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
   - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
   - soundwire: fix double free of dangling pointer (git-fixes).
   - spi: Fix memory leak on splited transfers (git-fixes).
   - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
   - spi: stm32: always perform registers configuration prior to transfer
   - spi: stm32: clear only asserted irq flags on interrupt (git-fixes).
   - spi: stm32: fix fifo threshold level in case of short transfer
   - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes).
   - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate
   - spi: stm32h7: fix race condition at end of transfer (git-fixes).
   - taprio: Fix using wrong queues in gate mask (bsc#1154353).
   - tcp: apply a floor of 1 for RTT samples from TCP timestamps
   - tcp: correct read of TFO keys on big endian systems
   - test_kmod: avoid potential double free in trigger_config_run_type()
   - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes).
   - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes).
   - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
   - tracing: fix double free (git-fixes).
   - Update
   - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
   - USB: Fix out of sync data toggle if a configured device is reconfigured
   - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
   - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).
   - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
   - USB: lvtest: return proper error code in probe (git-fixes).
   - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
   - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
     notebook (git-fixes).
   - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
   - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
   - USB: serial: option: support dynamic Quectel USB compositions
   - USB: sisusbvga: Fix a potential UB casued by left shifting a negative
     value (git-fixes).
   - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
   - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
   - USB: typec: ucsi: Prevent mode overrun (git-fixes).
   - USB: uas: Add quirk for PNY Pro Elite (git-fixes).
   - USB: UAS: fix disconnect by unplugging a hub (git-fixes).
   - USB: yurex: Fix bad gfp argument (git-fixes).
   - vfio-pci: Avoid recursive read-lock usage (bsc#1176366).
   - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes
     (block drivers)).
   - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer
   - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes).
   - vxlan: Ensure FDB dump is performed under RCU
   - wireguard: noise: take lock when removing handshake entry from table
   - wireguard: peerlookup: take lock before checking hash in replace
     operation (git-fixes).
   - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs
   - x86/hotplug: Silence APIC only after all interrupts are migrated
   - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489).
   - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq
     gives 0 (bsc#1176925).
   - x86, sched: Bail out of frequency invariance if turbo frequency is
     unknown (bsc#1176925).
   - x86, sched: check for counters overflow in frequency invariant
     accounting (bsc#1176925).
   - x86/stacktrace: Fix reliable check for empty user task stacks
   - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
   - xen: do not reschedule in preemption off sections (bsc#1175749).
   - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt
     XEN data pointer which contains XEN specific information (bsc#1065600).
   - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2908=1

Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):


   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):



More information about the sle-security-updates mailing list