SUSE-SU-2020:3014-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Oct 23 07:15:06 MDT 2020


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3014-1
Rating:             important
References:         #1055186 #1058115 #1065600 #1065729 #1094244 
                    #1112178 #1113956 #1136666 #1140683 #1152148 
                    #1154366 #1163524 #1165629 #1166965 #1167527 
                    #1169972 #1170232 #1171558 #1171688 #1171742 
                    #1172073 #1172538 #1172873 #1173060 #1173115 
                    #1174748 #1174899 #1175228 #1175520 #1175667 
                    #1175691 #1175749 #1175882 #1176011 #1176022 
                    #1176038 #1176069 #1176235 #1176242 #1176278 
                    #1176316 #1176317 #1176318 #1176319 #1176320 
                    #1176321 #1176381 #1176395 #1176400 #1176410 
                    #1176423 #1176482 #1176507 #1176536 #1176544 
                    #1176545 #1176546 #1176548 #1176659 #1176698 
                    #1176699 #1176700 #1176721 #1176722 #1176725 
                    #1176732 #1176788 #1176789 #1176869 #1176877 
                    #1176935 #1176946 #1176950 #1176962 #1176966 
                    #1176990 #1177027 #1177030 #1177041 #1177042 
                    #1177043 #1177044 #1177121 #1177206 #1177258 
                    #1177291 #1177293 #1177294 #1177295 #1177296 
                    #1177340 #1177511 
Cross-References:   CVE-2020-0404 CVE-2020-0427 CVE-2020-0431
                    CVE-2020-0432 CVE-2020-14381 CVE-2020-14386
                    CVE-2020-14390 CVE-2020-1749 CVE-2020-25212
                    CVE-2020-25284 CVE-2020-25641 CVE-2020-25643
                    CVE-2020-25645 CVE-2020-26088
Affected Products:
                    SUSE Linux Enterprise Module for Realtime 15-SP1
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 78 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).
   - CVE-2020-25641: Allowed for_each_bvec to support zero len bvec
     (bsc#1177121).
   - CVE-2020-25645: Added transport ports in route lookup for geneve
     (bsc#1177511).
   - CVE-2020-0404: Fixed a linked list corruption due to an unusual root
     cause (bsc#1176423).
   - CVE-2020-0427: Fixed an out of bounds read due to a use after free
     (bsc#1176725).
   - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds
     check (bsc#1176722).
   - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow
     (bsc#1176721).
   - CVE-2020-14381: Fixed requeue paths such that filp was valid when
     dropping the references (bsc#1176011).
   - CVE-2020-14386: Fixed a memory corruption which could have been
     exploited to gain root privileges from unprivileged processes
     (bsc#1176069).
   - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
     corruption or a denial of service when changing screen size
     (bnc#1176235).
   - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup
     (bsc#1165629).
   - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow
     (bsc#1176381).
   - CVE-2020-25284: Fixed an incomplete permission checking for access to
     rbd devices, which could have been leveraged by local attackers to map
     or unmap rbd block devices (bsc#1176482).
   - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket
     creation could have been used by local attackers to create raw sockets,
     bypassing security mechanisms (bsc#1176990).

   The following non-security bugs were fixed:

   - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
     (git-fixes).
   - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
   - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
     (git-fixes).
   - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
     (git-fixes).
   - arm64: KVM: Do not generate UNDEF when LORegion feature is present
     (jsc#SLE-4084).
   - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).
   - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).
   - ASoC: tegra: Fix reference count leaks (git-fixes).
   - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
   - batman-adv: bla: use netif_rx_ni when not in interrupt context
     (git-fixes).
   - bcache: allocate meta data pages as compound pages (bsc#1172873).
   - bcache: Convert pr_<level> uses to a more typical style (git fixes
     (block drivers)).
   - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).
   - bcm63xx_enet: correct clock usage (git-fixes).
   - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).
   - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes
     (bitfield)).
   - blktrace: fix debugfs use after free (git fixes (block drivers)).
   - block: add docs for gendisk / request_queue refcount helpers (git fixes
     (block drivers)).
   - block: check queue's limits.discard_granularity in
     __blkdev_issue_discard() (bsc#1152148).
   - block: improve discard bio alignment in __blkdev_issue_discard()
     (bsc#1152148).
   - block: revert back to synchronous request_queue removal (git fixes
     (block drivers)).
   - block: Use non _rcu version of list functions for tag_set_list
     (git-fixes).
   - bnxt_en: Fix completion ring sizing with TPA enabled
     (networking-stable-20_07_29).
   - bonding: check error value of register_netdevice() immediately
     (git-fixes).
   - bonding: check return value of register_netdevice() in bond_newlink()
     (git-fixes).
   - bonding: use nla_get_u64 to extract the value for
     IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).
   - btrfs: require only sector size alignment for parent eb bytenr
     (bsc#1176789).
   - btrfs: tree-checker: fix the error message for transid error
     (bsc#1176788).
   - ceph: do not allow setlease on cephfs (bsc#1177041).
   - ceph: fix potential mdsc use-after-free crash (bsc#1177042).
   - ceph: fix use-after-free for fsc->mdsc (bsc#1177043).
   - ceph: handle zero-length feature mask in session messages (bsc#1177044).
   - cfg80211: regulatory: reject invalid hints (bsc#1176699).
   - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
   - cifs: Fix leak when handling lease break for cached root fid
     (bsc#1176242).
   - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
   - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
   - clk: Add (devm_)clk_get_optional() functions (git-fixes).
   - constrants: fix malformed XML Closing tag of an element is "</foo>", not
     "<foo/>". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for
     kernel-docs")
   - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode
     (bsc#1176966).
   - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned
     from the respective $arch/default configs. All changed configs appart
     from CONFIG_PREEMPT->y are a result of dependencies, namely many
     lock/unlock primitives are no longer inlined in the preempt kernel.
     TREE_RCU has been also changed to PREEMPT_RCU which is the default
     implementation for PREEMPT kernel.
   - device property: Fix the secondary firmware node handling in
     set_primary_fwnode() (git-fixes).
   - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
     at_dma_xlate() (git-fixes).
   - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
     (git-fixes).
   - dmaengine: pl330: Fix burst length if burst size is smaller than bus
     width (git-fixes).
   - dm crypt: avoid truncating the logical block size (git fixes (block
     drivers)).
   - dm: fix redundant IO accounting for bios that need splitting (git fixes
     (block drivers)).
   - dm integrity: fix a deadlock due to offloading to an incorrect workqueue
     (git fixes (block drivers)).
   - dm integrity: fix integrity recalculation that is improperly skipped
     (git fixes (block drivers)).
   - dm: report suspended device during destroy (git fixes (block drivers)).
   - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes
     (block drivers)).
   - dm: use noio when sending kobject event (git fixes (block drivers)).
   - dm writecache: add cond_resched to loop in persistent_memory_claim()
     (git fixes (block drivers)).
   - dm writecache: correct uncommitted_block when discarding uncommitted
     entry (git fixes (block drivers)).
   - dm zoned: assign max_io_len correctly (git fixes (block drivers)).
   - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes).
   - Drivers: hv: Specify receive buffer size using Hyper-V page size
     (bsc#1176877).
   - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
   - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in
     hv_synic_cleanup() (git-fixes).
   - drivers/net/wan/x25_asy: Fix to make it work
     (networking-stable-20_07_29).
   - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
   - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
     (git-fixes).
   - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
   - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
   - drm/amdkfd: Fix reference count leaks (git-fixes).
   - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
   - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
   - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) 	*
     context changes
   - drm/msm/adreno: fix updating ring fence (git-fixes).
   - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) 	* context changes
   - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
     (git-fixes).
   - drm/nouveau: Fix reference count leak in nouveau_connector_detect
     (git-fixes).
   - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
     (git-fixes).
   - drm/radeon: fix multiple reference count leak (git-fixes).
   - drm/radeon: Prefer lower feedback dividers (git-fixes).
   - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
   - EDAC: Fix reference count leaks (bsc#1112178).
   - fbcon: prevent user font height or width change from causing
     (bsc#1112178)
   - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).
   - fsl/fman: check dereferencing null pointer (git-fixes).
   - fsl/fman: fix dereference null return value (git-fixes).
   - fsl/fman: fix eth hash table allocation (git-fixes).
   - fsl/fman: fix unreachable code (git-fixes).
   - fsl/fman: use 32-bit unsigned integer (git-fixes).
   - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).
   - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
     (git-fixes).
   - gtp: fix Illegal context switch in RCU read-side critical section
     (git-fixes).
   - gtp: fix use-after-free in gtp_newlink() (git-fixes).
   - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
     (git-fixes).
   - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
     path (git-fixes).
   - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
   - hv_balloon: Balloon up according to request page number (git-fixes).
   - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes).
   - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes).
   - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes).
   - hv_netvsc: flag software created hash value (git-fixes).
   - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
   - hv_utils: return error if host timesysnc update is stale (bsc#1176877).
   - i2c: core: Do not fail PRP0001 enumeration when no ID table exist
     (git-fixes).
   - i2c: rcar: in slave mode, clear NACK earlier (git-fixes).
   - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
   - include: add additional sizes (bsc#1094244 ltc#168122).
   - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE
     (bsc#1177293).
   - iommu/amd: Fix potential @entry null deref (bsc#1177294).
   - iommu/amd: Print extended features in one line to fix divergent log
     levels (bsc#1176316).
   - iommu/amd: Re-factor guest virtual APIC (de-)activation code
     (bsc#1177291).
   - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).
   - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode
     (bsc#1177295).
   - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).
   - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
     (bsc#1177296).
   - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
     (bsc#1176319).
   - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
   - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).
   - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
   - kabi: mask changes to struct ipv6_stub (bsc#1165629).
   - kernel-docs: Change Requires on python-Sphinx to earlier than version 3
     References: bsc#1166965 From 3 on the internal API that the build system
     uses was rewritten in an incompatible way. See
     https://github.com/sphinx-doc/sphinx/issues/7421 and
     https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details.
   - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).
   - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and
     non-VHE (jsc#SLE-4084).
   - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put
     for VHE (jsc#SLE-4084).
   - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put
     (jsc#SLE-4084).
   - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on
     VHE (jsc#SLE-4084).
   - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions
     (jsc#SLE-4084).
   - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).
   - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems
     (jsc#SLE-4084).
   - KVM: arm64: Factor out fault info population and gic workarounds
     (jsc#SLE-4084).
   - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).
   - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).
   - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).
   - KVM: arm64: Introduce framework for accessing deferred sysregs
     (jsc#SLE-4084).
   - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions
     (jsc#SLE-4084).
   - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).
   - KVM: arm64: Move common VHE/non-VHE trap config in separate functions
     (jsc#SLE-4084).
   - KVM: arm64: Move debug dirty flag calculation out of world switch
     (jsc#SLE-4084).
   - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag
     (jsc#SLE-4084).
   - KVM: arm64: Move userspace system registers into separate function
     (jsc#SLE-4084).
   - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers
     (jsc#SLE-4084).
   - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1
     (jsc#SLE-4084).
   - KVM: arm64: Remove kern_hyp_va() use in VHE switch function
     (jsc#SLE-4084).
   - KVM: arm64: Remove noop calls to timer save/restore from VHE switch
     (jsc#SLE-4084).
   - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).
   - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).
   - KVM: arm64: Rewrite system register accessors to read/write functions
     (jsc#SLE-4084).
   - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).
   - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions
     (jsc#SLE-4084).
   - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE
     (jsc#SLE-4084).
   - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN
     (jsc#SLE-4084).
   - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs
     (jsc#SLE-4084).
   - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084).
   - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on
     VHE (jsc#SLE-4084).
   - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init
     (jsc#SLE-4084).
   - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load
     (jsc#SLE-4084).
   - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1
     (jsc#SLE-4084).
   - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe
     (jsc#SLE-4084).
   - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs
     (jsc#SLE-4084).
   - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate
     (jsc#SLE-4084).
   - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n
     (jsc#SLE-4084).
   - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code
     (jsc#SLE-4084).
   - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).
   - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM
     (bsc#1176321).
   - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast()
     (bsc#1112178).
   - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).
   - libceph: allow setting abort_on_full for rbd (bsc#1169972).
   - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
   - libnvdimm: cover up struct nvdimm changes (bsc#1171742).
   - libnvdimm/security, acpi/nfit: unify zero-key for all security commands
     (bsc#1171742).
   - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
   - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
   - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block
     drivers)).
   - md: raid0/linear: fix dereference before null check on pointer mddev
     (git fixes (block drivers)).
   - media: davinci: vpif_capture: fix potential double free (git-fixes).
   - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
     DMA value in debiirq() (git-fixes).
   - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
   - mlx4: disable device on shutdown (git-fixes).
   - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes).
   - mlxsw: core: Increase scope of RCU read-side critical section
     (git-fixes).
   - mm: Avoid calling build_all_zonelists_init under hotplug context
     (bsc#1154366).
   - mmc: cqhci: Add cqhci_deactivate() (git-fixes).
   - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based
     controllers (git-fixes).
   - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes
     (mm/pgalloc)).
   - mm/vmalloc.c: move 'area->pages' after if statement (git fixes
     (mm/vmalloc)).
   - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo
     (bsc#1175691).
   - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).
   - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).
   - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).
   - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).
   - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).
   - net: dsa: mv88e6xxx: fix shift of FID bits in
     mv88e6185_g1_vtu_loadpurge() (git-fixes).
   - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).
   - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).
   - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).
   - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).
   - net: ethernet: aquantia: Fix wrong return value (git-fixes).
   - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
     (git-fixes).
   - net: fs_enet: do not call phy_stop() in interrupts (git-fixes).
   - net: initialize fastreuse on inet_inherit_port
     (networking-stable-20_08_15).
   - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).
   - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).
   - net: lio_core: fix potential sign-extension overflow on large shift
     (git-fixes).
   - net/mlx5: Add meaningful return codes to status_to_err function
     (git-fixes).
   - net/mlx5e: Fix error path of device attach (git-fixes).
   - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).
   - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes).
   - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
     (git-fixes).
   - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).
   - net: mvneta: fix mtu change on port without link (git-fixes).
   - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).
   - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in
     ax_close()) (git-fixes).
   - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
   - net: qca_spi: Avoid packet drop during initial sync (git-fixes).
   - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).
   - net: qcom/emac: add missed clk_disable_unprepare in error path of
     emac_clks_phase1_init (git-fixes).
   - net: refactor bind_bucket fastreuse into helper
     (networking-stable-20_08_15).
   - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).
   - net/smc: fix dmb buffer shortage (git-fixes).
   - net/smc: fix restoring of fallback changes (git-fixes).
   - net/smc: fix sock refcounting in case of termination (git-fixes).
   - net/smc: improve close of terminated socket (git-fixes).
   - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).
   - net/smc: remove freed buffer from list (git-fixes).
   - net/smc: reset sndbuf_desc if freed (git-fixes).
   - net/smc: set rx_off for SMCR explicitly (git-fixes).
   - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
   - net/smc: tolerate future SMCD versions (git-fixes).
   - net: spider_net: Fix the size used in a 'dma_free_coherent()' call
     (git-fixes).
   - net: stmmac: call correct function in
     stmmac_mac_config_rx_queues_routing() (git-fixes).
   - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes).
   - net: stmmac: do not stop NAPI processing when dropping a packet
     (git-fixes).
   - net: stmmac: dwmac4: fix flow control issue (git-fixes).
   - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA
     reset function (git-fixes).
   - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array
     (git-fixes).
   - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration
     (git-fixes).
   - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
     (git-fixes).
   - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs
     (git-fixes).
   - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode
     (git-fixes).
   - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
     (git-fixes).
   - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()'
     (git-fixes).
   - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()'
     (git-fixes).
   - net: stmmac: Fix RX packet size > 8191 (git-fixes).
   - net: stmmac: rename dwmac4_tx_queue_routing() to match reality
     (git-fixes).
   - net: stmmac: set MSS for each tx DMA channel (git-fixes).
   - net: stmmac: Use correct values in TQS/RQS fields (git-fixes).
   - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
     (networking-stable-20_07_29).
   - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).
   - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb()
     (git-fixes).
   - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).
   - net: ucc_geth - fix Oops when changing number of buffers in the ring
     (git-fixes).
   - NFS: On fatal writeback errors, we need to call
     nfs_inode_remove_request() (bsc#1177340).
   - NFS: Revalidate the file mapping on all fatal writeback errors
     (bsc#1177340).
   - NFSv4: don't mark all open state for recovery when handling recallable
     state revoked flag (bsc#1176935).
   - nvme: add a Identify Namespace Identification Descriptor list quirk
     (bsc#1174748).
   - nvme-fc: set max_segments to lldd max value (bsc#1176038).
   - nvme-pci: override the value of the controller's numa node (bsc#1176507).
   - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
   - ocfs2: give applications more IO opportunities during fstrim
     (bsc#1175228).
   - PCI: Fix pci_create_slot() reference count leak (git-fixes).
   - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).
   - PCI: qcom: Add missing reset for ipq806x (git-fixes).
   - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).
   - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).
   - PCI: rcar: Fix incorrect programming of OB windows (git-fixes).
   - PM: sleep: core: Fix the handling of pending runtime resume requests
     (git-fixes).
   - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244
     ltc#168122).
   - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244
     ltc#168122).
   - powerpc/64s: Fix unrelocated interrupt trampoline address test
     (bsc#1094244 ltc#168122).
   - powerpc/64s: Include <asm/nmi.h> header file to fix a warning
     (bsc#1094244 ltc#168122).
   - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244
     ltc#168122).
   - powerpc/64s: sreset panic if there is no debugger or crash dump handlers
     (bsc#1094244 ltc#168122).
   - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244
     ltc#168122).
   - powerpc: Add cputime_to_nsecs() (bsc#1065729).
   - powerpc/book3s64/radix: Add kernel command line option to disable radix
     GTSE (bsc#1055186 ltc#153436).
   - powerpc/book3s64/radix: Fix boot failure with large amount of guest
     memory (bsc#1176022 ltc#187208).
   - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
   - powerpc/init: Do not advertise radix during client-architecture-support
     (bsc#1055186 ltc#153436 ).
   - powerpc/kernel: Cleanup machine check function declarations
     (bsc#1065729).
   - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests
     (bsc#1177030 ltc#187588).
   - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).
   - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only
     (bsc#1177030 ltc#187588).
   - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64
     (bsc#1176022 ltc#187208).
   - powerpc/powernv: Remove real mode access limit for early allocations
     (bsc#1176022 ltc#187208).
   - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186
     ltc#153436).
   - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244
     ltc#168122).
   - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).
   - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244
     ltc#168122).
   - powerpc/pseries: Machine check use rtas_call_unlocked() with args on
     stack (bsc#1094244 ltc#168122).
   - powerpc/pseries: radix is not subject to RMA limit, remove it
     (bsc#1176022 ltc#187208).
   - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths
     (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
   - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244
     ltc#168122).
   - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244
     ltc#168122).
   - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
   - powerpc/traps: fix recoverability of machine check handling on book3s/32
     (bsc#1094244 ltc#168122).
   - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244
     ltc#168122).
   - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S
     (bsc#1065729).
   - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes
     (rcu)).
   - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules
     (bsc#1176869 ltc#188243).
   - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT
   - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION
   - rpm/constraints.in: Increase memory for kernel-docs References:
     https://build.opensuse.org/request/show/792664
   - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)
   - rpm: drop execute permissions on source files Sometimes a source file
     with execute permission appears in upstream repository and makes it into
     our kernel-source packages. This is caught by OBS build checks and may
     even result in build failures. Sanitize the source tree by removing
     execute permissions from all C source and header files.
   - rpm/kabi.pl: account for namespace field being moved last Upstream is
     moving the namespace field in Module.symvers last in order to preserve
     backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl
     script to expect the namespace field last. Since split() ignores
     trailing empty fields and delimeters, switch to using tr to count how
     many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of
     -1 to split() so it does not strip trailing empty fields, as namespace
     is an optional field.
   - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857
     jsc#SLE-13618).
   - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115)
   - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup
     Co-Authored-By: Adam Spiers <aspiers at suse.com>
   - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for
     podman or docker builds when no more specific driver can be used (like
     lvm or btrfs). As the default build fs is ext4 currently, we need
     overlayfs kernel modules to be available.
   - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073).
   - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
   - rpm/macros.kernel-source: pass -c proerly in kernel module package
     (bsc#1176698)
   - rpm/mkspec-dtb: add mt76 based dtb package
   - rpm/package-descriptions: garbege collection remove old ARM and Xen
     flavors.
   - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
   - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
     (networking-stable-20_08_08).
   - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
     (networking-stable-20_07_29).
   - s390/mm: fix huge pte soft dirty copying (git-fixes).
   - s390/qeth: do not process empty bridge port events (git-fixes).
   - s390/qeth: integrate RX refill worker with NAPI (git-fixes).
   - s390/qeth: tolerate pre-filled RX buffer (git-fixes).
   - sched/deadline: Initialize ->dl_boosted (bsc#1112178).
   - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
   - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
     (bsc#1140683).
   - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962
     ltc#188304).
   - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
     (bsc#1176962 ltc#188304).
   - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling
     getpeername() (bsc#1177258).
   - scsi: libfc: Fix for double free() (bsc#1174899).
   - scsi: libfc: free response frame from GPN_ID (bsc#1174899).
   - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
     (bsc#1174899).
   - scsi: lpfc: Add and rename a whole bunch of function parameter
     descriptions (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
   - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: Ensure variable has the same stipulations as code using it
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix oops when unloading driver while running mds diags
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
   - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558
     bsc#1136666).
   - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558
     bsc#1136666 bsc#1173060).
   - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
     targetport (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param
     (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666).
   - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666).
   - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix I/O failures during remote port toggle testing
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
   - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Fix the return value (bsc#1171688).
   - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call
     (bsc#1171688).
   - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
     (bsc#1171688).
   - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg()
     (bsc#1171688).
   - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).
   - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle()
     (bsc#1171688).
   - scsi: qla2xxx: Make tgt_port_database available in initiator mode
     (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
   - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
   - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
   - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946
     bsc#1175520 bsc#1172538).
   - scsi: qla2xxx: Simplify return value logic in
     qla2x00_get_sp_from_handle() (bsc#1171688).
   - scsi: qla2xxx: Suppress two recently introduced compiler warnings
     (git-fixes).
   - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520
     bsc#1172538).
   - scsi: qla2xxx: Warn if done() or free() are called on an already freed
     srb (bsc#1171688).
   - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).
   - Set VIRTIO_CONSOLE=y (bsc#1175667).
   - sign also s390x kernel images (bsc#1163524)
   - SMB3: Honor persistent/resilient handle flags for multiuser mounts
     (bsc#1176546).
   - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
   - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
   - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes).
   - tcp: apply a floor of 1 for RTT samples from TCP timestamps
     (networking-stable-20_08_08).
   - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
     (git-fixes).
   - USB: cdc-acm: rework notification_buffer resizing (git-fixes).
   - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
   - USB: Fix out of sync data toggle if a configured device is reconfigured
     (git-fixes).
   - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
   - USB: gadget: f_tcm: Fix some resource leaks in some error paths
     (git-fixes).
   - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).
   - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
   - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
     (git-fixes).
   - USB: hso: check for return value in hso_serial_common_create()
     (networking-stable-20_08_08).
   - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).
   - usblp: fix race between disconnect() and read() (git-fixes).
   - USB: lvtest: return proper error code in probe (git-fixes).
   - usbnet: ipheth: fix potential null pointer dereference in
     ipheth_carrier_set (git-fixes).
   - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
     (git-fixes).
   - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
     notebook (git-fixes).
   - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D
     (git-fixes).
   - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).
   - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
   - USB: serial: ftdi_sio: clean up receive processing (git-fixes).
   - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).
   - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).
   - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
     (git-fixes).
   - USB: serial: option: support dynamic Quectel USB compositions
     (git-fixes).
   - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes).
   - USB: sisusbvga: Fix a potential UB casued by left shifting a negative
     value (git-fixes).
   - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
   - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
   - USB: uas: Add quirk for PNY Pro Elite (git-fixes).
   - USB: UAS: fix disconnect by unplugging a hub (git-fixes).
   - USB: xhci: define IDs for various ASMedia host controllers (git-fixes).
   - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes).
   - USB: yurex: Fix bad gfp argument (git-fixes).
   - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes
     (block drivers)).
   - vrf: prevent adding upper devices (git-fixes).
   - vxge: fix return of a free'd memblock on a failed dma mapping
     (git-fixes).
   - vxlan: Ensure FDB dump is performed under RCU (git-fixes).
   - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).
   - x86/hyperv: Create and use Hyper-V page definitions (git-fixes).
   - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178).
   - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
   - xen/balloon: fix accounting in alloc_xenballooned_pages error path
     (bsc#1065600).
   - xen/balloon: make the balloon wait interruptible (bsc#1065600).
   - xen: do not reschedule in preemption off sections (bsc#1175749).
   - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Realtime 15-SP1:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3014=1



Package List:

   - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64):

      cluster-md-kmp-rt-4.12.14-14.36.1
      cluster-md-kmp-rt-debuginfo-4.12.14-14.36.1
      dlm-kmp-rt-4.12.14-14.36.1
      dlm-kmp-rt-debuginfo-4.12.14-14.36.1
      gfs2-kmp-rt-4.12.14-14.36.1
      gfs2-kmp-rt-debuginfo-4.12.14-14.36.1
      kernel-rt-4.12.14-14.36.1
      kernel-rt-base-4.12.14-14.36.1
      kernel-rt-base-debuginfo-4.12.14-14.36.1
      kernel-rt-debuginfo-4.12.14-14.36.1
      kernel-rt-debugsource-4.12.14-14.36.1
      kernel-rt-devel-4.12.14-14.36.1
      kernel-rt-devel-debuginfo-4.12.14-14.36.1
      kernel-rt_debug-debuginfo-4.12.14-14.36.1
      kernel-rt_debug-debugsource-4.12.14-14.36.1
      kernel-rt_debug-devel-4.12.14-14.36.1
      kernel-rt_debug-devel-debuginfo-4.12.14-14.36.1
      kernel-syms-rt-4.12.14-14.36.1
      ocfs2-kmp-rt-4.12.14-14.36.1
      ocfs2-kmp-rt-debuginfo-4.12.14-14.36.1

   - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch):

      kernel-devel-rt-4.12.14-14.36.1
      kernel-source-rt-4.12.14-14.36.1


References:

   https://www.suse.com/security/cve/CVE-2020-0404.html
   https://www.suse.com/security/cve/CVE-2020-0427.html
   https://www.suse.com/security/cve/CVE-2020-0431.html
   https://www.suse.com/security/cve/CVE-2020-0432.html
   https://www.suse.com/security/cve/CVE-2020-14381.html
   https://www.suse.com/security/cve/CVE-2020-14386.html
   https://www.suse.com/security/cve/CVE-2020-14390.html
   https://www.suse.com/security/cve/CVE-2020-1749.html
   https://www.suse.com/security/cve/CVE-2020-25212.html
   https://www.suse.com/security/cve/CVE-2020-25284.html
   https://www.suse.com/security/cve/CVE-2020-25641.html
   https://www.suse.com/security/cve/CVE-2020-25643.html
   https://www.suse.com/security/cve/CVE-2020-25645.html
   https://www.suse.com/security/cve/CVE-2020-26088.html
   https://bugzilla.suse.com/1055186
   https://bugzilla.suse.com/1058115
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1112178
   https://bugzilla.suse.com/1113956
   https://bugzilla.suse.com/1136666
   https://bugzilla.suse.com/1140683
   https://bugzilla.suse.com/1152148
   https://bugzilla.suse.com/1154366
   https://bugzilla.suse.com/1163524
   https://bugzilla.suse.com/1165629
   https://bugzilla.suse.com/1166965
   https://bugzilla.suse.com/1167527
   https://bugzilla.suse.com/1169972
   https://bugzilla.suse.com/1170232
   https://bugzilla.suse.com/1171558
   https://bugzilla.suse.com/1171688
   https://bugzilla.suse.com/1171742
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1172538
   https://bugzilla.suse.com/1172873
   https://bugzilla.suse.com/1173060
   https://bugzilla.suse.com/1173115
   https://bugzilla.suse.com/1174748
   https://bugzilla.suse.com/1174899
   https://bugzilla.suse.com/1175228
   https://bugzilla.suse.com/1175520
   https://bugzilla.suse.com/1175667
   https://bugzilla.suse.com/1175691
   https://bugzilla.suse.com/1175749
   https://bugzilla.suse.com/1175882
   https://bugzilla.suse.com/1176011
   https://bugzilla.suse.com/1176022
   https://bugzilla.suse.com/1176038
   https://bugzilla.suse.com/1176069
   https://bugzilla.suse.com/1176235
   https://bugzilla.suse.com/1176242
   https://bugzilla.suse.com/1176278
   https://bugzilla.suse.com/1176316
   https://bugzilla.suse.com/1176317
   https://bugzilla.suse.com/1176318
   https://bugzilla.suse.com/1176319
   https://bugzilla.suse.com/1176320
   https://bugzilla.suse.com/1176321
   https://bugzilla.suse.com/1176381
   https://bugzilla.suse.com/1176395
   https://bugzilla.suse.com/1176400
   https://bugzilla.suse.com/1176410
   https://bugzilla.suse.com/1176423
   https://bugzilla.suse.com/1176482
   https://bugzilla.suse.com/1176507
   https://bugzilla.suse.com/1176536
   https://bugzilla.suse.com/1176544
   https://bugzilla.suse.com/1176545
   https://bugzilla.suse.com/1176546
   https://bugzilla.suse.com/1176548
   https://bugzilla.suse.com/1176659
   https://bugzilla.suse.com/1176698
   https://bugzilla.suse.com/1176699
   https://bugzilla.suse.com/1176700
   https://bugzilla.suse.com/1176721
   https://bugzilla.suse.com/1176722
   https://bugzilla.suse.com/1176725
   https://bugzilla.suse.com/1176732
   https://bugzilla.suse.com/1176788
   https://bugzilla.suse.com/1176789
   https://bugzilla.suse.com/1176869
   https://bugzilla.suse.com/1176877
   https://bugzilla.suse.com/1176935
   https://bugzilla.suse.com/1176946
   https://bugzilla.suse.com/1176950
   https://bugzilla.suse.com/1176962
   https://bugzilla.suse.com/1176966
   https://bugzilla.suse.com/1176990
   https://bugzilla.suse.com/1177027
   https://bugzilla.suse.com/1177030
   https://bugzilla.suse.com/1177041
   https://bugzilla.suse.com/1177042
   https://bugzilla.suse.com/1177043
   https://bugzilla.suse.com/1177044
   https://bugzilla.suse.com/1177121
   https://bugzilla.suse.com/1177206
   https://bugzilla.suse.com/1177258
   https://bugzilla.suse.com/1177291
   https://bugzilla.suse.com/1177293
   https://bugzilla.suse.com/1177294
   https://bugzilla.suse.com/1177295
   https://bugzilla.suse.com/1177296
   https://bugzilla.suse.com/1177340
   https://bugzilla.suse.com/1177511



More information about the sle-security-updates mailing list