SUSE-SU-2021:2643-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Aug 10 13:42:07 UTC 2021
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2643-1
Rating: important
References: #1065729 #1085224 #1094840 #1113295 #1153720
#1170511 #1176724 #1176931 #1176940 #1179195
#1181161 #1183871 #1184114 #1184350 #1184804
#1185032 #1185308 #1185377 #1185791 #1185995
#1186206 #1186482 #1186672 #1187038 #1187050
#1187215 #1187476 #1187585 #1187846 #1188026
#1188062 #1188101 #1188116 #1188273 #1188274
#1188405 #1188620 #1188750 #1188838 #1188842
#1188876 #1188885 #1188973 SLE-10538
Cross-References: CVE-2020-0429 CVE-2020-36385 CVE-2020-36386
CVE-2021-22543 CVE-2021-22555 CVE-2021-33909
CVE-2021-3609 CVE-2021-3612 CVE-2021-3659
CVE-2021-37576
CVSS scores:
CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________
An update that solves 10 vulnerabilities, contains one
feature and has 33 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in
net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM
guest OS user could cause host OS memory corruption via rtas_args.nargs
(bsc#1188838).
- CVE-2020-0429: In l2tp_session_delete and related functions of
l2tp_core.c, there is possible memory corruption due to a use after
free. This could lead to local escalation of privilege with System
execution privileges needed. (bsc#1176724).
- CVE-2020-36386: Fixed a slab out-of-bounds read in
hci_extended_inquiry_result_evt (bsc#1187038).
- CVE-2021-22543: Fixed an improper handling of VM_IO|VM_PFNMAP vmas in
KVM that allows users to start and control a VM to read/write random
pages of memory and can result in local privilege escalation.
(bnc#1186482)
- CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer
that allows to obtain full root privileges. (bsc#1188062)
- CVE-2021-22555: Fixed an heap out-of-bounds write in
net/netfilter/x_tables.c that could allow local provilege escalation.
(bsc#1188116)
- CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
which allows for local privilege escalation. (bsc#1187215)
- CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could
allows a local user to crash the system or possibly escalate their
privileges on the system. (bsc#1187585)
- CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
local privilege escalation. (bsc#1187050)
The following non-security bugs were fixed:
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes).
- ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
- ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
- ACPI: sysfs: Fix a buffer overrun problem with description_show()
(git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
hi6210_i2s_startup() (git-fixes).
- ASoC: soc-core: Fix the error return code in
snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed or cancelled
(git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc
(git-fixes).
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure
(git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- HID: wacom: Correct base usage for capacitive ExpressKey status bits
(git-fixes).
- Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
- Input: usbtouchscreen - fix control-request directions (git-fixes).
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
(git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
- PCI: quirks: fix false kABI positive (git-fixes).
- Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
(git-fixes).
- Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
(git-fixes).
- Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes).
- Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
(git-fixes).
- Revert "ibmvnic: remove duplicate napi_schedule call in open function"
(bsc#1065729).
- USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
- USB: move many drivers to use DEVICE_ATTR_WO (git-fixes).
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
- arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
(git-fixes).
- arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
(git-fixes).
- ata: ahci_sunxi: Disable DIPM (git-fixes).
- ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
(git-fixes).
- brcmfmac: correctly report average RSSI in station info (git-fixes).
- brcmfmac: fix setting of station info chains bitmask (git-fixes).
- brcmsmac: mac80211_if: Fix a resource leak in an error handling path
(git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: esd_usb2: fix memory leak (git-fixes).
- can: gw: synchronize rcu operations before removing gw job entry
(git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma initialization
(git-fixes).
- can: peak_pciefd: pucan_handle_status(): fix a potential starvation
issue in TX path (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
- can: sja1000: sja1000_err(): do not count arbitration lose as an error
(git-fixes).
- can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an
error (git-fixes).
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- ceph: do not WARN if we're still opening a session to an MDS
(bsc#1188750).
- cfg80211: call cfg80211_leave_ocb when switching away from OCB
(git-fixes).
- char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
set_protocol() (git-fixes).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath
(git-fixes).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cosa: Add missing kfree in error path of cosa_write (git-fixes).
- crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()'
(git-fixes).
- crypto: do not free algorithm before using (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- cxgb4: fix wrong shift (git-fixes).
- dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
- drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
- drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
- drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
- drm/radeon: Add the missed drm_gem_object_put() in
radeon_user_framebuffer_create() (git-fixes).
- drm/radeon: wait for moving fence after pinning (git-fixes).
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error
in cdn_dp_grf_write() (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- drm: qxl: ensure surf.data is ininitialized (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- extcon: max8997: Add missing modalias string (git-fixes).
- extcon: sm5502: Drop invalid register write in sm5502_reg_data
(git-fixes).
- fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
- fuse: check connected before queueing on fpq->io (bsc#1188273).
- fuse: reject internal errno (bsc#1188274).
- genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
(bsc#1176940).
- gve: Add NULL pointer checks when freeing irqs (bsc#1176940).
- gve: Add basic driver framework for Compute Engine Virtual NIC
(jsc#SLE-10538).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add ethtool support (jsc#SLE-10538).
- gve: Add stats for gve (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Add support for raw addressing in the tx path (bsc#1176940).
- gve: Add support for raw addressing to the rx path (bsc#1176940).
- gve: Add workqueue and reset support (jsc#SLE-10538).
- gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538).
- gve: Correct SKB queue index validation (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Fix an error handling path in 'gve_probe()' (bsc#1176940).
- gve: Fix case where desc_cnt and data_cnt can get out of sync
(jsc#SLE-10538).
- gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538).
- gve: Fix swapped vars when fetching max queues (git-fixes).
- gve: Fix the queue page list allocated pages count (bsc#1176940).
- gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: Fixes DMA synchronization (jsc#SLE-10538).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset
(bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: Remove the exporting of gve_probe (jsc#SLE-10538).
- gve: Replace zero-length array with flexible-array member (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940).
- gve: Upgrade memory barrier in poll routine (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Use link status register to report link status (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538).
- gve: fix dma sync bug where not all pages synced (bsc#1176940).
- gve: fix unused variable/label warnings (jsc#SLE-10538).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- gve: replace kfree with kvfree (jsc#SLE-10538).
- hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
- hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
- i2c: robotfuzz-osif: fix control-request directions (git-fixes).
- ibmvnic: Allow device probe if the device is not ready at boot
(bsc#1184114 ltc#192237).
- ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
(bsc#1184114 ltc#192237).
- ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114
ltc#192237).
- ibmvnic: fix send_request_map incompatible argument (bsc#1184114
ltc#192237).
- ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
- ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871
ltc#192139 git-fixes).
- ibmvnic: retry reset if there are no other resets (bsc#1184350
ltc#191533).
- ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
- iio: accel: bma180: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- iio: accel: bma220: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: hid: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: kxcjk-1013: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8312: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8ba50: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: mxs-lradc: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads1015: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: vf610: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adis_buffer: do not return ints in irq handlers (git-fixes).
- iio: gyro: bmg160: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: humidity: am2315: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: isl29125: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3414: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion
(git-fixes).
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and
PS_DATA as volatile, too (git-fixes).
- iio: potentiostat: lmp91000: Fix alignment of buffer in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: pulsed-light: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
- iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
- kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161).
- kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit
(git-fixes).
- leds: ktd2692: Fix an error handling path (git-fixes).
- leds: trigger: fix potential deadlock with libata (git-fixes).
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds
(git-fixes).
- lib/decompressors: remove set but not used variabled 'level' (git-fixes).
- lpfc: Decouple port_template and vport_template (bsc#1185032).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- mac80211: remove iwlwifi specific workaround NDPs of null_response
(git-fixes).
- mac80211: remove warning in ieee80211_get_sband() (git-fixes).
- media: I2C: change 'RST' to "RSET" to fix multiple build errors
(git-fixes).
- media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes).
- media: cobalt: fix race condition in setting HPD (git-fixes).
- media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
- media: dtv5100: fix control-request directions (git-fixes).
- media: dvb-usb: fix wrong definition (git-fixes).
- media: dvb_net: avoid speculation from net slot (git-fixes).
- media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
- media: em28xx: Fix possible memory leak of em28xx struct (git-fixes).
- media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
- media: gspca/gl860: fix zero-length control requests (git-fixes).
- media: gspca/sq905: fix control-request direction (git-fixes).
- media: gspca/sunplus: fix zero-length control requests (git-fixes).
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
(git-fixes).
- media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
- media: siano: Fix out-of-bounds warnings in
smscore_load_firmware_family2() (git-fixes).
- media: siano: fix device register error path (git-fixes).
- media: st-hva: Fix potential NULL pointer dereferences (git-fixes).
- media: tc358743: Fix error return code in tc358743_probe_of()
(git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
(git-fixes).
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
(git-fixes).
- media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
- memory: atmel-ebi: add missing of_node_put for loop iteration
(git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
- memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
- memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
(git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
- mlxsw: core: Use variable timeout for EMAD retries (git-fixes).
- mmc: block: Disable CMDQ on the ioctl path (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
(git-fixes).
- mmc: core: clear flags before allowing to retune (git-fixes).
- mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
(git-fixes).
- mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
- mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes).
- mmc: vub3000: fix control-request direction (git-fixes).
- mwifiex: re-fix for unaligned accesses (git-fixes).
- net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes).
- net/mlx5: Query PPS pin operational status before registering it
(git-fixes).
- net/mlx5: Verify Hardware supports requested ptp function on a given pin
(git-fixes).
- net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940).
- net: b44: fix error return code in b44_init_one() (git-fixes).
- net: broadcom CNIC: requires MMU (git-fixes).
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
- netsec: restore phy power state after controller reset (git-fixes).
- nfc: nfcsim: fix use after free during module unload (git-fixes).
- nvme-core: add cancel tagset helpers (bsc#1181161).
- nvme-multipath: fix double initialization of ANA state (bsc#1181161).
- nvme-rdma: add clean action for failed reconnection (bsc#1181161).
- nvme-rdma: fix reset hang if controller died in the middle of a reset
(bsc#1181161).
- nvme-rdma: use cancel tagset helper for tear down (bsc#1181161).
- nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161).
- nvme: verify MNAN value if ANA is enabled (bsc#1185791).
- nvmet: use new ana_log_size instead the old one (bsc#1181161).
- platform/x86: toshiba_acpi: Fix missing error code in
toshiba_acpi_setup_keyboard() (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
(git-fixes).
- powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h
(bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
_setup_security_mitigations (bsc#1188885 ltc#193722).
- powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295,
git-fixes).
- powerpc/pesries: Get STF barrier requirement from
H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries/scm: Use a specific endian format for storing uuid from
the device tree (bsc#1113295, git-fixes).
- powerpc/pseries: Get entry and uaccess flush required bits from
H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: add new branch prediction security bits for link stack
(bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885
ltc#193722).
- powerpc/security: Add a security feature for STF barrier (bsc#1188885
ltc#193722).
- powerpc/security: Allow for processors that flush the link stack using
the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: Fix link stack flush instruction (bsc#1188885
ltc#193722).
- powerpc/security: change link stack flush state to the flush type enum
(bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more consistent
(bsc#1188885 ltc#193722).
- powerpc/security: re-name count cache flush to branch cache flush
(bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code patching
(bsc#1188885 ltc#193722).
- pwm: spear: Do not modify HW state in .remove callback (git-fixes).
- qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
(git-fixes).
- reset: a10sr: add missing of_match_table reference (git-fixes).
- reset: bail if try_module_get() fails (git-fixes).
- reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
(git-fixes).
- sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes)
- sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes)
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- sched/numa: Fix a possible divide-by-zero (git-fixes)
- scripts/git_sort/git_sort.py: add bpf git repo
- scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
- scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
(bsc#1185995).
- scsi: qedf: Do not put host in qedf_vport_create() unconditionally
(bsc#1170511).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195).
- serial: mvebu-uart: clarify the baud rate derivation (git-fixes).
- serial: mvebu-uart: correctly calculate minimal possible baudrate
(git-fixes).
- serial: mvebu-uart: do not allow changing baudrate when uartclk is not
available (git-fixes).
- serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes).
- spi: Make of_register_spi_device also set the fwnode (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- spi: omap-100k: Fix the length judgment problem (git-fixes).
- spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes).
- spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
- spi: spi-topcliff-pch: Fix potential double free in
pch_spi_process_messages() (git-fixes).
- spi: tegra114: Fix an error message (git-fixes).
- ssb: sdio: Do not overwrite const buffer if block_write fails
(git-fixes).
- staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
(git-fixes).
- staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
- tracing: Do not reference char * as a string in histograms (git-fixes).
- tty: nozomi: Fix a resource leak in an error handling function
(git-fixes).
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
(git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
(git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
zero (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
(git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
(git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- usb: move many drivers to use DEVICE_ATTR_WO (git-fixes).
- usb: typec: Add the missed altmode_id_remove() in
typec_register_altmode() (git-fixes).
- usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- usbip: vudc synchronize sysfs code paths (git-fixes).
- usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
(git-fixes).
- uuid: Add inline helpers to import / export UUIDs (bsc#1113295,
git-fixes).
- virtio_console: Assure used length from device is limited (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- watchdog: Fix possible use-after-free by calling del_timer_sync()
(git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
- watchdog: aspeed: fix hardware timeout calculation (git-fixes).
- watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
(git-fixes).
- watchdog: sp805: Fix kernel doc description (git-fixes).
- wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
- wireless: carl9170: fix LEDS build errors and warnings (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
- workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
- x86/debug: Extend the lower bound of crash kernel low reservations
(bsc#1153720).
- x86/kvm: Disable all PV features on crash (bsc#1185308).
- x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
- x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
- x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()
(bsc#1185308).
- xen-pciback: reconfigure also from backend watch handler (git-fixes).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
- xhci: Fix lost USB 2 remote wake (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 12-SP5:
zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2643=1
Package List:
- SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
kernel-devel-rt-4.12.14-10.54.1
kernel-source-rt-4.12.14-10.54.1
- SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
cluster-md-kmp-rt-4.12.14-10.54.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.54.1
dlm-kmp-rt-4.12.14-10.54.1
dlm-kmp-rt-debuginfo-4.12.14-10.54.1
gfs2-kmp-rt-4.12.14-10.54.1
gfs2-kmp-rt-debuginfo-4.12.14-10.54.1
kernel-rt-4.12.14-10.54.1
kernel-rt-base-4.12.14-10.54.1
kernel-rt-base-debuginfo-4.12.14-10.54.1
kernel-rt-debuginfo-4.12.14-10.54.1
kernel-rt-debugsource-4.12.14-10.54.1
kernel-rt-devel-4.12.14-10.54.1
kernel-rt-devel-debuginfo-4.12.14-10.54.1
kernel-rt_debug-4.12.14-10.54.1
kernel-rt_debug-debuginfo-4.12.14-10.54.1
kernel-rt_debug-debugsource-4.12.14-10.54.1
kernel-rt_debug-devel-4.12.14-10.54.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.54.1
kernel-syms-rt-4.12.14-10.54.1
ocfs2-kmp-rt-4.12.14-10.54.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.54.1
References:
https://www.suse.com/security/cve/CVE-2020-0429.html
https://www.suse.com/security/cve/CVE-2020-36385.html
https://www.suse.com/security/cve/CVE-2020-36386.html
https://www.suse.com/security/cve/CVE-2021-22543.html
https://www.suse.com/security/cve/CVE-2021-22555.html
https://www.suse.com/security/cve/CVE-2021-33909.html
https://www.suse.com/security/cve/CVE-2021-3609.html
https://www.suse.com/security/cve/CVE-2021-3612.html
https://www.suse.com/security/cve/CVE-2021-3659.html
https://www.suse.com/security/cve/CVE-2021-37576.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1085224
https://bugzilla.suse.com/1094840
https://bugzilla.suse.com/1113295
https://bugzilla.suse.com/1153720
https://bugzilla.suse.com/1170511
https://bugzilla.suse.com/1176724
https://bugzilla.suse.com/1176931
https://bugzilla.suse.com/1176940
https://bugzilla.suse.com/1179195
https://bugzilla.suse.com/1181161
https://bugzilla.suse.com/1183871
https://bugzilla.suse.com/1184114
https://bugzilla.suse.com/1184350
https://bugzilla.suse.com/1184804
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1185308
https://bugzilla.suse.com/1185377
https://bugzilla.suse.com/1185791
https://bugzilla.suse.com/1185995
https://bugzilla.suse.com/1186206
https://bugzilla.suse.com/1186482
https://bugzilla.suse.com/1186672
https://bugzilla.suse.com/1187038
https://bugzilla.suse.com/1187050
https://bugzilla.suse.com/1187215
https://bugzilla.suse.com/1187476
https://bugzilla.suse.com/1187585
https://bugzilla.suse.com/1187846
https://bugzilla.suse.com/1188026
https://bugzilla.suse.com/1188062
https://bugzilla.suse.com/1188101
https://bugzilla.suse.com/1188116
https://bugzilla.suse.com/1188273
https://bugzilla.suse.com/1188274
https://bugzilla.suse.com/1188405
https://bugzilla.suse.com/1188620
https://bugzilla.suse.com/1188750
https://bugzilla.suse.com/1188838
https://bugzilla.suse.com/1188842
https://bugzilla.suse.com/1188876
https://bugzilla.suse.com/1188885
https://bugzilla.suse.com/1188973
More information about the sle-security-updates
mailing list