SUSE-SU-2021:2643-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Aug 10 13:42:07 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:2643-1
Rating:             important
References:         #1065729 #1085224 #1094840 #1113295 #1153720 
                    #1170511 #1176724 #1176931 #1176940 #1179195 
                    #1181161 #1183871 #1184114 #1184350 #1184804 
                    #1185032 #1185308 #1185377 #1185791 #1185995 
                    #1186206 #1186482 #1186672 #1187038 #1187050 
                    #1187215 #1187476 #1187585 #1187846 #1188026 
                    #1188062 #1188101 #1188116 #1188273 #1188274 
                    #1188405 #1188620 #1188750 #1188838 #1188842 
                    #1188876 #1188885 #1188973 SLE-10538 
Cross-References:   CVE-2020-0429 CVE-2020-36385 CVE-2020-36386
                    CVE-2021-22543 CVE-2021-22555 CVE-2021-33909
                    CVE-2021-3609 CVE-2021-3612 CVE-2021-3659
                    CVE-2021-37576
CVSS scores:
                    CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

   An update that solves 10 vulnerabilities, contains one
   feature and has 33 fixes is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in
     net/mac802154/llsec.c (bsc#1188876).
   - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM
     guest OS user could cause host OS memory corruption via rtas_args.nargs
     (bsc#1188838).
   - CVE-2020-0429: In l2tp_session_delete and related functions of
     l2tp_core.c, there is possible memory corruption due to a use after
     free. This could lead to local escalation of privilege with System
     execution privileges needed. (bsc#1176724).
   - CVE-2020-36386: Fixed a slab out-of-bounds read in
     hci_extended_inquiry_result_evt (bsc#1187038).
   - CVE-2021-22543: Fixed an improper handling of VM_IO|VM_PFNMAP vmas in
     KVM that allows users to start and control a VM to read/write random
     pages of memory and can result in local privilege escalation.
     (bnc#1186482)
   - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer
     that allows to obtain full root privileges. (bsc#1188062)
   - CVE-2021-22555: Fixed an heap out-of-bounds write in
     net/netfilter/x_tables.c that could allow local provilege escalation.
     (bsc#1188116)
   - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
     which allows for local privilege escalation. (bsc#1187215)
   - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could
     allows a local user to crash the system or possibly escalate their
     privileges on the system. (bsc#1187585)
   - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
     local privilege escalation. (bsc#1187050)

   The following non-security bugs were fixed:

   - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
   - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes).
   - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
   - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
   - ACPI: sysfs: Fix a buffer overrun problem with description_show()
     (git-fixes).
   - ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
   - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
   - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
   - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
   - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
   - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
   - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
   - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
   - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
     hi6210_i2s_startup() (git-fixes).
   - ASoC: soc-core: Fix the error return code in
     snd_soc_of_parse_audio_routing() (git-fixes).
   - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
   - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
   - Bluetooth: Shutdown controller after workqueues are flushed or cancelled
     (git-fixes).
   - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc
     (git-fixes).
   - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
   - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
   - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
   - HID: hid-sensor-hub: Return error for hid_set_field() failure
     (git-fixes).
   - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
   - HID: wacom: Correct base usage for capacitive ExpressKey status bits
     (git-fixes).
   - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
   - Input: usbtouchscreen - fix control-request directions (git-fixes).
   - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
   - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
   - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
     (git-fixes).
   - PCI: Mark TI C667X to avoid bus reset (git-fixes).
   - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
   - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
   - PCI: quirks: fix false kABI positive (git-fixes).
   - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
     (git-fixes).
   - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
     (git-fixes).
   - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes).
   - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
     (git-fixes).
   - Revert "ibmvnic: remove duplicate napi_schedule call in open function"
     (bsc#1065729).
   - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
   - USB: move many drivers to use DEVICE_ATTR_WO (git-fixes).
   - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
   - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
   - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
   - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
   - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
     (git-fixes).
   - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
     (git-fixes).
   - ata: ahci_sunxi: Disable DIPM (git-fixes).
   - ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
   - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
     (git-fixes).
   - brcmfmac: correctly report average RSSI in station info (git-fixes).
   - brcmfmac: fix setting of station info chains bitmask (git-fixes).
   - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
     (git-fixes).
   - can: ems_usb: fix memory leak (git-fixes).
   - can: esd_usb2: fix memory leak (git-fixes).
   - can: gw: synchronize rcu operations before removing gw job entry
     (git-fixes).
   - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
   - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
   - can: mcba_usb_start(): add missing urb->transfer_dma initialization
     (git-fixes).
   - can: peak_pciefd: pucan_handle_status(): fix a potential starvation
     issue in TX path (git-fixes).
   - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
   - can: sja1000: sja1000_err(): do not count arbitration lose as an error
     (git-fixes).
   - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an
     error (git-fixes).
   - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
   - can: usb_8dev: fix memory leak (git-fixes).
   - ceph: do not WARN if we're still opening a session to an MDS
     (bsc#1188750).
   - cfg80211: call cfg80211_leave_ocb when switching away from OCB
     (git-fixes).
   - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
     set_protocol() (git-fixes).
   - cifs: Fix preauth hash corruption (git-fixes).
   - cifs: Return correct error code from smb2_get_enc_key (git-fixes).
   - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath
     (git-fixes).
   - cifs: fix interrupted close commands (git-fixes).
   - cifs: fix memory leak in smb2_copychunk_range (git-fixes).
   - cosa: Add missing kfree in error path of cosa_write (git-fixes).
   - crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()'
     (git-fixes).
   - crypto: do not free algorithm before using (git-fixes).
   - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
   - cxgb4: fix wrong shift (git-fixes).
   - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
   - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
   - drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
   - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
   - drm/radeon: Add the missed drm_gem_object_put() in
     radeon_user_framebuffer_create() (git-fixes).
   - drm/radeon: wait for moving fence after pinning (git-fixes).
   - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error
     in cdn_dp_grf_write() (git-fixes).
   - drm/virtio: Fix double free on probe failure (git-fixes).
   - drm: Return -ENOTTY for non-drm ioctls (git-fixes).
   - drm: qxl: ensure surf.data is ininitialized (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - extcon: max8997: Add missing modalias string (git-fixes).
   - extcon: sm5502: Drop invalid register write in sm5502_reg_data
     (git-fixes).
   - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
   - fuse: check connected before queueing on fpq->io (bsc#1188273).
   - fuse: reject internal errno (bsc#1188274).
   - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
   - genirq: Disable interrupts for force threaded handlers (git-fixes)
   - genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
   - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
   - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
   - gve: Add DQO fields for core data structures (bsc#1176940).
   - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
     (bsc#1176940).
   - gve: Add NULL pointer checks when freeing irqs (bsc#1176940).
   - gve: Add basic driver framework for Compute Engine Virtual NIC
     (jsc#SLE-10538).
   - gve: Add dqo descriptors (bsc#1176940).
   - gve: Add ethtool support (jsc#SLE-10538).
   - gve: Add stats for gve (bsc#1176940).
   - gve: Add support for DQO RX PTYPE map (bsc#1176940).
   - gve: Add support for raw addressing device option (bsc#1176940).
   - gve: Add support for raw addressing in the tx path (bsc#1176940).
   - gve: Add support for raw addressing to the rx path (bsc#1176940).
   - gve: Add workqueue and reset support (jsc#SLE-10538).
   - gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
   - gve: Check TX QPL was actually assigned (bsc#1176940).
   - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538).
   - gve: Correct SKB queue index validation (bsc#1176940).
   - gve: DQO: Add RX path (bsc#1176940).
   - gve: DQO: Add TX path (bsc#1176940).
   - gve: DQO: Add core netdev features (bsc#1176940).
   - gve: DQO: Add ring allocation and initialization (bsc#1176940).
   - gve: DQO: Configure interrupts on device up (bsc#1176940).
   - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
   - gve: DQO: Remove incorrect prefetch (bsc#1176940).
   - gve: Enable Link Speed Reporting in the driver (bsc#1176940).
   - gve: Fix an error handling path in 'gve_probe()' (bsc#1176940).
   - gve: Fix case where desc_cnt and data_cnt can get out of sync
     (jsc#SLE-10538).
   - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538).
   - gve: Fix swapped vars when fetching max queues (git-fixes).
   - gve: Fix the queue page list allocated pages count (bsc#1176940).
   - gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538).
   - gve: Fix warnings reported for DQO patchset (bsc#1176940).
   - gve: Fixes DMA synchronization (jsc#SLE-10538).
   - gve: Get and set Rx copybreak via ethtool (bsc#1176940).
   - gve: Introduce a new model for device options (bsc#1176940).
   - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
   - gve: Make gve_rx_slot_page_info.page_offset an absolute offset
     (bsc#1176940).
   - gve: Move some static functions to a common file (bsc#1176940).
   - gve: NIC stats for report-stats and for ethtool (bsc#1176940).
   - gve: Propagate error codes to caller (bsc#1176940).
   - gve: Remove the exporting of gve_probe (jsc#SLE-10538).
   - gve: Replace zero-length array with flexible-array member (bsc#1176940).
   - gve: Rx Buffer Recycling (bsc#1176940).
   - gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
   - gve: Update adminq commands to support DQO queues (bsc#1176940).
   - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940).
   - gve: Upgrade memory barrier in poll routine (bsc#1176940).
   - gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
   - gve: Use link status register to report link status (bsc#1176940).
   - gve: adminq: DQO specific device descriptor logic (bsc#1176940).
   - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538).
   - gve: fix dma sync bug where not all pages synced (bsc#1176940).
   - gve: fix unused variable/label warnings (jsc#SLE-10538).
   - gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
   - gve: replace kfree with kvfree (jsc#SLE-10538).
   - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
   - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
   - i2c: robotfuzz-osif: fix control-request directions (git-fixes).
   - ibmvnic: Allow device probe if the device is not ready at boot
     (bsc#1184114 ltc#192237).
   - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
     (bsc#1184114 ltc#192237).
   - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114
     ltc#192237).
   - ibmvnic: fix send_request_map incompatible argument (bsc#1184114
     ltc#192237).
   - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
   - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871
     ltc#192139 git-fixes).
   - ibmvnic: retry reset if there are no other resets (bsc#1184350
     ltc#191533).
   - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
   - iio: accel: bma180: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: bma180: Use explicit member assignment (git-fixes).
   - iio: accel: bma220: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: hid: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: kxcjk-1013: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8312: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8ba50: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: mxs-lradc: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: ti-ads1015: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: vf610: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adis_buffer: do not return ints in irq handlers (git-fixes).
   - iio: gyro: bmg160: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: humidity: am2315: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: isl29125: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: tcs3414: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: ltr501: ltr501_read_ps(): add missing endianness conversion
     (git-fixes).
   - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
   - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and
     PS_DATA as volatile, too (git-fixes).
   - iio: potentiostat: lmp91000: Fix alignment of buffer in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: pulsed-light: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
   - kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161).
   - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit
     (git-fixes).
   - leds: ktd2692: Fix an error handling path (git-fixes).
   - leds: trigger: fix potential deadlock with libata (git-fixes).
   - lib/decompress_unlz4.c: correctly handle zero-padding around initrds
     (git-fixes).
   - lib/decompressors: remove set but not used variabled 'level' (git-fixes).
   - lpfc: Decouple port_template and vport_template (bsc#1185032).
   - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
   - mac80211: remove iwlwifi specific workaround NDPs of null_response
     (git-fixes).
   - mac80211: remove warning in ieee80211_get_sband() (git-fixes).
   - media: I2C: change 'RST' to "RSET" to fix multiple build errors
     (git-fixes).
   - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes).
   - media: cobalt: fix race condition in setting HPD (git-fixes).
   - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
   - media: dtv5100: fix control-request directions (git-fixes).
   - media: dvb-usb: fix wrong definition (git-fixes).
   - media: dvb_net: avoid speculation from net slot (git-fixes).
   - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
   - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes).
   - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
   - media: gspca/gl860: fix zero-length control requests (git-fixes).
   - media: gspca/sq905: fix control-request direction (git-fixes).
   - media: gspca/sunplus: fix zero-length control requests (git-fixes).
   - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
     (git-fixes).
   - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
   - media: rtl28xxu: fix zero-length control request (git-fixes).
   - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
   - media: siano: Fix out-of-bounds warnings in
     smscore_load_firmware_family2() (git-fixes).
   - media: siano: fix device register error path (git-fixes).
   - media: st-hva: Fix potential NULL pointer dereferences (git-fixes).
   - media: tc358743: Fix error return code in tc358743_probe_of()
     (git-fixes).
   - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
     (git-fixes).
   - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
     (git-fixes).
   - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
   - memory: atmel-ebi: add missing of_node_put for loop iteration
     (git-fixes).
   - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
   - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
   - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
     (git-fixes).
   - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
   - mlxsw: core: Use variable timeout for EMAD retries (git-fixes).
   - mmc: block: Disable CMDQ on the ioctl path (git-fixes).
   - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
     (git-fixes).
   - mmc: core: clear flags before allowing to retune (git-fixes).
   - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
   - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
     (git-fixes).
   - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
   - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes).
   - mmc: vub3000: fix control-request direction (git-fixes).
   - mwifiex: re-fix for unaligned accesses (git-fixes).
   - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes).
   - net/mlx5: Query PPS pin operational status before registering it
     (git-fixes).
   - net/mlx5: Verify Hardware supports requested ptp function on a given pin
     (git-fixes).
   - net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940).
   - net: b44: fix error return code in b44_init_one() (git-fixes).
   - net: broadcom CNIC: requires MMU (git-fixes).
   - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
   - net: gve: convert strlcpy to strscpy (bsc#1176940).
   - net: gve: remove duplicated allowed (bsc#1176940).
   - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
   - netsec: restore phy power state after controller reset (git-fixes).
   - nfc: nfcsim: fix use after free during module unload (git-fixes).
   - nvme-core: add cancel tagset helpers (bsc#1181161).
   - nvme-multipath: fix double initialization of ANA state (bsc#1181161).
   - nvme-rdma: add clean action for failed reconnection (bsc#1181161).
   - nvme-rdma: fix reset hang if controller died in the middle of a reset
     (bsc#1181161).
   - nvme-rdma: use cancel tagset helper for tear down (bsc#1181161).
   - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161).
   - nvme: verify MNAN value if ANA is enabled (bsc#1185791).
   - nvmet: use new ana_log_size instead the old one (bsc#1181161).
   - platform/x86: toshiba_acpi: Fix missing error code in
     toshiba_acpi_setup_keyboard() (git-fixes).
   - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
   - power: supply: ab8500: Avoid NULL pointers (git-fixes).
   - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
   - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
     (git-fixes).
   - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h
     (bsc#1188885 ltc#193722).
   - powerpc/64s: rename pnv|pseries_setup_rfi_flush to
     _setup_security_mitigations (bsc#1188885 ltc#193722).
   - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295,
     git-fixes).
   - powerpc/pesries: Get STF barrier requirement from
     H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
   - powerpc/pseries/scm: Use a specific endian format for storing uuid from
     the device tree (bsc#1113295, git-fixes).
   - powerpc/pseries: Get entry and uaccess flush required bits from
     H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
   - powerpc/pseries: add new branch prediction security bits for link stack
     (bsc#1188885 ltc#193722).
   - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885
     ltc#193722).
   - powerpc/security: Add a security feature for STF barrier (bsc#1188885
     ltc#193722).
   - powerpc/security: Allow for processors that flush the link stack using
     the special bcctr (bsc#1188885 ltc#193722).
   - powerpc/security: Fix link stack flush instruction (bsc#1188885
     ltc#193722).
   - powerpc/security: change link stack flush state to the flush type enum
     (bsc#1188885 ltc#193722).
   - powerpc/security: make display of branch cache flush more consistent
     (bsc#1188885 ltc#193722).
   - powerpc/security: re-name count cache flush to branch cache flush
     (bsc#1188885 ltc#193722).
   - powerpc/security: split branch cache flush toggle from code patching
     (bsc#1188885 ltc#193722).
   - pwm: spear: Do not modify HW state in .remove callback (git-fixes).
   - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
   - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
   - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
     (git-fixes).
   - reset: a10sr: add missing of_match_table reference (git-fixes).
   - reset: bail if try_module_get() fails (git-fixes).
   - reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
   - rtc: max77686: Do not enforce (incorrect) interrupt trigger type
     (git-fixes).
   - sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes)
   - sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes)
   - sched/fair: Fix unfairness caused by missing load decay (git-fixes)
   - sched/numa: Fix a possible divide-by-zero (git-fixes)
   - scripts/git_sort/git_sort.py: add bpf git repo
   - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
   - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
     (bsc#1185995).
   - scsi: qedf: Do not put host in qedf_vport_create() unconditionally
     (bsc#1170511).
   - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195).
   - serial: mvebu-uart: clarify the baud rate derivation (git-fixes).
   - serial: mvebu-uart: correctly calculate minimal possible baudrate
     (git-fixes).
   - serial: mvebu-uart: do not allow changing baudrate when uartclk is not
     available (git-fixes).
   - serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
   - smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes).
   - spi: Make of_register_spi_device also set the fwnode (git-fixes).
   - spi: mediatek: fix fifo rx mode (git-fixes).
   - spi: omap-100k: Fix the length judgment problem (git-fixes).
   - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes).
   - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
   - spi: spi-topcliff-pch: Fix potential double free in
     pch_spi_process_messages() (git-fixes).
   - spi: tegra114: Fix an error message (git-fixes).
   - ssb: sdio: Do not overwrite const buffer if block_write fails
     (git-fixes).
   - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
     (git-fixes).
   - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
   - tracing: Do not reference char * as a string in histograms (git-fixes).
   - tty: nozomi: Fix a resource leak in an error handling function
     (git-fixes).
   - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
     (git-fixes).
   - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
     (git-fixes).
   - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
     zero (git-fixes).
   - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
     (git-fixes).
   - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
     (git-fixes).
   - usb: max-3421: Prevent corruption of freed memory (git-fixes).
   - usb: move many drivers to use DEVICE_ATTR_WO (git-fixes).
   - usb: typec: Add the missed altmode_id_remove() in
     typec_register_altmode() (git-fixes).
   - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
   - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
   - usbip: vudc synchronize sysfs code paths (git-fixes).
   - usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
     (git-fixes).
   - uuid: Add inline helpers to import / export UUIDs (bsc#1113295,
     git-fixes).
   - virtio_console: Assure used length from device is limited (git-fixes).
   - w1: ds2438: fixing bug that would always get page0 (git-fixes).
   - watchdog: Fix possible use-after-free by calling del_timer_sync()
     (git-fixes).
   - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
   - watchdog: aspeed: fix hardware timeout calculation (git-fixes).
   - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
   - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
     (git-fixes).
   - watchdog: sp805: Fix kernel doc description (git-fixes).
   - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
   - wireless: carl9170: fix LEDS build errors and warnings (git-fixes).
   - wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
   - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
   - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
   - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
   - x86/debug: Extend the lower bound of crash kernel low reservations
     (bsc#1153720).
   - x86/kvm: Disable all PV features on crash (bsc#1185308).
   - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
   - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
   - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
   - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()
     (bsc#1185308).
   - xen-pciback: reconfigure also from backend watch handler (git-fixes).
   - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
   - xhci: Fix lost USB 2 remote wake (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2643=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):

      kernel-devel-rt-4.12.14-10.54.1
      kernel-source-rt-4.12.14-10.54.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):

      cluster-md-kmp-rt-4.12.14-10.54.1
      cluster-md-kmp-rt-debuginfo-4.12.14-10.54.1
      dlm-kmp-rt-4.12.14-10.54.1
      dlm-kmp-rt-debuginfo-4.12.14-10.54.1
      gfs2-kmp-rt-4.12.14-10.54.1
      gfs2-kmp-rt-debuginfo-4.12.14-10.54.1
      kernel-rt-4.12.14-10.54.1
      kernel-rt-base-4.12.14-10.54.1
      kernel-rt-base-debuginfo-4.12.14-10.54.1
      kernel-rt-debuginfo-4.12.14-10.54.1
      kernel-rt-debugsource-4.12.14-10.54.1
      kernel-rt-devel-4.12.14-10.54.1
      kernel-rt-devel-debuginfo-4.12.14-10.54.1
      kernel-rt_debug-4.12.14-10.54.1
      kernel-rt_debug-debuginfo-4.12.14-10.54.1
      kernel-rt_debug-debugsource-4.12.14-10.54.1
      kernel-rt_debug-devel-4.12.14-10.54.1
      kernel-rt_debug-devel-debuginfo-4.12.14-10.54.1
      kernel-syms-rt-4.12.14-10.54.1
      ocfs2-kmp-rt-4.12.14-10.54.1
      ocfs2-kmp-rt-debuginfo-4.12.14-10.54.1


References:

   https://www.suse.com/security/cve/CVE-2020-0429.html
   https://www.suse.com/security/cve/CVE-2020-36385.html
   https://www.suse.com/security/cve/CVE-2020-36386.html
   https://www.suse.com/security/cve/CVE-2021-22543.html
   https://www.suse.com/security/cve/CVE-2021-22555.html
   https://www.suse.com/security/cve/CVE-2021-33909.html
   https://www.suse.com/security/cve/CVE-2021-3609.html
   https://www.suse.com/security/cve/CVE-2021-3612.html
   https://www.suse.com/security/cve/CVE-2021-3659.html
   https://www.suse.com/security/cve/CVE-2021-37576.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085224
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1113295
   https://bugzilla.suse.com/1153720
   https://bugzilla.suse.com/1170511
   https://bugzilla.suse.com/1176724
   https://bugzilla.suse.com/1176931
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1179195
   https://bugzilla.suse.com/1181161
   https://bugzilla.suse.com/1183871
   https://bugzilla.suse.com/1184114
   https://bugzilla.suse.com/1184350
   https://bugzilla.suse.com/1184804
   https://bugzilla.suse.com/1185032
   https://bugzilla.suse.com/1185308
   https://bugzilla.suse.com/1185377
   https://bugzilla.suse.com/1185791
   https://bugzilla.suse.com/1185995
   https://bugzilla.suse.com/1186206
   https://bugzilla.suse.com/1186482
   https://bugzilla.suse.com/1186672
   https://bugzilla.suse.com/1187038
   https://bugzilla.suse.com/1187050
   https://bugzilla.suse.com/1187215
   https://bugzilla.suse.com/1187476
   https://bugzilla.suse.com/1187585
   https://bugzilla.suse.com/1187846
   https://bugzilla.suse.com/1188026
   https://bugzilla.suse.com/1188062
   https://bugzilla.suse.com/1188101
   https://bugzilla.suse.com/1188116
   https://bugzilla.suse.com/1188273
   https://bugzilla.suse.com/1188274
   https://bugzilla.suse.com/1188405
   https://bugzilla.suse.com/1188620
   https://bugzilla.suse.com/1188750
   https://bugzilla.suse.com/1188838
   https://bugzilla.suse.com/1188842
   https://bugzilla.suse.com/1188876
   https://bugzilla.suse.com/1188885
   https://bugzilla.suse.com/1188973



More information about the sle-security-updates mailing list