SUSE-SU-2021:2643-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Aug 10 13:42:07 UTC 2021

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2021:2643-1
Rating:             important
References:         #1065729 #1085224 #1094840 #1113295 #1153720 
                    #1170511 #1176724 #1176931 #1176940 #1179195 
                    #1181161 #1183871 #1184114 #1184350 #1184804 
                    #1185032 #1185308 #1185377 #1185791 #1185995 
                    #1186206 #1186482 #1186672 #1187038 #1187050 
                    #1187215 #1187476 #1187585 #1187846 #1188026 
                    #1188062 #1188101 #1188116 #1188273 #1188274 
                    #1188405 #1188620 #1188750 #1188838 #1188842 
                    #1188876 #1188885 #1188973 SLE-10538 
Cross-References:   CVE-2020-0429 CVE-2020-36385 CVE-2020-36386
                    CVE-2021-22543 CVE-2021-22555 CVE-2021-33909
                    CVE-2021-3609 CVE-2021-3612 CVE-2021-3659
CVSS scores:
                    CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP5

   An update that solves 10 vulnerabilities, contains one
   feature and has 33 fixes is now available.


   The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in
     net/mac802154/llsec.c (bsc#1188876).
   - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM
     guest OS user could cause host OS memory corruption via rtas_args.nargs
   - CVE-2020-0429: In l2tp_session_delete and related functions of
     l2tp_core.c, there is possible memory corruption due to a use after
     free. This could lead to local escalation of privilege with System
     execution privileges needed. (bsc#1176724).
   - CVE-2020-36386: Fixed a slab out-of-bounds read in
     hci_extended_inquiry_result_evt (bsc#1187038).
   - CVE-2021-22543: Fixed an improper handling of VM_IO|VM_PFNMAP vmas in
     KVM that allows users to start and control a VM to read/write random
     pages of memory and can result in local privilege escalation.
   - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer
     that allows to obtain full root privileges. (bsc#1188062)
   - CVE-2021-22555: Fixed an heap out-of-bounds write in
     net/netfilter/x_tables.c that could allow local provilege escalation.
   - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
     which allows for local privilege escalation. (bsc#1187215)
   - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could
     allows a local user to crash the system or possibly escalate their
     privileges on the system. (bsc#1187585)
   - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
     local privilege escalation. (bsc#1187050)

   The following non-security bugs were fixed:

   - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
   - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes).
   - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
   - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
   - ACPI: sysfs: Fix a buffer overrun problem with description_show()
   - ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
   - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
   - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
   - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
   - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
   - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
   - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
   - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
   - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
     hi6210_i2s_startup() (git-fixes).
   - ASoC: soc-core: Fix the error return code in
     snd_soc_of_parse_audio_routing() (git-fixes).
   - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
   - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
   - Bluetooth: Shutdown controller after workqueues are flushed or cancelled
   - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc
   - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
   - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
   - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
   - HID: hid-sensor-hub: Return error for hid_set_field() failure
   - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
   - HID: wacom: Correct base usage for capacitive ExpressKey status bits
   - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
   - Input: usbtouchscreen - fix control-request directions (git-fixes).
   - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
   - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
   - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
   - PCI: Mark TI C667X to avoid bus reset (git-fixes).
   - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
   - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
   - PCI: quirks: fix false kABI positive (git-fixes).
   - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
   - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
   - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes).
   - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
   - Revert "ibmvnic: remove duplicate napi_schedule call in open function"
   - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
   - USB: move many drivers to use DEVICE_ATTR_WO (git-fixes).
   - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
   - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
   - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
   - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
   - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
   - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
   - ata: ahci_sunxi: Disable DIPM (git-fixes).
   - ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
   - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
   - brcmfmac: correctly report average RSSI in station info (git-fixes).
   - brcmfmac: fix setting of station info chains bitmask (git-fixes).
   - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
   - can: ems_usb: fix memory leak (git-fixes).
   - can: esd_usb2: fix memory leak (git-fixes).
   - can: gw: synchronize rcu operations before removing gw job entry
   - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
   - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
   - can: mcba_usb_start(): add missing urb->transfer_dma initialization
   - can: peak_pciefd: pucan_handle_status(): fix a potential starvation
     issue in TX path (git-fixes).
   - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
   - can: sja1000: sja1000_err(): do not count arbitration lose as an error
   - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an
     error (git-fixes).
   - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
   - can: usb_8dev: fix memory leak (git-fixes).
   - ceph: do not WARN if we're still opening a session to an MDS
   - cfg80211: call cfg80211_leave_ocb when switching away from OCB
   - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
     set_protocol() (git-fixes).
   - cifs: Fix preauth hash corruption (git-fixes).
   - cifs: Return correct error code from smb2_get_enc_key (git-fixes).
   - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath
   - cifs: fix interrupted close commands (git-fixes).
   - cifs: fix memory leak in smb2_copychunk_range (git-fixes).
   - cosa: Add missing kfree in error path of cosa_write (git-fixes).
   - crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()'
   - crypto: do not free algorithm before using (git-fixes).
   - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
   - cxgb4: fix wrong shift (git-fixes).
   - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
   - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
   - drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
   - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
   - drm/radeon: Add the missed drm_gem_object_put() in
     radeon_user_framebuffer_create() (git-fixes).
   - drm/radeon: wait for moving fence after pinning (git-fixes).
   - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error
     in cdn_dp_grf_write() (git-fixes).
   - drm/virtio: Fix double free on probe failure (git-fixes).
   - drm: Return -ENOTTY for non-drm ioctls (git-fixes).
   - drm: qxl: ensure is ininitialized (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - extcon: max8997: Add missing modalias string (git-fixes).
   - extcon: sm5502: Drop invalid register write in sm5502_reg_data
   - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
   - fuse: check connected before queueing on fpq->io (bsc#1188273).
   - fuse: reject internal errno (bsc#1188274).
   - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
   - genirq: Disable interrupts for force threaded handlers (git-fixes)
   - genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
   - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
   - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
   - gve: Add DQO fields for core data structures (bsc#1176940).
   - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
   - gve: Add NULL pointer checks when freeing irqs (bsc#1176940).
   - gve: Add basic driver framework for Compute Engine Virtual NIC
   - gve: Add dqo descriptors (bsc#1176940).
   - gve: Add ethtool support (jsc#SLE-10538).
   - gve: Add stats for gve (bsc#1176940).
   - gve: Add support for DQO RX PTYPE map (bsc#1176940).
   - gve: Add support for raw addressing device option (bsc#1176940).
   - gve: Add support for raw addressing in the tx path (bsc#1176940).
   - gve: Add support for raw addressing to the rx path (bsc#1176940).
   - gve: Add workqueue and reset support (jsc#SLE-10538).
   - gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
   - gve: Check TX QPL was actually assigned (bsc#1176940).
   - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538).
   - gve: Correct SKB queue index validation (bsc#1176940).
   - gve: DQO: Add RX path (bsc#1176940).
   - gve: DQO: Add TX path (bsc#1176940).
   - gve: DQO: Add core netdev features (bsc#1176940).
   - gve: DQO: Add ring allocation and initialization (bsc#1176940).
   - gve: DQO: Configure interrupts on device up (bsc#1176940).
   - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
   - gve: DQO: Remove incorrect prefetch (bsc#1176940).
   - gve: Enable Link Speed Reporting in the driver (bsc#1176940).
   - gve: Fix an error handling path in 'gve_probe()' (bsc#1176940).
   - gve: Fix case where desc_cnt and data_cnt can get out of sync
   - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538).
   - gve: Fix swapped vars when fetching max queues (git-fixes).
   - gve: Fix the queue page list allocated pages count (bsc#1176940).
   - gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538).
   - gve: Fix warnings reported for DQO patchset (bsc#1176940).
   - gve: Fixes DMA synchronization (jsc#SLE-10538).
   - gve: Get and set Rx copybreak via ethtool (bsc#1176940).
   - gve: Introduce a new model for device options (bsc#1176940).
   - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
   - gve: Make gve_rx_slot_page_info.page_offset an absolute offset
   - gve: Move some static functions to a common file (bsc#1176940).
   - gve: NIC stats for report-stats and for ethtool (bsc#1176940).
   - gve: Propagate error codes to caller (bsc#1176940).
   - gve: Remove the exporting of gve_probe (jsc#SLE-10538).
   - gve: Replace zero-length array with flexible-array member (bsc#1176940).
   - gve: Rx Buffer Recycling (bsc#1176940).
   - gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
   - gve: Update adminq commands to support DQO queues (bsc#1176940).
   - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940).
   - gve: Upgrade memory barrier in poll routine (bsc#1176940).
   - gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
   - gve: Use link status register to report link status (bsc#1176940).
   - gve: adminq: DQO specific device descriptor logic (bsc#1176940).
   - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538).
   - gve: fix dma sync bug where not all pages synced (bsc#1176940).
   - gve: fix unused variable/label warnings (jsc#SLE-10538).
   - gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
   - gve: replace kfree with kvfree (jsc#SLE-10538).
   - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
   - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
   - i2c: robotfuzz-osif: fix control-request directions (git-fixes).
   - ibmvnic: Allow device probe if the device is not ready at boot
     (bsc#1184114 ltc#192237).
   - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
     (bsc#1184114 ltc#192237).
   - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
   - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114
   - ibmvnic: fix send_request_map incompatible argument (bsc#1184114
   - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
   - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871
     ltc#192139 git-fixes).
   - ibmvnic: retry reset if there are no other resets (bsc#1184350
   - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
   - iio: accel: bma180: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: bma180: Use explicit member assignment (git-fixes).
   - iio: accel: bma220: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: hid: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: kxcjk-1013: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8312: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: accel: stk8ba50: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: mxs-lradc: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: ti-ads1015: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adc: vf610: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: adis_buffer: do not return ints in irq handlers (git-fixes).
   - iio: gyro: bmg160: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: humidity: am2315: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: isl29125: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: light: tcs3414: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: ltr501: ltr501_read_ps(): add missing endianness conversion
   - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
   - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and
     PS_DATA as volatile, too (git-fixes).
   - iio: potentiostat: lmp91000: Fix alignment of buffer in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iio: prox: pulsed-light: Fix buffer alignment in
     iio_push_to_buffers_with_timestamp() (git-fixes).
   - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
   - kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161).
   - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit
   - leds: ktd2692: Fix an error handling path (git-fixes).
   - leds: trigger: fix potential deadlock with libata (git-fixes).
   - lib/decompress_unlz4.c: correctly handle zero-padding around initrds
   - lib/decompressors: remove set but not used variabled 'level' (git-fixes).
   - lpfc: Decouple port_template and vport_template (bsc#1185032).
   - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
   - mac80211: remove iwlwifi specific workaround NDPs of null_response
   - mac80211: remove warning in ieee80211_get_sband() (git-fixes).
   - media: I2C: change 'RST' to "RSET" to fix multiple build errors
   - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes).
   - media: cobalt: fix race condition in setting HPD (git-fixes).
   - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
   - media: dtv5100: fix control-request directions (git-fixes).
   - media: dvb-usb: fix wrong definition (git-fixes).
   - media: dvb_net: avoid speculation from net slot (git-fixes).
   - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
   - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes).
   - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
   - media: gspca/gl860: fix zero-length control requests (git-fixes).
   - media: gspca/sq905: fix control-request direction (git-fixes).
   - media: gspca/sunplus: fix zero-length control requests (git-fixes).
   - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
   - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
   - media: rtl28xxu: fix zero-length control request (git-fixes).
   - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
   - media: siano: Fix out-of-bounds warnings in
     smscore_load_firmware_family2() (git-fixes).
   - media: siano: fix device register error path (git-fixes).
   - media: st-hva: Fix potential NULL pointer dereferences (git-fixes).
   - media: tc358743: Fix error return code in tc358743_probe_of()
   - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
   - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
   - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
   - memory: atmel-ebi: add missing of_node_put for loop iteration
   - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
   - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
   - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
   - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
   - mlxsw: core: Use variable timeout for EMAD retries (git-fixes).
   - mmc: block: Disable CMDQ on the ioctl path (git-fixes).
   - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
   - mmc: core: clear flags before allowing to retune (git-fixes).
   - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
   - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
   - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
   - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes).
   - mmc: vub3000: fix control-request direction (git-fixes).
   - mwifiex: re-fix for unaligned accesses (git-fixes).
   - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes).
   - net/mlx5: Query PPS pin operational status before registering it
   - net/mlx5: Verify Hardware supports requested ptp function on a given pin
   - net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940).
   - net: b44: fix error return code in b44_init_one() (git-fixes).
   - net: broadcom CNIC: requires MMU (git-fixes).
   - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
   - net: gve: convert strlcpy to strscpy (bsc#1176940).
   - net: gve: remove duplicated allowed (bsc#1176940).
   - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
   - netsec: restore phy power state after controller reset (git-fixes).
   - nfc: nfcsim: fix use after free during module unload (git-fixes).
   - nvme-core: add cancel tagset helpers (bsc#1181161).
   - nvme-multipath: fix double initialization of ANA state (bsc#1181161).
   - nvme-rdma: add clean action for failed reconnection (bsc#1181161).
   - nvme-rdma: fix reset hang if controller died in the middle of a reset
   - nvme-rdma: use cancel tagset helper for tear down (bsc#1181161).
   - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161).
   - nvme: verify MNAN value if ANA is enabled (bsc#1185791).
   - nvmet: use new ana_log_size instead the old one (bsc#1181161).
   - platform/x86: toshiba_acpi: Fix missing error code in
     toshiba_acpi_setup_keyboard() (git-fixes).
   - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
   - power: supply: ab8500: Avoid NULL pointers (git-fixes).
   - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
   - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
   - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h
     (bsc#1188885 ltc#193722).
   - powerpc/64s: rename pnv|pseries_setup_rfi_flush to
     _setup_security_mitigations (bsc#1188885 ltc#193722).
   - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295,
   - powerpc/pesries: Get STF barrier requirement from
     H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
   - powerpc/pseries/scm: Use a specific endian format for storing uuid from
     the device tree (bsc#1113295, git-fixes).
   - powerpc/pseries: Get entry and uaccess flush required bits from
     H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
   - powerpc/pseries: add new branch prediction security bits for link stack
     (bsc#1188885 ltc#193722).
   - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885
   - powerpc/security: Add a security feature for STF barrier (bsc#1188885
   - powerpc/security: Allow for processors that flush the link stack using
     the special bcctr (bsc#1188885 ltc#193722).
   - powerpc/security: Fix link stack flush instruction (bsc#1188885
   - powerpc/security: change link stack flush state to the flush type enum
     (bsc#1188885 ltc#193722).
   - powerpc/security: make display of branch cache flush more consistent
     (bsc#1188885 ltc#193722).
   - powerpc/security: re-name count cache flush to branch cache flush
     (bsc#1188885 ltc#193722).
   - powerpc/security: split branch cache flush toggle from code patching
     (bsc#1188885 ltc#193722).
   - pwm: spear: Do not modify HW state in .remove callback (git-fixes).
   - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
   - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
   - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
   - reset: a10sr: add missing of_match_table reference (git-fixes).
   - reset: bail if try_module_get() fails (git-fixes).
   - reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
   - rtc: max77686: Do not enforce (incorrect) interrupt trigger type
   - sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes)
   - sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes)
   - sched/fair: Fix unfairness caused by missing load decay (git-fixes)
   - sched/numa: Fix a possible divide-by-zero (git-fixes)
   - scripts/git_sort/ add bpf git repo
   - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
   - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
   - scsi: qedf: Do not put host in qedf_vport_create() unconditionally
   - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195).
   - serial: mvebu-uart: clarify the baud rate derivation (git-fixes).
   - serial: mvebu-uart: correctly calculate minimal possible baudrate
   - serial: mvebu-uart: do not allow changing baudrate when uartclk is not
     available (git-fixes).
   - serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
   - smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes).
   - spi: Make of_register_spi_device also set the fwnode (git-fixes).
   - spi: mediatek: fix fifo rx mode (git-fixes).
   - spi: omap-100k: Fix the length judgment problem (git-fixes).
   - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes).
   - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
   - spi: spi-topcliff-pch: Fix potential double free in
     pch_spi_process_messages() (git-fixes).
   - spi: tegra114: Fix an error message (git-fixes).
   - ssb: sdio: Do not overwrite const buffer if block_write fails
   - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
   - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
   - tracing: Do not reference char * as a string in histograms (git-fixes).
   - tty: nozomi: Fix a resource leak in an error handling function
   - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
   - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
   - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
     zero (git-fixes).
   - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
   - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
   - usb: max-3421: Prevent corruption of freed memory (git-fixes).
   - usb: move many drivers to use DEVICE_ATTR_WO (git-fixes).
   - usb: typec: Add the missed altmode_id_remove() in
     typec_register_altmode() (git-fixes).
   - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
   - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
   - usbip: vudc synchronize sysfs code paths (git-fixes).
   - usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
   - uuid: Add inline helpers to import / export UUIDs (bsc#1113295,
   - virtio_console: Assure used length from device is limited (git-fixes).
   - w1: ds2438: fixing bug that would always get page0 (git-fixes).
   - watchdog: Fix possible use-after-free by calling del_timer_sync()
   - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
   - watchdog: aspeed: fix hardware timeout calculation (git-fixes).
   - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
   - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
   - watchdog: sp805: Fix kernel doc description (git-fixes).
   - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
   - wireless: carl9170: fix LEDS build errors and warnings (git-fixes).
   - wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
   - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
   - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
   - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
   - x86/debug: Extend the lower bound of crash kernel low reservations
   - x86/kvm: Disable all PV features on crash (bsc#1185308).
   - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
   - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
   - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
   - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()
   - xen-pciback: reconfigure also from backend watch handler (git-fixes).
   - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
   - xhci: Fix lost USB 2 remote wake (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2643=1

Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):


   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):



More information about the sle-security-updates mailing list