SUSE-SU-2021:0098-1: moderate: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Tue Jan 12 16:19:48 MST 2021

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2021:0098-1
Rating:             moderate
References:         #1040855 #1044120 #1044767 #1050242 #1050536 
                    #1050545 #1055117 #1056653 #1056657 #1056787 
                    #1064802 #1065729 #1066129 #1094840 #1103990 
                    #1103992 #1104389 #1104393 #1109695 #1109837 
                    #1110096 #1111666 #1112178 #1112374 #1114648 
                    #1115431 #1118657 #1122971 #1136460 #1136461 
                    #1138374 #1139944 #1152457 #1158775 #1164780 
                    #1171078 #1172538 #1172694 #1174784 #1174852 
                    #1176558 #1176559 #1176956 #1177666 #1178270 
                    #1178401 #1178590 #1178634 #1178762 #1179014 
                    #1179015 #1179045 #1179082 #1179107 #1179141 
                    #1179142 #1179204 #1179403 #1179406 #1179418 
                    #1179419 #1179421 #1179429 #1179444 #1179520 
                    #1179578 #1179601 #1179616 #1179663 #1179666 
                    #1179670 #1179671 #1179672 #1179673 #1179711 
                    #1179713 #1179714 #1179715 #1179716 #1179722 
                    #1179723 #1179724 #1179745 #1179810 #1179888 
                    #1179895 #1179896 #1179960 #1179963 #1180027 
                    #1180028 #1180029 #1180030 #1180031 #1180032 
                    #1180052 #1180086 #1180117 #1180258 #1180506 
Cross-References:   CVE-2018-20669 CVE-2019-20934 CVE-2020-0444
                    CVE-2020-0465 CVE-2020-0466 CVE-2020-15436
                    CVE-2020-27068 CVE-2020-27777 CVE-2020-27786
                    CVE-2020-27825 CVE-2020-29371 CVE-2020-29660
                    CVE-2020-29661 CVE-2020-4788
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5

   An update that solves 14 vulnerabilities and has 86 fixes
   is now available.


   The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in
     drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).
   - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA
     fault statistics were inappropriately freed, aka CID-16d51a590a8c
   - CVE-2020-0444: Fixed a bad kfree due to a logic error in
     audit_data_to_entry (bnc#1180027).
   - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c
     that could have led to local privilege escalation (bnc#1180029).
   - CVE-2020-0466: Fixed a use-after-free due to a logic error in
     do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
   - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
     allowed a local user to obtain sensitive information from the data in
     the L1 cache under extenuating circumstances (bsc#1177666).
   - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
     which could have allowed local users to gain privileges or cause a
     denial of service (bsc#1179141).
   - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds
     check in the nl80211_policy policy of nl80211.c (bnc#1180086).
   - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction
     Services (RTAS) interface, affecting guests running on top of PowerVM or
     KVM hypervisors (bnc#1179107).
   - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation
   - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls
   - CVE-2020-29371: Fixed uninitialized memory leaks to userspace
   - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that
     may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
   - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed
     a use-after-free attack against TIOCSPGRP (bsc#1179745).

   The following non-security bugs were fixed:

   - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).
   - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).
   - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
   - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model
   - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
   - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294
   - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).
   - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
   - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).
   - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams
   - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).
   - ASoC: pcm: DRAIN support reactivation (git-fixes).
   - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).
   - ASoC: wm_adsp: remove "ctl" from list on error in
     wm_adsp_create_control() (git-fixes).
   - ath10k: Fix an error handling path (git-fixes).
   - ath10k: Release some resources in an error handling path (git-fixes).
   - ath10k: Remove msdu from idr when management pkt send fails (git-fixes).
   - ath6kl: fix enum-conversion warning (git-fixes).
   - Avoid a GCC warning about "/*" within a comment.
   - Bluetooth: btusb: Fix detection of some fake CSR controllers with a
     bcdDevice val of 0x0134 (git-fixes).
   - Bluetooth: Fix null pointer dereference in hci_event_packet()
   - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
   - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
   - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex
   - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).
   - btrfs: fix use-after-free on readahead extent after failure to create it
   - btrfs: qgroup: do not commit transaction when we already hold the handle
   - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
   - bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
   - can: mcp251x: add error check when wq alloc failed (git-fixes).
   - can: softing: softing_netdev_open(): fix error handling (git-fixes).
   - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
   - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
   - cifs: fix check of tcon dfs in smb1 (bsc#1178270).
   - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
   - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).
   - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code
   - coredump: fix core_pattern parse error (git-fixes).
   - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).
   - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).
   - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - crypto: af_alg - avoid undefined behavior accessing salg_name
   - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
   - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).
   - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).
   - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
   - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802
   - drivers: soc: ti: knav_qmss_queue: Fix error return code in
     knav_queue_probe (git-fixes).
   - drm/amd/display: remove useless if/else (git-fixes).
   - drm/amdgpu: fix build_coefficients() argument (git-fixes).
   - drm/dp_aux_dev: check aux_dev before use in
     drm_dp_aux_dev_get_by_minor() (git-fixes).
   - drm/gma500: fix double free of gma_connector (git-fixes).
   - drm/meson: dw-hdmi: Register a callback to disable the regulator
   - drm/msm/dpu: Add newline to printks (git-fixes).
   - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).
   - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
   - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).
   - EDAC/i10nm: Use readl() to access MMIO registers (12sp5).
   - epoll: Keep a reference on files added to the check list (bsc#1180031).
   - ext4: correctly report "not supported" for {usr,grp}jquota when
     !CONFIG_QUOTA (bsc#1179672).
   - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).
   - ext4: fix error handling code in add_new_gdb (bsc#1179722).
   - ext4: fix invalid inode checksum (bsc#1179723).
   - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).
   - ext4: limit entries returned when counting fsmap records (bsc#1179671).
   - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
   - extcon: max77693: Fix modalias string (git-fixes).
   - fix regression in "epoll: Keep a reference on files added to the check
     list" (bsc#1180031, git-fixes).
   - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).
   - fs: Do not invalidate page buffers in block_write_full_page()
   - genirq/irqdomain: Add an irq_create_mapping_affinity() function
   - HID: Add another Primax PIXART OEM mouse quirk (git-fixes).
   - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
   - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller()
   - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
   - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
   - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
   - i40iw: Report correct firmware version (bsc#1111666)
   - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
   - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
   - IB/hfi1: Fix memory leaks in sysfs registration and unregistration
   - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
   - IB/mlx4: Add and improve logging (bsc#1111666)
   - IB/mlx4: Add support for MRA (bsc#1111666)
   - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
   - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
   - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
   - IB/mthca: fix return value of error branch in mthca_init_cq()
   - IB/qib: Call kobject_put() when kobject_init_and_add() fails
   - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
   - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
   - ibmvnic: add some debugs (bsc#1179896 ltc#190255).
   - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
   - ibmvnic: continue fatal error reset after passive init (bsc#1171078
     ltc#184239 git-fixes).
   - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098
   - ibmvnic: enhance resetting status check during module exit (bsc#1065729).
   - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431
     ltc#171853 git-fixes).
   - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues
     (bsc#1040855 ltc#155067 git-fixes).
   - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231
   - ibmvnic: notify peers when failover and migration happen (bsc#1044120
     ltc#155423 git-fixes).
   - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432
   - igc: Fix returning wrong statistics (bsc#1118657).
   - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error
     in rockchip_saradc_resume (git-fixes).
   - iio: buffer: Fix demux update (git-fixes).
   - iio:pressure:mpl3115: Force alignment of buffer (git-fixes).
   - inet_ecn: Fix endianness of checksum update when setting ECT(1)
   - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).
   - Input: ads7846 - fix race that causes missing releases (git-fixes).
   - Input: ads7846 - fix unaligned access on 7845 (git-fixes).
   - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).
   - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).
   - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
   - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).
   - Input: omap4-keypad - fix runtime PM error handling (git-fixes).
   - Input: trackpoint - add new trackpoint variant IDs (git-fixes).
   - Input: trackpoint - enable Synaptics trackpoints (git-fixes).
   - Input: xpad - support Ardwiino Controllers (git-fixes).
   - kABI fix for g2d (git-fixes).
   - kABI workaround for dsa/b53 changes (git-fixes).
   - kABI workaround for net/ipvlan changes (git-fixes).
   - kABI workaround for usermodehelper changes (bsc#1179406).
   - kABI: ath10k: move a new structure member to the end (git-fixes).
   - kABI: genirq: add back irq_create_mapping (bsc#1065729).
   - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).
     RPM_BUILD_ROOT is cleared before %%install. Do the unpack into
     RPM_BUILD_ROOT in %%install
   - kernel-{binary,source} do not create loop symlinks (bsc#1179082)
   - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
     (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).
   - kgdb: Fix spurious true from in_dbg_master() (git-fixes).
   - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
   - mac80211: do not set set TDLS STA bandwidth wider than possible
   - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).
   - matroxfb: avoid -Warray-bounds warning (git-fixes).
   - md/raid5: fix oops during stripe resizing (git-fixes).
   - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
   - media: mtk-vcodec: add missing put_device() call in
     mtk_vcodec_release_dec_pm() (git-fixes).
   - media: s5p-g2d: Fix a memory leak in an error handling path in
     'g2d_probe()' (git-fixes).
   - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).
   - media: siano: fix memory leak of debugfs members in smsdvb_hotplug
   - media: solo6x10: fix missing snd_card_free in error handling case
   - media: uvcvideo: Set media controller entity functions (git-fixes).
   - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).
   - media: v4l2-async: Fix trivial documentation typo (git-fixes).
   - memstick: fix a double-free bug in memstick_check (git-fixes).
   - memstick: r592: Fix error return in r592_probe() (git-fixes).
   - mfd: rt5033: Fix errorneous defines (git-fixes).
   - mlxsw: core: Fix memory leak on module removal (bsc#1112374).
   - mm,memory_failure: always pin the page in madvise_inject_error
   - mm/userfaultfd: do not access vma->vm_mm after calling
     handle_userfault() (bsc#1179204).
   - Move upstreamed bt fixes into sorted section
   - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).
   - net/smc: fix valid DMBE buffer sizes (git-fixes).
   - net/tls: Fix kmap usage (bsc#1109837).
   - net/tls: missing received data after fast remote close (bsc#1109837).
   - net/x25: prevent a couple of overflows (bsc#1178590).
   - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).
   - net: aquantia: fix LRO with FCS error (git-fixes).
   - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).
   - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()
   - net: dsa: b53: Ensure the default VID is untagged (git-fixes).
   - net: dsa: b53: Fix default VLAN ID (git-fixes).
   - net: dsa: b53: Properly account for VLAN filtering (git-fixes).
   - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).
   - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
   - net: dsa: qca8k: remove leftover phy accessors (git-fixes).
   - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
   - net: ena: handle bad request id in ena_netdev (git-fixes).
   - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes).
   - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).
   - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).
   - net: macb: add missing barriers when reading descriptors (git-fixes).
   - net: macb: fix dropped RX frames due to a race (git-fixes).
   - net: macb: fix error format in dev_err() (git-fixes).
   - net: macb: fix random memory corruption on RX with 64-bit DMA
   - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).
   - net: qed: fix "maybe uninitialized" warning (bsc#1136460 jsc#SLE-4691
     bsc#1136461 jsc#SLE-4692).
   - net: qed: fix async event callbacks unregistering (bsc#1104393
   - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691
     bsc#1136461 jsc#SLE-4692).
   - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460
     jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
   - net: seeq: Fix the function used to release some memory in an error
     handling path (git-fixes).
   - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).
   - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).
   - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).
   - net: stmmac: fix csr_clk can't be zero issue (git-fixes).
   - net: stmmac: Fix reception of Broadcom switches tags (git-fixes).
   - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
   - net:ethernet:aquantia: Extra spinlocks removed (git-fixes).
   - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653
   - nfc: s3fwrn5: Release the nfc firmware (git-fixes).
   - nfp: use correct define to return NONE fec (bsc#1109837).
   - NFS: fix nfs_path in case of a rename retry (git-fixes).
   - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
   - NFSv4.2: fix client's attribute cache management for copy_file_range
   - ocfs2: fix unbalanced locking (bsc#1180506).
   - ocfs2: initialize ip_next_orphan (bsc#1179724).
   - orinoco: Move context allocation after processing the skb (git-fixes).
   - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).
   - phy: Revert toggling reset changes (git-fixes).
   - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
   - platform/x86: dell-smbios-base: Fix error return code in
     dell_smbios_init (git-fixes).
   - platform/x86: mlx-platform: Fix item counter assignment for MSN2700,
     MSN24xx systems (git-fixes).
   - platform/x86: mlx-platform: remove an unused variable (git-fixes).
   - platform/x86: mlx-platform: Remove PSU EEPROM from default platform
     configuration (git-fixes).
   - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform
     configuration (git-fixes).
   - pNFS/flexfiles: Fix list corruption if the mirror count changes
   - power: supply: bq24190_charger: fix reference leak (git-fixes).
   - powerpc/64: Set up a kernel stack for secondaries before cpu_restore()
   - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels
     (bsc#1179888 ltc#190253).
   - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation
     (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).
   - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753
     git-fixes bsc#1179888 ltc#190253).
   - powerpc/perf: Fix crash with is_sier_available when pmu is not set
     (bsc#1179578 ltc#189313).
   - powerpc/pseries/hibernation: remove redundant cacheinfo update
     (bsc#1138374 ltc#178199 git-fixes).
   - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).
   - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067
   - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).
   - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
   - ppp: remove the PPPIOCDETACH ioctl (git-fixes).
   - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).
   - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536
   - qed: suppress "do not support RoCE & iWARP" flooding on HW init
     (bsc#1050536 bsc#1050545).
   - qed: suppress false-positives interrupt error messages on HW init
     (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
   - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).
   - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).
   - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)
   - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl.
   - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
   - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
   - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
   - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
   - RDMA/cma: Protect bind_list and listen_list while finding matching cm id
   - RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
   - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
   - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)
   - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
   - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)
   - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)
   - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)
   - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
   - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
   - RDMA/mlx4: Read pkey table length instead of hardcoded value
   - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
   - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
   - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)
   - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
   - RDMA/qedr: Fix doorbell setting (bsc#1111666)
   - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
   - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).
   - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
   - RDMA/qedr: SRQ's bug fixes (bsc#1111666)
   - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)
   - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)
   - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
   - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send
     queue (bsc#1111666)
   - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)
   - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)
   - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)
   - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)
   - RDMA/rxe: Set default vendor ID (bsc#1111666)
   - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
   - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
   - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)
   - reboot: fix overflow parsing reboot cpu number (bsc#1179421).
   - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace
     event (git-fixes).
   - reiserfs: Fix oops during mount (bsc#1179715).
   - reiserfs: Initialize inode keys properly (bsc#1179713).
   - rtc: hym8563: enable wakeup when applicable (git-fixes).
   - s390/bpf: Fix multiple tail calls (git-fixes).
   - s390/cpuinfo: show processor physical address (git-fixes).
   - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
   - s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
   - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).
   - s390/qeth: fix af_iucv notification race (git-fixes).
   - s390/qeth: fix tear down of async TX buffers (git-fixes).
   - s390/qeth: make af_iucv TX notification call more robust (git-fixes).
   - s390/stp: add locking to sysfs functions (git-fixes).
   - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).
   - scripts/lib/SUSE/ properly close prjconf Macros: section
   - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).
   - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers
   - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers
   - scsi: lpfc: Convert SCSI path to use common I/O submission path
   - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).
   - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req()
   - scsi: lpfc: Enable common send_io interface for SCSI and NVMe
   - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe
   - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).
   - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional
     events (bsc#1164780).
   - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).
   - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).
   - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
   - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
   - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).
   - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe()
   - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi()
   - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).
   - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).
   - scsi: lpfc: Fix pointer defereference before it is null checked issue
   - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs
   - scsi: lpfc: Fix removal of SCSI transport device get and put on dev
     structure (bsc#1164780).
   - scsi: lpfc: Fix scheduling call while in softirq context in
     lpfc_unreg_rpi (bsc#1164780).
   - scsi: lpfc: Fix set but not used warnings from Rework remote port lock
     handling (bsc#1164780).
   - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler()
   - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780).
   - scsi: lpfc: Fix variable 'vport' set but not used in
     lpfc_sli4_abts_err_handler() (bsc#1164780).
   - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions
   - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours
   - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues
   - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues
   - scsi: lpfc: Refactor WQE structure definitions for common use
   - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).
   - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).
   - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails
   - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).
   - scsi: lpfc: Remove unneeded variable 'status' in
     lpfc_fcp_cpu_map_store() (bsc#1164780).
   - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).
   - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).
   - scsi: lpfc: Rework remote port lock handling (bsc#1164780).
   - scsi: lpfc: Rework remote port ref counting and node freeing
   - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while
     dropping it (bsc#1164780).
   - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).
   - scsi: lpfc: Update lpfc version to (bsc#1164780).
   - scsi: lpfc: Update lpfc version to (bsc#1164780).
   - scsi: lpfc: Update lpfc version to (bsc#1164780).
   - scsi: lpfc: Use generic power management (bsc#1164780).
   - scsi: qla2xxx: Change post del message from debug level to log level
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142
   - scsi: qla2xxx: Do not check for fw_started while posting NVMe command
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142
   - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix crash during driver load on big endian machines
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix FW initialization error on big endian machines
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142
   - scsi: qla2xxx: Remove trailing semicolon in macro definition
     (bsc#1172538 bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142
   - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538
     bsc#1179142 bsc#1179810).
   - scsi: qla2xxx: Update version to (bsc#1172538 bsc#1179142
   - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142
   - scsi: Remove unneeded break statements (bsc#1164780).
   - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).
   - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538
     bsc#1179142 bsc#1179810).
   - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
   - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
   - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
   - SMB3: Honor lease disabling for multiuser mounts (git-fixes).
   - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).
   - soc: mediatek: Check if power domains can be powered on at boot time
   - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).
   - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).
   - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).
   - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in
     bcm63xx_hsspi_resume (git-fixes).
   - spi: davinci: Fix use-after-free on unbind (git-fixes).
   - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).
   - spi: pic32: Do not leak DMA channels in probe error path (git-fixes).
   - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).
   - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).
   - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).
   - spi: tegra114: fix reference leak in tegra spi ops (git-fixes).
   - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
   - spi: tegra20-slink: fix reference leak in slink ops of tegra20
   - splice: only read in as much information as there is pipe buffer space
   - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).
   - staging: olpc_dcon: add a missing dependency (git-fixes).
   - staging: olpc_dcon: Do not call platform_device_unregister() in
     dcon_probe() (git-fixes).
   - sunrpc: fix copying of multiple pages in gss_read_proxy_verf()
   - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).
   - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment()
   - sunrpc: The RDMA back channel mustn't disappear while requests are
     outstanding (git-fixes).
   - svcrdma: fix bounce buffers for unaligned offsets and multiple pages
   - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).
   - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control
   - timer: Fix wheel index calculation on last level (git fixes)
   - timer: Prevent base->clk from moving backward (git-fixes)
   - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).
   - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).
   - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).
   - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).
   - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
   - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
   - usb: gadget: f_fs: Use local copy of descriptors for userspace copy
   - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).
   - usb: serial: ch341: add new Product ID for CH341A (git-fixes).
   - usb: serial: ch341: sort device-id entries (git-fixes).
   - usb: serial: digi_acceleport: clean up modem-control handling
   - usb: serial: digi_acceleport: clean up set_termios (git-fixes).
   - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).
   - usb: serial: digi_acceleport: remove in_interrupt() usage.
   - usb: serial: digi_acceleport: remove redundant assignment to pointer
     priv (git-fixes).
   - usb: serial: digi_acceleport: rename tty flag variable (git-fixes).
   - usb: serial: digi_acceleport: use irqsave() in USB's complete callback
   - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).
   - usb: serial: keyspan_pda: fix stalled writes (git-fixes).
   - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).
   - usb: serial: keyspan_pda: fix write deadlock (git-fixes).
   - usb: serial: keyspan_pda: fix write unthrottling (git-fixes).
   - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).
   - usb: serial: kl5kusb105: fix memleak on open (git-fixes).
   - usb: serial: mos7720: fix parallel-port state restore (git-fixes).
   - usb: serial: option: add Fibocom NL668 variants (git-fixes).
   - usb: serial: option: add interface-number sanity check to flag handling
   - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes).
   - usb: serial: option: fix Quectel BG96 matching (git-fixes).
   - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).
   - usermodehelper: reset umask to default before executing user process
   - wimax: fix duplicate initializer warning (git-fixes).
   - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
   - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over
     prefixes bytes (bsc#1112178).
   - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).
   - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).
   - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak
   - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1114648).
   - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled
   - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount
     leak (bsc#1112178).
   - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).
   - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
   - x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
   - x86/traps: Simplify pagefault tracing logic (bsc#1179895).
   - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
   - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
   - xprtrdma: fix incorrect header size calculations (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-98=1

Package List:

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):


   - SUSE Linux Enterprise Server 12-SP5 (noarch):



More information about the sle-security-updates mailing list