SUSE-SU-2021:2349-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 14 19:40:28 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:2349-1
Rating:             important
References:         #1103990 #1103991 #1104353 #1113994 #1114648 
                    #1129770 #1135481 #1136345 #1174978 #1179610 
                    #1182470 #1184040 #1185428 #1185486 #1185677 
                    #1185701 #1185861 #1185863 #1186206 #1186264 
                    #1186463 #1186515 #1186516 #1186517 #1186518 
                    #1186519 #1186520 #1186521 #1186522 #1186523 
                    #1186524 #1186525 #1186526 #1186527 #1186528 
                    #1186529 #1186530 #1186531 #1186532 #1186533 
                    #1186534 #1186535 #1186537 #1186538 #1186539 
                    #1186540 #1186541 #1186542 #1186543 #1186545 
                    #1186546 #1186547 #1186548 #1186549 #1186550 
                    #1186551 #1186552 #1186554 #1186555 #1186556 
                    #1186627 #1186635 #1186638 #1186698 #1186699 
                    #1186700 #1186701 #1187038 #1187049 #1187402 
                    #1187404 #1187407 #1187408 #1187409 #1187411 
                    #1187412 #1187452 #1187453 #1187455 #1187554 
                    #1187595 #1187601 #1187630 #1187631 #1187833 
                    #1187867 #1187972 #1188010 
Cross-References:   CVE-2019-25045 CVE-2020-24588 CVE-2020-26558
                    CVE-2020-36386 CVE-2021-0129 CVE-2021-0512
                    CVE-2021-0605 CVE-2021-33624 CVE-2021-34693
                   
CVSS scores:
                    CVE-2019-25045 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

   An update that solves 9 vulnerabilities and has 79 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to
     leak the contents of arbitrary kernel memory (and therefore, of all
     physical memory) via a side-channel. (bsc#1187554)
   - CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The
     XFRM subsystem, related to an xfrm_state_fini panic. (bsc#1187049)
   - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
     information disclosure in the kernel with System execution privileges
     needed. (bsc#1187601)
   - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
     local escalation of privilege with no additional execution privileges
     needed. (bsc#1187595)
   - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure
     pairing that could permit a nearby man-in-the-middle attacker to
     identify the Passkey used during pairing. (bsc#1179610)
   - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
     users to obtain sensitive information from kernel stack memory because
     parts of a data structure are uninitialized. (bsc#1187452)
   - CVE-2021-0129: Fixed an improper access control in BlueZ that may have
     allowed an authenticated user to potentially enable information
     disclosure via adjacent access. (bsc#1186463)
   - CVE-2020-36386: Fixed an out-of-bounds read in
     hci_extended_inquiry_result_evt. (bsc#1187038)
   - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse
     devices that support receiving non-SSP A-MSDU frames to inject arbitrary
     network packets. (bsc#1185861)

   The following non-security bugs were fixed:

   - ACPI: custom_method: fix a possible memory leak (git-fixes).
   - ACPI: custom_method: fix potential use-after-free issue (git-fixes).
   - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
     (git-fixes).
   - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
   - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
     (git-fixes).
   - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
   - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
     (git-fixes).
   - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
   - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
   - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
   - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill
     devices (git-fixes).
   - ALSA: hda/realtek: reset eapd coeff to default value for alc287
     (git-fixes).
   - ALSA: hdsp: do not disable if not enabled (git-fixes).
   - ALSA: hdspm: do not disable if not enabled (git-fixes).
   - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
   - ALSA: rme9652: do not disable if not enabled (git-fixes).
   - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
   - ALSA: timer: Fix master timer notification (git-fixes).
   - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
   - alx: Fix an error handling path in 'alx_probe()' (git-fixes).
   - ASoC: cs35l33: fix an error code in probe() (git-fixes).
   - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
   - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
   - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
   - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
   - batman-adv: Avoid WARN_ON timing related checks (git-fixes).
   - blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453).
   - blk-wbt: Fix missed wakeup (bsc#1186627).
   - block: Discard page cache of zone reset target range (bsc#1187402).
   - Bluetooth: fix the erroneous flush_work() order (git-fixes).
   - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
   - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
   - Bluetooth: SMP: Fail if remote and local public keys are identical
     (git-fixes).
   - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
   - bnxt_en: Fix PCI AER error recovery flow (git-fixes).
   - btrfs: account for new extents being deleted in total_bytes_pinned
     (bsc#1135481).
   - btrfs: add a comment explaining the data flush steps (bsc#1135481).
   - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
   - btrfs: add flushing states for handling data reservations (bsc#1135481).
   - btrfs: add missing error handling after doing leaf/node binary search
     (bsc#1187833).
   - btrfs: add the data transaction commit logic into may_commit_transaction
     (bsc#1135481).
   - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes
     (bsc#1135481).
   - btrfs: call btrfs_try_granting_tickets when reserving space
     (bsc#1135481).
   - btrfs: call btrfs_try_granting_tickets when unpinning anything
     (bsc#1135481).
   - btrfs: change insert_dirty_subvol to return errors (bsc#1187833).
   - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
   - btrfs: check record_root_in_trans related failures in select_reloc_root
     (bsc#1187833).
   - btrfs: check return value of btrfs_commit_transaction in relocation
     (bsc#1187833).
   - btrfs: check tickets after waiting on ordered extents (bsc#1135481).
   - btrfs: cleanup error handling in prepare_to_merge (bsc#1187833).
   - btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833).
   - btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors
     (bsc#1187833).
   - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
     (bsc#1187833).
   - btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation
     (bsc#1187833).
   - btrfs: do async reclaim for data reservations (bsc#1135481).
   - btrfs: do not force commit if we are data (bsc#1135481).
   - btrfs: do not leak reloc root if we fail to read the fs root
     (bsc#1187833).
   - btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481).
   - btrfs: do not panic in __add_reloc_root (bsc#1187833).
   - btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833).
   - btrfs: do proper error handling in create_reloc_inode (bsc#1187833).
   - btrfs: do proper error handling in create_reloc_root (bsc#1187833).
   - btrfs: do proper error handling in merge_reloc_roots (bsc#1187833).
   - btrfs: do proper error handling in record_reloc_root_in_trans
     (bsc#1187833).
   - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
   - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
   - btrfs: flush delayed refs when trying to reserve data space
     (bsc#1135481).
   - btrfs: handle __add_reloc_root failures in btrfs_recover_relocation
     (bsc#1187833).
   - btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833).
   - btrfs: handle btrfs_record_root_in_trans failure in
     btrfs_recover_log_trees (bsc#1187833).
   - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename
     (bsc#1187833).
   - btrfs: handle btrfs_record_root_in_trans failure in
     btrfs_rename_exchange (bsc#1187833).
   - btrfs: handle btrfs_record_root_in_trans failure in create_subvol
     (bsc#1187833).
   - btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block
     (bsc#1187833).
   - btrfs: handle btrfs_record_root_in_trans failure in start_transaction
     (bsc#1187833).
   - btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833).
   - btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots
     (bsc#1187833).
   - btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol
     (bsc#1187833).
   - btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge
     (bsc#1187833).
   - btrfs: handle errors from select_reloc_root() (bsc#1187833).
   - btrfs: handle errors in reference count manipulation in replace_path
     (bsc#1187833).
   - btrfs: handle extent corruption with select_one_root properly
     (bsc#1187833).
   - btrfs: handle extent reference errors in do_relocation (bsc#1187833).
   - btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans
     (bsc#1187833).
   - btrfs: handle record_root_in_trans failure in create_pending_snapshot
     (bsc#1187833).
   - btrfs: handle record_root_in_trans failure in qgroup_account_snapshot
     (bsc#1187833).
   - btrfs: handle space_info::total_bytes_pinned inside the delayed ref
     itself (bsc#1135481).
   - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
   - btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833).
   - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
   - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
   - btrfs: reloc: clean dirty subvols if we fail to start a transaction
     (bsc#1187833).
   - btrfs: remove err variable from do_relocation (bsc#1187833).
   - btrfs: remove nr_async_bios (bsc#1135481).
   - btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481).
     Preparation for ticketed data space flushing in btrfs.
   - btrfs: remove orig from shrink_delalloc (bsc#1135481).
   - btrfs: remove the extent item sanity checks in relocate_block_group
     (bsc#1187833).
   - btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833).
   - btrfs: run delayed iputs before committing the transaction for data
     (bsc#1135481).
   - btrfs: serialize data reservations if we are flushing (bsc#1135481).
   - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
   - btrfs: track ordered bytes instead of just dio ordered bytes
     (bsc#1135481).
   - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
     improperly (bsc#1187833).
   - btrfs: unset reloc control if we fail to recover (bsc#1187833).
   - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
   - btrfs: use customized batch size for total_bytes_pinned (bsc#1135481).
     Turns out using the batched percpu api had an effect on timing w.r.t
     metadata/data reclaim. So backport this patch as well, side effect is
     it's also bringing the code closer to upstream so future backports shall
     be made easier.
   - btrfs: use tagged writepage to mitigate livelock of snapshot
     (bsc#1135481). Preparation for introducing ticketed space handling for
     data space. Due to the sequence of patches, the main patch has embedded
     in it changes from other patches which remove some unused arguments.
     This is done to ease backporting itself and shouldn't have any
     repercussions on functionality.
   - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc
     (bsc#1135481).
   - btrfs: use the same helper for data and metadata reservations
     (bsc#1135481).
   - btrfs: use ticketing for data space reservations (bsc#1135481).
   - btrfs: validate root::reloc_root after recording root in trans
     (bsc#1187833).
   - can: flexcan: disable completely the ECC mechanism (git-fixes).
   - can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
   - can: xilinx_can: xcan_chip_start(): fix failure with invalid bus
     (git-fixes).
   - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
   - cgroup1: do not allow '\n' in renaming (bsc#1187972).
   - char: hpet: add checks after calling ioremap (git-fixes).
   - cpufreq: Add NULL checks to show() and store() methods of cpufreq
     (bsc#1184040).
   - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
     (bsc#1184040).
   - crypto: ccp - Fix a resource leak in an error handling path (12sp5).
   - cxgb4: avoid accessing registers when clearing filters (bsc#1136345
     jsc#SLE-4681).
   - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
   - dax: Add an enum for specifying dax wakup mode (bsc#1187411).
   - dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
   - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
     (git-fixes).
   - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
   - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
   - dmaengine: stedma40: add missing iounmap() on error in d40_probe()
     (git-fixes).
   - drbd: Remove uninitialized_var() usage (bsc#1186515).
   - drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
     (bsc#1129770) Backporting changes:  * move from driver/video/fbdev/core
     to driver/video/console  * context changes
   - drm: Fix use-after-free read in drm_getunique() (git-fixes).
   - drm: Lock pointer access in drm_master_release() (git-fixes).
   - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
     (git-fixes).
   - drm/amdgpu: Fix a use-after-free (git-fixes).
   - drm/amdgpu: fix NULL pointer dereference (git-fixes).
   - drm/meson: fix shutdown crash when component not probed (git-fixes).
   - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
   - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
   - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz
     monitors are connected (git-fixes).
   - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
     (git-fixes).
   - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
   - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
     (bsc#1187408).
   - ext4: fix check to prevent false positive report of incorrect used
     inodes (bsc#1187404).
   - ext4: fix error code in ext4_commit_super (bsc#1187407).
   - ext4: fix memory leak in ext4_fill_super (bsc#1187409).
   - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
     been unplugged (git-fixes).
   - fbdev: zero-fill colormap in fbcmap.c (git-fixes).
   - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528).
   - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
   - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
   - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
   - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
     (git-fixes).
   - HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
   - i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
   - i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
   - i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
   - i2c: s3c2410: fix possible NULL pointer deref on read message after
     write (git-fixes).
   - i2c: sh7760: add IRQ check (git-fixes).
   - i2c: sh7760: fix IRQ error path (git-fixes).
   - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
   - iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
   - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
     (git-fixes).
   - iio: tsl2583: Fix division by a zero lux_val (git-fixes).
   - ima: Free IMA measurement buffer after kexec syscall (git-fixes).
   - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
     devices (git-fixes).
   - Input: silead - add workaround for x86 BIOS-es which bring the chip up
     in a stuck state (git-fixes).
   - intel_th: Consistency and off-by-one fix (git-fixes).
   - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
   - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
     (git-fixes).
   - ixgbe: fix large MTU request from VF (git-fixes).
   - ixgbevf: add correct exception tracing for XDP (bsc#1113994 ).
   - kabi fix for NFSv4.1: Do not rebind to the same source port when
     reconnecting to the server (bnc#1186264).
   - kernel: kexec_file: fix error return code of
     kexec_calculate_store_digests() (git-fixes).
   - kthread_worker: split code for canceling the delayed work timer
     (bsc#1187867).
   - kthread: prevent deadlock when kthread_mod_delayed_work() races with
     kthread_cancel_delayed_work_sync() (bsc#1187867).
   - leds: lp5523: check return value of lp5xx_read and jump to cleanup code
     (git-fixes).
   - libertas: register sysfs groups properly (git-fixes).
   - mac80211: clear the beacon's CRC after channel switch (git-fixes).
   - md: Fix missing unused status line of /proc/mdstat (git-fixes).
   - media: adv7604: fix possible use-after-free in adv76xx_remove()
     (git-fixes).
   - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
   - media: dvb: Add check on sp8870_readreg return (git-fixes).
   - media: em28xx: fix memory leak (git-fixes).
   - media: gspca: properly check for errors in po1030_probe() (git-fixes).
   - media: gspca/sq905.c: fix uninitialized variable (git-fixes).
   - media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
     (git-fixes).
   - media: ite-cir: check for receive overflow (git-fixes).
   - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
     (git-fixes).
   - mei: request autosuspend after sending rx flow control (git-fixes).
   - misc/uss720: fix memory leak in uss720_probe (git-fixes).
   - mlxsw: spectrum: Do not process learned records with a dummy FID
     (git-fixes).
   - mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
   - mmc: core: Set read only for SD cards with permanent write protect bit
     (git-fixes).
   - Move nfs backports into sorted section
   - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
   - net: caif: Fix debugfs on 64-bit platforms (git-fixes).
   - net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes).
   - net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes).
   - net: enic: Cure the enic api locking trainwreck (git-fixes).
   - net: fix iteration for sctp transport seq_files (git-fixes).
   - net: hns3: Limiting the scope of vector_ring_chain variable
     (bsc#1104353).
   - net: netcp: Fix an error message (git-fixes).
   - net: phy: intel-xway: enable integrated led functions (git-fixes).
   - net: qed: RDMA personality shouldn't fail VF load (git-fixes).
   - net: stmmac: Correctly take timestamp for PTPv2 (git-fixes).
   - net: stmmac: ensure that the device has released ownership before
     reading data (git-fixes).
   - net: usb: fix memory leak in smsc75xx_bind (git-fixes).
   - net/nfc/rawsock.c: fix a permission check bug (git-fixes).
   - net/smc: remove device from smcd_dev_list after failed device_add()
     (git-fixes).
   - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed
     connect (git-fixes).
   - NFC: fix possible resource leak (git-fixes).
   - NFC: fix resource leak when target index is invalid (git-fixes).
   - NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
   - NFS: Deal correctly with attribute generation counter overflow
     (git-fixes).
   - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
     (git-fixes).
   - NFS: Do not gratuitously clear the inode cache when lookup failed
     (git-fixes).
   - NFS: Do not revalidate the directory permissions on a lookup failure
     (git-fixes).
   - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
   - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
   - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
   - NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
   - NFS: Do not discard segments marked for return in _pnfs_return_layout()
     (git-fixes).
   - NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
     (git-fixes).
   - NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
     (git-fixes).
   - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
     (git-fixes).
   - NFS: Do not rebind to the same source port when reconnecting to the
     server (bnc#1186264).
   - NFS: fix handling of sr_eof in SEEK's reply (git-fixes).
   - NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
   - NFS: fix return value of _nfs4_get_security_label() (git-fixes).
   - ocfs2: fix data corruption by fallocate (bsc#1187412).
   - parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770)
   - PCI: PM: Do not read power state in pci_enable_device_flags()
     (git-fixes).
   - phy: phy-twl4030-usb: Fix possible use-after-free in
     twl4030_usb_remove() (git-fixes).
   - pid: take a reference when initializing `cad_pid` (bsc#1114648).
   - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
   - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
   - platform/x86: hp-wireless: add AMD's hardware id to the supported list
     (git-fixes).
   - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
     (git-fixes).
   - platform/x86: thinkpad_acpi: Correct thermal sensor allocation
     (git-fixes).
   - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
   - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
     (git-fixes).
   - power: supply: generic-adc-battery: fix possible use-after-free in
     gab_remove() (git-fixes).
   - power: supply: s3c_adc_battery: fix possible use-after-free in
     s3c_adc_bat_remove() (git-fixes).
   - power: supply: Use IRQF_ONESHOT (git-fixes).
   - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
     bsc#1185486).
   - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
   - ravb: fix invalid context bug while calling auto-negotiation by ethtool
     (git-fixes).
   - ravb: fix invalid context bug while changing link options by ethtool
     (git-fixes).
   - RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991).
   - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206
     ltc#191041).
   - Revert "leds: lp5523: fix a missing check of return value of
     lp55xx_read" (git-fixes).
   - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
     op") (git-fixes).
   - s390/stack: fix possible register corruption with stack switch helper
     (bsc#1185677).
   - scsi: aacraid: Fix an oops in error handling (bsc#1186698).
   - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516).
   - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517).
   - scsi: acornscsi: Fix an error handling path in acornscsi_probe()
     (bsc#1186518).
   - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
     (bsc#1186519).
   - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
     (bsc#1186699).
   - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520).
   - scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521).
   - scsi: bnx2i: Requires MMU (bsc#1186522).
   - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
     (bsc#1186523).
   - scsi: cumana_2: Fix different dev_id between request_irq() and
     free_irq() (bsc#1186524).
   - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525).
   - scsi: cxgb4i: Fix TLS dependency (bsc#1186526).
   - scsi: eesox: Fix different dev_id between request_irq() and free_irq()
     (bsc#1186527).
   - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528).
   - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529).
   - scsi: hisi_sas: Fix IRQ checks (bsc#1186530).
   - scsi: hisi_sas: Remove preemptible() (bsc#1186638).
   - scsi: jazz_esp: Add IRQ check (bsc#1186531).
   - scsi: libfc: Fix enum-conversion warning (bsc#1186532).
   - scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
     (bsc#1186533).
   - scsi: libsas: Reset num_scatter if libata marks qc as NODATA
     (bsc#1186700).
   - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
     (bsc#1186534).
   - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
   - scsi: megaraid_sas: Check user-provided offsets (bsc#1186535).
   - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701).
   - scsi: mesh: Fix panic after host or bus reset (bsc#1186537).
   - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
     (bsc#1186538).
   - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539).
   - scsi: powertec: Fix different dev_id between request_irq() and
     free_irq() (bsc#1186540).
   - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541).
   - scsi: qedi: Fix error return code of qedi_alloc_global_queues()
     (bsc#1186542).
   - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
     (bsc#1186543).
   - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
     (bsc#1186545).
   - scsi: qla4xxx: Remove in_interrupt() (bsc#1186546).
   - scsi: scsi_debug: Add check for sdebug_max_queue during module init
     (bsc#1186547).
   - scsi: scsi_dh_alua: Retry RTPG on a different path after failure
     (bsc#1174978 bsc#1185701).
   - scsi: sd: Fix optimal I/O size for devices that change reported values
     (bsc#1186548).
   - scsi: sg: add sg_remove_request in sg_write (bsc#1186635).
   - scsi: sni_53c710: Add IRQ check (bsc#1186549).
   - scsi: sun3x_esp: Add IRQ check (bsc#1186550).
   - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556).
   - scsi: ufs: core: Narrow down fast path in system suspend path
     (bsc#1186551).
   - scsi: ufs: Do not update urgent bkops level when toggling auto bkops
     (bsc#1186552).
   - scsi: ufs: Fix imprecise load calculation in devfreq window
     (bsc#1187630).
   - scsi: ufs: fix ktime_t kabi change (bsc#1187630).
   - scsi: ufs: Fix race between shutdown and runtime resume flow
     (bsc#1186554).
   - scsi: ufs: Properly release resources if a task is aborted successfully
     (bsc#1186555).
   - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010).
   - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631).
   - serial: max310x: unregister uart driver in case of failure and abort
     (git-fixes).
   - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
     (git-fixes).
   - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
     (git-fixes).
   - serial: stm32: fix incorrect characters on console (git-fixes).
   - spi: dln2: Fix reference leak to master (git-fixes).
   - spi: omap-100k: Fix reference leak to master (git-fixes).
   - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
   - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
   - staging: rtl8723bs: Fix uninitialized variables (git-fixes).
   - SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes).
   - SUNRPC: fix refcount leak for rpc auth modules (git-fixes).
   - SUNRPC: More fixes for backlog congestion (bsc#1185428).
   - SUNRPC: Move fault injection call sites (git-fixes).
   - SUNRPC: prevent port reuse on transports which do not request it
     (bnc#1186264).
   - svcrdma: disable timeouts on rdma backchannel (git-fixes).
   - swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb"
     (git-fixes).
   - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
     (git-fixes).
   - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
     (bsc#1103990).
   - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
   - tracing: Correct the length check which causes memory corruption
     (git-fixes).
   - tracing: Do no increment trace_clock_global() by one (git-fixes).
   - tracing: Restructure trace_clock_global() to never block (git-fixes).
   - ttyprintk: Add TTY hangup callback (git-fixes).
   - ubifs: Only check replay with inode type to judge if inode linked
     (bsc#1187455).
   - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
     (git-fixes).
   - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
   - USB: cdc-acm: always claim data interface (git-fixes).
   - USB: cdc-acm: do not log successful probe on later errors (git-fixes).
   - USB: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
   - USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
   - USB: dwc3: omap: improve extcon initialization (git-fixes).
   - USB: fotg210-hcd: Fix an error message (git-fixes).
   - USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
   - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
   - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
   - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
   - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
     (git-fixes).
   - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
   - USB: serial: quatech2: fix control-request directions (git-fixes).
   - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
   - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
   - USB: sl811-hcd: improve misleading indentation (git-fixes).
   - USB: trancevibrator: fix control-request direction (git-fixes).
   - USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header
     (git-fixes).
   - USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path
     (git-fixes).
   - USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
   - USB: xhci: Fix port minor revision (git-fixes).
   - USB: xhci: Increase timeout for HC halt (git-fixes).
   - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
   - vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
   - vfio/platform: fix module_put call in error flow (git-fixes).
   - vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
   - video: hgafb: correctly handle card detect failure during probe
     (bsc#1129770)
   - video: hgafb: fix potential NULL pointer dereference (bsc#1129770)
     Backporting changes:  * context changes
   - vsock/vmci: log once the failed queue pair allocation (git-fixes).
   - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
   - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
   - x86: fix seq_file iteration for pat/memtype.c (git-fixes).
   - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
     (bsc#1114648).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2349=1

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2349=1



Package List:

   - SUSE MicroOS 5.0 (x86_64):

      kernel-rt-4.12.14-10.49.1
      kernel-rt-debuginfo-4.12.14-10.49.1
      kernel-rt-debugsource-4.12.14-10.49.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):

      cluster-md-kmp-rt-4.12.14-10.49.1
      cluster-md-kmp-rt-debuginfo-4.12.14-10.49.1
      dlm-kmp-rt-4.12.14-10.49.1
      dlm-kmp-rt-debuginfo-4.12.14-10.49.1
      gfs2-kmp-rt-4.12.14-10.49.1
      gfs2-kmp-rt-debuginfo-4.12.14-10.49.1
      kernel-rt-4.12.14-10.49.1
      kernel-rt-base-4.12.14-10.49.1
      kernel-rt-base-debuginfo-4.12.14-10.49.1
      kernel-rt-debuginfo-4.12.14-10.49.1
      kernel-rt-debugsource-4.12.14-10.49.1
      kernel-rt-devel-4.12.14-10.49.1
      kernel-rt-devel-debuginfo-4.12.14-10.49.1
      kernel-rt_debug-4.12.14-10.49.1
      kernel-rt_debug-debuginfo-4.12.14-10.49.1
      kernel-rt_debug-debugsource-4.12.14-10.49.1
      kernel-rt_debug-devel-4.12.14-10.49.1
      kernel-rt_debug-devel-debuginfo-4.12.14-10.49.1
      kernel-syms-rt-4.12.14-10.49.1
      ocfs2-kmp-rt-4.12.14-10.49.1
      ocfs2-kmp-rt-debuginfo-4.12.14-10.49.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):

      kernel-devel-rt-4.12.14-10.49.1
      kernel-source-rt-4.12.14-10.49.1


References:

   https://www.suse.com/security/cve/CVE-2019-25045.html
   https://www.suse.com/security/cve/CVE-2020-24588.html
   https://www.suse.com/security/cve/CVE-2020-26558.html
   https://www.suse.com/security/cve/CVE-2020-36386.html
   https://www.suse.com/security/cve/CVE-2021-0129.html
   https://www.suse.com/security/cve/CVE-2021-0512.html
   https://www.suse.com/security/cve/CVE-2021-0605.html
   https://www.suse.com/security/cve/CVE-2021-33624.html
   https://www.suse.com/security/cve/CVE-2021-34693.html
   https://bugzilla.suse.com/1103990
   https://bugzilla.suse.com/1103991
   https://bugzilla.suse.com/1104353
   https://bugzilla.suse.com/1113994
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1135481
   https://bugzilla.suse.com/1136345
   https://bugzilla.suse.com/1174978
   https://bugzilla.suse.com/1179610
   https://bugzilla.suse.com/1182470
   https://bugzilla.suse.com/1184040
   https://bugzilla.suse.com/1185428
   https://bugzilla.suse.com/1185486
   https://bugzilla.suse.com/1185677
   https://bugzilla.suse.com/1185701
   https://bugzilla.suse.com/1185861
   https://bugzilla.suse.com/1185863
   https://bugzilla.suse.com/1186206
   https://bugzilla.suse.com/1186264
   https://bugzilla.suse.com/1186463
   https://bugzilla.suse.com/1186515
   https://bugzilla.suse.com/1186516
   https://bugzilla.suse.com/1186517
   https://bugzilla.suse.com/1186518
   https://bugzilla.suse.com/1186519
   https://bugzilla.suse.com/1186520
   https://bugzilla.suse.com/1186521
   https://bugzilla.suse.com/1186522
   https://bugzilla.suse.com/1186523
   https://bugzilla.suse.com/1186524
   https://bugzilla.suse.com/1186525
   https://bugzilla.suse.com/1186526
   https://bugzilla.suse.com/1186527
   https://bugzilla.suse.com/1186528
   https://bugzilla.suse.com/1186529
   https://bugzilla.suse.com/1186530
   https://bugzilla.suse.com/1186531
   https://bugzilla.suse.com/1186532
   https://bugzilla.suse.com/1186533
   https://bugzilla.suse.com/1186534
   https://bugzilla.suse.com/1186535
   https://bugzilla.suse.com/1186537
   https://bugzilla.suse.com/1186538
   https://bugzilla.suse.com/1186539
   https://bugzilla.suse.com/1186540
   https://bugzilla.suse.com/1186541
   https://bugzilla.suse.com/1186542
   https://bugzilla.suse.com/1186543
   https://bugzilla.suse.com/1186545
   https://bugzilla.suse.com/1186546
   https://bugzilla.suse.com/1186547
   https://bugzilla.suse.com/1186548
   https://bugzilla.suse.com/1186549
   https://bugzilla.suse.com/1186550
   https://bugzilla.suse.com/1186551
   https://bugzilla.suse.com/1186552
   https://bugzilla.suse.com/1186554
   https://bugzilla.suse.com/1186555
   https://bugzilla.suse.com/1186556
   https://bugzilla.suse.com/1186627
   https://bugzilla.suse.com/1186635
   https://bugzilla.suse.com/1186638
   https://bugzilla.suse.com/1186698
   https://bugzilla.suse.com/1186699
   https://bugzilla.suse.com/1186700
   https://bugzilla.suse.com/1186701
   https://bugzilla.suse.com/1187038
   https://bugzilla.suse.com/1187049
   https://bugzilla.suse.com/1187402
   https://bugzilla.suse.com/1187404
   https://bugzilla.suse.com/1187407
   https://bugzilla.suse.com/1187408
   https://bugzilla.suse.com/1187409
   https://bugzilla.suse.com/1187411
   https://bugzilla.suse.com/1187412
   https://bugzilla.suse.com/1187452
   https://bugzilla.suse.com/1187453
   https://bugzilla.suse.com/1187455
   https://bugzilla.suse.com/1187554
   https://bugzilla.suse.com/1187595
   https://bugzilla.suse.com/1187601
   https://bugzilla.suse.com/1187630
   https://bugzilla.suse.com/1187631
   https://bugzilla.suse.com/1187833
   https://bugzilla.suse.com/1187867
   https://bugzilla.suse.com/1187972
   https://bugzilla.suse.com/1188010



More information about the sle-security-updates mailing list