SUSE-SU-2021:1913-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jun 9 16:29:57 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:1913-1
Rating:             important
References:         #1064802 #1066129 #1087082 #1101816 #1103992 
                    #1104353 #1104427 #1104745 #1109837 #1112374 
                    #1113431 #1126390 #1133021 #1152457 #1174682 
                    #1176081 #1177666 #1180552 #1181383 #1182256 
                    #1183738 #1183754 #1183947 #1184040 #1184081 
                    #1184082 #1184611 #1184675 #1184855 #1185428 
                    #1185481 #1185642 #1185677 #1185680 #1185703 
                    #1185724 #1185758 #1185827 #1185859 #1185860 
                    #1185862 #1185863 #1185898 #1185899 #1185901 
                    #1185906 #1185938 #1185950 #1185987 #1186060 
                    #1186061 #1186062 #1186111 #1186285 #1186390 
                    #1186416 #1186439 #1186441 #1186452 #1186460 
                    #1186484 #1186487 #1186498 #1186573 
Cross-References:   CVE-2020-24586 CVE-2020-24587 CVE-2020-26139
                    CVE-2020-26141 CVE-2020-26145 CVE-2020-26147
                    CVE-2021-23133 CVE-2021-23134 CVE-2021-32399
                    CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
                   
CVSS scores:
                    CVE-2020-24586 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-24586 (SUSE): 4.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
                    CVE-2020-24587 (NVD) : 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-24587 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26139 (NVD) : 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-26139 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-26141 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26145 (SUSE): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-26147 (NVD) : 5.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
                    CVE-2021-23133 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23133 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32399 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32399 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33034 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-33200 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33200 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3491 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 52 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
     operations by the BPF verifier could be abused to perform out-of-bounds
     reads and writes in kernel memory (bsc#1186484).
   - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
     could lead to writing an arbitrary values. (bsc#1186111)
   - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
     forwards EAPOL frames to other clients even though the sender has not
     yet successfully authenticated to the AP. (bnc#1186062)
   - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed
     local attackers to elevate their privileges. (bnc#1186060)
   - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
     vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
     the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
   - CVE-2021-32399: Fixed a race condition when removing the HCI controller
     (bnc#1184611).
   - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected
     Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
     require that received fragments be cleared from memory after
     (re)connecting to a network. Under the right circumstances this can be
     abused to inject arbitrary network packets and/or exfiltrate user data
     (bnc#1185859).
   - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected
     Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
     require that all fragments of a frame are encrypted under the same key.
     An adversary can abuse this to decrypt selected fragments when another
     device sends fragmented frames and the WEP, CCMP, or GCMP encryption key
     is periodically renewed (bnc#1185859 bnc#1185862).
   - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
     fragments, even though some of them were sent in plaintext. This
     vulnerability can be abused to inject packets and/or exfiltrate selected
     fragments when another device sends fragmented frames and the WEP, CCMP,
     or GCMP data-confidentiality protocol is used (bnc#1185859).
   - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305
     4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept
     second (or subsequent) broadcast fragments even when sent in plaintext
     and process them as full unfragmented frames. An adversary can abuse
     this to inject arbitrary network packets independent of the network
     configuration. (bnc#1185860)
   - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
     where the Message Integrity Check (authenticity) of fragmented TKIP
     frames was not verified. An adversary can abuse this to inject and
     possibly decrypt packets in WPA or WPA2 networks that support the TKIP
     data-confidentiality protocol. (bnc#1185987)
   - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead
     to privilege escalation from the context of a network service or an
     unprivileged process. (bnc#1184675)

   The following non-security bugs were fixed:

   - ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
     (git-fixes).
   - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
   - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
     (git-fixes).
   - ACPI: custom_method: fix a possible memory leak (git-fixes).
   - ACPI: custom_method: fix potential use-after-free issue (git-fixes).
   - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
   - ALSA: aloop: Fix initialization of controls (git-fixes).
   - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
   - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
     (git-fixes).
   - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
     (git-fixes).
   - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
   - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
     (git-fixes).
   - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
   - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
   - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
   - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill
     devices (git-fixes).
   - ALSA: hda/realtek: reset eapd coeff to default value for alc287
     (git-fixes).
   - ALSA: hdsp: do not disable if not enabled (git-fixes).
   - ALSA: hdspm: do not disable if not enabled (git-fixes).
   - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
   - ALSA: rme9652: do not disable if not enabled (git-fixes).
   - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
   - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
   - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
     (git-fixes).
   - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails
     (git-fixes).
   - ARM: footbridge: fix PCI interrupt mapping (git-fixes).
   - ASoC: cs35l33: fix an error code in probe() (git-fixes).
   - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
   - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
   - ASoC: intel: atom: Stop advertising non working S24LE support
     (git-fixes).
   - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
   - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
   - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
     (git-fixes).
   - Bluetooth: SMP: Fail if remote and local public keys are identical
     (git-fixes).
   - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
   - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
   - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
   - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
   - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
   - EDAC/amd64: Gather hardware information early (bsc#1180552).
   - EDAC/amd64: Make struct amd64_family_type global (bsc#1180552).
   - EDAC/amd64: Save max number of controllers to family type (bsc#1180552).
   - HID: alps: fix error return code in alps_input_configured() (git-fixes).
   - HID: plantronics: Workaround for double volume key presses (git-fixes).
   - HID: wacom: Assign boolean values to a bool variable (git-fixes).
   - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of
     devices (git-fixes).
   - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
     devices (git-fixes).
   - Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
   - Input: nspire-keypad - enable interrupts only when opened (git-fixes).
   - Input: silead - add workaround for x86 BIOS-es which bring the chip up
     in a stuck state (git-fixes).
   - KVM: s390: fix guarded storage control register handling (bsc#1133021).
   - NFC: fix possible resource leak (git-fixes).
   - NFC: fix resource leak when target index is invalid (git-fixes).
   - NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
   - NFSv4: Replace closed stateids with the "invalid special stateid"
     (bsc#1185481).
   - PCI: PM: Do not read power state in pci_enable_device_flags()
     (git-fixes).
   - PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
   - RDMA/hns: Delete redundant condition judgment related to eq
     (bsc#1104427).
   - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (bsc#1103992).
   - SUNRPC in case of backlog, hand free slots directly to waiting task
     (bsc#1185428).
   - SUNRPC: More fixes for backlog congestion (bsc#1185428).
   - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
     (git-fixes).
   - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
   - USB: serial: fix return value for unsupported ioctls (git-fixes).
   - USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
   - USB: trancevibrator: fix control-request direction (git-fixes).
   - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL
     (bsc#1176081).
   - ata: libahci_platform: fix IRQ check (git-fixes).
   - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
     (git-fixes).
   - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
   - batman-adv: Do not always reallocate the fragmentation skb head
     (git-fixes).
   - bluetooth: eliminate the potential race condition when removing the HCI
     controller (git-fixes).
   - bnxt_en: Fix PCI AER error recovery flow (git-fixes).
   - bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
     (bsc#1104745).
   - bpf: Fix masking negation logic upon negative dst register (git-fixes).
   - btrfs: fix race between transaction aborts and fsyncs leading to
     use-after-free (bsc#1186441).
   - btrfs: fix race when picking most recent mod log operation for an old
     root (bsc#1186439).
   - bus: qcom: Put child node before return (git-fixes).
   - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
   - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
   - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
   - clk: fix invalid usage of list cursor in register (git-fixes).
   - clk: fix invalid usage of list cursor in unregister (git-fixes).
   - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1
     GHz (git-fixes).
   - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to
     L0 (git-fixes).
   - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM
     clock (git-fixes).
   - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
   - clk: uniphier: Fix potential infinite loop (git-fixes).
   - cpufreq: Add NULL checks to show() and store() methods of cpufreq
     (bsc#1184040).
   - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
     (bsc#1184040).
   - cpufreq: Kconfig: fix documentation links (git-fixes).
   - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode
     (bsc#1185758).
   - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
     (git-fixes).
   - crypto: qat - Fix a double free in adf_create_ring (git-fixes).
   - crypto: qat - do not release uninitialized resources (git-fixes).
   - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
   - cxgb4: Fix unintentional sign extension issues (bsc#1064802 bsc#1066129).
   - dm: fix redundant IO accounting for bios that need splitting
     (bsc#1183738).
   - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
   - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
   - docs: kernel-parameters: Move gpio-mockup for alphabetic order
     (git-fixes).
   - drivers: net: fix memory leak in atusb_probe (git-fixes).
   - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
   - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
     (git-fixes).
   - drm/amdgpu: fix NULL pointer dereference (git-fixes).
   - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
   - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
   - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
   - drm/meson: fix shutdown crash when component not probed (git-fixes).
   - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
   - drm/omap: fix misleading indentation in pixinc() (git-fixes).
   - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz
     monitors are connected (git-fixes).
   - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
   - drm/radeon: fix copy of uninitialized variable back to userspace
     (git-fixes).
   - e1000e: Fix duplicate include guard (git-fixes).
   - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
   - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
   - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
     (bsc#1113431).
   - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
     been unplugged (git-fixes).
   - fbdev: zero-fill colormap in fbcmap.c (git-fixes).
   - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
   - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
   - gianfar: Handle error code at MAC address change (git-fixes).
   - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
   - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
     (git-fixes).
   - i2c: cadence: add IRQ check (git-fixes).
   - i2c: emev2: add IRQ check (git-fixes).
   - i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
   - i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
   - i2c: jz4780: add IRQ check (git-fixes).
   - i2c: s3c2410: fix possible NULL pointer deref on read message after
     write (git-fixes).
   - i2c: sh7760: add IRQ check (git-fixes).
   - i2c: sh7760: fix IRQ error path (git-fixes).
   - i40e: Added Asym_Pause to supported link modes (git-fixes).
   - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (jsc#SLE-4797).
   - i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
   - i40e: Fix use-after-free in i40e_client_subtask() (bsc#1101816 ).
   - i40e: fix broken XDP support (git-fixes).
   - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
   - i40e: fix the restart auto-negotiation after FEC modified (jsc#SLE-4797).
   - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938
     ltc#192043).
   - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
   - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
   - ibmvnic: remove default label from to_string switch (bsc#1152457
     ltc#174432 git-fixes).
   - igb: Fix duplicate include guard (git-fixes).
   - igb: check timestamp validity (git-fixes).
   - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
   - iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
   - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
     (git-fixes).
   - iio: tsl2583: Fix division by a zero lux_val (git-fixes).
   - intel_th: Consistency and off-by-one fix (git-fixes).
   - ipmi/watchdog: Stop watchdog timer when the current action is 'none'
     (bsc#1184855).
   - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
     (git-fixes).
   - kABI: powerpc/64: add back start_tb and accum_tb to thread_struct.
   - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
   - leds: lp5523: check return value of lp5xx_read and jump to cleanup code
     (git-fixes).
   - liquidio: Fix unintented sign extension of a left shift of a u16
     (git-fixes).
   - mac80211: bail out if cipher schemes are invalid (git-fixes).
   - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
     (git-fixes).
   - mac80211: clear the beacon's CRC after channel switch (git-fixes).
   - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
   - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
   - md/raid1: properly indicate failure when ending a failed write request
     (bsc#1185680).
   - md: do not flush workqueue unconditionally in md_open (bsc#1184081).
   - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
   - md: md_open returns -EBUSY when entering racing area (bsc#1184081).
   - md: split mddev_find (bsc#1184081).
   - media: adv7604: fix possible use-after-free in adv76xx_remove()
     (git-fixes).
   - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
   - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
   - media: em28xx: fix memory leak (git-fixes).
   - media: gspca/sq905.c: fix uninitialized variable (git-fixes).
   - media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
     (git-fixes).
   - media: ite-cir: check for receive overflow (git-fixes).
   - media: m88rs6000t: avoid potential out-of-bounds reads on arrays
     (git-fixes).
   - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
     (git-fixes).
   - media: omap4iss: return error code when omap4iss_get() failed
     (git-fixes).
   - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000"
     (git-fixes).
   - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
   - misc/uss720: fix memory leak in uss720_probe (git-fixes).
   - misc: lis3lv02d: Fix false-positive WARN on various HP models
     (git-fixes).
   - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
   - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
     (git-fixes).
   - mlxsw: spectrum_mr: Update egress RIF list before route's action
     (bsc#1112374).
   - mm: mempolicy: fix potential pte_unmap_unlock pte error (bsc#1185906).
   - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
     (bsc#1185906).
   - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
   - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
   - mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
   - mmc: core: Set read only for SD cards with permanent write protect bit
     (git-fixes).
   - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
   - mt7601u: fix always true expression (git-fixes).
   - mtd: require write permissions for locking and badblock ioctls
     (git-fixes).
   - net, xdp: Update pkt_type if generic XDP changes unicast MAC
     (bsc#1109837).
   - net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
   - net/mlx4_en: update moderation when config reset (git-fixes).
   - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
   - net/mlx5e: Remove the wrong assumption about transport offset
     (bsc#1176081).
   - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
   - net/packet: Ask driver for protocol if not provided by user
     (bsc#1176081).
   - net/packet: Remove redundant skb->protocol set (bsc#1176081).
   - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
     (git-fixes).
   - net: Do not set transport offset to invalid value (bsc#1176081).
   - net: Introduce parse_protocol header_ops callback (bsc#1176081).
   - net: enic: Cure the enic api locking trainwreck (git-fixes).
   - net: hns3: Fix for geneve tx checksum bug (bsc#1104353 ).
   - net: hns3: add check for HNS3_NIC_STATE_INITED in
     hns3_reset_notify_up_enet() (bsc#1104353).
   - net: hns3: disable phy loopback setting in hclge_mac_start_phy
     (bsc#1104353).
   - net: hns3: fix for vxlan gpe tx checksum bug (bsc#1104353 ).
   - net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1104353).
   - net: hns3: initialize the message content in hclge_get_link_mode()
     (bsc#1126390).
   - net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1104353).
   - net: phy: intel-xway: enable integrated led functions (git-fixes).
   - net: qed: RDMA personality shouldn't fail VF load (git-fixes).
   - net: thunderx: Fix unintentional sign extension issue (git-fixes).
   - net: usb: fix memory leak in smsc75xx_bind (git-fixes).
   - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
   - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947
     bsc#1185950).
   - netfilter: conntrack: avoid misleading 'invalid' in log message
     (bsc#1183947 bsc#1185950).
   - netfilter: conntrack: improve RST handling when tuple is re-used
     (bsc#1183947 bsc#1185950).
   - netfilter: conntrack: tcp: only close if RST matches exact sequence
     (bsc#1183947 bsc#1185950).
   - nfc: pn533: prevent potential memory corruption (git-fixes).
   - nvme-fc: clear q_live at beginning of association teardown (git-fixes).
   - nvme-loop: Introduce no merge flag for biovec (bsc#1174682).
   - pata_arasan_cf: fix IRQ check (git-fixes).
   - pata_ipx4xx_cf: fix IRQ check (git-fixes).
   - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
   - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
     unconditionally (git-fixes).
   - phy: phy-twl4030-usb: Fix possible use-after-free in
     twl4030_usb_remove() (git-fixes).
   - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
   - pinctrl: lewisburg: Update number of pins in community (git-fixes).
   - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
   - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
   - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards
     with critclk_systems DMI table (git-fixes).
   - platform/x86: thinkpad_acpi: Correct thermal sensor allocation
     (git-fixes).
   - power: supply: Use IRQF_ONESHOT (git-fixes).
   - power: supply: generic-adc-battery: fix possible use-after-free in
     gab_remove() (git-fixes).
   - power: supply: s3c_adc_battery: fix possible use-after-free in
     s3c_adc_bat_remove() (git-fixes).
   - powerpc/64: remove start_tb and accum_tb from thread_struct (bsc#1186487
     ltc#177613).
   - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
     git-fixes).
   - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082
     git-fixes).
   - powerpc/pseries: lparcfg calculate PURR on demand (bsc#1186487
     ltc#177613).
   - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
   - rsxx: remove extraneous 'const' qualifier (git-fixes).
   - rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
   - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
   - s390/dasd: fix hanging DASD driver unbind (bsc#1183754 LTC#192081).
   - s390/dasd: fix hanging IO request during DASD driver unbind (bsc#1183754
     LTC#192081).
   - s390/entry: save the caller of psw_idle (bsc#1185677).
   - s390/kdump: fix out-of-memory with PCI (bsc#1182256 LTC#191375).
   - sata_mv: add IRQ checks (git-fixes).
   - scsi: core: Run queue in case of I/O resource contention failure
     (bsc#1186416).
   - scsi: libfc: Avoid invoking response handler twice if ep is already
     completed (bsc#1186573).
   - scsi: lpfc: Add a option to enable interlocked ABTS before job
     completion (bsc#1186452).
   - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186452).
   - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
     (bsc#1186452).
   - scsi: lpfc: Fix Node recovery when driver is handling simultaneous
     PLOGIs (bsc#1186452).
   - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command
     (bsc#1186452).
   - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
     SGLs (bsc#1186452).
   - scsi: lpfc: Fix node handling for Fabric Controller and Domain
     Controller (bsc#1186452).
   - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186452).
   - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created
     (bsc#1186452).
   - scsi: lpfc: Ignore GID-FT response that may be received after a link
     flip (bsc#1186452).
   - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
     controller (bsc#1186452).
   - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186452).
   - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
   - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
     (git-fixes).
   - serial: stm32: fix incorrect characters on console (git-fixes).
   - smc: disallow TCP_ULP in smc_setsockopt() (bsc#1109837).
   - soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes).
   - spi: dln2: Fix reference leak to master (git-fixes).
   - spi: omap-100k: Fix reference leak to master (git-fixes).
   - spi: spi-ti-qspi: Free DMA resources (git-fixes).
   - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
   - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
   - staging: rtl8192u: Fix potential infinite loop (git-fixes).
   - tcp: fix to update snd_wl1 in bulk receiver fast path (bsc#1185827).
   - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
     (git-fixes).
   - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
     (git-fixes).
   - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
   - tracing: Map all PIDs to command lines (git-fixes).
   - uio: uio_hv_generic: use devm_kzalloc() for private data alloc
     (git-fixes).
   - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
   - uio_hv_generic: Fix another memory leak in error handling paths
     (git-fixes).
   - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
   - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
   - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
   - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
   - usb: dwc3: omap: improve extcon initialization (git-fixes).
   - usb: fotg210-hcd: Fix an error message (git-fixes).
   - usb: sl811-hcd: improve misleading indentation (git-fixes).
   - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
     (git-fixes).
   - usb: xhci: Fix port minor revision (git-fixes).
   - usb: xhci: Increase timeout for HC halt (git-fixes).
   - usb: xhci: Increase timeout for HC halt (git-fixes).
   - vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
   - video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
   - vsock/vmci: log once the failed queue pair allocation (git-fixes).
   - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
   - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
   - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
   - xsk: Respect device's headroom and tailroom on generic xmit path
     (bsc#1109837).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1913=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1913=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1913=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1913=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1913=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.74.1
      kernel-default-debugsource-4.12.14-122.74.1
      kernel-default-extra-4.12.14-122.74.1
      kernel-default-extra-debuginfo-4.12.14-122.74.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.74.1
      kernel-obs-build-debugsource-4.12.14-122.74.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.74.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.74.1
      kernel-default-base-4.12.14-122.74.1
      kernel-default-base-debuginfo-4.12.14-122.74.1
      kernel-default-debuginfo-4.12.14-122.74.1
      kernel-default-debugsource-4.12.14-122.74.1
      kernel-default-devel-4.12.14-122.74.1
      kernel-syms-4.12.14-122.74.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.74.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.74.1
      kernel-macros-4.12.14-122.74.1
      kernel-source-4.12.14-122.74.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.74.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.74.1
      kernel-default-debugsource-4.12.14-122.74.1
      kernel-default-kgraft-4.12.14-122.74.1
      kernel-default-kgraft-devel-4.12.14-122.74.1
      kgraft-patch-4_12_14-122_74-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.74.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.74.1
      dlm-kmp-default-4.12.14-122.74.1
      dlm-kmp-default-debuginfo-4.12.14-122.74.1
      gfs2-kmp-default-4.12.14-122.74.1
      gfs2-kmp-default-debuginfo-4.12.14-122.74.1
      kernel-default-debuginfo-4.12.14-122.74.1
      kernel-default-debugsource-4.12.14-122.74.1
      ocfs2-kmp-default-4.12.14-122.74.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.74.1


References:

   https://www.suse.com/security/cve/CVE-2020-24586.html
   https://www.suse.com/security/cve/CVE-2020-24587.html
   https://www.suse.com/security/cve/CVE-2020-26139.html
   https://www.suse.com/security/cve/CVE-2020-26141.html
   https://www.suse.com/security/cve/CVE-2020-26145.html
   https://www.suse.com/security/cve/CVE-2020-26147.html
   https://www.suse.com/security/cve/CVE-2021-23133.html
   https://www.suse.com/security/cve/CVE-2021-23134.html
   https://www.suse.com/security/cve/CVE-2021-32399.html
   https://www.suse.com/security/cve/CVE-2021-33034.html
   https://www.suse.com/security/cve/CVE-2021-33200.html
   https://www.suse.com/security/cve/CVE-2021-3491.html
   https://bugzilla.suse.com/1064802
   https://bugzilla.suse.com/1066129
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1101816
   https://bugzilla.suse.com/1103992
   https://bugzilla.suse.com/1104353
   https://bugzilla.suse.com/1104427
   https://bugzilla.suse.com/1104745
   https://bugzilla.suse.com/1109837
   https://bugzilla.suse.com/1112374
   https://bugzilla.suse.com/1113431
   https://bugzilla.suse.com/1126390
   https://bugzilla.suse.com/1133021
   https://bugzilla.suse.com/1152457
   https://bugzilla.suse.com/1174682
   https://bugzilla.suse.com/1176081
   https://bugzilla.suse.com/1177666
   https://bugzilla.suse.com/1180552
   https://bugzilla.suse.com/1181383
   https://bugzilla.suse.com/1182256
   https://bugzilla.suse.com/1183738
   https://bugzilla.suse.com/1183754
   https://bugzilla.suse.com/1183947
   https://bugzilla.suse.com/1184040
   https://bugzilla.suse.com/1184081
   https://bugzilla.suse.com/1184082
   https://bugzilla.suse.com/1184611
   https://bugzilla.suse.com/1184675
   https://bugzilla.suse.com/1184855
   https://bugzilla.suse.com/1185428
   https://bugzilla.suse.com/1185481
   https://bugzilla.suse.com/1185642
   https://bugzilla.suse.com/1185677
   https://bugzilla.suse.com/1185680
   https://bugzilla.suse.com/1185703
   https://bugzilla.suse.com/1185724
   https://bugzilla.suse.com/1185758
   https://bugzilla.suse.com/1185827
   https://bugzilla.suse.com/1185859
   https://bugzilla.suse.com/1185860
   https://bugzilla.suse.com/1185862
   https://bugzilla.suse.com/1185863
   https://bugzilla.suse.com/1185898
   https://bugzilla.suse.com/1185899
   https://bugzilla.suse.com/1185901
   https://bugzilla.suse.com/1185906
   https://bugzilla.suse.com/1185938
   https://bugzilla.suse.com/1185950
   https://bugzilla.suse.com/1185987
   https://bugzilla.suse.com/1186060
   https://bugzilla.suse.com/1186061
   https://bugzilla.suse.com/1186062
   https://bugzilla.suse.com/1186111
   https://bugzilla.suse.com/1186285
   https://bugzilla.suse.com/1186390
   https://bugzilla.suse.com/1186416
   https://bugzilla.suse.com/1186439
   https://bugzilla.suse.com/1186441
   https://bugzilla.suse.com/1186452
   https://bugzilla.suse.com/1186460
   https://bugzilla.suse.com/1186484
   https://bugzilla.suse.com/1186487
   https://bugzilla.suse.com/1186498
   https://bugzilla.suse.com/1186573



More information about the sle-security-updates mailing list