Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

         SUSE-SU-2020:0649-1 Security update for the Linux Kernel
                               13 March 2020


        AusCERT Security Bulletin Summary

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
                   Reduced Security       -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-8992 CVE-2020-8648 CVE-2020-8428

Reference:         ESB-2020.0851

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel


Announcement ID:   SUSE-SU-2020:0649-1
Rating:            moderate
References:        #1051510 #1061840 #1065600 #1065729 #1071995 #1088810
                   #1105392 #1111666 #1112178 #1112504 #1114279 #1118338
                   #1123328 #1133021 #1133147 #1140025 #1154243 #1157424
                   #1157966 #1158013 #1159271 #1160218 #1160979 #1161360
                   #1161702 #1161907 #1162109 #1162139 #1162557 #1162617
                   #1162618 #1162619 #1162623 #1162928 #1162943 #1163383
                   #1163384 #1163762 #1163774 #1163836 #1163840 #1163841
                   #1163842 #1163843 #1163844 #1163845 #1163846 #1163849
                   #1163850 #1163851 #1163852 #1163853 #1163855 #1163856
                   #1163857 #1163858 #1163859 #1163860 #1163861 #1163862
                   #1163863 #1163867 #1163869 #1163880 #1163971 #1164069
                   #1164098 #1164115 #1164314 #1164315 #1164388 #1164471
                   #1164632 #1164705 #1164712 #1164727 #1164728 #1164729
                   #1164730 #1164731 #1164732 #1164733 #1164734 #1164735
Cross-References:  CVE-2020-2732 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992
Affected Products:
                   SUSE Linux Enterprise Real Time Extension 12-SP4

An update that solves four vulnerabilities and has 80 fixes is now available.


The SUSE Linux Enterprise 12-SP4 kernel-RT was updated to 4.12.14 to receive
various security and bugfixes.
The following security bugs were fixed:

  o CVE-2020-8992: Fixed an issue in ext4_protect_reserved_inode in fs/ext4/
    block_validity.c that allowed attackers to cause a soft lockup via a
    crafted journal size (bsc#1164069).
  o CVE-2020-8648: Fixed a use-after-free vulnerability in the
    n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928).
  o CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may
    trick the L0 hypervisor into accessing sensitive L1 resources (bsc#
  o CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed
    local users to cause a denial of service (OOPS) or possibly obtain
    sensitive information from kernel memory, aka CID-d0cb50185ae9 (bsc#

The following non-security bugs were fixed:

  o 6pack,mkiss: fix possible deadlock (bsc#1051510).
  o ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510).
  o ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510).
  o ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510).
  o ACPI: video: Do not export a non working backlight interface on MSI MS-7721
    boards (bsc#1051510).
  o ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557).
  o ACPI / watchdog: Fix init failure with overlapping register regions (bsc#
  o ACPI / watchdog: Set default timeout in probe (bsc#1162557).
  o ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
  o ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666).
  o ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes).
  o ALSA: seq: Avoid concurrent access to queue flags (git-fixes).
  o ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes).
  o ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes).
  o arm64: Revert support for execute-only user mappings (bsc#1160218).
  o ASoC: sun8i-codec: Fix setting DAI data format (git-fixes).
  o ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388).
  o bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc
  o bcache: add code comments for state->pool in __btree_sort() (bsc#1163762).
  o bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762).
  o bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762).
  o bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762).
  o bcache: add more accurate error messages in read_super() (bsc#1163762).
  o bcache: add readahead cache policy options via sysfs interface (bsc#
  o bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762).
  o bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#
  o bcache: check return value of prio_read() (bsc#1163762).
  o bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#
  o bcache: do not export symbols (bsc#1163762).
  o bcache: explicity type cast in bset_bkey_last() (bsc#1163762).
  o bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#
  o bcache: Fix an error code in bch_dump_read() (bsc#1163762).
  o bcache: fix deadlock in bcache_allocator (bsc#1163762).
  o bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762).
  o bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#
  o bcache: fix static checker warning in bcache_device_free() (bsc#1163762).
  o bcache: ignore pending signals when creating gc and allocator thread (bsc#
    1163762, bsc#1112504).
  o bcache: print written and keys in trace_bcache_btree_write (bsc#1163762).
  o bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#
  o bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762).
  o bcache: remove macro nr_to_fifo_front() (bsc#1163762).
  o bcache: remove member accessed from struct btree (bsc#1163762).
  o bcache: remove the extra cflags for request.o (bsc#1163762).
  o bcache: Revert "bcache: shrink btree node cache after bch_btree_check()"
    (bsc#1163762, bsc#1112504).
  o blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840).
  o blk-mq: make sure that line break can be printed (bsc#1164098).
  o Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510).
  o bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510).
  o bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510).
  o Btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943).
  o Btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243).
  o Btrfs: fix infinite loop during fsync after rename operations (bsc#
  o Btrfs: fix race between adding and putting tree mod seq elements and nodes
  o Btrfs: send, skip backreference walking for extents with many references
  o cdrom: respect device capabilities during opening action (boo#1164632).
  o chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849).
  o cifs: fix mount option display for sec=krb5i (bsc#1161907).
  o clk: mmp2: Fix the order of timer mux parents (bsc#1051510).
  o clk: qcom: rcg2: Do not crash if our parent can't be found; return an error
  o clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510).
  o clk: tegra: Mark fuse clock as critical (bsc#1051510).
  o clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510).
  o clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#
  o closures: fix a race on wakeup from closure_sync (bsc#1163762).
  o crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510).
  o crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix).
  o Documentation: Document arm64 kpti control (bsc#1162623).
  o drivers/base/memory.c: do not access uninitialized memmaps in
    soft_offline_page_store() (bsc#1051510).
  o drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#
  o drm/amdgpu: remove 4 set but not used variable in
    amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510).
  o drm/amdgpu: remove always false comparison in
    'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510).
  o drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#
  o drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510).
  o drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510).
  o drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#
  o drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from
    'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510).
  o drm: bridge: dw-hdmi: constify copied structure (bsc#1051510).
  o drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc
  o drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#
  o drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510).
  o drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510).
  o Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632).
  o enic: prevent waking up stopped tx queues over watchdog reset (bsc#
  o ext2: check err when partial != NULL (bsc#1163859).
  o ext4: check for directory entries too close to block end (bsc#1163861).
  o ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841).
  o ext4: fix checksum errors with indexed dirs (bsc#1160979).
  o ext4: fix deadlock allocating crypto bounce page from mempool (bsc#
  o ext4: Fix mount failure with quota configured as module (bsc#1164471).
  o ext4: improve explanation of a mount failure caused by a misconfigured
    kernel (bsc#1163843).
  o ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853).
  o firestream: fix memory leaks (bsc#1051510).
  o fix autofs regression caused by follow_managed() changes (bsc#1159271).
  o fix dget_parent() fastpath race (bsc#1159271).
  o fix the locking in dcache_readdir() and friends (bsc#1123328).
  o fscrypt: do not set policy for a dead directory (bsc#1163846).
  o fs/namei.c: fix missing barriers when checking positivity (bsc#1159271).
  o fs/namei.c: pull positivity check into follow_managed() (bsc#1159271).
  o fs/open.c: allow opening only regular files during execve() (bsc#1163845).
  o ftrace: Add comment to why rcu_dereference_sched() is open coded
  o ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes).
  o genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#
  o gtp: avoid zero size hashtable (networking-stable-20_01_01).
  o gtp: do not allow adding duplicate tid and ms_addr pdp context
  o gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01).
  o gtp: fix wrong condition in gtp_genl_dump_pdp()
  o hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#
  o hwmon: (core) Do not use device managed functions for memory allocations
  o hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510).
  o hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#
  o iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617).
  o iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#
  o iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115).
  o iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510).
  o iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510).
  o jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info
    when load journal (bsc#1163862).
  o jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
  o jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860).
  o jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#
  o jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
  o jbd2: switch to use jbd2_journal_abort() when failed to submit the commit
    record (bsc#1163852).
  o kconfig: fix broken dependency in randconfig-generated .config (bsc#
  o kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure
    flavor (boo#1161360).
  o KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021).
  o KVM: fix spectrev1 gadgets (bsc#1164705).
  o KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840).
  o KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840).
  o KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#
  o KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#
  o KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
  o KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#
  o KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc
  o KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF
    attacks (bsc#1164712).
  o KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#
  o KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks
    in x86.c (bsc#1164733).
  o KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit()
    from Spectre-v1/L1TF attacks (bsc#1164731).
  o KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/
    L1TF attacks (bsc#1164732).
  o KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735).
  o KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#
  o KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#
  o lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762).
  o lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510).
  o lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#
  o livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#
  o livepatch/selftest: Clean up shadow variable names and type (bsc#1071995).
  o mac80211: Fix TKIP replay protection immediately after key setup (bsc#
  o mac80211: mesh: restrict airtime metric to peered established plinks (bsc#
  o media: af9005: uninitialized variable printked (bsc#1051510).
  o media: cec: CEC 2.0-only bcast messages were ignored (git-fixes).
  o media: digitv: do not continue if remote control state can't be read (bsc#
  o media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510).
  o media: exynos4-is: fix wrong mdev and v4l2 dev order in error path
  o media: gspca: zero usb_buf (bsc#1051510).
  o media: iguanair: fix endpoint sanity check (bsc#1051510).
  o media: ov6650: Fix crop rectangle alignment not passed back (git-fixes).
  o media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes).
  o media: pulse8-cec: fix lost cec_transmit_attempt_done() call.
  o media: uvcvideo: Avoid cyclic entity chains due to malformed USB
    descriptors (bsc#1051510).
  o media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510).
  o media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510).
  o media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#
  o mfd: da9062: Fix watchdog compatible string (bsc#1051510).
  o mfd: dln2: More sanity checking for endpoints (bsc#1051510).
  o mfd: rn5t618: Mark ADC control register volatile (bsc#1051510).
  o mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510).
  o mod_devicetable: fix PHY module format (networking-stable-19_12_28).
  o mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510).
  o namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851).
  o net: dst: Force 4-byte alignment of dst_metrics
  o net: ena: fix napi handler misbehavior when the napi budget is zero
  o net: hisilicon: Fix a BUG trigered by wrong bytes_compl
  o net: nfc: nci: fix a possible sleep-in-atomic-context bug in
    nci_uart_tty_receive() (networking-stable-19_12_28).
  o net: qlogic: Fix error paths in ql_alloc_large_buffers()
  o net: sched: correct flower port blocking (git-fixes).
  o net: usb: lan78xx: Fix suspend/resume PHY register access error
  o new helper: lookup_positive_unlocked() (bsc#1159271).
  o nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info
  o PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510).
  o PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510).
  o PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes).
  o PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510).
  o percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc
  o perf/x86/intel: Fix inaccurate period in context switch for auto-reload
  o phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510).
  o pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#
  o powerpc: avoid adjusting memory_limit for capture kernel memory reservation
    (bsc#1140025 ltc#176086).
  o powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#
  o powerpc/pseries: Advance pfn if section is not present in lmb_is_removable
    () (bsc#1065729).
  o powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce
    for DDW (bsc#1065729).
  o powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729).
  o powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#
  o powerpc: reserve memory for capture kernel after hugepages init (bsc#
    1140025 ltc#176086).
  o powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal
    delivery (bsc#1118338 ltc#173734).
  o powerpc/xmon: do not access ASDR in VMs (bsc#1065729).
  o power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510).
  o pstore/ram: Write new dumps to start of recycled zones (bsc#1051510).
  o pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
  o pwm: Remove set but not set variable 'pwm' (git-fixes).
  o pxa168fb: Fix the function used to release some memory in an error (bsc#
  o qede: Fix multicast mac configuration (networking-stable-19_12_28).
  o qmi_wwan: Add support for Quectel RM500Q (bsc#1051510).
  o quota: Check that quota is not dirty before release (bsc#1163858).
  o quota: fix livelock in dquot_writeback_dquots (bsc#1163857).
  o r8152: get default setting of WOL before initializing (bsc#1051510).
  o README.BRANCH: Update the branch name to cve/linux-4.12
  o regulator: Fix return value of _set_load() stub (bsc#1051510).
  o regulator: rk808: Lower log level on optional GPIOs being not available
  o reiserfs: Fix memory leak of journal device string (bsc#1163867).
  o reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#
  o rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol
    namespace field)
  o rpm/kernel-binary.spec.in: Replace Novell with SUSE
  o rtc: cmos: Stop using shared IRQ (bsc#1051510).
  o rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#
  o rtlwifi: Fix MAX MPDU of VHT capability (git-fixes).
  o rtlwifi: Remove redundant semicolon in wifi.h (git-fixes).
  o scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966
    bsc#1158013 bsc#1157424).
  o scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013
  o sctp: fully initialize v4 addr in some functions
  o serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510).
  o serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510).
  o serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510).
  o serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510).
  o serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510).
  o sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#
  o sh_eth: fix dumping ARSTR (bsc#1051510).
  o sh_eth: fix invalid context bug while calling auto-negotiation by ethtool
  o sh_eth: fix invalid context bug while changing link options by ethtool (bsc
  o sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510).
  o sh_eth: fix TXALCR1 offsets (bsc#1051510).
  o sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510).
  o soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#
  o soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
  o soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510).
  o spi: tegra114: clear packed bit for unpacked mode (bsc#1051510).
  o spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510).
  o spi: tegra114: fix for unpacked mode transfers (bsc#1051510).
  o spi: tegra114: flush fifos (bsc#1051510).
  o spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510).
  o sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632).
  o staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510).
  o staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510).
  o staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510).
  o staging: wlan-ng: ensure error return is actually returned (bsc#1051510).
  o stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#
  o stop_machine: Disable preemption after queueing stopper threads (bsc#
    1088810, bsc#1161702).
  o stop_machine: Disable preemption when waking two stopper threads (bsc#
    1088810, bsc#1161702).
  o stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#
    1088810, bsc#1161702).
  o tcp: do not send empty skb from tcp_write_xmit()
  o tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes).
  o tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes).
  o tracing: Fix tracing_stat return values in error handling paths
  o tracing: Fix very unlikely race of registering two stat tracers
  o tty: n_hdlc: fix build on SPARC (bsc#1051510).
  o tty/serial: atmel: Add is_half_duplex helper (bsc#1051510).
  o tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510).
  o tty: vt: keyboard: reject invalid keycodes (bsc#1051510).
  o ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850).
  o ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856).
  o ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#
  o ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844).
  o udp: fix integer overflow while computing available space in sk_rcvbuf
  o USB: core: fix check for duplicate endpoints (git-fixes).
  o USB: dwc3: turn off VBUS when leaving host mode (bsc#1051510).
  o USB: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes).
  o USB: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510).
  o USB: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510).
  o USB: gadget: legacy: set max_speed to super-speed (bsc#1051510).
  o USB: gadget: Zero ffs_io_data (bsc#1051510).
  o USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510).
  o usbip: Fix error path of vhci_recv_ret_submit() (git-fixes).
  o USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510).
  o USB: serial: ir-usb: fix IrLAP framing (bsc#1051510).
  o USB: serial: ir-usb: fix link-speed handling (bsc#1051510).
  o USB: serial: option: add support for Quectel RM500Q in QDL mode
  o USB: serial: option: add Telit ME910G1 0x110a composition (git-fixes).
  o USB: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes).
  o usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510).
  o USB: typec: tcpci: mask event interrupts when remove driver (bsc#1051510).
  o vhost/vsock: accept only packets with the right dst_cid
  o watchdog: max77620_wdt: fix potential build errors (bsc#1051510).
  o watchdog: rn5t618_wdt: fix module aliases (bsc#1051510).
  o watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557).
  o wireless: fix enabling channel 12 for custom regulatory domain (bsc#
  o wireless: wext: avoid gcc -O3 warning (bsc#1051510).
  o x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#
  o x86/intel_rdt: Split resource group removal in two (bsc#1112178).
  o x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#
  o x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178).
  o x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc
  o x86/resctrl: Fix use-after-free when deleting resource groups (bsc#
  o xen/balloon: Support xend-based toolstack take two (bsc#1065600).
  o xen: Enable interrupts when calling _cond_resched() (bsc#1065600).
  o xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510).
  o xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#
  o xhci: make sure interrupts are restored to correct state (bsc#1051510).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Real Time Extension 12-SP4:
    zypper in -t patch SUSE-SLE-RT-12-SP4-2020-649=1

Package List:

  o SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64):
  o SUSE Linux Enterprise Real Time Extension 12-SP4 (noarch):


  o https://www.suse.com/security/cve/CVE-2020-2732.html
  o https://www.suse.com/security/cve/CVE-2020-8428.html
  o https://www.suse.com/security/cve/CVE-2020-8648.html
  o https://www.suse.com/security/cve/CVE-2020-8992.html
  o https://bugzilla.suse.com/1051510
  o https://bugzilla.suse.com/1061840
  o https://bugzilla.suse.com/1065600
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1071995
  o https://bugzilla.suse.com/1088810
  o https://bugzilla.suse.com/1105392
  o https://bugzilla.suse.com/1111666
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1112504
  o https://bugzilla.suse.com/1114279
  o https://bugzilla.suse.com/1118338
  o https://bugzilla.suse.com/1123328
  o https://bugzilla.suse.com/1133021
  o https://bugzilla.suse.com/1133147
  o https://bugzilla.suse.com/1140025
  o https://bugzilla.suse.com/1154243
  o https://bugzilla.suse.com/1157424
  o https://bugzilla.suse.com/1157966
  o https://bugzilla.suse.com/1158013
  o https://bugzilla.suse.com/1159271
  o https://bugzilla.suse.com/1160218
  o https://bugzilla.suse.com/1160979
  o https://bugzilla.suse.com/1161360
  o https://bugzilla.suse.com/1161702
  o https://bugzilla.suse.com/1161907
  o https://bugzilla.suse.com/1162109
  o https://bugzilla.suse.com/1162139
  o https://bugzilla.suse.com/1162557
  o https://bugzilla.suse.com/1162617
  o https://bugzilla.suse.com/1162618
  o https://bugzilla.suse.com/1162619
  o https://bugzilla.suse.com/1162623
  o https://bugzilla.suse.com/1162928
  o https://bugzilla.suse.com/1162943
  o https://bugzilla.suse.com/1163383
  o https://bugzilla.suse.com/1163384
  o https://bugzilla.suse.com/1163762
  o https://bugzilla.suse.com/1163774
  o https://bugzilla.suse.com/1163836
  o https://bugzilla.suse.com/1163840
  o https://bugzilla.suse.com/1163841
  o https://bugzilla.suse.com/1163842
  o https://bugzilla.suse.com/1163843
  o https://bugzilla.suse.com/1163844
  o https://bugzilla.suse.com/1163845
  o https://bugzilla.suse.com/1163846
  o https://bugzilla.suse.com/1163849
  o https://bugzilla.suse.com/1163850
  o https://bugzilla.suse.com/1163851
  o https://bugzilla.suse.com/1163852
  o https://bugzilla.suse.com/1163853
  o https://bugzilla.suse.com/1163855
  o https://bugzilla.suse.com/1163856
  o https://bugzilla.suse.com/1163857
  o https://bugzilla.suse.com/1163858
  o https://bugzilla.suse.com/1163859
  o https://bugzilla.suse.com/1163860
  o https://bugzilla.suse.com/1163861
  o https://bugzilla.suse.com/1163862
  o https://bugzilla.suse.com/1163863
  o https://bugzilla.suse.com/1163867
  o https://bugzilla.suse.com/1163869
  o https://bugzilla.suse.com/1163880
  o https://bugzilla.suse.com/1163971
  o https://bugzilla.suse.com/1164069
  o https://bugzilla.suse.com/1164098
  o https://bugzilla.suse.com/1164115
  o https://bugzilla.suse.com/1164314
  o https://bugzilla.suse.com/1164315
  o https://bugzilla.suse.com/1164388
  o https://bugzilla.suse.com/1164471
  o https://bugzilla.suse.com/1164632
  o https://bugzilla.suse.com/1164705
  o https://bugzilla.suse.com/1164712
  o https://bugzilla.suse.com/1164727
  o https://bugzilla.suse.com/1164728
  o https://bugzilla.suse.com/1164729
  o https://bugzilla.suse.com/1164730
  o https://bugzilla.suse.com/1164731
  o https://bugzilla.suse.com/1164732
  o https://bugzilla.suse.com/1164733
  o https://bugzilla.suse.com/1164734
  o https://bugzilla.suse.com/1164735

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967