Operating System:

[SUSE]

Published:

07 September 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3052
                   Security update for the Linux Kernel
                             7 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Module for Public Cloud 15-SP1
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Access Privileged Data          -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Unauthorised Access             -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24394 CVE-2020-16166 CVE-2020-14356
                   CVE-2020-14331 CVE-2020-14314 CVE-2020-10135
                   CVE-2020-1749 CVE-2018-3639 

Reference:         ESB-2020.3043
                   ESB-2020.2711
                   ESB-2020.2642
                   ESB-2020.2088

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20202540-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20202541-1

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2540-1
Rating:            important
References:        #1065600 #1065729 #1071995 #1074701 #1083548 #1085030
                   #1085235 #1085308 #1087078 #1087082 #1094912 #1100394
                   #1102640 #1105412 #1111666 #1112178 #1113956 #1120163
                   #1133021 #1144333 #1152148 #1163524 #1165629 #1166965
                   #1169790 #1170232 #1171688 #1172073 #1172108 #1172247
                   #1172418 #1172428 #1172781 #1172782 #1172783 #1172871
                   #1172872 #1172873 #1172963 #1173485 #1173798 #1173954
                   #1174003 #1174026 #1174070 #1174161 #1174205 #1174247
                   #1174387 #1174484 #1174547 #1174550 #1174625 #1174658
                   #1174685 #1174689 #1174699 #1174734 #1174757 #1174771
                   #1174840 #1174841 #1174843 #1174844 #1174845 #1174852
                   #1174873 #1174887 #1174904 #1174926 #1174968 #1175062
                   #1175063 #1175064 #1175065 #1175066 #1175067 #1175112
                   #1175127 #1175128 #1175149 #1175199 #1175213 #1175228
                   #1175232 #1175284 #1175393 #1175394 #1175396 #1175397
                   #1175398 #1175399 #1175400 #1175401 #1175402 #1175403
                   #1175404 #1175405 #1175406 #1175407 #1175408 #1175409
                   #1175410 #1175411 #1175412 #1175413 #1175414 #1175415
                   #1175416 #1175417 #1175418 #1175419 #1175420 #1175421
                   #1175422 #1175423 #1175440 #1175493 #1175515 #1175518
                   #1175526 #1175550 #1175654 #1175666 #1175667 #1175668
                   #1175669 #1175670 #1175767 #1175768 #1175769 #1175770
                   #1175771 #1175772 #1175786 #1175873
Cross-References:  CVE-2018-3639 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356
                   CVE-2020-16166 CVE-2020-1749 CVE-2020-24394
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that solves 7 vulnerabilities and has 129 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:

  o CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#
    1165629).
  o CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#
    1173798).
  o CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem
    which could have led to privilege escalation (bsc#1175213).
  o CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#
    1174205).
  o CVE-2020-16166: Fixed a potential issue which could have allowed remote
    attackers to make observations that help to obtain sensitive information
    about the internal state of the network RNG (bsc#1174757).
  o CVE-2020-24394: Fixed an issue which could set incorrect permissions on new
    filesystem objects when the filesystem lacks ACL support (bsc#1175518).


The following non-security bugs were fixed:

  o ACPI: kABI fixes for subsys exports (bsc#1174968).
  o ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#
    1174968).
  o ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for
    hibernate (bsc#1174968).
  o ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#
    1174968).
  o ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968).
  o af_key: pfkey_dump needs parameter validation (git-fixes).
  o agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
  o ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666).
  o ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666).
  o ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666).
  o ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666).
  o ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666).
  o ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666).
  o ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666).
  o ALSA: hda: fix NULL pointer dereference during suspend (git-fixes).
  o ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666).
  o ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#
    1111666).
  o ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc
    #1111666).
  o ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
  o ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc
    #1111666).
  o ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666).
  o ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666).
  o ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666).
  o ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
  o ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
  o ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#
    1111666).
  o ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666).
  o ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC
    (bsc#1111666).
  o ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#
    1111666).
  o ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
    ALC256 (bsc#1111666).
  o ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC
    (bsc#1111666).
  o ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series
    with ALC289 (bsc#1111666).
  o ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502)
    series with ALC289 (bsc#1111666).
  o ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666).
  o ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference
    board (alc256) (bsc#1111666).
  o ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
    Notebook Pen S (bsc#1111666).
  o ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666).
  o ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id
    (bsc#1111666).
  o ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666).
  o ALSA: hda/realtek - Fix unused variable warning (bsc#1111666).
  o ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14
    (GA401) series with ALC289 (bsc#1111666).
  o ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666).
  o ALSA: hda: Workaround for spurious wakeups on some Intel platforms
    (git-fixes).
  o ALSA: pci: delete repeated words in comments (bsc#1111666).
  o ALSA: seq: oss: Serialize ioctls (bsc#1111666).
  o ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
  o ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666).
  o ALSA: usb-audio: add startech usb audio dock name (bsc#1111666).
  o ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666).
  o ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#
    1111666).
  o ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#
    1111666).
  o ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent
    () (bsc#1111666).
  o ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#
    1174625).
  o ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666).
  o ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).
  o ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#
    1111666).
  o ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666).
  o arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547).
  o arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547).
  o arm64: add sysfs vulnerability show for meltdown (bsc#1174547).
  o arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547).
  o arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547).
  o arm64: add sysfs vulnerability show for speculative store bypass (bsc#
    1174547).
  o arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547).
  o arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547).
  o arm64: Always enable ssb vulnerability detection (bsc#1174547).
  o arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#
    1175397).
  o arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547).
  o arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547).
  o arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#
    1174547). Update config/arm64/default
  o arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398).
  o arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393).
  o arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update
    config/arm64/default
  o arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394).
  o arm64: errata: Do not define type field twice for arm64_errata entries (bsc
    #1174547).
  o arm64: errata: Update stale comment (bsc#1174547).
  o arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547).
  o arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#
    1174547).
  o arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#
    1174547).
  o arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field
    (bsc#1174547).
  o arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547).
  o arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021).
  o arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#
    1174547).
  o arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#
    1174547).
  o arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526).
  o arm64: Provide a command line to disable spectre_v2 mitigation (bsc#
    1174547).
  o arm64: Silence clang warning on mismatched value/register sizes (bsc#
    1175396).
  o arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547).
  o arm64: ssbd: explicitly depend on (bsc#1175399).
  o arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#
    1174547).
  o arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#
    1175669).
  o arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400).
  o arm64/sve: should not depend on (bsc#1175401).
  o arm64: tlbflush: avoid writing RES0 bits (bsc#1175402).
  o arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc
    #1174547).
  o ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021).
  o ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021).
  o ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#
    1133021).
  o ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666).
  o ASoC: intel: Fix memleak in sst_media_open (git-fixes).
  o ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
  o AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes).
  o AX.25: Prevent integer overflows in connect and sendmsg (git-fixes).
  o AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes).
  o ax88172a: fix ax88172a_unbind() failures (git-fixes).
  o b43: Remove uninitialized_var() usage (git-fixes).
  o bcache: allocate meta data pages as compound pages (bsc#1172873).
  o bcache: allocate meta data pages as compound pages (bsc#1172873).
  o block: check queue's limits.discard_granularity in __blkdev_issue_discard()
    (bsc#1152148).
  o block: check queue's limits.discard_granularity in __blkdev_issue_discard()
    (bsc#1152148).
  o block: Fix use-after-free in blkdev_get() (bsc#1174843).
  o block: improve discard bio alignment in __blkdev_issue_discard() (bsc#
    1152148).
  o block: improve discard bio alignment in __blkdev_issue_discard() (bsc#
    1152148).
  o Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    (bsc#1111666).
  o Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#
    1111666).
  o Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    (bsc#1111666).
  o bonding: fix active-backup failover for current ARP slave (bsc#1174771).
  o bonding: fix a potential double-unregister (git-fixes).
  o bonding: show saner speed for broadcast mode (git-fixes).
  o bpf: Fix map leak in HASH_OF_MAPS map (git-fixes).
  o brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc
    #1111666).
  o brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666).
  o brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666).
  o btrfs: change timing for qgroup reserved space for ordered extents to fix
    reserved space leak (bsc#1172247).
  o btrfs: file: reserve qgroup space after the hole punch range is locked (bsc
    #1172247).
  o btrfs: fix a block group ref counter leak after failure to remove block
    group (bsc#1175149).
  o btrfs: fix block group leak when removing fails (bsc#1175149).
  o btrfs: fix bytes_may_use underflow when running balance and scrub in
    parallel (bsc#1175149).
  o btrfs: fix corrupt log due to concurrent fsync of inodes with shared
    extents (bsc#1175149).
  o btrfs: fix data block group relocation failure due to concurrent scrub (bsc
    #1175149).
  o btrfs: fix double free on ulist after backref resolution failure (bsc#
    1175149).
  o btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149).
  o btrfs: fix memory leaks after failure to lookup checksums during inode
    logging (bsc#1175550).
  o btrfs: fix page leaks after failure to lock page for delalloc (bsc#
    1175149).
  o btrfs: fix race between block group removal and block group creation (bsc#
    1175149).
  o btrfs: fix space_info bytes_may_use underflow after nocow buffered write
    (bsc#1175149).
  o btrfs: fix space_info bytes_may_use underflow during space cache writeout
    (bsc#1175149).
  o btrfs: fix wrong file range cleanup after an error filling dealloc range
    (bsc#1175149).
  o btrfs: inode: fix NULL pointer dereference if inode does not need
    compression (bsc#1174484).
  o btrfs: inode: move qgroup reserved space release to the callers of
    insert_reserved_file_extent() (bsc#1172247).
  o btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc
    #1172247).
  o btrfs: make btrfs_ordered_extent naming consistent with
    btrfs_file_extent_item (bsc#1172247).
  o btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149).
  o btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc
    #1120163).
  o btrfs: qgroup: fix data leak caused by race between writeback and truncate
    (bsc#1172247).
  o btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve
    retry-after-EDQUOT (bsc#1120163).
  o btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163).
  o btrfs: Rename and export clear_btree_io_tree (bsc#1175149).
  o btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).
  o bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#
    1174658).
  o bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#
    1174658).
  o bus: hisi_lpc: Unregister logical PIO range to avoid potential
    use-after-free (bsc#1174658).
  o cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
  o cfg80211: check vendor command doit pointer before use (git-fixes).
  o char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
  o cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
  o cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#
    1172428).
  o cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
  o cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#
    1172428).
  o cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333
    bsc#1172428).
  o cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#
    1144333 bsc#1172428).
  o cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#
    1144333 bsc#1172428).
  o cifs: reduce number of referral requests in DFS link lookups (bsc#1144333
    bsc#1172428).
  o cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
  o clk: at91: clk-generated: check best_rate against ranges (bsc#1111666).
  o clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666).
  o clk: iproc: round clock rate to the closest (bsc#1111666).
  o clk: spear: Remove uninitialized_var() usage (git-fixes).
  o clk: st: Remove uninitialized_var() usage (git-fixes).
  o console: newport_con: fix an issue about leak related system resources
    (git-fixes).
  o constrants: fix malformed XML Closing tag of an element is "

- -------------------------------------------------------------------------------------------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2541-1
Rating:            important
References:        #1065600 #1065729 #1071995 #1074701 #1083548 #1085030
                   #1085235 #1085308 #1087078 #1087082 #1094912 #1100394
                   #1102640 #1105412 #1111666 #1112178 #1113956 #1120163
                   #1133021 #1144333 #1152148 #1163524 #1165629 #1166965
                   #1169790 #1170232 #1171688 #1171988 #1172073 #1172108
                   #1172247 #1172418 #1172428 #1172781 #1172782 #1172783
                   #1172871 #1172872 #1172873 #1172963 #1173485 #1173798
                   #1173954 #1174003 #1174026 #1174070 #1174161 #1174205
                   #1174387 #1174484 #1174547 #1174549 #1174550 #1174625
                   #1174658 #1174685 #1174689 #1174699 #1174734 #1174757
                   #1174771 #1174840 #1174841 #1174843 #1174844 #1174845
                   #1174852 #1174873 #1174887 #1174904 #1174926 #1174968
                   #1175062 #1175063 #1175064 #1175065 #1175066 #1175067
                   #1175112 #1175127 #1175128 #1175149 #1175199 #1175213
                   #1175228 #1175232 #1175284 #1175393 #1175394 #1175396
                   #1175397 #1175398 #1175399 #1175400 #1175401 #1175402
                   #1175403 #1175404 #1175405 #1175406 #1175407 #1175408
                   #1175409 #1175410 #1175411 #1175412 #1175413 #1175414
                   #1175415 #1175416 #1175417 #1175418 #1175419 #1175420
                   #1175421 #1175422 #1175423 #1175440 #1175493 #1175515
                   #1175518 #1175526 #1175550 #1175654 #1175666 #1175667
                   #1175668 #1175669 #1175670 #1175767 #1175768 #1175769
                   #1175770 #1175771 #1175772 #1175786 #1175873
Cross-References:  CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356
                   CVE-2020-16166 CVE-2020-1749 CVE-2020-24394
Affected Products:
                   SUSE Linux Enterprise Module for Public Cloud 15-SP1
______________________________________________________________________________

An update that solves 7 vulnerabilities and has 130 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:

  o CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#
    1165629).
  o CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#
    1173798).
  o CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem
    which could have led to privilege escalation (bsc#1175213).
  o CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#
    1174205).
  o CVE-2020-16166: Fixed a potential issue which could have allowed remote
    attackers to make observations that help to obtain sensitive information
    about the internal state of the network RNG (bsc#1174757).
  o CVE-2020-24394: Fixed an issue which could set incorrect permissions on new
    filesystem objects when the filesystem lacks ACL support (bsc#1175518).
  o CVE-2020-10135: Legacy pairing and secure-connections pairing
    authentication Bluetooth might have allowed an unauthenticated user to
    complete authentication without pairing credentials via adjacent access
    (bsc#1171988).


The following non-security bugs were fixed:

  o ACPI: kABI fixes for subsys exports (bsc#1174968).
  o ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#
    1174968).
  o ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for
    hibernate (bsc#1174968).
  o ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#
    1174968).
  o ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968).
  o af_key: pfkey_dump needs parameter validation (git-fixes).
  o agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
  o ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666).
  o ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666).
  o ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666).
  o ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666).
  o ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666).
  o ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666).
  o ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666).
  o ALSA: hda: fix NULL pointer dereference during suspend (git-fixes).
  o ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666).
  o ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#
    1111666).
  o ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc
    #1111666).
  o ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
  o ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc
    #1111666).
  o ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666).
  o ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666).
  o ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666).
  o ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
  o ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
  o ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#
    1111666).
  o ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666).
  o ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC
    (bsc#1111666).
  o ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#
    1111666).
  o ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
    ALC256 (bsc#1111666).
  o ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC
    (bsc#1111666).
  o ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series
    with ALC289 (bsc#1111666).
  o ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502)
    series with ALC289 (bsc#1111666).
  o ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666).
  o ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference
    board (alc256) (bsc#1111666).
  o ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
    Notebook Pen S (bsc#1111666).
  o ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666).
  o ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id
    (bsc#1111666).
  o ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666).
  o ALSA: hda/realtek - Fix unused variable warning (bsc#1111666).
  o ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14
    (GA401) series with ALC289 (bsc#1111666).
  o ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666).
  o ALSA: hda: Workaround for spurious wakeups on some Intel platforms
    (git-fixes).
  o ALSA: pci: delete repeated words in comments (bsc#1111666).
  o ALSA: seq: oss: Serialize ioctls (bsc#1111666).
  o ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
  o ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666).
  o ALSA: usb-audio: add startech usb audio dock name (bsc#1111666).
  o ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666).
  o ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#
    1111666).
  o ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#
    1111666).
  o ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent
    () (bsc#1111666).
  o ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#
    1174625).
  o ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666).
  o ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).
  o ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#
    1111666).
  o ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666).
  o arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547).
  o arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547).
  o arm64: add sysfs vulnerability show for meltdown (bsc#1174547).
  o arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547).
  o arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547).
  o arm64: add sysfs vulnerability show for speculative store bypass (bsc#
    1174547).
  o arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547).
  o arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547).
  o arm64: Always enable ssb vulnerability detection (bsc#1174547).
  o arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#
    1175397).
  o arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547).
  o arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547).
  o arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#
    1174547).
  o arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398).
  o arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393).
  o arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update
    config/arm64/default
  o arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394).
  o arm64: errata: Do not define type field twice for arm64_errata entries (bsc
    #1174547).
  o arm64: errata: Update stale comment (bsc#1174547).
  o arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547).
  o arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#
    1174547).
  o arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#
    1174547).
  o arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field
    (bsc#1174547).
  o arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547).
  o arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021).
  o arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#
    1174547).
  o arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#
    1174547).
  o arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526).
  o arm64: Provide a command line to disable spectre_v2 mitigation (bsc#
    1174547).
  o arm64: Silence clang warning on mismatched value/register sizes (bsc#
    1175396).
  o arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547).
  o arm64: ssbd: explicitly depend on (bsc#1175399).
  o arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#
    1174547).
  o arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#
    1175669).
  o arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400).
  o arm64/sve: should not depend on (bsc#1175401).
  o arm64: tlbflush: avoid writing RES0 bits (bsc#1175402).
  o arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc
    #1174547).
  o ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021).
  o ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021).
  o ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#
    1133021).
  o ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666).
  o ASoC: intel: Fix memleak in sst_media_open (git-fixes).
  o ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
  o AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes).
  o AX.25: Prevent integer overflows in connect and sendmsg (git-fixes).
  o AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes).
  o ax88172a: fix ax88172a_unbind() failures (git-fixes).
  o b43: Remove uninitialized_var() usage (git-fixes).
  o bcache: allocate meta data pages as compound pages (bsc#1172873).
  o block: check queue's limits.discard_granularity in __blkdev_issue_discard()
    (bsc#1152148).
  o block: Fix use-after-free in blkdev_get() (bsc#1174843).
  o block: improve discard bio alignment in __blkdev_issue_discard() (bsc#
    1152148).
  o Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    (bsc#1111666).
  o Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#
    1111666).
  o Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    (bsc#1111666).
  o bonding: fix active-backup failover for current ARP slave (bsc#1174771).
  o bonding: fix a potential double-unregister (git-fixes).
  o bonding: show saner speed for broadcast mode (git-fixes).
  o bpf: Fix map leak in HASH_OF_MAPS map (git-fixes).
  o brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc
    #1111666).
  o brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666).
  o brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666).
  o btrfs: change timing for qgroup reserved space for ordered extents to fix
    reserved space leak (bsc#1172247).
  o btrfs: file: reserve qgroup space after the hole punch range is locked (bsc
    #1172247).
  o btrfs: fix a block group ref counter leak after failure to remove block
    group (bsc#1175149).
  o btrfs: fix block group leak when removing fails (bsc#1175149).
  o btrfs: fix bytes_may_use underflow when running balance and scrub in
    parallel (bsc#1175149).
  o btrfs: fix corrupt log due to concurrent fsync of inodes with shared
    extents (bsc#1175149).
  o btrfs: fix data block group relocation failure due to concurrent scrub (bsc
    #1175149).
  o btrfs: fix double free on ulist after backref resolution failure (bsc#
    1175149).
  o btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149).
  o btrfs: fix memory leaks after failure to lookup checksums during inode
    logging (bsc#1175550).
  o btrfs: fix page leaks after failure to lock page for delalloc (bsc#
    1175149).
  o btrfs: fix race between block group removal and block group creation (bsc#
    1175149).
  o btrfs: fix space_info bytes_may_use underflow after nocow buffered write
    (bsc#1175149).
  o btrfs: fix space_info bytes_may_use underflow during space cache writeout
    (bsc#1175149).
  o btrfs: fix wrong file range cleanup after an error filling dealloc range
    (bsc#1175149).
  o btrfs: inode: fix NULL pointer dereference if inode does not need
    compression (bsc#1174484).
  o btrfs: inode: move qgroup reserved space release to the callers of
    insert_reserved_file_extent() (bsc#1172247).
  o btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc
    #1172247).
  o btrfs: make btrfs_ordered_extent naming consistent with
    btrfs_file_extent_item (bsc#1172247).
  o btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149).
  o btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc
    #1120163).
  o btrfs: qgroup: fix data leak caused by race between writeback and truncate
    (bsc#1172247).
  o btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve
    retry-after-EDQUOT (bsc#1120163).
  o btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163).
  o btrfs: Rename and export clear_btree_io_tree (bsc#1175149).
  o btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).
  o bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#
    1174658).
  o bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#
    1174658).
  o bus: hisi_lpc: Unregister logical PIO range to avoid potential
    use-after-free (bsc#1174658).
  o cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
  o cfg80211: check vendor command doit pointer before use (git-fixes).
  o char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
  o cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
  o cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#
    1172428).
  o cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
  o cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#
    1172428).
  o cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333
    bsc#1172428).
  o cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#
    1144333 bsc#1172428).
  o cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#
    1144333 bsc#1172428).
  o cifs: reduce number of referral requests in DFS link lookups (bsc#1144333
    bsc#1172428).
  o cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
  o clk: at91: clk-generated: check best_rate against ranges (bsc#1111666).
  o clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666).
  o clk: iproc: round clock rate to the closest (bsc#1111666).
  o clk: spear: Remove uninitialized_var() usage (git-fixes).
  o clk: st: Remove uninitialized_var() usage (git-fixes).
  o config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#
    1174549
  o console: newport_con: fix an issue about leak related system resources
    (git-fixes).
  o constrants: fix malformed XML Closing tag of an element is "

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1W1CONLKJtyKPYoAQgDTA//UmRF3AiRg1womfEsAPiBN7SJeXTSAMuP
KJoxQxr9CluVCd7VxCQPyIODSSDcgh3NxOejvbYW1Oh0mGKWOevYze4ljaal0lLE
FVuCtjuf+z+9rTV+Dye5qcXWS//58Pd02gobRk65OnVLjMCLvJqUiy+x9px1I+/G
BIF2d3aw549Wa2bbfnS3f77GF5HSJClSf7lzgMxPrkljez4c9tcTemxMbdAFd2XF
LHmiSRneR+PVYqcV0bPTce4kjUhiFyBobwX1b/ieUnBdwdFDB8TgWuaHqrkOe6dg
P1AcwS6ReQbGtVxoFTW4wfMhqkkYoDlduNuAjZWqCRAuLbm/kLUEPFKQuWjiO9C2
dmFYFCVfi1Sr7gr3MkiTQnx9XOlTlK+Dw6jAlAuy6afBwNhXSUl2EWgsyt63+I6B
s4nccF2x056pQq3knQ4WTXxum9npduocKNXxUeS75zghRdkZzS423XwbNpxYqdZ/
Q3+G0UTsJM0zUix+fHf/OVCLu9MubN5gll9wUi3CJuKJ/aC9jStvX5pIYg/WXeCU
IR44RnulVdZA3Ee64QXXMV6vPnZaeTWm8o7aSJoNEYn85qr54xEtYNLzp8Gj1FOE
cxqEsOvPLmHn+0mCxdNTwrKyM5MfsPeSp5BDd7G0Pg0vPtMxog1Nuew5RGYvL/Rr
cFAoNWaukZA=
=qdTt
-----END PGP SIGNATURE-----