Operating System:

[SUSE]

Published:

10 February 2021

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0456
                   Security update for the Linux Kernel
                             10 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise                 -- Existing Account      
                   Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Existing Account      
                   Access Confidential Data        -- Existing Account      
                   Reduced Security                -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20177 CVE-2021-3347 CVE-2021-0342
                   CVE-2020-36158 CVE-2020-29569 CVE-2020-29568
                   CVE-2020-28374 CVE-2020-27835 CVE-2020-25639

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210348-1

- --------------------------BEGIN INCLUDED TEXT--------------------

Subject:	New SUSE bulletin: Security update for the Linux Kernel
From:	suse-bulletins@auscert.org.au
Date:	Tue, 9 Feb 2021 19:53:02 +0000 (UTC)
To:	auto-bulletins@auscert.org.au

TITLE: Security update for the Linux Kernel
URL:   https://www.suse.com/support/update/announcement/2021/suse-su-20210348-1

Found CVEs: CVE-2020-25639 CVE-2020-27835 CVE-2020-28374
            CVE-2020-29568 CVE-2020-29569 CVE-2020-36158
            CVE-2021-0342 CVE-2021-20177 CVE-2021-3347

CVE-2020-25639
CVSSv3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVSSv3 base score: 4.4
Source: https://access.redhat.com/security/cve/CVE-2020-25639
A NULL pointer dereference flaw was found in the Linux kernelâ\x{128}\x{153}s GPU Nouveau
driver functionality in the way the user calls ioctl
DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the
system.

CVE-2020-27835
CVSSv3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVSSv3 base score: 4.4
CVSSv2/AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv2 base score: 4.9
Source: https://nvd.nist.gov/vuln/detail/CVE-2020-27835/
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to
5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A
local user could use this flaw to crash the system.

CVE-2020-28374
CVSSv3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSSv3 base score: 8.1
CVSSv2/AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSSv2 base score: 5.5
Source: https://nvd.nist.gov/vuln/detail/CVE-2020-28374/
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7,
insufficient identifier checking in the LIO SCSI target code can be used by
remote attackers to read or write files via directory traversal in an XCOPY
request, aka CID-2896c93811e3. For example, an attack can occur over a network
if the attacker has access to one iSCSI LUN. The attacker gains control over
file access because I/O operations are proxied via an attacker-selected
backstore.

CVE-2020-29568
CVSSv3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSSv3 base score: 6.5
CVSSv2/AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv2 base score: 4.9
Source: https://nvd.nist.gov/vuln/detail/CVE-2020-29568/
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux,
FreeBSD, and NetBSD) are processing watch events using a single thread. If the
events are received faster than the thread is able to handle, they will get
queued. As the queue is unbounded, a guest may be able to trigger an OOM in the
backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are
vulnerable.

CVE-2020-29569
CVSSv3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0348-1
Rating:            important
References:        #1046305 #1046306 #1046540 #1046542 #1046648 #1050242
                   #1050244 #1050536 #1050538 #1050545 #1056653 #1056657
                   #1056787 #1064802 #1066129 #1073513 #1074220 #1075020
                   #1086282 #1086301 #1086313 #1086314 #1098633 #1103990
                   #1103991 #1103992 #1104270 #1104277 #1104279 #1104353
                   #1104427 #1104742 #1104745 #1109837 #1111981 #1112178
                   #1112374 #1113956 #1119113 #1126206 #1126390 #1127354
                   #1127371 #1129770 #1136348 #1144912 #1149032 #1163727
                   #1172145 #1174206 #1176831 #1176846 #1178036 #1178049
                   #1178372 #1178631 #1178684 #1178900 #1179093 #1179508
                   #1179509 #1179563 #1179573 #1179575 #1179878 #1180008
                   #1180130 #1180559 #1180562 #1180676 #1180765 #1180812
                   #1180859 #1180891 #1180912 #1181001 #1181018 #1181170
                   #1181230 #1181231 #1181349 #1181425 #1181553 #901327
Cross-References:  CVE-2020-25639 CVE-2020-27835 CVE-2020-28374 CVE-2020-29568
                   CVE-2020-29569 CVE-2020-36158 CVE-2021-0342 CVE-2021-20177
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 75 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  o CVE-2021-3347: A use-after-free was discovered in the PI futexes during
    fault handling, allowing local users to execute code in the kernel (bnc#
    1181349).
  o CVE-2021-20177: Fixed a kernel panic related to iptables string matching
    rules. A privileged user could insert a rule which could lead to denial of
    service (bnc#1180765).
  o CVE-2021-0342: In tun_get_user of tun.c, there is possible memory
    corruption due to a use after free. This could lead to local escalation of
    privilege with System execution privileges required. (bnc#1180812)
  o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found,
    specifically in the way user calls Ioctl after open dev file and fork. A
    local user could use this flaw to crash the system (bnc#1179878).
  o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#
    1176846).
  o CVE-2020-29569: Fixed a potential privilege escalation and information
    leaks related to the PV block backend, as used by Xen (bnc#1179509).
  o CVE-2020-29568: Fixed a denial of service issue, related to processing
    watch events (bnc#1179508).
  o CVE-2020-36158: Fixed an issue wich might have allowed a remote attackers
    to execute arbitrary code via a long SSID value in
    mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).
  o CVE-2020-28374: Fixed a vulnerability caused by insufficient identifier
    checking in the LIO SCSI target code. This could have been used by a remote
    attackers to read or write files via directory traversal in an XCOPY
    request (bnc#1178372).


The following non-security bugs were fixed:

  o ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
    (git-fixes).
  o ACPICA: Do not increment operation_region reference counts for field units
    (git-fixes).
  o ACPI: PNP: compare the string length in the matching_id() (git-fixes).
  o ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    (git-fixes).
  o ACPI: scan: Harden acpi_device_add() against device ID overflows
    (git-fixes).
  o ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    (git-fixes).
  o ALSA: ca0106: fix error code handling (git-fixes).
  o ALSA: ctl: allow TLV read operation for callback type of element in locked
    case (git-fixes).
  o ALSA: doc: Fix reference to mixart.rst (git-fixes).
  o ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).
  o ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
    (git-fixes).
  o ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
    (git-fixes).
  o ALSA: hda: Fix potential race in unsol event handler (git-fixes).
  o ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO
    (git-fixes).
  o ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
  o ALSA: hda/hdmi: always check pin power status in i915 pin fixup
    (git-fixes).
  o ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
    (git-fixes).
  o ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
    P520 (git-fixes).
  o ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
    (git-fixes).
  o ALSA: hda/via: Add minimum mute flag (git-fixes).
  o ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
  o ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
  o ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
  o ALSA: line6: Perform sanity check for each URB creation (git-fixes).
  o ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).
  o ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
  o ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
  o ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
    (git-fixes).
  o ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    (git-fixes).
  o ALSA: timer: Limit max amount of slave instances (git-fixes).
  o ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
  o ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
  o ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
  o ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
  o ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
    (git-fixes).
  o ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
    (git-fixes).
  o ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
    (git-fixes).
  o ALSA: usb-audio: Disable sample read check if firmware does not give back
    (git-fixes).
  o ALSA: usb-audio: Fix control 'access overflow' errors from chmap
    (git-fixes).
  o ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
  o ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
  o ALSA: usb-audio: Fix race against the error recovery URB submission
    (git-fixes).
  o arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#
    1180130).
  o arm64: pgtable: Fix pte_accessible() (bsc#1180130).
  o ASoC: dapm: remove widget from dirty list on free (git-fixes).
  o ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
    (git-fixes).
  o ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
  o ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).
  o ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).
  o ASoC: sti: fix possible sleep-in-atomic (git-fixes).
  o ASoC: wm8904: fix regcache handling (git-fixes).
  o ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).
  o ata/libata: Fix usage of page address by page_address in
    ata_scsi_mode_select_xlat function (git-fixes).
  o ath10k: fix backtrace on coredump (git-fixes).
  o ath10k: fix get invalid tx rate for Mesh metric (git-fixes).
  o ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq
    (git-fixes).
  o ath9k_htc: Discard undersized packets (git-fixes).
  o ath9k_htc: Modify byte order for an error message (git-fixes).
  o ath9k_htc: Silence undersized packet warnings (git-fixes).
  o ath9k_htc: Use appropriate rs_datalen type (git-fixes).
  o backlight: lp855x: Ensure regulators are disabled on probe failure
    (git-fixes).
  o Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).
  o Bluetooth: Fix advertising duplicated flags (git-fixes).
  o bnxt_en: Do not query FW when netif_running() is false (bsc#1086282).
  o bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ).
  o bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
  o bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ).
  o bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745).
  o bnxt_en: Improve stats context resource accounting with RDMA driver loaded
    (bsc#1104745).
  o bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
  o bnxt_en: Release PCI regions when DMA mask setup fails during probe
    (git-fixes).
  o bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282).
  o bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745).
  o bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).
  o btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#
    1174206).
  o btrfs: add a flag to iterate_inodes_from_logical to find all
  o btrfs: add a flag to iterate_inodes_from_logical to find all extent refs
    for uncompressed extents (bsc#1174206).
  o btrfs: add a flag to iterate_inodes_from_logical to find all extent refs
    for uncompressed extents (bsc#1174206).
  o btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
  o btrfs: qgroup: do not try to wait flushing if we're already holding a
    transaction (bsc#1179575).
  o caif: no need to check return value of debugfs_create functions
    (git-fixes).
  o can: c_can: c_can_power_up(): fix error handling (git-fixes).
  o can: dev: prevent potential information leak in can_fill_info()
    (git-fixes).
  o can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
  o cfg80211: initialize rekey_data (git-fixes).
  o cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
  o chelsio/chtls: correct function return and return type (bsc#1104270).
  o chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ).
  o chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ).
  o chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ).
  o chelsio/chtls: fix deadlock issue (bsc#1104270).
  o chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ).
  o chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ).
  o chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ).
  o chelsio/chtls: fix socket lock (bsc#1104270).
  o chelsio/chtls: fix tls record info to user (bsc#1104270 ).
  o chtls: Added a check to avoid NULL pointer dereference (bsc#1104270).
  o chtls: Fix chtls resources release sequence (bsc#1104270 ).
  o chtls: Fix hardware tid leak (bsc#1104270).
  o chtls: Remove invalid set_tcb call (bsc#1104270).
  o chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ).
  o clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).
  o clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
  o clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).
  o clk: qcom: msm8916: Fix the address location of pll->config_reg
    (git-fixes).
  o clk: s2mps11: Fix a resource leak in error handling paths in the probe
    function (git-fixes).
  o clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).
  o clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
  o clk: tegra: Fix duplicated SE clock entry (git-fixes).
  o clk: tegra: Fix Tegra PMC clock out parents (git-fixes).
  o clk: ti: composite: fix memory leak (git-fixes).
  o clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).
  o clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
  o clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).
  o cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#
    1109837).
  o cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
  o cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540
    bsc#1046542).
  o cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
  o cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129).
  o cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648).
  o cxgb4: fix SGE queue dump destination buffer context (bsc#1073513).
  o cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129).
  o cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277).
  o cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#
    1127371).
  o cxgb4: move DCB version extern to header file (bsc#1104279 ).
  o cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220).
  o cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129).
  o cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc
    #1066129).
  o cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#
    1046648).
  o dmaengine: xilinx_dma: check dma_async_device_register return value
    (git-fixes).
  o dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).
  o docs: Fix reST markup when linking to sections (git-fixes).
  o drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
    driver developer is foolish (git-fixes).
  o drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs
    ()' (git-fixes).
  o drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting
    changes: * context changes
  o drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
  o drm/atomic: put state on error path (git-fixes).
  o drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#
    1129770)
  o drm/i915: Check for all subplatform bits (git-fixes).
  o drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting
    changes: * context changes
  o drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: *
    context changes
  o drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
    Backporting changes: * context changes * moved num_mixers from struct
    dpu_crtc_state to struct dpu_crtc
  o drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
    Backporting changes: * context changes * removed reference to
    msm_gem_is_locked()
  o drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting
    changes: * context changes
  o drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).
  o drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
    (git-fixes).
  o drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).
  o drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting
    changes: * context changes
  o drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
  o drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
  o drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#
    1112178) Backporting changes: * context changes
  o EDAC/amd64: Fix PCI component registration (bsc#1112178).
  o ehci: fix EHCI host controller initialization sequence (git-fixes).
  o ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).
  o fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178)
    Backporting changes: * updated path drivers/video/fbcon/core to drivers/
    video/console
  o fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: *
    updated path drivers/video/fbcon/core to drivers/video/console * context
    changes
  o firmware: qcom: scm: Ensure 'a0' status code is treated as signed
    (git-fixes).
  o floppy: reintroduce O_NDELAY fix (boo#1181018).
  o futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
  o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349
    bsc#1149032).
  o futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
  o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
  o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
  o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
  o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
  o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#
    1149032).
  o geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).
  o gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).
  o gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in
    grgpio_irq_map/unmap() (git-fixes).
  o gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
    (git-fixes).
  o gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288
    model (git-fixes).
  o gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288
    model (git-fixes).
  o gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).
  o gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
    (git-fixes).
  o gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
    (git-fixes).
  o gpiolib: fix up emulated open drain outputs (git-fixes).
  o gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).
  o gpio: max77620: Fixup debounce delays (git-fixes).
  o gpio: max77620: Use correct unit for debounce times (git-fixes).
  o gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).
  o gpio: mvebu: fix potential user-after-free on probe (git-fixes).
  o HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).
  o HID: core: check whether Usage Page item is after Usage ID items
    (git-fixes).
  o HID: core: Correctly handle ReportSize being zero (git-fixes).
  o HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).
  o HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).
  o HID: Improve Windows Precision Touchpad detection (git-fixes).
  o HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()
    (git-fixes).
  o HID: logitech-hidpp: Silence intermittent get_battery_capacity errors
    (git-fixes).
  o hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).
  o hwmon: (jc42) Fix name to have no illegal characters (git-fixes).
  o i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
  o i2c: i801: Fix resume bug (git-fixes).
  o i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).
  o i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
    (git-fixes).
  o i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
    (git-fixes).
  o i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
  o i40e: avoid premature Rx buffer reuse (bsc#1111981).
  o i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).
  o IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#
    1103991).
  o igb: Report speed and duplex as unknown when device is runtime suspended
    (git-fixes).
  o igc: fix link speed advertising (jsc#SLE-4799).
  o iio: ad5504: Fix setting power-down state (git-fixes).
  o iio: adc: max1027: Reset the device at probe time (git-fixes).
  o iio: bmp280: fix compensation of humidity (git-fixes).
  o iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
    (git-fixes).
  o iio: fix center temperature of bmc150-accel-core (git-fixes).
  o iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
    (git-fixes).
  o iio:imu:bmi160: Fix too large a buffer (git-fixes).
  o iio: light: bh1750: Resolve compiler warning and make code more readable
    (git-fixes).
  o iio: srf04: fix wrong limitation in distance measuring (git-fixes).
  o Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).
  o Input: cm109 - do not stomp on control URB (git-fixes).
  o Input: cros_ec_keyb - send 'scancodes' in addition to key events
    (git-fixes).
  o Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
    (git-fixes).
  o Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).
  o Input: i8042 - allow insmod to succeed on devices without an i8042
    controller (git-fixes).
  o Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).
  o iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#
    1181001, jsc#ECO-3191).
  o iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    (bsc#1181001, jsc#ECO-3191).
  o ipw2x00: Fix -Wcast-function-type (git-fixes).
  o irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
    (git-fixes).
  o iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).
  o iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).
  o iwlwifi: pcie: limit memory read spin time (git-fixes).
  o ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ).
  o ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837).
  o kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
  o kABI workaround for HD-audio generic parser (git-fixes).
  o KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
  o KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
    (bsc#1181230).
  o lockd: do not use interval-based rebinding over TCP (git-fixes).
  o locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#
    1149032).
  o mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).
  o mac80211: Check port authorization in the ieee80211_tx_dequeue() case
    (git-fixes).
  o mac80211: fix authentication with iwlwifi/mvm (git-fixes).
  o mac80211: fix use of skb payload instead of header (git-fixes).
  o md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
  o md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
  o md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
  o md/cluster: block reshape with remote resync job (bsc#1163727).
  o md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
  o md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#
    1163727).
  o md-cluster: fix safemode_delay value when converting to clustered bitmap
    (bsc#1163727).
  o md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
  o md: fix a warning caused by a race between concurrent md_ioctl()s
    (git-fixes).
  o md/raid10: initialize r10_bio->read_slot before use (git-fixes).
  o media: am437x-vpfe: Setting STD to current value is not an error
    (git-fixes).
  o media: cec-funcs.h: add status_req checks (git-fixes).
  o media: cx88: Fix some error handling path in 'cx8800_initdev()'
    (git-fixes).
  o media: gp8psk: initialize stats at power control logic (git-fixes).
  o media: gspca: Fix memory leak in probe (git-fixes).
  o media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).
  o media: i2c: ov2659: Fix missing 720p register config (git-fixes).
  o media: i2c: ov2659: fix s_stream return value (git-fixes).
  o media: msi2500: assign SPI bus number dynamically (git-fixes).
  o media: platform: add missing put_device() call in mtk_jpeg_probe() and
    mtk_jpeg_remove() (git-patches).
  o media: pvrusb2: Fix oops on tear-down when radio support is not present
    (git-fixes).
  o media: si470x-i2c: add missed operations in remove (git-fixes).
  o media: sti: bdisp: fix a possible sleep-in-atomic-context bug in
    bdisp_device_run() (git-fixes).
  o media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).
  o media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases
    (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence
    number (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage
    (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic
    (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel
    format (git-fixes).
  o media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).
  o media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).
  o media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in
    v4l2_device macros (git-fixes).
  o mei: bus: do not clean driver pointer (git-fixes).
  o mei: protect mei_cl_mtu from null dereference (git-fixes).
  o mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
  o misc: vmw_vmci: fix kernel info-leak by initializing dbells in
    vmci_ctx_get_chkpt_doorbells() (git-fixes).
  o misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
  o mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).
  o mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#
    1112374).
  o mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes).
  o mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case
    reload fails (bsc#1112374).
  o mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes).
  o mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
  o mm: do not wake kswapd prematurely when watermark boosting is disabled (git
    fixes (mm/vmscan)).
  o mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/
    hwpoison)).
  o mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/
    hotplug)).
  o mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git
    fixes (mm/pgalloc)).
  o mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git
    fixes (mm/hmm)).
  o mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)).
  o module: delay kobject uevent until after module init call (bsc#1178631).
  o net/af_iucv: always register net_device notifier (git-fixes).
  o net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#
    190108).
  o net/af_iucv: set correct sk_protocol for child sockets (git-fixes).
  o net: atlantic: fix potential error handling (git-fixes).
  o net: atlantic: fix use after free kasan warn (git-fixes).
  o net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
  o net: bcmgenet: reapply manual settings to the PHY (git-fixes).
  o net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
    (git-fixes).
  o net: cbs: Fix software cbs to consider packet sending time (bsc#1109837).
  o net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
  o net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
  o net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).
  o net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it
    anymore in mlx4_en_xmit() (git-fixes).
  o net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
    (git-fixes).
  o net_failover: fixed rollback in net_failover_open() (bsc#1109837).
  o net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc
    #1109837).
  o net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
  o net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353).
  o net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE
    (git-fixes).
  o net: hns3: add management table after IMP reset (bsc#1104353 ).
  o net: hns3: check reset interrupt status when reset fails (git-fixes).
  o net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes).
  o net: hns3: fix a TX timeout issue (bsc#1104353).
  o net: hns3: fix a wrong reset interrupt status mask (git-fixes).
  o net: hns3: fix error handling for desc filling (bsc#1104353 ).
  o net: hns3: fix error VF index when setting VLAN offload (bsc#1104353).
  o net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390).
  o net: hns3: fix interrupt clearing error for VF (bsc#1104353 ).
  o net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353).
  o net: hns3: fix shaper parameter algorithm (bsc#1104353 ).
  o net: hns3: fix the number of queues actually used by ARQ (bsc#1104353).
  o net: hns3: fix use-after-free when doing self test (bsc#1104353 ).
  o net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353).
  o __netif_receive_skb_core: pass skb by reference (bsc#1109837).
  o net/liquidio: Delete driver version assignment (git-fixes).
  o net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes).
  o net/mlx4_en: Avoid scheduling restart task if it is already running
    (git-fixes).
  o net/mlx5: Add handling of port type in rule deletion (bsc#1103991).
  o net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#
    1103990).
  o net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).
  o net/mlx5e: Fix two double free cases (bsc#1046305).
  o net/mlx5e: Fix VLAN cleanup flow (git-fixes).
  o net/mlx5e: Fix VLAN create flow (git-fixes).
  o net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#
    1075020).
  o net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ).
  o net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305).
  o net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ).
  o net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#
    1098633).
  o net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633).
  o net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay
    (git-fixes).
  o net: phy: Avoid multiple suspends (git-fixes).
  o net: phy: broadcom: Fix RGMII delays configuration for BCM54210E
    (git-fixes).
  o net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
  o net: phy: micrel: make sure the factory test bit is cleared (git-fixes).
  o net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
  o net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
    (bsc#1109837).
  o net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc
    #1056787).
  o net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
  o net/smc: cancel event worker during device removal (git-fixes).
  o net/smc: check for valid ib_client_data (git-fixes).
  o net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).
  o net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
  o net/smc: receive returns without data (git-fixes).
  o net/sonic: Add mutual exclusion for accessing shared state (git-fixes).
  o net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
  o net: stmmac: Do not accept invalid MTU values (git-fixes).
  o net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).
  o net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).
  o net: stmmac: Enable 16KB buffer size (git-fixes).
  o net: stmmac: fix length of PTP clock's name string (git-fixes).
  o net: stmmac: gmac4+: Not all Unicast addresses may be available
    (git-fixes).
  o net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
  o net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes).
  o net: team: fix memory leak in __team_options_register (git-fixes).
  o net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
  o net: usb: lan78xx: Fix error message format specifier (git-fixes).
  o net: usb: sr9800: fix uninitialized local variable (git-fixes).
  o net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes).
  o nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).
  o NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
  o nfp: validate the return code from dev_queue_xmit() (git-fixes).
  o NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    (git-fixes).
  o nfs_common: need lock during iterate through the list (git-fixes).
  o nfsd4: readdirplus shouldn't return parent of export (git-fixes).
  o nfsd: Fix message level for normal termination (git-fixes).
  o NFS: nfs_igrab_and_active must first reference the superblock (git-fixes).
  o NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
  o NFSv4.2: condition READDIR's mask for security label based on LSM state
    (git-fixes).
  o page_frag: Recover from memory pressure (git fixes (mm/pgalloc)).
  o parport: load lowlevel driver if ports not found (git-fixes).
  o PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).
  o PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    (git-fixes).
  o PCI: Do not disable decoding when mmio_always_on is set (git-fixes).
  o pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes).
  o pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).
  o pinctrl: amd: remove debounce filter setting in IRQ type setting
    (git-fixes).
  o pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes).
  o pinctrl: baytrail: Avoid clearing debounce value when turning it off
    (git-fixes).
  o pinctrl: merrifield: Set default bias in case no particular value given
    (git-fixes).
  o pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).
  o platform/x86: acer-wmi: add automatic keyboard background light toggle key
    as KEY_LIGHTS_TOGGLE (git-fixes).
  o PM: ACPI: Output correct message on target power state (git-fixes).
  o PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).
  o PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
    (git-fixes).
  o PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
    (git-fixes).
  o pNFS: Mark layout for return if return-on-close was not sent (git-fixes).
  o powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#
    184630).
  o powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630).
  o powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).
  o powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#
    184630).
  o powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#
    184630).
  o powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284).
  o powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#
    189284 git-fixes).
  o powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).
  o power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).
  o qed: Fix race condition between scheduling and destroying the slowpath
    workqueue (bsc#1086314 bsc#1086313 bsc#1086301).
  o qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538).
  o r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
  o radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).
  o RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#
    1103992).
  o RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ).
  o RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742).
  o RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#
    1103992).
  o RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ).
  o RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306).
  o RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306).
  o RDMA/core: Fix reported speed and width (bsc#1046306 ).
  o RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#
    1103992).
  o RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ).
  o RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427).
  o RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#
    1104427).
  o RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#
    1104427).
  o RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc
    #1126206).
  o RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ).
  o RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#
    SLE-4684).
  o RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#
    SLE-4684).
  o RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ).
  o RDMA/mlx5: Fix typo in enum name (bsc#1103991).
  o RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991).
  o RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ).
  o regmap: debugfs: check count when read regmap file (git-fixes).
  o regmap: dev_get_regmap_match(): fix string comparison (git-fixes).
  o regulator: max8907: Fix the usage of uninitialized variable in
    max8907_regulator_probe() (git-fixes).
  o regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
    could be uninitialized (git-fixes).
  o regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/
    ti_abb_clear_all_txdone (git-fixes).
  o remoteproc: Fix wrong rvring index computation (git-fixes).
  o Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI
    X570-A PRO" (git-fixes).
  o Revert "crypto: chelsio - Inline single pdu only" (git-fixes).
  o Revert "device property: Keep secondary firmware node secondary by type"
    (git-fixes).
  o Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
    (git-fixes).
  o Revert "serial: amba-pl011: Make sure we initialize the port.lock spinlock"
    (git-fixes).
  o rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes).
  o rtc: 88pm860x: fix possible race condition (git-fixes).
  o rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot
    (git-fixes).
  o rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).
  o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349
    bsc#1149032).
  o s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).
  o s390/dasd: fix hanging device offline processing (bsc#1144912).
  o s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915).
  o s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#
    190915).
  o s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915).
  o s390/qeth: delay draining the TX buffers (git-fixes).
  o s390/qeth: fix deadlock during recovery (git-fixes).
  o s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    (git-fixes).
  o s390/qeth: fix locking for discipline setup / removal (git-fixes).
  o s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).
  o sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
  o sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093).
  o sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093).
  o sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093).
  o sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093).
  o scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes).
  o scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#
    1181425 ltc#188252).
  o scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#
    1180891).
  o scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#
    1180891).
  o scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#
    1180891).
  o scsi: lpfc: Fix error log messages being logged following SCSI task mgnt
    (bsc#1180891).
  o scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).
  o scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).
  o scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
  o scsi: lpfc: Fix target reset failing (bsc#1180891).
  o scsi: lpfc: Fix vport create logging (bsc#1180891).
  o scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).
  o scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework
    (bsc#1180891).
  o scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue
    state (bsc#1180891).
  o scsi: lpfc: Simplify bool comparison (bsc#1180891).
  o scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
  o scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc
    #1180891).
  o serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
  o serial: amba-pl011: Make sure we initialize the port.lock spinlock
    (git-fixes).
  o serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes).
  o serial_core: Check for port state when tty is in error state (git-fixes).
  o serial: mvebu-uart: fix tx lost characters at power off (git-fixes).
  o serial: txx9: add missing platform_driver_unregister() on error in
    serial_txx9_init (git-fixes).
  o soc: imx: gpc: fix power up sequencing (git-fixes).
  o spi: Add call to spi_slave_abort() function when spidev driver is released
    (git-fixes).
  o spi: cadence: cache reference clock rate during probe (git-fixes).
  o spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).
  o spi: dw: Fix Rx-only DMA transfers (git-fixes).
  o spi: dw: Return any value retrieved from the dma_transfer callback
    (git-fixes).
  o spi: Fix memory leak on splited transfers (git-fixes).
  o spi: img-spfi: fix potential double release (git-fixes).
  o spi: pxa2xx: Add missed security checks (git-fixes).
  o spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).
  o spi: spidev: fix a potential use-after-free in spidev_release()
    (git-fixes).
  o spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
  o spi: st-ssc4: add missed pm_runtime_disable (git-fixes).
  o spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
    (git-fixes).
  o spi: tegra20-slink: add missed clk_unprepare (git-fixes).
  o staging: comedi: check validity of wMaxPacketSize of usb endpoints found
    (git-fixes).
  o staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
    (git-fixes).
  o staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    (git-fixes).
  o staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).
  o staging: rtl8188eu: fix possible null dereference (git-fixes).
  o staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).
  o staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).
  o staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
    (git-fixes).
  o staging: wlan-ng: properly check endpoint types (git-fixes).
  o SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
  o team: set dev->needed_headroom in team_setup_by_port() (git-fixes).
  o thunderbolt: Use 32-bit writes when writing ring producer/consumer
    (git-fixes).
  o tty: always relink the port (git-fixes).
  o tty: link tty and port before configuring it as console (git-fixes).
  o tty:serial:mvebu-uart:fix a wrong return (git-fixes).
  o tty: synclink_gt: Adjust indentation in several functions (git-fixes).
  o tty: synclinkmp: Adjust indentation in several functions (git-fixes).
  o tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#
    1109837).
  o USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).
  o usb: chipidea: ci_hdrc_imx: add missing put_device() call in
    usbmisc_get_init_data() (git-fixes).
  o USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).
  o usb: dwc2: Fix IN FIFO allocation (git-fixes).
  o usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).
  o usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
    (git-fixes).
  o USB: ehci: fix an interrupt calltrace error (git-fixes).
  o USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).
  o usb: fsl: Check memory resource before releasing it (git-fixes).
  o usb: gadget: composite: Fix possible double free memory bug (git-fixes).
  o usb: gadget: configfs: fix concurrent issue between composite APIs
    (git-fixes).
  o usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).
  o usb: gadget: configfs: Preserve function ordering after bind failure
    (git-fixes).
  o USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).
  o usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).
  o usb: gadget: fix wrong endpoint desc (git-fixes).
  o USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).
  o USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).
  o usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
  o usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).
  o USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).
  o usb: gadget: net2280: fix memory leak on probe error handling paths
    (git-fixes).
  o usb: gadget: select CONFIG_CRC32 (git-fixes).
  o usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).
  o usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
    (git-fixes).
  o usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init
    () (git-fixes).
  o usb: hso: Fix debug compile warning on sparc32 (git-fixes).
  o USB: ldusb: use unsigned size format specifiers (git-fixes).
  o usblp: poison URBs upon disconnect (git-fixes).
  o usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
    (git-fixes).
  o USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
  o USB: Skip endpoints with 0 maxpacket length (git-fixes).
  o USB: UAS: introduce a quirk to set no_write_same (git-fixes).
  o usb: udc: core: Use lock when write to soft_connect (git-fixes).
  o usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).
  o USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
    (git-fixes).
  o USB: yurex: fix control-URB timeout handling (git-fixes).
  o veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837).
  o vfio iommu: Add dma available capability (bsc#1179573 LTC#190106).
  o vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231).
  o vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes).
  o video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).
  o virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer
    (git-fixes).
  o vt: do not hardcode the mem allocation upper bound (git-fixes).
  o vt: Reject zero-sized screen buffer size (git-fixes).
  o wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
  o watchdog: coh901327: add COMMON_CLK dependency (git-fixes).
  o watchdog: da9062: do not ping the hw during stop() (git-fixes).
  o watchdog: da9062: No need to ping manually before setting timeout
    (git-fixes).
  o watchdog: qcom: Avoid context switch in restart handler (git-fixes).
  o watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).
  o wil6210: select CONFIG_CRC32 (git-fixes).
  o wireless: Use linux/stddef.h instead of stddef.h (git-fixes).
  o wireless: Use offsetof instead of custom macro (git-fixes).
  o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001,
    jsc#ECO-3191).
  o x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#
    1181001, jsc#ECO-3191).
  o x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
  o x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).
  o x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#
    ECO-3191).
  o x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
  o x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
  o x86/mm: Fix leak of pmd ptlock (bsc#1112178).
  o x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
  o x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#
    ECO-3191).
  o x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#
    1112178).
  o x86/resctrl: Do not move a task to the same resource group (bsc#1112178).
  o x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    (bsc#1112178).
  o xdp: Fix xsk_generic_xmit errno (bsc#1109837).
  o xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).
  o xhci: make sure TRB is fully written before giving it to the controller
    (git-fixes).
  o xhci: tegra: Delay for disabling LFPS detector (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-348=1

Package List:

  o SUSE Linux Enterprise Server 12-SP5 (x86_64):
       kernel-azure-4.12.14-16.44.1
       kernel-azure-base-4.12.14-16.44.1
       kernel-azure-base-debuginfo-4.12.14-16.44.1
       kernel-azure-debuginfo-4.12.14-16.44.1
       kernel-azure-debugsource-4.12.14-16.44.1
       kernel-azure-devel-4.12.14-16.44.1
       kernel-syms-azure-4.12.14-16.44.1
  o SUSE Linux Enterprise Server 12-SP5 (noarch):
       kernel-devel-azure-4.12.14-16.44.1
       kernel-source-azure-4.12.14-16.44.1


References:

  o https://www.suse.com/security/cve/CVE-2020-25639.html
  o https://www.suse.com/security/cve/CVE-2020-27835.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29568.html
  o https://www.suse.com/security/cve/CVE-2020-29569.html
  o https://www.suse.com/security/cve/CVE-2020-36158.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-20177.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1046305
  o https://bugzilla.suse.com/1046306
  o https://bugzilla.suse.com/1046540
  o https://bugzilla.suse.com/1046542
  o https://bugzilla.suse.com/1046648
  o https://bugzilla.suse.com/1050242
  o https://bugzilla.suse.com/1050244
  o https://bugzilla.suse.com/1050536
  o https://bugzilla.suse.com/1050538
  o https://bugzilla.suse.com/1050545
  o https://bugzilla.suse.com/1056653
  o https://bugzilla.suse.com/1056657
  o https://bugzilla.suse.com/1056787
  o https://bugzilla.suse.com/1064802
  o https://bugzilla.suse.com/1066129
  o https://bugzilla.suse.com/1073513
  o https://bugzilla.suse.com/1074220
  o https://bugzilla.suse.com/1075020
  o https://bugzilla.suse.com/1086282
  o https://bugzilla.suse.com/1086301
  o https://bugzilla.suse.com/1086313
  o https://bugzilla.suse.com/1086314
  o https://bugzilla.suse.com/1098633
  o https://bugzilla.suse.com/1103990
  o https://bugzilla.suse.com/1103991
  o https://bugzilla.suse.com/1103992
  o https://bugzilla.suse.com/1104270
  o https://bugzilla.suse.com/1104277
  o https://bugzilla.suse.com/1104279
  o https://bugzilla.suse.com/1104353
  o https://bugzilla.suse.com/1104427
  o https://bugzilla.suse.com/1104742
  o https://bugzilla.suse.com/1104745
  o https://bugzilla.suse.com/1109837
  o https://bugzilla.suse.com/1111981
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1112374
  o https://bugzilla.suse.com/1113956
  o https://bugzilla.suse.com/1119113
  o https://bugzilla.suse.com/1126206
  o https://bugzilla.suse.com/1126390
  o https://bugzilla.suse.com/1127354
  o https://bugzilla.suse.com/1127371
  o https://bugzilla.suse.com/1129770
  o https://bugzilla.suse.com/1136348
  o https://bugzilla.suse.com/1144912
  o https://bugzilla.suse.com/1149032
  o https://bugzilla.suse.com/1163727
  o https://bugzilla.suse.com/1172145
  o https://bugzilla.suse.com/1174206
  o https://bugzilla.suse.com/1176831
  o https://bugzilla.suse.com/1176846
  o https://bugzilla.suse.com/1178036
  o https://bugzilla.suse.com/1178049
  o https://bugzilla.suse.com/1178372
  o https://bugzilla.suse.com/1178631
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1178900
  o https://bugzilla.suse.com/1179093
  o https://bugzilla.suse.com/1179508
  o https://bugzilla.suse.com/1179509
  o https://bugzilla.suse.com/1179563
  o https://bugzilla.suse.com/1179573
  o https://bugzilla.suse.com/1179575
  o https://bugzilla.suse.com/1179878
  o https://bugzilla.suse.com/1180008
  o https://bugzilla.suse.com/1180130
  o https://bugzilla.suse.com/1180559
  o https://bugzilla.suse.com/1180562
  o https://bugzilla.suse.com/1180676
  o https://bugzilla.suse.com/1180765
  o https://bugzilla.suse.com/1180812
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1180891
  o https://bugzilla.suse.com/1180912
  o https://bugzilla.suse.com/1181001
  o https://bugzilla.suse.com/1181018
  o https://bugzilla.suse.com/1181170
  o https://bugzilla.suse.com/1181230
  o https://bugzilla.suse.com/1181231
  o https://bugzilla.suse.com/1181349
  o https://bugzilla.suse.com/1181425
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/901327

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCNq++NLKJtyKPYoAQh2uA/+MIUeTxrGNqYSgip0XUQsTpfERaoZx7QS
mfwbOt8MbY20RtK3UBcK48f1py0y0I70ChjXNACNRBAkAJCyeisds8zM7WIxs2M5
+8xKU0HgJfeINP3qAH+7L8jk3mHnPRkEZ94fkL61dr8PgC82QK7e+p7X7WtASYCT
h+VDY44HHgN40UbZfTEjuRa5dfSKY51R1cR/CqmyavqgWz1zl6WXcd/ret96hFUt
zrgHYZ7Q/WgvA8P23So45jU3TiuyBJlDbQn+UfUL0Mes1mgULAzUFnKjh59XFFI5
KxPKUCPhRvSTDGbQAXA6igbuXa4sjx/POLoYd5KbndAgo3YmyczZCZdSd8phd9PJ
zWf+xI5etKgaTv57gePIiSkenLqMmABxLrVfduoRcqNY4oG2rm9mwdiQPFULcPGm
yNUVEtJLPfcTi+EnlUpIaInEWrNan1SRI1gcSuWfSY6zDMdAVK7MhoJjgWA270ol
MBlgvrGMFvWsFlKZW8lNQGw2X2crLbPjzx66Tuw79JizHTj7Kh67hl2qoUqUDg2t
5GRH2inrCRcMl02sbPo9t1PdrGDCKa5MYKr8lFn1KuPxT8WIjxWiX3ohX68b2Y4X
gURL/6ub1x3HDCSAMYOe1z/6BMRr7mKHnECsN3C19bEplNI2K4ZW5xtXfza1JtzY
VVdoMwRegFE=
=/PFi
-----END PGP SIGNATURE-----