Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0501
Security update for the Linux Kernel
11 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Reduced Security -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20177 CVE-2021-3348 CVE-2021-3347
CVE-2021-0342 CVE-2020-29569 CVE-2020-29568
CVE-2020-27835 CVE-2020-25639 CVE-2020-25211
Reference: ESB-2021.0224
ESB-2020.4284
ESB-2020.3710
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20210353-1
https://www.suse.com/support/update/announcement/2021/suse-su-20210354-1
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0354-1
Rating: important
References: #1065600 #1149032 #1152472 #1152489 #1153274 #1154353
#1155518 #1163930 #1165545 #1167773 #1172355 #1175389
#1176395 #1176831 #1176846 #1178142 #1178631 #1179142
#1179396 #1179508 #1179509 #1179567 #1179572 #1179575
#1179878 #1180008 #1180130 #1180264 #1180412 #1180759
#1180765 #1180773 #1180809 #1180812 #1180848 #1180859
#1180889 #1180891 #1180971 #1181014 #1181018 #1181077
#1181104 #1181148 #1181158 #1181161 #1181169 #1181203
#1181217 #1181218 #1181219 #1181220 #1181237 #1181318
#1181335 #1181346 #1181349 #1181425 #1181494 #1181504
#1181511 #1181538 #1181553 #1181584 #1181645
Cross-References: CVE-2020-25211 CVE-2020-25639 CVE-2020-27835 CVE-2020-29568
CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347
CVE-2021-3348
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 56 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3347: A use-after-free was discovered in the PI futexes during
fault handling, allowing local users to execute code in the kernel (bnc#
1181349).
o CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be
triggered by local attackers (with access to the nbd device) via an I/O
request at a certain point during device setup (bnc#1181504).
o CVE-2021-20177: Fixed a kernel panic related to iptables string matching
rules. A privileged user could insert a rule which could lead to denial of
service (bnc#1180765).
o CVE-2021-0342: In tun_get_user of tun.c, there is possible memory
corruption due to a use after free. This could lead to local escalation of
privilege with System execution privileges required. (bnc#1180812)
o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found,
specifically in the way user calls Ioctl after open dev file and fork. A
local user could use this flaw to crash the system (bnc#1179878).
o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#
1176846).
o CVE-2020-29569: Fixed a potential privilege escalation and information
leaks related to the PV block backend, as used by Xen (bnc#1179509).
o CVE-2020-29568: Fixed a denial of service issue, related to processing
watch events (bnc#1179508).
o CVE-2020-25211: Fixed a flaw where a local attacker was able to inject
conntrack netlink configuration that could cause a denial of service or
trigger the use of incorrect protocol numbers in
ctnetlink_parse_tuple_filter (bnc#1176395).
The following non-security bugs were fixed:
o ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).
o ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
(git-fixes).
o ACPI: scan: Harden acpi_device_add() against device ID overflows
(git-fixes).
o ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
(git-fixes).
o ACPI: sysfs: Prefer "compatible" modalias (git-fixes).
o ALSA: doc: Fix reference to mixart.rst (git-fixes).
o ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).
o ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
(git-fixes).
o ALSA: hda: Add Cometlake-R PCI ID (git-fixes).
o ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes).
o ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes).
o ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes).
o ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256
(git-fixes).
o ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
(git-fixes).
o ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7
(git-fixes).
o ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines
(git-fixes).
o ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes).
o ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes).
o ALSA: hda/realtek - Modify Dell platform name (git-fixes).
o ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658
(git-fixes).
o ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes).
o ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes).
o ALSA: hda/via: Add minimum mute flag (git-fixes).
o ALSA: hda/via: Apply the workaround generically for Clevo machines
(git-fixes).
o ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
o ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).
o ALSA: pcm: fix hw_rule deps kABI (bsc#1181014).
o ALSA: pcm: One more dependency for hw constraints (bsc#1181014).
o ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
(git-fixes).
o ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes).
o ALSA: usb-audio: Add quirk for RC-505 (git-fixes).
o ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#
1181014).
o ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes).
o ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014).
o ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes).
o ALSA: usb-audio: Choose audioformat of a counter-part substream
(git-fixes).
o ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014).
o ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices
(git-fixes).
o ALSA: usb-audio: Fix the missing endpoints creations for quirks
(git-fixes).
o ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014).
o ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes).
o ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014).
o arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
(bsc#1152489).
o arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes).
o arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#
1180130).
o arm64: pgtable: Fix pte_accessible() (bsc#1180130).
o ASoC: ak4458: correct reset polarity (git-fixes).
o ASoC: dapm: remove widget from dirty list on free (git-fixes).
o ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes).
o ASoC: meson: axg-tdm-interface: fix loopback (git-fixes).
o bitmap: remove unused function declaration (git-fixes).
o Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes).
o Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close
(git-fixes).
o bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274).
o bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518).
o bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#
1155518).
o btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773).
o btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773).
o btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773).
o btrfs: send: fix invalid clone operations when cloning from the same file
and root (bsc#1181511).
o btrfs: send: fix wrong file path when there is an inode with a pending
rmdir (bsc#1181237).
o bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes).
o cachefiles: Drop superfluous readpages aops NULL check (git-fixes).
o can: dev: prevent potential information leak in can_fill_info()
(git-fixes).
o can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
o CDC-NCM: remove "connected" log message (git-fixes).
o clk: tegra30: Add hda clock default rates to clock driver (git-fixes).
o crypto: asym_tpm: correct zero out potential secrets (git-fixes).
o crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes).
o dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()
(git-fixes).
o dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()
(git-fixes).
o dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes).
o dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
(git-fixes).
o dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling
path of the probe function (git-fixes).
o dmaengine: xilinx_dma: check dma_async_device_register return value
(git-fixes).
o dmaengine: xilinx_dma: fix incompatible param warning in _child_probe()
(git-fixes).
o dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).
o drivers/base/memory.c: indicate all memory blocks as removable (bsc#
1180264).
o drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling
(bsc#1180848).
o drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#
1180848). - Update config files. - supported.conf:
o drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes).
o drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes).
o drm/amd/display: Avoid MST manager resource leak (git-fixes).
o drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
(git-fixes).
o drm/amd/display: dchubbub p-state warning during surface planes switch
(git-fixes).
o drm/amd/display: Do not double-buffer DTO adjustments (git-fixes).
o drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally
(git-fixes).
o drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes).
o drm/amd/display: Free gamma after calculating legacy transfer function
(git-fixes).
o drm/amd/display: HDMI remote sink need mode validation for Linux
(git-fixes).
o drm/amd/display: Increase timeout for DP Disable (git-fixes).
o drm/amd/display: Reject overlay plane configurations in multi-display
scenarios (git-fixes).
o drm/amd/display: remove useless if/else (git-fixes).
o drm/amd/display: Retry AUX write when fail occurs (git-fixes).
o drm/amd/display: Stop if retimer is not available (git-fixes).
o drm/amd/display: update nv1x stutter latencies (git-fixes).
o drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes).
o drm/amdgpu: correct the gpu reset handling for job != NULL case
(git-fixes).
o drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is
(git-fixes).
o drm/amdgpu: do not map BO in reserved region (git-fixes).
o drm/amdgpu: fix a GPU hang issue when remove device (git-fixes).
o drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).
o drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume
(git-fixes).
o drm/amdgpu: fix build_coefficients() argument (git-fixes).
o drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes).
o drm/amdgpu: increase atombios cmd timeout (git-fixes).
o drm/amdgpu: increase the reserved VM size to 2MB (git-fixes).
o drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes).
o drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
(git-fixes).
o drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
(git-fixes).
o drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
o drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes).
o drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes).
o drm/amdkfd: fix a memory leak issue (git-fixes).
o drm/amdkfd: Fix leak in dmabuf import (git-fixes).
o drm/amdkfd: fix restore worker race condition (git-fixes).
o drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes).
o drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting
(git-fixes).
o drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472)
o drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes).
o drm/atomic: put state on error path (git-fixes).
o drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#
1152472)
o drm/bridge/synopsys: dsi: add support for non-continuous HS clock
(git-fixes).
o drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working
correctly (git-fixes).
o drm/dp_aux_dev: check aux_dev before use in (bsc#1152472)
o drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
(git-fixes).
o drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes).
o drm/exynos: dsi: Remove bridge node reference in error handling path in
probe function (git-fixes).
o drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting
notes: * context changes
o drm/gma500: fix double free of gma_connector (git-fixes).
o drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
(git-fixes).
o drm/i915: Avoid memory leak with more than 16 workarounds on a list
(git-fixes).
o drm/i915: Break up error capture compression loops with cond_resched()
(git-fixes).
o drm/i915: Check for all subplatform bits (git-fixes).
o drm/i915: clear the gpu reloc batch (git-fixes).
o drm/i915: Correctly set SFC capability for video engines (bsc#1152489)
Backporting notes: * context changes
o drm/i915/display/dp: Compute the correct slice count for VDSC on DP
(git-fixes).
o drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes).
o drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is
no reset-deassert MIPI-sequence (git-fixes).
o drm/i915: Filter wake_flags passed to default_wake_function (git-fixes).
o drm/i915: Fix mismatch between misplaced vma check and vma insert
(git-fixes).
o drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).
o drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes).
o drm/i915/gt: Delay execlist processing for tgl (git-fixes).
o drm/i915/gt: Free stale request on destroying the virtual engine
(git-fixes).
o drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes).
o drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes).
o drm/i915/gvt: return error when failing to take the module reference
(git-fixes).
o drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
o drm/i915: Handle max_bpc==16 (git-fixes).
o drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes).
o drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472)
o drm/mcde: Fix handling of platform_get_irq() error (git-fixes).
o drm/meson: dw-hdmi: Register a callback to disable the regulator
(git-fixes).
o drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).
o drm/msm/a6xx: fix a potential overflow issue (git-fixes).
o drm/msm/a6xx: fix gmu start on newer firmware (git-fixes).
o drm/msm: add shutdown support for display platform_driver (git-fixes).
o drm/msm: Disable preemption on all 5xx targets (git-fixes).
o drm/msm/dpu: Add newline to printks (git-fixes).
o drm/msm/dpu: Fix scale params in plane validation (git-fixes).
o drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).
o drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes).
o drm/msm: fix leaks if initialization fails (git-fixes).
o drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).
o drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).
o drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).
o drm/nouveau: fix runtime pm imbalance on error (git-fixes).
o drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
(git-fixes).
o drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
(git-fixes).
o drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
o drm/nouveau/mmu: fix vram heap sizing (git-fixes).
o drm/nouveau/nouveau: fix the start/end range for migration (git-fixes).
o drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).
o drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices
(git-fixes).
o drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).
o drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes).
o drm/omap: fix incorrect lock state (git-fixes).
o drm/omap: fix possible object reference leak (git-fixes).
o drm/panfrost: add amlogic reset quirk callback (git-fixes).
o drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes).
o drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472)
o drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).
o drm/scheduler: Avoid accessing freed bad job (git-fixes).
o drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#
1152472)
o drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes).
o drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes).
o drm/sun4i: frontend: Rework a bit the phase data (git-fixes).
o drm/sun4i: mixer: Extend regmap max_register (git-fixes).
o drm/syncobj: Fix use-after-free (git-fixes).
o drm/tegra: replace idr_init() by idr_init_base() (git-fixes).
o drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes).
o drm/ttm: fix eviction valuable range check (git-fixes).
o drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472)
o drm/tve200: Fix handling of platform_get_irq() error (git-fixes).
o drm/tve200: Stabilize enable/disable (git-fixes).
o drm/vc4: drv: Add error handding for bind (git-fixes).
o e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#
SLE-8100).
o EDAC/amd64: Fix PCI component registration (bsc#1152489).
o ehci: fix EHCI host controller initialization sequence (git-fixes).
o ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).
o Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next
builds. Fixes: 55877625c800 ("kernel-binary.spec.in:
Package the obj_install_dir as explicit filelist.")
o firmware: imx: select SOC_BUS to fix firmware build (git-fixes).
o floppy: reintroduce O_NDELAY fix (boo#1181018).
o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349
bsc#1149032).
o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
o futex: Remove needless goto's (bsc#1149032).
o futex: Remove unused empty compat_exit_robust_list() (bsc#1149032).
o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#
1149032).
o HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes).
o HID: logitech-dj: add the G602 receiver (git-fixes).
o HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices
(git-fixes).
o HID: multitouch: do not filter mice nodes (git-fixes).
o HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad
device (git-fixes).
o HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes).
o HID: wacom: Constify attribute_groups (git-fixes).
o HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes).
o HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes).
o HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes).
o hwmon: (pwm-fan) Ensure that calculation does not discard big period values
(git-fixes).
o i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes).
o i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated
(git-fixes).
o i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).
o i2c: sprd: use a specific timeout to avoid system hang up issue
(git-fixes).
o i3c master: fix missing destroy_workqueue() on error in i3c_master_register
(git-fixes).
o IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878).
o IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878).
o ice: avoid premature Rx buffer reuse (jsc#SLE-7926).
o ice, xsk: clear the status bits for the next_to_use descriptor (jsc#
SLE-7926).
o iio: ad5504: Fix setting power-down state (git-fixes).
o iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494).
o iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217).
o ionic: account for vlan tag len in rx buffer len (bsc#1167773).
o kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes).
o kdb: Fix pager search for multi-line strings (git-fixes).
o kgdb: Drop malformed kernel doc comment (git-fixes).
o kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git
fixes (kernel/kprobe)).
o KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218).
o KVM: s390: pv: Mark mm as protected after the set secure parameters and
improve cleanup (jsc#SLE-7512 bsc#1165545).
o KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809).
o leds: trigger: fix potential deadlock with libata (git-fixes).
o lib/genalloc: fix the overflow when size is too big (git-fixes).
o lib/string: remove unnecessary #undefs (git-fixes).
o lockd: do not use interval-based rebinding over TCP (for-next).
o mac80211: check if atf has been disabled in __ieee80211_schedule_txq
(git-fixes).
o mac80211: do not drop tx nulldata packets on encrypted links (git-fixes).
o md: fix a warning caused by a race between concurrent md_ioctl()s
(for-next).
o media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#
1181104).
o media: dvb-usb: Fix use-after-free access (bsc#1181104).
o media: gp8psk: initialize stats at power control logic (git-fixes).
o media: rc: ensure that uevent can be read directly after rc device register
(git-fixes).
o misc: vmw_vmci: fix kernel info-leak by initializing dbells in
vmci_ctx_get_chkpt_doorbells() (git-fixes).
o misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
o mmc: core: do not initialize block size from ext_csd if not present
(git-fixes).
o mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
o mm: memcontrol: fix missing wakeup polling thread (bsc#1181584).
o mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)).
o module: delay kobject uevent until after module init call (bsc#1178631).
o mt7601u: fix kernel crash unplugging the device (git-fixes).
o mt7601u: fix rx buffer refcounting (git-fixes).
o net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#
190111).
o net/af_iucv: set correct sk_protocol for child sockets (git-fixes).
o net: fix proc_fs init handling in af_packet and tls (bsc#1154353).
o net: hns3: fix a phy loopback fail issue (bsc#1154353).
o net: hns3: remove a misused pragma packed (bsc#1154353).
o net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464).
o net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes).
o net/smc: cancel event worker during device removal (git-fixes).
o net/smc: check for valid ib_client_data (git-fixes).
o net/smc: fix cleanup for linkgroup setup failures (git-fixes).
o net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid()
(git-fixes).
o net/smc: fix dmb buffer shortage (git-fixes).
o net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).
o net/smc: fix sock refcounting in case of termination (git-fixes).
o net/smc: fix valid DMBE buffer sizes (git-fixes).
o net/smc: no peer ID in CLC decline for SMCD (git-fixes).
o net/smc: remove freed buffer from list (git-fixes).
o net/smc: reset sndbuf_desc if freed (git-fixes).
o net/smc: set rx_off for SMCR explicitly (git-fixes).
o net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
o net/smc: transfer fasync_list in case of fallback (git-fixes).
o net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs'
(for-next).
o net: sunrpc: interpret the return value of kstrtou32 correctly (for-next).
o net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
o net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353).
o NFC: fix possible resource leak (git-fixes).
o NFC: fix resource leak when target index is invalid (git-fixes).
o NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next).
o nfs_common: need lock during iterate through the list (for-next).
o nfsd4: readdirplus shouldn't return parent of export (git-fixes).
o nfsd: Fix message level for normal termination (for-next).
o NFS: nfs_delegation_find_inode_server must first reference the superblock
(for-next).
o NFS: nfs_igrab_and_active must first reference the superblock (for-next).
o NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next).
o NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next).
o NFS: switch nfsiod to be an UNBOUND workqueue (for-next).
o NFSv4.2: condition READDIR's mask for security label based on LSM state
(for-next).
o NFSv4: Fix the alignment of page data in the getdeviceinfo reply
(for-next).
o nvme-multipath: fix bogus request queue reference put (bsc#1175389).
o nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout
(bsc#1181161).
o nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout
(bsc#1181161).
o platform/x86: i2c-multi-instantiate: Do not create platform device for
INT3515 ACPI nodes (git-fixes).
o platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
(git-fixes).
o platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from
allow-list (git-fixes).
o platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP
x360 models (git-fixes).
o PM: hibernate: flush swap writer after marking (git-fixes).
o pNFS: Mark layout for return if return-on-close was not sent (git-fixes).
o powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702).
o powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148
ltc#190702).
o powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc
#190702).
o powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#
190702).
o powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#
190702).
o power: vexpress: add suppress_bind_attrs to true (git-fixes).
o prom_init: enable verbose prints (bsc#1178142 bsc#1180759).
o ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
(bsc#1163930).
o ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).
o r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
o r8169: work around power-saving bug on some chip versions (git-fixes).
o regmap: debugfs: Fix a memory leak when calling regmap_attach_dev
(git-fixes).
o regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init()
(git-fixes).
o Revive usb-audio Keep Interface mixer (bsc#1181014).
o rtc: pl031: fix resource leak in pl031_probe (git-fixes).
o rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes).
o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349
bsc#1149032).
o s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).
o s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914).
o s390/dasd: fix list corruption of lcu list (git-fixes).
o s390/dasd: fix list corruption of pavgroup group list (git-fixes).
o s390/dasd: prevent inconsistent LCU device data (git-fixes).
o s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes).
o s390/qeth: consolidate online/offline code (git-fixes).
o s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path
(git-fixes).
o s390/qeth: fix deadlock during recovery (git-fixes).
o s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
(git-fixes).
o s390/qeth: fix locking for discipline setup / removal (git-fixes).
o s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).
o sched/fair: Check for idle core in wake_affine (git fixes (sched)).
o scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#
1181425 ltc#188252).
o scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#
1180891).
o scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#
1180891).
o scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#
1180891).
o scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#
1180891).
o scsi: lpfc: Fix error log messages being logged following SCSI task mgnt
(bsc#1180891).
o scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).
o scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).
o scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
o scsi: lpfc: Fix target reset failing (bsc#1180891).
o scsi: lpfc: Fix vport create logging (bsc#1180891).
o scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).
o scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework
(bsc#1180891).
o scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue
state (bsc#1180891).
o scsi: lpfc: Simplify bool comparison (bsc#1180891).
o scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
o scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc
#1180891).
o scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#
1179142).
o scsi: scsi_transport_srp: Do not block target in failfast state (bsc#
1172355).
o selftests/ftrace: Select an existing function in kprobe_eventname test (bsc
#1179396 ltc#185738).
o selftests: net: fib_tests: remove duplicate log test (git-fixes).
o selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158
ltc#190851).
o selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#
190851).
o selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851).
o selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#
190851).
o selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#
190851).
o selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#
190579).
o selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#
190851).
o serial: mvebu-uart: fix tx lost characters at power off (git-fixes).
o spi: cadence: cache reference clock rate during probe (git-fixes).
o spi: stm32: FIFO threshold level - fix align packet size (git-fixes).
o staging: mt7621-dma: Fix a resource leak in an error handling path
(git-fixes).
o staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
(git-fixes).
o SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages()
(for-next).
o sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next).
o SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next).
o swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb"
(git-fixes).
o swiotlb: using SIZE_MAX needs limits.h included (git-fixes).
o timers: Preserve higher bits of expiration on index calculation (bsc#
1181318).
o timers: Use only bucket expiry for base->next_expiry value (bsc#1181318).
o udp: Prevent reuseport_select_sock from reading uninitialized socks
(git-fixes).
o USB: cdc-acm: blacklist another IR Droid device (git-fixes).
o USB: cdc-wdm: Fix use after free in service_outstanding_interrupt()
(git-fixes).
o usb: chipidea: ci_hdrc_imx: add missing put_device() call in
usbmisc_get_init_data() (git-fixes).
o USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).
o usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
o usb: dwc3: core: Properly default unspecified speed (git-fixes).
o usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
(git-fixes).
o usb: dwc3: Update soft-reset wait polling rate (git-fixes).
o USB: ehci: fix an interrupt calltrace error (git-fixes).
o usb: gadget: aspeed: fix stop dma register setting (git-fixes).
o usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes).
o usb: gadget: configfs: Preserve function ordering after bind failure
(git-fixes).
o usb: gadget: enable super speed plus (git-fixes).
o usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes).
o usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
o usb: gadget: function: printer: Fix a memory leak for interface descriptor
(git-fixes).
o USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).
o usb: gadget: select CONFIG_CRC32 (git-fixes).
o usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
(git-fixes).
o USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
o USB: serial: option: add LongSung M5710 module support (git-fixes).
o USB: serial: option: add Quectel EM160R-GL (git-fixes).
o usb: typec: Fix copy paste error for NVIDIA alt-mode description
(git-fixes).
o usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).
o usb: udc: core: Use lock when write to soft_connect (git-fixes).
o usb: usbip: vhci_hcd: protect shift size (git-fixes).
o USB: usblp: fix DMA to stack (git-fixes).
o USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
(git-fixes).
o USB: yurex: fix control-URB timeout handling (git-fixes).
o vfio iommu: Add dma available capability (bsc#1179572 LTC#190110).
o vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc
#1181219).
o vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220).
o video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
(git-fixes).
o video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).
o video: fbdev: pvr2fb: initialize variables (git-fixes).
o video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value
error (git-fixes).
o wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
o wil6210: select CONFIG_CRC32 (git-fixes).
o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489).
o x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077).
o x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489).
o x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
o x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489).
o x86/mm: Fix leak of pmd ptlock (bsc#1152489).
o x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489).
o x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#
1152489).
o x86/resctrl: Do not move a task to the same resource group (bsc#1152489).
o x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
(bsc#1152489).
o x86/topology: Make __max_die_per_package available unconditionally (bsc#
1152489).
o x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled
(bsc#1181335).
o xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).
o xen/privcmd: allow fetching resource sizes (bsc#1065600).
o xfs: show the proper user quota options (bsc#1181538).
o xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).
o xhci: make sure TRB is fully written before giving it to the controller
(git-fixes).
o xhci: tegra: Delay for disabling LFPS detector (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-354=1
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-354=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-354=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-354=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-354=1
o SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-354=1
Package List:
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.49.2
kernel-default-debugsource-5.3.18-24.49.2
kernel-default-extra-5.3.18-24.49.2
kernel-default-extra-debuginfo-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-24.49.2
kernel-default-debugsource-5.3.18-24.49.2
kernel-default-livepatch-5.3.18-24.49.2
kernel-default-livepatch-devel-5.3.18-24.49.2
kernel-livepatch-5_3_18-24_49-default-1-5.3.2
kernel-livepatch-5_3_18-24_49-default-debuginfo-1-5.3.2
kernel-livepatch-SLE15-SP2_Update_10-debugsource-1-5.3.2
o SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-24.49.2
kernel-default-debugsource-5.3.18-24.49.2
reiserfs-kmp-default-5.3.18-24.49.2
reiserfs-kmp-default-debuginfo-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-24.49.2
kernel-obs-build-debugsource-5.3.18-24.49.2
kernel-syms-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.49.2
kernel-preempt-debugsource-5.3.18-24.49.2
kernel-preempt-devel-5.3.18-24.49.2
kernel-preempt-devel-debuginfo-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.49.3
kernel-source-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-24.49.2
kernel-default-base-5.3.18-24.49.2.9.21.2
kernel-default-debuginfo-5.3.18-24.49.2
kernel-default-debugsource-5.3.18-24.49.2
kernel-default-devel-5.3.18-24.49.2
kernel-default-devel-debuginfo-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.49.2
kernel-preempt-debuginfo-5.3.18-24.49.2
kernel-preempt-debugsource-5.3.18-24.49.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.49.2
kernel-macros-5.3.18-24.49.2
o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-24.49.2
cluster-md-kmp-default-debuginfo-5.3.18-24.49.2
dlm-kmp-default-5.3.18-24.49.2
dlm-kmp-default-debuginfo-5.3.18-24.49.2
gfs2-kmp-default-5.3.18-24.49.2
gfs2-kmp-default-debuginfo-5.3.18-24.49.2
kernel-default-debuginfo-5.3.18-24.49.2
kernel-default-debugsource-5.3.18-24.49.2
ocfs2-kmp-default-5.3.18-24.49.2
ocfs2-kmp-default-debuginfo-5.3.18-24.49.2
References:
o https://www.suse.com/security/cve/CVE-2020-25211.html
o https://www.suse.com/security/cve/CVE-2020-25639.html
o https://www.suse.com/security/cve/CVE-2020-27835.html
o https://www.suse.com/security/cve/CVE-2020-29568.html
o https://www.suse.com/security/cve/CVE-2020-29569.html
o https://www.suse.com/security/cve/CVE-2021-0342.html
o https://www.suse.com/security/cve/CVE-2021-20177.html
o https://www.suse.com/security/cve/CVE-2021-3347.html
o https://www.suse.com/security/cve/CVE-2021-3348.html
o https://bugzilla.suse.com/1065600
o https://bugzilla.suse.com/1149032
o https://bugzilla.suse.com/1152472
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1153274
o https://bugzilla.suse.com/1154353
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1163930
o https://bugzilla.suse.com/1165545
o https://bugzilla.suse.com/1167773
o https://bugzilla.suse.com/1172355
o https://bugzilla.suse.com/1175389
o https://bugzilla.suse.com/1176395
o https://bugzilla.suse.com/1176831
o https://bugzilla.suse.com/1176846
o https://bugzilla.suse.com/1178142
o https://bugzilla.suse.com/1178631
o https://bugzilla.suse.com/1179142
o https://bugzilla.suse.com/1179396
o https://bugzilla.suse.com/1179508
o https://bugzilla.suse.com/1179509
o https://bugzilla.suse.com/1179567
o https://bugzilla.suse.com/1179572
o https://bugzilla.suse.com/1179575
o https://bugzilla.suse.com/1179878
o https://bugzilla.suse.com/1180008
o https://bugzilla.suse.com/1180130
o https://bugzilla.suse.com/1180264
o https://bugzilla.suse.com/1180412
o https://bugzilla.suse.com/1180759
o https://bugzilla.suse.com/1180765
o https://bugzilla.suse.com/1180773
o https://bugzilla.suse.com/1180809
o https://bugzilla.suse.com/1180812
o https://bugzilla.suse.com/1180848
o https://bugzilla.suse.com/1180859
o https://bugzilla.suse.com/1180889
o https://bugzilla.suse.com/1180891
o https://bugzilla.suse.com/1180971
o https://bugzilla.suse.com/1181014
o https://bugzilla.suse.com/1181018
o https://bugzilla.suse.com/1181077
o https://bugzilla.suse.com/1181104
o https://bugzilla.suse.com/1181148
o https://bugzilla.suse.com/1181158
o https://bugzilla.suse.com/1181161
o https://bugzilla.suse.com/1181169
o https://bugzilla.suse.com/1181203
o https://bugzilla.suse.com/1181217
o https://bugzilla.suse.com/1181218
o https://bugzilla.suse.com/1181219
o https://bugzilla.suse.com/1181220
o https://bugzilla.suse.com/1181237
o https://bugzilla.suse.com/1181318
o https://bugzilla.suse.com/1181335
o https://bugzilla.suse.com/1181346
o https://bugzilla.suse.com/1181349
o https://bugzilla.suse.com/1181425
o https://bugzilla.suse.com/1181494
o https://bugzilla.suse.com/1181504
o https://bugzilla.suse.com/1181511
o https://bugzilla.suse.com/1181538
o https://bugzilla.suse.com/1181553
o https://bugzilla.suse.com/1181584
o https://bugzilla.suse.com/1181645
- --------------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0353-1
Rating: important
References: #1046305 #1046306 #1046540 #1046542 #1046648 #1050242
#1050244 #1050536 #1050538 #1050545 #1056653 #1056657
#1056787 #1064802 #1066129 #1073513 #1074220 #1075020
#1086282 #1086301 #1086313 #1086314 #1098633 #1103990
#1103991 #1103992 #1104270 #1104277 #1104279 #1104353
#1104427 #1104742 #1104745 #1109837 #1111981 #1112178
#1112374 #1113956 #1119113 #1126206 #1126390 #1127354
#1127371 #1129770 #1136348 #1149032 #1174206 #1176395
#1176831 #1176846 #1178036 #1178049 #1178631 #1178900
#1179093 #1179508 #1179509 #1179563 #1179573 #1179575
#1179878 #1180008 #1180130 #1180765 #1180812 #1180859
#1180891 #1180912 #1181001 #1181018 #1181170 #1181230
#1181231 #1181349 #1181425 #1181553
Cross-References: CVE-2020-25211 CVE-2020-25639 CVE-2020-27835 CVE-2020-29568
CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 8 vulnerabilities and has 68 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3347: A use-after-free was discovered in the PI futexes during
fault handling, allowing local users to execute code in the kernel (bnc#
1181349).
o CVE-2021-20177: Fixed a kernel panic related to iptables string matching
rules. A privileged user could insert a rule which could lead to denial of
service (bnc#1180765).
o CVE-2021-0342: In tun_get_user of tun.c, there is possible memory
corruption due to a use after free. This could lead to local escalation of
privilege with System execution privileges required. (bnc#1180812)
o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found,
specifically in the way user calls Ioctl after open dev file and fork. A
local user could use this flaw to crash the system (bnc#1179878).
o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#
1176846).
o CVE-2020-29569: Fixed a potential privilege escalation and information
leaks related to the PV block backend, as used by Xen (bnc#1179509).
o CVE-2020-29568: Fixed a denial of service issue, related to processing
watch events (bnc#1179508).
o CVE-2020-25211: Fixed a flaw where a local attacker was able to inject
conntrack netlink configuration that could cause a denial of service or
trigger the use of incorrect protocol numbers in
ctnetlink_parse_tuple_filter (bnc#1176395).
The following non-security bugs were fixed:
o ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
(git-fixes).
o ACPI: scan: Harden acpi_device_add() against device ID overflows
(git-fixes).
o ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
(git-fixes).
o ALSA: doc: Fix reference to mixart.rst (git-fixes).
o ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).
o ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
(git-fixes).
o ALSA: hda/via: Add minimum mute flag (git-fixes).
o ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
o ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).
o ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
(git-fixes).
o arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#
1180130).
o arm64: pgtable: Fix pte_accessible() (bsc#1180130).
o ASoC: dapm: remove widget from dirty list on free (git-fixes).
o ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
o bnxt_en: Do not query FW when netif_running() is false (bsc#1086282).
o bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ).
o bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
o bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ).
o bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745).
o bnxt_en: Improve stats context resource accounting with RDMA driver loaded
(bsc#1104745).
o bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
o bnxt_en: Release PCI regions when DMA mask setup fails during probe
(git-fixes).
o bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282).
o bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745).
o bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).
o btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#
1174206).
o btrfs: add a flag to iterate_inodes_from_logical to find all
o btrfs: add a flag to iterate_inodes_from_logical to find all extent refs
for uncompressed extents (bsc#1174206).
o btrfs: add a flag to iterate_inodes_from_logical to find all extent refs
for uncompressed extents (bsc#1174206).
o btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
o btrfs: qgroup: do not try to wait flushing if we're already holding a
transaction (bsc#1179575).
o caif: no need to check return value of debugfs_create functions
(git-fixes).
o can: c_can: c_can_power_up(): fix error handling (git-fixes).
o can: dev: prevent potential information leak in can_fill_info()
(git-fixes).
o can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
o chelsio/chtls: correct function return and return type (bsc#1104270).
o chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ).
o chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ).
o chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ).
o chelsio/chtls: fix deadlock issue (bsc#1104270).
o chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ).
o chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ).
o chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ).
o chelsio/chtls: fix socket lock (bsc#1104270).
o chelsio/chtls: fix tls record info to user (bsc#1104270 ).
o chtls: Added a check to avoid NULL pointer dereference (bsc#1104270).
o chtls: Fix chtls resources release sequence (bsc#1104270 ).
o chtls: Fix hardware tid leak (bsc#1104270).
o chtls: Remove invalid set_tcb call (bsc#1104270).
o chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ).
o cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#
1109837).
o cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
o cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540
bsc#1046542).
o cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
o cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129).
o cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648).
o cxgb4: fix SGE queue dump destination buffer context (bsc#1073513).
o cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129).
o cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277).
o cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#
1127371).
o cxgb4: move DCB version extern to header file (bsc#1104279 ).
o cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220).
o cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129).
o cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc
#1066129).
o cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#
1046648).
o dmaengine: xilinx_dma: check dma_async_device_register return value
(git-fixes).
o dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).
o docs: Fix reST markup when linking to sections (git-fixes).
o drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs
()' (git-fixes).
o drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting
changes: * context changes
o drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
o drm/atomic: put state on error path (git-fixes).
o drm/i915: Check for all subplatform bits (git-fixes).
o drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting
changes: * context changes
o drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: *
context changes
o drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
Backporting changes: * context changes * moved num_mixers from struct
dpu_crtc_state to struct dpu_crtc
o drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
Backporting changes: * context changes * removed reference to
msm_gem_is_locked()
o drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting
changes: * context changes
o drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).
o drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
(git-fixes).
o drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).
o drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting
changes: * context changes
o drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
o drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
o drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#
1112178) Backporting changes: * context changes
o EDAC/amd64: Fix PCI component registration (bsc#1112178).
o ehci: fix EHCI host controller initialization sequence (git-fixes).
o ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).
o floppy: reintroduce O_NDELAY fix (boo#1181018).
o futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349
bsc#1149032).
o futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#
1149032).
o i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).
o i40e: avoid premature Rx buffer reuse (bsc#1111981).
o i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).
o IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#
1103991).
o igb: Report speed and duplex as unknown when device is runtime suspended
(git-fixes).
o igc: fix link speed advertising (jsc#SLE-4799).
o iio: ad5504: Fix setting power-down state (git-fixes).
o iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#
1181001, jsc#ECO-3191).
o iommu/vt-d: Gracefully handle DMAR units with no supported address widths
(bsc#1181001, jsc#ECO-3191).
o ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ).
o ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837).
o kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
o KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
o KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
(bsc#1181230).
o lockd: do not use interval-based rebinding over TCP (git-fixes).
o locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#
1149032).
o md: fix a warning caused by a race between concurrent md_ioctl()s
(git-fixes).
o md/raid10: initialize r10_bio->read_slot before use (git-fixes).
o media: gp8psk: initialize stats at power control logic (git-fixes).
o misc: vmw_vmci: fix kernel info-leak by initializing dbells in
vmci_ctx_get_chkpt_doorbells() (git-fixes).
o misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
o mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).
o mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#
1112374).
o mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes).
o mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case
reload fails (bsc#1112374).
o mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes).
o mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
o mm: do not wake kswapd prematurely when watermark boosting is disabled (git
fixes (mm/vmscan)).
o mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/
hwpoison)).
o mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/
hotplug)).
o mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git
fixes (mm/pgalloc)).
o mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git
fixes (mm/hmm)).
o mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)).
o module: delay kobject uevent until after module init call (bsc#1178631).
o net/af_iucv: always register net_device notifier (git-fixes).
o net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#
190108).
o net/af_iucv: set correct sk_protocol for child sockets (git-fixes).
o net: atlantic: fix potential error handling (git-fixes).
o net: atlantic: fix use after free kasan warn (git-fixes).
o net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
o net: bcmgenet: reapply manual settings to the PHY (git-fixes).
o net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
(git-fixes).
o net: cbs: Fix software cbs to consider packet sending time (bsc#1109837).
o net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
o net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
o net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).
o net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it
anymore in mlx4_en_xmit() (git-fixes).
o net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
(git-fixes).
o net_failover: fixed rollback in net_failover_open() (bsc#1109837).
o net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc
#1109837).
o net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
o net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353).
o net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE
(git-fixes).
o net: hns3: add management table after IMP reset (bsc#1104353 ).
o net: hns3: check reset interrupt status when reset fails (git-fixes).
o net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes).
o net: hns3: fix a TX timeout issue (bsc#1104353).
o net: hns3: fix a wrong reset interrupt status mask (git-fixes).
o net: hns3: fix error handling for desc filling (bsc#1104353 ).
o net: hns3: fix error VF index when setting VLAN offload (bsc#1104353).
o net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390).
o net: hns3: fix interrupt clearing error for VF (bsc#1104353 ).
o net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353).
o net: hns3: fix shaper parameter algorithm (bsc#1104353 ).
o net: hns3: fix the number of queues actually used by ARQ (bsc#1104353).
o net: hns3: fix use-after-free when doing self test (bsc#1104353 ).
o net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353).
o __netif_receive_skb_core: pass skb by reference (bsc#1109837).
o net/liquidio: Delete driver version assignment (git-fixes).
o net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes).
o net/mlx4_en: Avoid scheduling restart task if it is already running
(git-fixes).
o net/mlx5: Add handling of port type in rule deletion (bsc#1103991).
o net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#
1103990).
o net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).
o net/mlx5e: Fix two double free cases (bsc#1046305).
o net/mlx5e: Fix VLAN cleanup flow (git-fixes).
o net/mlx5e: Fix VLAN create flow (git-fixes).
o net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#
1075020).
o net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ).
o net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305).
o net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ).
o net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#
1098633).
o net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633).
o net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay
(git-fixes).
o net: phy: broadcom: Fix RGMII delays configuration for BCM54210E
(git-fixes).
o net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
o net: phy: micrel: make sure the factory test bit is cleared (git-fixes).
o net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
o net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
(bsc#1109837).
o net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc
#1056787).
o net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
o net/smc: cancel event worker during device removal (git-fixes).
o net/smc: check for valid ib_client_data (git-fixes).
o net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).
o net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
o net/smc: receive returns without data (git-fixes).
o net/sonic: Add mutual exclusion for accessing shared state (git-fixes).
o net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
o net: stmmac: Do not accept invalid MTU values (git-fixes).
o net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).
o net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).
o net: stmmac: Enable 16KB buffer size (git-fixes).
o net: stmmac: fix length of PTP clock's name string (git-fixes).
o net: stmmac: gmac4+: Not all Unicast addresses may be available
(git-fixes).
o net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
o net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes).
o net: team: fix memory leak in __team_options_register (git-fixes).
o net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
o net: usb: lan78xx: Fix error message format specifier (git-fixes).
o net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes).
o nfp: validate the return code from dev_queue_xmit() (git-fixes).
o NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
(git-fixes).
o nfs_common: need lock during iterate through the list (git-fixes).
o nfsd4: readdirplus shouldn't return parent of export (git-fixes).
o nfsd: Fix message level for normal termination (git-fixes).
o NFS: nfs_igrab_and_active must first reference the superblock (git-fixes).
o NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
o NFSv4.2: condition READDIR's mask for security label based on LSM state
(git-fixes).
o page_frag: Recover from memory pressure (git fixes (mm/pgalloc)).
o pNFS: Mark layout for return if return-on-close was not sent (git-fixes).
o powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284).
o powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#
189284 git-fixes).
o powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).
o qed: Fix race condition between scheduling and destroying the slowpath
workqueue (bsc#1086314 bsc#1086313 bsc#1086301).
o qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538).
o r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
o RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#
1103992).
o RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ).
o RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742).
o RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#
1103992).
o RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ).
o RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306).
o RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306).
o RDMA/core: Fix reported speed and width (bsc#1046306 ).
o RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#
1103992).
o RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ).
o RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427).
o RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#
1104427).
o RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#
1104427).
o RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc
#1126206).
o RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ).
o RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#
SLE-4684).
o RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#
SLE-4684).
o RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ).
o RDMA/mlx5: Fix typo in enum name (bsc#1103991).
o RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991).
o RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ).
o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349
bsc#1149032).
o s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).
o s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915).
o s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#
190915).
o s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915).
o s390/qeth: delay draining the TX buffers (git-fixes).
o s390/qeth: fix deadlock during recovery (git-fixes).
o s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
(git-fixes).
o s390/qeth: fix locking for discipline setup / removal (git-fixes).
o s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).
o sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
o sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093).
o sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093).
o sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093).
o sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093).
o scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes).
o scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#
1181425 ltc#188252).
o scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#
1180891).
o scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#
1180891).
o scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#
1180891).
o scsi: lpfc: Fix error log messages being logged following SCSI task mgnt
(bsc#1180891).
o scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).
o scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).
o scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
o scsi: lpfc: Fix target reset failing (bsc#1180891).
o scsi: lpfc: Fix vport create logging (bsc#1180891).
o scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).
o scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework
(bsc#1180891).
o scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue
state (bsc#1180891).
o scsi: lpfc: Simplify bool comparison (bsc#1180891).
o scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
o scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc
#1180891).
o serial: mvebu-uart: fix tx lost characters at power off (git-fixes).
o spi: cadence: cache reference clock rate during probe (git-fixes).
o SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
o team: set dev->needed_headroom in team_setup_by_port() (git-fixes).
o tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#
1109837).
o usb: chipidea: ci_hdrc_imx: add missing put_device() call in
usbmisc_get_init_data() (git-fixes).
o usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
(git-fixes).
o USB: ehci: fix an interrupt calltrace error (git-fixes).
o usb: gadget: configfs: Preserve function ordering after bind failure
(git-fixes).
o usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
o USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).
o usb: gadget: select CONFIG_CRC32 (git-fixes).
o USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
o usb: udc: core: Use lock when write to soft_connect (git-fixes).
o USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
(git-fixes).
o USB: yurex: fix control-URB timeout handling (git-fixes).
o veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837).
o vfio iommu: Add dma available capability (bsc#1179573 LTC#190106).
o vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231).
o vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes).
o virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer
(git-fixes).
o wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
o wil6210: select CONFIG_CRC32 (git-fixes).
o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001,
jsc#ECO-3191).
o x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#
1181001, jsc#ECO-3191).
o x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
o x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).
o x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#
ECO-3191).
o x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
o x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
o x86/mm: Fix leak of pmd ptlock (bsc#1112178).
o x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
o x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#
ECO-3191).
o x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#
1112178).
o x86/resctrl: Do not move a task to the same resource group (bsc#1112178).
o x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
(bsc#1112178).
o xdp: Fix xsk_generic_xmit errno (bsc#1109837).
o xhci: make sure TRB is fully written before giving it to the controller
(git-fixes).
o xhci: tegra: Delay for disabling LFPS detector (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-353=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-353=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-353=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-353=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-353=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.60.1
kernel-default-debugsource-4.12.14-122.60.1
kernel-default-extra-4.12.14-122.60.1
kernel-default-extra-debuginfo-4.12.14-122.60.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.60.1
kernel-obs-build-debugsource-4.12.14-122.60.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.60.2
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.60.1
kernel-default-base-4.12.14-122.60.1
kernel-default-base-debuginfo-4.12.14-122.60.1
kernel-default-debuginfo-4.12.14-122.60.1
kernel-default-debugsource-4.12.14-122.60.1
kernel-default-devel-4.12.14-122.60.1
kernel-syms-4.12.14-122.60.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.60.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.60.1
kernel-macros-4.12.14-122.60.1
kernel-source-4.12.14-122.60.1
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.60.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.60.1
kernel-default-debugsource-4.12.14-122.60.1
kernel-default-kgraft-4.12.14-122.60.1
kernel-default-kgraft-devel-4.12.14-122.60.1
kgraft-patch-4_12_14-122_60-default-1-8.3.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.60.1
cluster-md-kmp-default-debuginfo-4.12.14-122.60.1
dlm-kmp-default-4.12.14-122.60.1
dlm-kmp-default-debuginfo-4.12.14-122.60.1
gfs2-kmp-default-4.12.14-122.60.1
gfs2-kmp-default-debuginfo-4.12.14-122.60.1
kernel-default-debuginfo-4.12.14-122.60.1
kernel-default-debugsource-4.12.14-122.60.1
ocfs2-kmp-default-4.12.14-122.60.1
ocfs2-kmp-default-debuginfo-4.12.14-122.60.1
References:
o https://www.suse.com/security/cve/CVE-2020-25211.html
o https://www.suse.com/security/cve/CVE-2020-25639.html
o https://www.suse.com/security/cve/CVE-2020-27835.html
o https://www.suse.com/security/cve/CVE-2020-29568.html
o https://www.suse.com/security/cve/CVE-2020-29569.html
o https://www.suse.com/security/cve/CVE-2021-0342.html
o https://www.suse.com/security/cve/CVE-2021-20177.html
o https://www.suse.com/security/cve/CVE-2021-3347.html
o https://bugzilla.suse.com/1046305
o https://bugzilla.suse.com/1046306
o https://bugzilla.suse.com/1046540
o https://bugzilla.suse.com/1046542
o https://bugzilla.suse.com/1046648
o https://bugzilla.suse.com/1050242
o https://bugzilla.suse.com/1050244
o https://bugzilla.suse.com/1050536
o https://bugzilla.suse.com/1050538
o https://bugzilla.suse.com/1050545
o https://bugzilla.suse.com/1056653
o https://bugzilla.suse.com/1056657
o https://bugzilla.suse.com/1056787
o https://bugzilla.suse.com/1064802
o https://bugzilla.suse.com/1066129
o https://bugzilla.suse.com/1073513
o https://bugzilla.suse.com/1074220
o https://bugzilla.suse.com/1075020
o https://bugzilla.suse.com/1086282
o https://bugzilla.suse.com/1086301
o https://bugzilla.suse.com/1086313
o https://bugzilla.suse.com/1086314
o https://bugzilla.suse.com/1098633
o https://bugzilla.suse.com/1103990
o https://bugzilla.suse.com/1103991
o https://bugzilla.suse.com/1103992
o https://bugzilla.suse.com/1104270
o https://bugzilla.suse.com/1104277
o https://bugzilla.suse.com/1104279
o https://bugzilla.suse.com/1104353
o https://bugzilla.suse.com/1104427
o https://bugzilla.suse.com/1104742
o https://bugzilla.suse.com/1104745
o https://bugzilla.suse.com/1109837
o https://bugzilla.suse.com/1111981
o https://bugzilla.suse.com/1112178
o https://bugzilla.suse.com/1112374
o https://bugzilla.suse.com/1113956
o https://bugzilla.suse.com/1119113
o https://bugzilla.suse.com/1126206
o https://bugzilla.suse.com/1126390
o https://bugzilla.suse.com/1127354
o https://bugzilla.suse.com/1127371
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1136348
o https://bugzilla.suse.com/1149032
o https://bugzilla.suse.com/1174206
o https://bugzilla.suse.com/1176395
o https://bugzilla.suse.com/1176831
o https://bugzilla.suse.com/1176846
o https://bugzilla.suse.com/1178036
o https://bugzilla.suse.com/1178049
o https://bugzilla.suse.com/1178631
o https://bugzilla.suse.com/1178900
o https://bugzilla.suse.com/1179093
o https://bugzilla.suse.com/1179508
o https://bugzilla.suse.com/1179509
o https://bugzilla.suse.com/1179563
o https://bugzilla.suse.com/1179573
o https://bugzilla.suse.com/1179575
o https://bugzilla.suse.com/1179878
o https://bugzilla.suse.com/1180008
o https://bugzilla.suse.com/1180130
o https://bugzilla.suse.com/1180765
o https://bugzilla.suse.com/1180812
o https://bugzilla.suse.com/1180859
o https://bugzilla.suse.com/1180891
o https://bugzilla.suse.com/1180912
o https://bugzilla.suse.com/1181001
o https://bugzilla.suse.com/1181018
o https://bugzilla.suse.com/1181170
o https://bugzilla.suse.com/1181230
o https://bugzilla.suse.com/1181231
o https://bugzilla.suse.com/1181349
o https://bugzilla.suse.com/1181425
o https://bugzilla.suse.com/1181553
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYCS77+NLKJtyKPYoAQgfZA/9F7qMZtKyj0GEQzQfmOKeRwW4vmA3DOEZ
EguFbNR/BdgS8nS/OsBUheCxv35ONMWWA7obF9+HEp3Idi35coVFx97znTAyoWSq
4/QBOqAY2w6eW89fmaRPuBXsSXwy9UYzttVQW4b1cgG8x32bQxgHFeWkX+iz7Iw2
MtpBIsWbUrQcwLY4W605VYVQso9wToeK4hV/WAlqcx8VNzj+62kWGuT4Yu+DlqMF
SiLkJvT+W4qraR8/RRi2VqvHGpMIGbZe0T0MooOZ+JxrAbt1mB9iudb7eVB1NLtY
v8NBA0GTWm01UB5szj0X/zzoRSgi3x7TGrro8i/V3In3GkwyJZCYZ5p1xzTS060M
3yvGtCAuSqkK6MkzHWj2wZEG9BVjZ2IaepnL72OqZI1x2xEYvg/X/zEEtN4PT2A+
sPgxN8QyrBs/PDVibwfQM35l1+9LfnTGtHAfyPedv7A8IDzAUiWRH2DpW/k2IC2L
134KSufm2jaqZi4BZa2fntsL7UxP0xAglpJhaCBykTUVS9YbZt4BDKIYdqCB0pPq
slDopUJhREsWdzh02PzzwOI7p61u08ewdc9QkYfzrhKuo3vFOB8RHQns5uqPpl5B
EZa7WRRDWCQ3tnkIkT+28jbFAe6eiAQRolVvXp6G9rJD7wVIyMyEXVXIHtW5iC5n
vpz8THI77sA=
=Uyex
-----END PGP SIGNATURE-----