Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2079
Security update for the Linux Kernel
10 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Create Arbitrary Files -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33200 CVE-2021-33034 CVE-2021-32399
CVE-2021-29650 CVE-2021-29155 CVE-2021-23134
CVE-2021-23133 CVE-2021-3491 CVE-2020-26147
CVE-2020-26145 CVE-2020-26141 CVE-2020-26139
CVE-2020-24588 CVE-2020-24587 CVE-2020-24586
Reference: ESB-2021.1635
ESB-2021.1628
ESB-2021.1627.2
ESB-2021.1625
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211915-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211913-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211912-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211887-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211888-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211890-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211889-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211891-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211899-1
Comment: This bulletin contains nine (9) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1915-1
Rating: important
References: #1043990 #1055117 #1065729 #1152457 #1152489 #1155518
#1156395 #1167260 #1167574 #1168838 #1174416 #1174426
#1175995 #1178089 #1179243 #1179851 #1180846 #1181161
#1182613 #1183063 #1183203 #1183289 #1184208 #1184209
#1184436 #1184485 #1184514 #1184585 #1184650 #1184724
#1184728 #1184730 #1184731 #1184736 #1184737 #1184738
#1184740 #1184741 #1184742 #1184760 #1184811 #1184893
#1184934 #1184942 #1184957 #1184969 #1184984 #1185041
#1185113 #1185233 #1185244 #1185269 #1185365 #1185454
#1185472 #1185491 #1185549 #1185586 #1185587
Cross-References: CVE-2021-29155 CVE-2021-29650
Affected Products:
SUSE MicroOS 5.0
SUSE Linux Enterprise Module for Realtime 15-SP3
______________________________________________________________________________
An update that solves two vulnerabilities and has 57 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed
attackers to cause a denial of service (panic) because net/netfilter/
x_tables.c and include/linux/netfilter/x_tables.h lack a full memory
barrier upon the assignment of a new table value (bnc#1184208).
o CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c
that performs undesirable out-of-bounds speculation on pointer arithmetic,
leading to side-channel attacks that defeat Spectre mitigations and obtain
sensitive information from kernel memory. Specifically, for sequences of
pointer arithmetic operations, the pointer modification performed by the
first operation was not correctly accounted for when restricting subsequent
operations (bnc#1184942).
The following non-security bugs were fixed:
o ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
o ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
(git-fixes).
o ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(git-fixes).
o ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes).
o ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes).
o ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion
codec (git-fixes).
o ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion
codec (git-fixes).
o ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes).
o ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes).
o ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups
(git-fixes).
o ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB
(git-fixes).
o ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye
(git-fixes).
o ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes).
o ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes).
o ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes).
o ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes).
o ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes).
o ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
(git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries
(git-fixes).
o ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
o ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes).
o ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
(git-fixes).
o ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
o ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes).
o ALSA: usb-audio: DJM-750: ensure format is set (git-fixes).
o ALSA: usb-audio: Explicitly set up the clock selector (git-fixes).
o ALSA: usb-audio: Fix implicit sync clearance at stopping stream
(git-fixes).
o ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to
set samplerate (git-fixes).
o ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails
(git-fixes).
o arm: dts: add imx7d pcf2127 fix to blacklist
o ASoC: ak5558: correct reset polarity (git-fixes).
o ASoC: ak5558: Fix s/show/slow/ typo (git-fixes).
o ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function
(git-fixes).
o ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes).
o ASoC: simple-card: fix possible uninitialized single_cpu local variable
(git-fixes).
o ASoC: SOF: Intel: HDA: fix core status verification (git-fixes).
o ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes).
o ata: libahci_platform: fix IRQ check (git-fixes).
o ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
(git-fixes).
o ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
(git-fixes).
o backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
o blkcg: fix memleak for iolatency (git-fixes).
o block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#
1168838).
o block: recalculate segment count for multi-segment discards correctly (bsc#
1184724).
o block: rsxx: select CONFIG_CRC32 (git-fixes).
o bluetooth: eliminate the potential race condition when removing the HCI
controller (git-fixes).
o bnxt_en: reverse order of TX disable and carrier off (git-fixes).
o bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
o bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
o bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#
1155518).
o bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
o bsg: free the request before return error code (git-fixes).
o btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549).
o btrfs: fix race between swap file activation and snapshot creation (bsc#
1185587).
o btrfs: fix race between writes to swap files and scrub (bsc#1185586).
o btrfs: track qgroup released data in own variable in
insert_prealloc_file_extent (bsc#1185549).
o bus: qcom: Put child node before return (git-fixes).
o cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
o clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1
GHz (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
(git-fixes).
o clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
(git-fixes).
o clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes).
o clk: uniphier: Fix potential infinite loop (git-fixes).
o clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
(git-fixes).
o coresight: etm4x: Fix issues on trcseqevr access (git-fixes).
o coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register
(git-fixes).
o coresight: tmc-etr: Fix barrier packet insertion for perf buffer
(git-fixes).
o cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes).
o cpufreq: armada-37xx: Fix driver cleanup when registration failed
(git-fixes).
o cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes).
o cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes).
o cpufreq: Kconfig: fix documentation links (git-fixes).
o crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes).
o crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS
(git-fixes).
o cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes).
o cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4
and ulds (git-fixes).
o dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
o dm: eliminate potential source of excessive kernel log noise (git-fixes).
o dm era: Fix bitset memory leaks (git-fixes).
o dm era: only resize metadata in preresume (git-fixes).
o dm era: Recover committed writeset after crash (git-fixes).
o dm era: Reinitialize bitset cache before digesting a new writeset
(git-fixes).
o dm era: Use correct value size in equality function of writeset tree
(git-fixes).
o dm era: Verify the data block size hasn't changed (git-fixes).
o dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes).
o dm integrity: fix error reporting in bitmap mode after creation
(git-fixes).
o dm ioctl: fix error return code in target_message (git-fixes).
o dm mpath: fix racey management of PG initialization (git-fixes).
o dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#
1175995, bsc#1184485).
o dm raid: fix discard limits for raid1 (git-fixes).
o dm: remove invalid sparse __acquires and __releases annotations
(git-fixes).
o dm writecache: fix the maximum number of arguments (git-fixes).
o dm writecache: handle DAX to partitions on persistent memory correctly
(git-fixes).
o dm writecache: remove BUG() and fail gracefully instead (git-fixes).
o dm zoned: select CONFIG_CRC32 (git-fixes).
o dpaa_eth: copy timestamp fields to new skb in A-050385 workaround
(git-fixes).
o dpaa_eth: fix the RX headroom size alignment (git-fixes).
o dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
(git-fixes).
o dpaa_eth: Use random MAC address when none is given (bsc#1184811).
o drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs
()' (git-fixes).
o drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
o drm/ast: Add 25MHz refclk support (bsc#1174416).
o drm/ast: Add support for 1152x864 mode (bsc#1174416).
o drm/ast: Add support for AIP200 (bsc#1174416).
o drm/ast: AST2500 fixups (bsc#1174416).
o drm/ast: Correct mode table for AST2500 precatch (bsc#1174416).
o drm/ast: Disable screen on register init (bsc#1174416).
o drm/ast: Disable VGA decoding while driver is active (bsc#1174416).
o drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416).
o drm/ast: Fix P2A config detection (bsc#1174416).
o drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416).
o drm/ast: Keep MISC fields when enabling VGA (bsc#1174416).
o drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
o drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
o drm/msm: Fix a5xx/a6xx timestamps (git-fixes).
o drm/omap: fix misleading indentation in pixinc() (git-fixes).
o drm/radeon: fix copy of uninitialized variable back to userspace
(git-fixes).
o drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes).
o e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
o e1000e: Fix duplicate include guard (git-fixes).
o e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
o enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes).
o enetc: Workaround for MDIO register access issue (git-fixes).
o ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx
(git-fixes).
o ext4: do not try to set xattr into ea_inode if value is empty (bsc#
1184730).
o ext4: find old entry again if failed to rename whiteout (bsc#1184742).
o ext4: fix potential error in ext4_do_update_inode (bsc#1184731).
o ext4: fix potential htree index checksum corruption (bsc#1184728).
o firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes).
o fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851).
o fotg210-udc: Complete OUT requests on short packets (git-fixes).
o fotg210-udc: Do not DMA more than the buffer can take (git-fixes).
o fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes).
o fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes).
o fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes).
o fotg210-udc: Remove a dubious condition leading to fotg210_done
(git-fixes).
o fs: direct-io: fix missing sdio->boundary (bsc#1184736).
o fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741).
o fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811).
o fsl/fman: tolerate missing MAC address in device tree (bsc#1184811).
o gpio: omap: Save and restore sysconfig (git-fixes).
o gpio: sysfs: Obey valid_mask (git-fixes).
o HID: alps: fix error return code in alps_input_configured() (git-fixes).
o HID: google: add don USB id (git-fixes).
o HID: plantronics: Workaround for double volume key presses (git-fixes).
o HID: wacom: Assign boolean values to a bool variable (git-fixes).
o HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
(git-fixes).
o i2c: cadence: add IRQ check (git-fixes).
o i2c: emev2: add IRQ check (git-fixes).
o i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
(git-fixes).
o i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
(git-fixes).
o i2c: jz4780: add IRQ check (git-fixes).
o i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes).
o i2c: sh7760: add IRQ check (git-fixes).
o i2c: sh7760: fix IRQ error path (git-fixes).
o i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes).
o i40e: Added Asym_Pause to supported link modes (git-fixes).
o i40e: Add zero-initialization of AQ command structures (git-fixes).
o i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes).
o i40e: Fix add TC filter for IPv6 (git-fixes).
o i40e: Fix display statistics for veb_tc (git-fixes).
o i40e: Fix endianness conversions (git-fixes).
o i40e: Fix flow for IPv6 next header (extension header) (git-fixes).
o i40e: Fix kernel oops when i40e driver removes VF's (git-fixes).
o i40e: Fix overwriting flow control settings during driver loading
(git-fixes).
o i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
o i40e: Fix sparse warning: missing error code 'err' (git-fixes).
o i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
o ibmvnic: avoid calling napi_disable() twice (bsc#1065729).
o ibmvnic: clean up the remaining debugfs data structures (bsc#1065729).
o ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#
SLE-17043 bsc#1179243 ltc#189290 git-fixes).
o ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes).
o ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432
git-fixes).
o ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes).
o ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432
git-fixes).
o ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#
1065729).
o ibmvnic: remove duplicate napi_schedule call in open function (bsc#
1065729).
o ice: Account for port VLAN in VF max packet size calculation (git-fixes).
o ice: Cleanup fltr list in case of allocation issues (git-fixes).
o ice: Fix for dereference of NULL pointer (git-fixes).
o ice: Increase control queue timeout (git-fixes).
o ice: prevent ice_open and ice_stop during reset (git-fixes).
o igb: check timestamp validity (git-fixes).
o igb: Fix duplicate include guard (git-fixes).
o igc: Fix Pause Frame Advertising (git-fixes).
o igc: Fix Supported Pause Frame Link Setting (git-fixes).
o igc: reinit_locked() should be called with rtnl_lock (git-fixes).
o iio:accel:adis16201: Fix wrong axis assignment that prevents loading
(git-fixes).
o ima: Free IMA measurement buffer after kexec syscall (git-fixes).
o Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
o Input: nspire-keypad - enable interrupts only when opened (git-fixes).
o Input: s6sy761 - fix coordinate read bit shift (git-fixes).
o interconnect: core: fix error return code of icc_link_destroy()
(git-fixes).
o iopoll: introduce read_poll_timeout macro (git-fixes).
o iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
o ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
(git-fixes).
o irqchip: Add support for Layerscape external interrupt lines (bsc#1185233).
o irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#
1185233).
o irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#
1185233).
o isofs: release buffer head before return (bsc#1182613).
o ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes).
o jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740).
o kABI: cover up change in struct kvm_arch (bsc#1184969).
o kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426).
o kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#
1184209 ltc#190917).
o kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
o KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489).
o KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#
1156395).
o KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395).
o libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#
1185269).
o libnvdimm/namespace: Fix reaping of invalidated block-window-namespace
labels (bsc#1185269).
o libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#
1184969 git-fixes).
o libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr
(git-fixes).
o liquidio: Fix unintented sign extension of a left shift of a u16
(git-fixes).
o locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#
1185041).
o mac80211: bail out if cipher schemes are invalid (git-fixes).
o mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
o macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
o media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
o media: m88rs6000t: avoid potential out-of-bounds reads on arrays
(git-fixes).
o media: mantis: remove orphan mantis_core.c (git-fixes).
o media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
o media: platform: sunxi: sun6i-csi: fix error return code of
sun6i_video_start_streaming() (git-fixes).
o media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes).
o media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes).
o media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes).
o media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes).
o memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
(git-fixes).
o memory: pl353: fix mask of ECC page_size config register (git-fixes).
o mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000"
(git-fixes).
o mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
o misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
(git-fixes).
o mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
o mmc: cqhci: Add cqhci_deactivate() (git-fixes).
o mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
o mmc: sdhci-of-arasan: Add missed checks for devm_clk_register()
(git-fixes).
o mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes).
o mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes).
o mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes).
o mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
o mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based
controllers (git-fixes).
o mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes).
o mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()
(git-fixes).
o mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes).
o mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes).
o Move upstreamed i915 fix into sorted section
o mt7601u: fix always true expression (git-fixes).
o mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes).
o mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes).
o mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes).
o mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes).
o mtd: rawnand: qcom: Return actual error code instead of -ENODEV
(git-fixes).
o mtd: require write permissions for locking and badblock ioctls (git-fixes).
o mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes).
o mtd: spi-nor: Rename "n25q512a" to "mt25qu512a (n25q512a)" (bsc#1167260).
o mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260).
o nbd: fix a block_device refcount leak in nbd_release (git-fixes).
o net: atlantic: fix out of range usage of active_vlans array (git-fixes).
o net: atlantic: fix potential error handling (git-fixes).
o net: atlantic: fix use after free kasan warn (git-fixes).
o net: dsa: felix: implement port flushing on .phylink_mac_link_down
(git-fixes).
o net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr
(git-fixes).
o net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes).
o net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes).
o net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
(git-fixes).
o net: hns3: clear VF down state bit before request link status (git-fixes).
o net: hns3: fix bug when calculating the TCAM table info (git-fixes).
o net: hns3: fix query vlan mask value error for flow director (git-fixes).
o net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event()
(git-fixes).
o net: ll_temac: Add more error handling of dma_map_single() calls
(git-fixes).
o net: ll_temac: Fix race condition causing TX hang (git-fixes).
o net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
(git-fixes).
o net: ll_temac: Handle DMA halt condition caused by buffer underrun
(git-fixes).
o net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
o net/mlx5: Do not request more than supported EQs (git-fixes).
o net/mlx5e: Do not match on Geneve options in case option masks are all zero
(git-fixes).
o net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
o net/mlx5e: Fix ethtool indication of connector type (git-fixes).
o net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#
SLE-8464).
o net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes).
o net: phy: intel-xway: enable integrated led functions (git-fixes).
o net: phy: marvell: fix m88e1011_set_downshift (git-fixes).
o net: phy: marvell: fix m88e1111_set_downshift (git-fixes).
o net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
(git-fixes).
o net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
o net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter
(git-fixes).
o net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter
(git-fixes).
o net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
o nfc: pn533: prevent potential memory corruption (git-fixes).
o nfp: flower: ignore duplicate merge hints from FW (git-fixes).
o node: fix device cleanups in error handling code (git-fixes).
o null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
o nvme-fabrics: reject I/O to offline device (bsc#1181161).
o nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
o ocfs2: fix a use after free on error (bsc#1184738).
o pata_arasan_cf: fix IRQ check (git-fixes).
o pata_ipx4xx_cf: fix IRQ check (git-fixes).
o PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426).
o PCI/AER: Add RCEC AER error injection support (bsc#1174426).
o PCI/AER: Clear AER status from Root Port when resetting Downstream Port
(bsc#1174426).
o PCI/AER: Specify the type of Port that was reset (bsc#1174426).
o PCI/AER: Use "aer" variable for capability offset (bsc#1174426).
o PCI/AER: Write AER Capability only when we control it (bsc#1174426).
o PCI: designware-ep: Fix the Header Type check (git-fixes).
o PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426).
o PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426).
o PCI/ERR: Avoid negated conditional for clarity (bsc#1174426).
o PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426).
o PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#
1174426).
o PCI/ERR: Clear AER status only when we control AER (bsc#1174426).
o PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426).
o PCI/ERR: Clear status of the reporting device (bsc#1174426).
o PCI/ERR: Recover from RCEC AER errors (bsc#1174426).
o PCI/ERR: Recover from RCiEP AER errors (bsc#1174426).
o PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426).
o PCI/ERR: Retain status from error notification (bsc#1174426).
o PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426).
o PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426).
o PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() (bsc#1174426).
o PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426).
o PCI/portdrv: Report reset for frozen channel (bsc#1174426).
o PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes).
o PCI: tegra: Move "dbi" accesses to post common DWC initialization
(git-fixes).
o phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
unconditionally (git-fixes).
o pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
o pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes).
o platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
critclk_systems DMI table (git-fixes).
o PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes).
o powerepc/book3s64/hash: Align start/end address correctly with bolt mapping
(bsc#1184957).
o powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117
git-fixes).
o powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729).
o powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395).
o powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729).
o powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289
ltc#191637).
o powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#
1184969).
o powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969).
o powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729).
o powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729).
o powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#
190917).
o powerpc/time: Enable sched clock for irqtime (bsc#1156395).
o regmap: set debugfs_name to NULL after it is freed (git-fixes).
o regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()'
(git-fixes).
o reintroduce cqhci_suspend for kABI (git-fixes).
o reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737).
o rpm/constraints.in: bump disk space to 45GB on riscv64
o rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
o rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
o rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#
1184650)
o rsi: Use resume_noirq for SDIO (git-fixes).
o rsxx: remove extraneous 'const' qualifier (git-fixes).
o rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
o rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454).
o rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454).
o rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454).
o rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454).
o rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454).
o rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454).
o rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#
1185454).
o rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454).
o rtc: pcf2127: add alarm support (bsc#1185233).
o rtc: pcf2127: add pca2129 device id (bsc#1185233).
o rtc: pcf2127: add tamper detection support (bsc#1185233).
o rtc: pcf2127: add watchdog feature support (bsc#1185233).
o rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233).
o rtc: pcf2127: cleanup register and bit defines (bsc#1185233).
o rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233).
o rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233).
o rtc: pcf2127: fix alarm handling (bsc#1185233).
o rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233).
o rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233).
o rtc: pcf2127: let the core handle rtc range (bsc#1185233).
o rtc: pcf2127: move watchdog initialisation to a separate function (bsc#
1185233).
o rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233).
o rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#
1185233).
o rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233).
o rtc: pcf2127: set regmap max_register (bsc#1185233).
o rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233).
o rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
o rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes).
o sata_mv: add IRQ checks (git-fixes).
o scsi: block: Fix a race in the runtime power management code (git-fixes).
o scsi: core: add scsi_host_busy_iter() (bsc#1179851).
o scsi: core: Only return started requests from scsi_host_find_tag() (bsc#
1179851).
o scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472).
o scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472).
o scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472).
o scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472).
o scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472).
o scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472).
o scsi: lpfc: Fix a typo (bsc#1185472).
o scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO
response (bsc#1185472).
o scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365).
o scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode
(bsc#1185472).
o scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472).
o scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472).
o scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203).
o scsi: lpfc: Fix incorrectly documented function
lpfc_debugfs_commonxripools_data() (bsc#1185472).
o scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#
1185472).
o scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472).
o scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#
1185472).
o scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472).
o scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#
1185472).
o scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency
(bsc#1185472).
o scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#
1185472).
o scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#
1185472).
o scsi: lpfc: Fix silent memory allocation failure in
lpfc_sli4_bsg_link_diag_test() (bsc#1185472).
o scsi: lpfc: Fix some error codes in debugfs (bsc#1185472).
o scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#
1185472).
o scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#
1185472).
o scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472).
o scsi: lpfc: Standardize discovery object logging format (bsc#1185472).
o scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472).
o scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491).
o scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#
1185491).
o scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
(bsc#1185491).
o scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491).
o scsi: qla2xxx: Check kzalloc() return value (bsc#1185491).
o scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#
1185491).
o scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491).
o scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#
1185491).
o scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491).
o scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#
1185491).
o scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491).
o scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491).
o scsi: qla2xxx: Fix broken #endif placement (bsc#1185491).
o scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491).
o scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491).
o scsi: qla2xxx: Fix endianness annotations (bsc#1185491).
o scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#
1185491).
o scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491).
o scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491).
o scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491).
o scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491).
o scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491).
o scsi: qla2xxx: Fix some memory corruption (bsc#1185491).
o scsi: qla2xxx: Fix stuck session (bsc#1185491).
o scsi: qla2xxx: Fix use after free in bsg (bsc#1185491).
o scsi: qla2xxx: Implementation to get and manage host, target stats and
initiator port (bsc#1185491).
o scsi: qla2xxx: Move some messages from debug to normal log level (bsc#
1185491).
o scsi: qla2xxx: Remove redundant NULL check (bsc#1185491).
o scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491).
o scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491).
o scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#
1185491).
o scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436).
o scsi: qla2xxx: Reuse existing error handling path (bsc#1185491).
o scsi: qla2xxx: Simplify if statement (bsc#1185491).
o scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491).
o scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491).
o scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491).
o scsi: qla2xxx: Update default AER debug mask (bsc#1185491).
o scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491).
o scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491).
o scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491).
o scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#
1185491).
o scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089).
o scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089).
o scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089).
o selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460).
o selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#
191460).
o selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#
191460).
o selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460).
o selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460).
o selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#
191460).
o selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460).
o selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460).
o selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#
191460).
o soc: aspeed: fix a ternary sign expansion bug (git-fixes).
o soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes).
o soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes).
o soundwire: bus: Fix device found flag correctly (git-fixes).
o soundwire: stream: fix memory leak in stream config error path (git-fixes).
o spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260).
o spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260).
o spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260).
o spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
(git-fixes).
o spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#
1167260).
o spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible
(bsc#1167260).
o spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx
functions (bsc#1167260).
o spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260).
o spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260).
o spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260).
o spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode
(bsc#1167260).
o spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#
1167260).
o spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros
(bsc#1167260).
o spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260).
o spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#
1167260).
o spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260).
o spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260).
o spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260).
o spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260).
o spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#
1167260).
o spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260).
o spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#
1167260).
o spi: spi-fsl-dspi: Fix code alignment (bsc#1167260).
o spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260).
o spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
(bsc#1167260).
o spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path
(bsc#1167260).
o spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#
1167260).
o spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc
#1167260).
o spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
(bsc#1167260).
o spi: spi-fsl-dspi: fix native data copy (bsc#1167260).
o spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260).
o spi: spi-fsl-dspi: Fix typos (bsc#1167260).
o spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260).
o spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#
1167260).
o spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#
1167260).
o spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260).
o spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260).
o spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc
#1167260).
o spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message
(bsc#1167260).
o spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count
(bsc#1167260).
o spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#
1167260).
o spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#
1167260).
o spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260).
o spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#
1167260).
o spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the
driver. References: bsc#1167260
o spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260).
o spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL
(bsc#1167260).
o spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260).
o spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260).
o spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc
#1167260).
o spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#
1167260).
o spi: spi-fsl-dspi: Replace interruptible wait queue with a simple
completion (bsc#1167260).
o spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc
#1167260).
o spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260).
o spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260).
o spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#
1167260).
o spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260).
o spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel
() (bsc#1167260).
o spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#
1167260).
o spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#
1167260).
o spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#
1167260).
o spi: spi-fsl-dspi: Use specific compatible strings for all SoC
instantiations (bsc#1167260).
o spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#
1167260).
o spi: spi-ti-qspi: Free DMA resources (git-fixes).
o staging: fwserial: fix TIOCGSERIAL implementation (git-fixes).
o staging: fwserial: fix TIOCSSERIAL implementation (git-fixes).
o staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes).
o staging: fwserial: fix TIOCSSERIAL permission check (git-fixes).
o staging: rtl8192u: Fix potential infinite loop (git-fixes).
o usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984).
o usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes).
o usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes).
o usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes).
o usb: dwc2: Fix hibernation between host and device modes (git-fixes).
o usb: dwc2: Fix host mode hibernation exit with remote wakeup flow
(git-fixes).
o usb: dwc2: Fix session request interrupt handler (git-fixes).
o usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
o usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code
(git-fixes).
o usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify
code (git-fixes).
o usb: dwc3: Switch to use device_property_count_u32() (git-fixes).
o usb: gadget: aspeed: fix dma map failure (git-fixes).
o usb: gadget: Fix double free of device descriptor pointers (git-fixes).
o usb: gadget: pch_udc: Check for DMA mapping error (git-fixes).
o usb: gadget: pch_udc: Check if driver is present before calling ->setup()
(git-fixes).
o usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc
(git-fixes).
o usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes).
o usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes).
o usb: gadget: r8a66597: Add missing null check on return from
platform_get_resource (git-fixes).
o usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
(git-fixes).
o usb: Remove dev_err() usage after platform_get_irq() (git-fixes).
o usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: fix return value for unsupported ioctls (git-fixes).
o usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes).
o usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
o usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
o usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
(git-fixes).
o usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply
(git-fixes).
o usb: typec: tcpm: Honour pSnkStdby requirement during negotiation
(git-fixes).
o veth: Store queue_mapping independently of XDP prog presence (git-fixes).
o vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes).
o virt_wifi: Return micros for BSS TSF values (git-fixes).
o vxlan: move debug check after netdev unregister (git-fixes).
o workqueue: Move the position of debug_work_activate() in __queue_work()
(bsc#1184893).
o x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#
1152489).
o x86/insn: Add some Intel instructions to the opcode map (bsc#1184760).
o x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760).
o x86/microcode: Check for offline CPUs before requesting new microcode (bsc#
1152489).
o x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489).
o x86/platform/uv: Set section block size for hubless architectures (bsc#
1152489).
o x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#
1152489).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1915=1
o SUSE Linux Enterprise Module for Realtime 15-SP3:
zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-1915=1
Package List:
o SUSE MicroOS 5.0 (x86_64):
kernel-rt-5.3.18-8.10.1
kernel-rt-debuginfo-5.3.18-8.10.1
kernel-rt-debugsource-5.3.18-8.10.1
o SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):
cluster-md-kmp-rt-5.3.18-8.10.1
cluster-md-kmp-rt-debuginfo-5.3.18-8.10.1
dlm-kmp-rt-5.3.18-8.10.1
dlm-kmp-rt-debuginfo-5.3.18-8.10.1
gfs2-kmp-rt-5.3.18-8.10.1
gfs2-kmp-rt-debuginfo-5.3.18-8.10.1
kernel-rt-5.3.18-8.10.1
kernel-rt-debuginfo-5.3.18-8.10.1
kernel-rt-debugsource-5.3.18-8.10.1
kernel-rt-devel-5.3.18-8.10.1
kernel-rt-devel-debuginfo-5.3.18-8.10.1
kernel-rt_debug-debuginfo-5.3.18-8.10.1
kernel-rt_debug-debugsource-5.3.18-8.10.1
kernel-rt_debug-devel-5.3.18-8.10.1
kernel-rt_debug-devel-debuginfo-5.3.18-8.10.1
kernel-syms-rt-5.3.18-8.10.1
ocfs2-kmp-rt-5.3.18-8.10.1
ocfs2-kmp-rt-debuginfo-5.3.18-8.10.1
o SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):
kernel-devel-rt-5.3.18-8.10.1
kernel-source-rt-5.3.18-8.10.1
References:
o https://www.suse.com/security/cve/CVE-2021-29155.html
o https://www.suse.com/security/cve/CVE-2021-29650.html
o https://bugzilla.suse.com/1043990
o https://bugzilla.suse.com/1055117
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1156395
o https://bugzilla.suse.com/1167260
o https://bugzilla.suse.com/1167574
o https://bugzilla.suse.com/1168838
o https://bugzilla.suse.com/1174416
o https://bugzilla.suse.com/1174426
o https://bugzilla.suse.com/1175995
o https://bugzilla.suse.com/1178089
o https://bugzilla.suse.com/1179243
o https://bugzilla.suse.com/1179851
o https://bugzilla.suse.com/1180846
o https://bugzilla.suse.com/1181161
o https://bugzilla.suse.com/1182613
o https://bugzilla.suse.com/1183063
o https://bugzilla.suse.com/1183203
o https://bugzilla.suse.com/1183289
o https://bugzilla.suse.com/1184208
o https://bugzilla.suse.com/1184209
o https://bugzilla.suse.com/1184436
o https://bugzilla.suse.com/1184485
o https://bugzilla.suse.com/1184514
o https://bugzilla.suse.com/1184585
o https://bugzilla.suse.com/1184650
o https://bugzilla.suse.com/1184724
o https://bugzilla.suse.com/1184728
o https://bugzilla.suse.com/1184730
o https://bugzilla.suse.com/1184731
o https://bugzilla.suse.com/1184736
o https://bugzilla.suse.com/1184737
o https://bugzilla.suse.com/1184738
o https://bugzilla.suse.com/1184740
o https://bugzilla.suse.com/1184741
o https://bugzilla.suse.com/1184742
o https://bugzilla.suse.com/1184760
o https://bugzilla.suse.com/1184811
o https://bugzilla.suse.com/1184893
o https://bugzilla.suse.com/1184934
o https://bugzilla.suse.com/1184942
o https://bugzilla.suse.com/1184957
o https://bugzilla.suse.com/1184969
o https://bugzilla.suse.com/1184984
o https://bugzilla.suse.com/1185041
o https://bugzilla.suse.com/1185113
o https://bugzilla.suse.com/1185233
o https://bugzilla.suse.com/1185244
o https://bugzilla.suse.com/1185269
o https://bugzilla.suse.com/1185365
o https://bugzilla.suse.com/1185454
o https://bugzilla.suse.com/1185472
o https://bugzilla.suse.com/1185491
o https://bugzilla.suse.com/1185549
o https://bugzilla.suse.com/1185586
o https://bugzilla.suse.com/1185587
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1913-1
Rating: important
References: #1064802 #1066129 #1087082 #1101816 #1103992 #1104353
#1104427 #1104745 #1109837 #1112374 #1113431 #1126390
#1133021 #1152457 #1174682 #1176081 #1177666 #1180552
#1181383 #1182256 #1183738 #1183754 #1183947 #1184040
#1184081 #1184082 #1184611 #1184675 #1184855 #1185428
#1185481 #1185642 #1185677 #1185680 #1185703 #1185724
#1185758 #1185827 #1185859 #1185860 #1185862 #1185863
#1185898 #1185899 #1185901 #1185906 #1185938 #1185950
#1185987 #1186060 #1186061 #1186062 #1186111 #1186285
#1186390 #1186416 #1186439 #1186441 #1186452 #1186460
#1186484 #1186487 #1186498 #1186573
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141
CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 52 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
o CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to
privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)
The following non-security bugs were fixed:
o ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
(git-fixes).
o ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
o ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
(git-fixes).
o ACPI: custom_method: fix a possible memory leak (git-fixes).
o ACPI: custom_method: fix potential use-after-free issue (git-fixes).
o ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
o ALSA: aloop: Fix initialization of controls (git-fixes).
o ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
o ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
(git-fixes).
o ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(git-fixes).
o ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
(git-fixes).
o ALSA: hda/realtek: reset eapd coeff to default value for alc287
(git-fixes).
o ALSA: hdsp: do not disable if not enabled (git-fixes).
o ALSA: hdspm: do not disable if not enabled (git-fixes).
o ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
o ALSA: rme9652: do not disable if not enabled (git-fixes).
o ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
o ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
o ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
(git-fixes).
o ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails
(git-fixes).
o ARM: footbridge: fix PCI interrupt mapping (git-fixes).
o ASoC: cs35l33: fix an error code in probe() (git-fixes).
o ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
o ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
o ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
o ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
o ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
o ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
(git-fixes).
o Bluetooth: SMP: Fail if remote and local public keys are identical
(git-fixes).
o Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
o Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
o Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
o EDAC/amd64: Gather hardware information early (bsc#1180552).
o EDAC/amd64: Make struct amd64_family_type global (bsc#1180552).
o EDAC/amd64: Save max number of controllers to family type (bsc#1180552).
o HID: alps: fix error return code in alps_input_configured() (git-fixes).
o HID: plantronics: Workaround for double volume key presses (git-fixes).
o HID: wacom: Assign boolean values to a bool variable (git-fixes).
o HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
(git-fixes).
o Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
devices (git-fixes).
o Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
o Input: nspire-keypad - enable interrupts only when opened (git-fixes).
o Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
stuck state (git-fixes).
o KVM: s390: fix guarded storage control register handling (bsc#1133021).
o NFC: fix possible resource leak (git-fixes).
o NFC: fix resource leak when target index is invalid (git-fixes).
o NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
o NFSv4: Replace closed stateids with the "invalid special stateid" (bsc#
1185481).
o PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
o PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
o RDMA/hns: Delete redundant condition judgment related to eq (bsc#1104427).
o RDMA/srpt: Fix error return code in srpt_cm_req_recv() (bsc#1103992).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(git-fixes).
o USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
o USB: serial: fix return value for unsupported ioctls (git-fixes).
o USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
o USB: trancevibrator: fix control-request direction (git-fixes).
o af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#
1176081).
o ata: libahci_platform: fix IRQ check (git-fixes).
o ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
(git-fixes).
o backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
o batman-adv: Do not always reallocate the fragmentation skb head
(git-fixes).
o bluetooth: eliminate the potential race condition when removing the HCI
controller (git-fixes).
o bnxt_en: Fix PCI AER error recovery flow (git-fixes).
o bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (bsc#1104745).
o bpf: Fix masking negation logic upon negative dst register (git-fixes).
o btrfs: fix race between transaction aborts and fsyncs leading to
use-after-free (bsc#1186441).
o btrfs: fix race when picking most recent mod log operation for an old root
(bsc#1186439).
o bus: qcom: Put child node before return (git-fixes).
o cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
o cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
o clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
o clk: fix invalid usage of list cursor in register (git-fixes).
o clk: fix invalid usage of list cursor in unregister (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1
GHz (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
(git-fixes).
o clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
(git-fixes).
o clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
o clk: uniphier: Fix potential infinite loop (git-fixes).
o cpufreq: Add NULL checks to show() and store() methods of cpufreq (bsc#
1184040).
o cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bsc#1184040).
o cpufreq: Kconfig: fix documentation links (git-fixes).
o cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#
1185758).
o crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
(git-fixes).
o crypto: qat - Fix a double free in adf_create_ring (git-fixes).
o crypto: qat - do not release uninitialized resources (git-fixes).
o crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
o cxgb4: Fix unintentional sign extension issues (bsc#1064802 bsc#1066129).
o dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
o dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
o docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
o docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
o drivers: net: fix memory leak in atusb_probe (git-fixes).
o drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
o drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
(git-fixes).
o drm/amdgpu: fix NULL pointer dereference (git-fixes).
o drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
o drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
o drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
o drm/meson: fix shutdown crash when component not probed (git-fixes).
o drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
o drm/omap: fix misleading indentation in pixinc() (git-fixes).
o drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected (git-fixes).
o drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
o drm/radeon: fix copy of uninitialized variable back to userspace
(git-fixes).
o e1000e: Fix duplicate include guard (git-fixes).
o e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
o e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
o ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (bsc#
1113431).
o extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
been unplugged (git-fixes).
o fbdev: zero-fill colormap in fbcmap.c (git-fixes).
o ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
o genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
o gianfar: Handle error code at MAC address change (git-fixes).
o gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
o gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
(git-fixes).
o i2c: cadence: add IRQ check (git-fixes).
o i2c: emev2: add IRQ check (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: jz4780: add IRQ check (git-fixes).
o i2c: s3c2410: fix possible NULL pointer deref on read message after write
(git-fixes).
o i2c: sh7760: add IRQ check (git-fixes).
o i2c: sh7760: fix IRQ error path (git-fixes).
o i40e: Added Asym_Pause to supported link modes (git-fixes).
o i40e: Fix PHY type identifiers for 2.5G and 5G adapters (jsc#SLE-4797).
o i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
o i40e: Fix use-after-free in i40e_client_subtask() (bsc#1101816 ).
o i40e: fix broken XDP support (git-fixes).
o i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
o i40e: fix the restart auto-negotiation after FEC modified (jsc#SLE-4797).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432
git-fixes).
o igb: Fix duplicate include guard (git-fixes).
o igb: check timestamp validity (git-fixes).
o iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
o iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
o iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
o iio: tsl2583: Fix division by a zero lux_val (git-fixes).
o intel_th: Consistency and off-by-one fix (git-fixes).
o ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#
1184855).
o ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
(git-fixes).
o kABI: powerpc/64: add back start_tb and accum_tb to thread_struct.
o kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
o leds: lp5523: check return value of lp5xx_read and jump to cleanup code
(git-fixes).
o liquidio: Fix unintented sign extension of a left shift of a u16
(git-fixes).
o mac80211: bail out if cipher schemes are invalid (git-fixes).
o mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
o mac80211: clear the beacon's CRC after channel switch (git-fixes).
o macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
o md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o md: do not flush workqueue unconditionally in md_open (bsc#1184081).
o md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
o md: md_open returns -EBUSY when entering racing area (bsc#1184081).
o md: split mddev_find (bsc#1184081).
o media: adv7604: fix possible use-after-free in adv76xx_remove()
(git-fixes).
o media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
o media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
o media: em28xx: fix memory leak (git-fixes).
o media: gspca/sq905.c: fix uninitialized variable (git-fixes).
o media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
(git-fixes).
o media: ite-cir: check for receive overflow (git-fixes).
o media: m88rs6000t: avoid potential out-of-bounds reads on arrays
(git-fixes).
o media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
(git-fixes).
o media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
o mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000"
(git-fixes).
o mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
o misc/uss720: fix memory leak in uss720_probe (git-fixes).
o misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
(git-fixes).
o mlxsw: spectrum_mr: Update egress RIF list before route's action (bsc#
1112374).
o mm: mempolicy: fix potential pte_unmap_unlock pte error (bsc#1185906).
o mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
(bsc#1185906).
o mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
o mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
o mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
o mmc: core: Set read only for SD cards with permanent write protect bit
(git-fixes).
o mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
o mt7601u: fix always true expression (git-fixes).
o mtd: require write permissions for locking and badblock ioctls (git-fixes).
o net, xdp: Update pkt_type if generic XDP changes unicast MAC (bsc#1109837).
o net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
o net/mlx4_en: update moderation when config reset (git-fixes).
o net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
o net/mlx5e: Remove the wrong assumption about transport offset (bsc#
1176081).
o net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
o net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
o net/packet: Remove redundant skb->protocol set (bsc#1176081).
o net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
(git-fixes).
o net: Do not set transport offset to invalid value (bsc#1176081).
o net: Introduce parse_protocol header_ops callback (bsc#1176081).
o net: enic: Cure the enic api locking trainwreck (git-fixes).
o net: hns3: Fix for geneve tx checksum bug (bsc#1104353 ).
o net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet
() (bsc#1104353).
o net: hns3: disable phy loopback setting in hclge_mac_start_phy (bsc#
1104353).
o net: hns3: fix for vxlan gpe tx checksum bug (bsc#1104353 ).
o net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1104353).
o net: hns3: initialize the message content in hclge_get_link_mode() (bsc#
1126390).
o net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1104353).
o net: phy: intel-xway: enable integrated led functions (git-fixes).
o net: qed: RDMA personality shouldn't fail VF load (git-fixes).
o net: thunderx: Fix unintentional sign extension issue (git-fixes).
o net: usb: fix memory leak in smsc75xx_bind (git-fixes).
o netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#
1183947 bsc#1185950).
o nfc: pn533: prevent potential memory corruption (git-fixes).
o nvme-fc: clear q_live at beginning of association teardown (git-fixes).
o nvme-loop: Introduce no merge flag for biovec (bsc#1174682).
o pata_arasan_cf: fix IRQ check (git-fixes).
o pata_ipx4xx_cf: fix IRQ check (git-fixes).
o pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
o phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
unconditionally (git-fixes).
o phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
(git-fixes).
o pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
o pinctrl: lewisburg: Update number of pins in community (git-fixes).
o pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
o platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
o platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
critclk_systems DMI table (git-fixes).
o platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
o power: supply: Use IRQF_ONESHOT (git-fixes).
o power: supply: generic-adc-battery: fix possible use-after-free in
gab_remove() (git-fixes).
o power: supply: s3c_adc_battery: fix possible use-after-free in
s3c_adc_bat_remove() (git-fixes).
o powerpc/64: remove start_tb and accum_tb from thread_struct (bsc#1186487
ltc#177613).
o powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
git-fixes).
o powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
o powerpc/pseries: lparcfg calculate PURR on demand (bsc#1186487 ltc#177613).
o regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
o rsxx: remove extraneous 'const' qualifier (git-fixes).
o rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
o rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
o s390/dasd: fix hanging DASD driver unbind (bsc#1183754 LTC#192081).
o s390/dasd: fix hanging IO request during DASD driver unbind (bsc#1183754
LTC#192081).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o s390/kdump: fix out-of-memory with PCI (bsc#1182256 LTC#191375).
o sata_mv: add IRQ checks (git-fixes).
o scsi: core: Run queue in case of I/O resource contention failure (bsc#
1186416).
o scsi: libfc: Avoid invoking response handler twice if ep is already
completed (bsc#1186573).
o scsi: lpfc: Add a option to enable interlocked ABTS before job completion
(bsc#1186452).
o scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186452).
o scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#
1186452).
o scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
(bsc#1186452).
o scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#
1186452).
o scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs (bsc#1186452).
o scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller
(bsc#1186452).
o scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186452).
o scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186452).
o scsi: lpfc: Ignore GID-FT response that may be received after a link flip
(bsc#1186452).
o scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
controller (bsc#1186452).
o scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186452).
o scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
o serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
o serial: stm32: fix incorrect characters on console (git-fixes).
o smc: disallow TCP_ULP in smc_setsockopt() (bsc#1109837).
o soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes).
o spi: dln2: Fix reference leak to master (git-fixes).
o spi: omap-100k: Fix reference leak to master (git-fixes).
o spi: spi-ti-qspi: Free DMA resources (git-fixes).
o staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
o staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
o staging: rtl8192u: Fix potential infinite loop (git-fixes).
o tcp: fix to update snd_wl1 in bulk receiver fast path (bsc#1185827).
o thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
(git-fixes).
o thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
o tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
o tracing: Map all PIDs to command lines (git-fixes).
o uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
o uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
o uio_hv_generic: Fix another memory leak in error handling paths
(git-fixes).
o uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
o usb: dwc3: omap: improve extcon initialization (git-fixes).
o usb: fotg210-hcd: Fix an error message (git-fixes).
o usb: sl811-hcd: improve misleading indentation (git-fixes).
o usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
(git-fixes).
o usb: xhci: Fix port minor revision (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
o vsock/vmci: log once the failed queue pair allocation (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
o xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
o xsk: Respect device's headroom and tailroom on generic xmit path (bsc#
1109837).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1913=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1913=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1913=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1913=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1913=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.74.1
kernel-default-debugsource-4.12.14-122.74.1
kernel-default-extra-4.12.14-122.74.1
kernel-default-extra-debuginfo-4.12.14-122.74.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.74.1
kernel-obs-build-debugsource-4.12.14-122.74.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.74.2
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.74.1
kernel-default-base-4.12.14-122.74.1
kernel-default-base-debuginfo-4.12.14-122.74.1
kernel-default-debuginfo-4.12.14-122.74.1
kernel-default-debugsource-4.12.14-122.74.1
kernel-default-devel-4.12.14-122.74.1
kernel-syms-4.12.14-122.74.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.74.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.74.1
kernel-macros-4.12.14-122.74.1
kernel-source-4.12.14-122.74.1
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.74.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.74.1
kernel-default-debugsource-4.12.14-122.74.1
kernel-default-kgraft-4.12.14-122.74.1
kernel-default-kgraft-devel-4.12.14-122.74.1
kgraft-patch-4_12_14-122_74-default-1-8.3.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.74.1
cluster-md-kmp-default-debuginfo-4.12.14-122.74.1
dlm-kmp-default-4.12.14-122.74.1
dlm-kmp-default-debuginfo-4.12.14-122.74.1
gfs2-kmp-default-4.12.14-122.74.1
gfs2-kmp-default-debuginfo-4.12.14-122.74.1
kernel-default-debuginfo-4.12.14-122.74.1
kernel-default-debugsource-4.12.14-122.74.1
ocfs2-kmp-default-4.12.14-122.74.1
ocfs2-kmp-default-debuginfo-4.12.14-122.74.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1064802
o https://bugzilla.suse.com/1066129
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1101816
o https://bugzilla.suse.com/1103992
o https://bugzilla.suse.com/1104353
o https://bugzilla.suse.com/1104427
o https://bugzilla.suse.com/1104745
o https://bugzilla.suse.com/1109837
o https://bugzilla.suse.com/1112374
o https://bugzilla.suse.com/1113431
o https://bugzilla.suse.com/1126390
o https://bugzilla.suse.com/1133021
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1174682
o https://bugzilla.suse.com/1176081
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1180552
o https://bugzilla.suse.com/1181383
o https://bugzilla.suse.com/1182256
o https://bugzilla.suse.com/1183738
o https://bugzilla.suse.com/1183754
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184040
o https://bugzilla.suse.com/1184081
o https://bugzilla.suse.com/1184082
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184675
o https://bugzilla.suse.com/1184855
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185481
o https://bugzilla.suse.com/1185642
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185703
o https://bugzilla.suse.com/1185724
o https://bugzilla.suse.com/1185758
o https://bugzilla.suse.com/1185827
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185860
o https://bugzilla.suse.com/1185862
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1185898
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1185906
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1185950
o https://bugzilla.suse.com/1185987
o https://bugzilla.suse.com/1186060
o https://bugzilla.suse.com/1186061
o https://bugzilla.suse.com/1186062
o https://bugzilla.suse.com/1186111
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186390
o https://bugzilla.suse.com/1186416
o https://bugzilla.suse.com/1186439
o https://bugzilla.suse.com/1186441
o https://bugzilla.suse.com/1186452
o https://bugzilla.suse.com/1186460
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1186487
o https://bugzilla.suse.com/1186498
o https://bugzilla.suse.com/1186573
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1912-1
Rating: important
References: #1181161 #1183405 #1183738 #1183947 #1184611 #1184675
#1185642 #1185680 #1185725 #1185859 #1185860 #1185862
#1185863 #1185898 #1185899 #1185901 #1185938 #1185950
#1185987 #1186060 #1186061 #1186062 #1186111 #1186285
#1186390 #1186484 #1186498
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141
CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Availability 15-SP1
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 15 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to
privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
o dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o kabi: Fix breakage in NVMe driver (bsc#1181161).
o kabi: Fix nvmet error log definitions (bsc#1181161).
o kabi: nvme: fix fast_io_fail_tmo (bsc#1181161).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#
1183947 bsc#1185950).
o nvme-fabrics: allow to queue requests for live queues (bsc#1181161).
o nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#
1181161).
o nvme-fabrics: reject I/O to offline device (bsc#1181161).
o nvme-pci: Sync queues on reset (bsc#1181161).
o nvme-rdma: avoid race between time out and tear down (bsc#1181161).
o nvme-rdma: avoid repeated request completion (bsc#1181161).
o nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout
(bsc#1181161).
o nvme-rdma: fix controller reset hang during traffic (bsc#1181161).
o nvme-rdma: fix possible hang when failing to set io queues (bsc#1181161).
o nvme-rdma: fix timeout handler (bsc#1181161).
o nvme-rdma: serialize controller teardown sequences (bsc#1181161).
o nvme-tcp: avoid race between time out and tear down (bsc#1181161).
o nvme-tcp: avoid repeated request completion (bsc#1181161).
o nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout
(bsc#1181161).
o nvme-tcp: fix controller reset hang during traffic (bsc#1181161).
o nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
o nvme-tcp: fix timeout handler (bsc#1181161).
o nvme-tcp: serialize controller teardown sequences (bsc#1181161).
o nvme: Restart request timers in resetting state (bsc#1181161).
o nvme: add error log page slot definition (bsc#1181161).
o nvme: include admin_q sync with nvme_sync_queues (bsc#1181161).
o nvme: introduce "Command Aborted By host" status code (bsc#1181161).
o nvme: introduce nvme_is_fabrics to check fabrics cmd (bsc#1181161).
o nvme: introduce nvme_sync_io_queues (bsc#1181161).
o nvme: make fabrics command run on a separate request queue (bsc#1181161).
o nvme: prevent warning triggered by nvme_stop_keep_alive (bsc#1181161).
o nvme: unlink head after removing last namespace (bsc#1181161).
o nvmet: add error log support for fabrics-cmd (bsc#1181161).
o nvmet: add error-log definitions (bsc#1181161).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1912=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1912=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1912=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1912=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1912=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1912=1
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1912=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1912=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1912=1
o SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1912=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1912=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.
Package List:
o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Manager Server 4.0 (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Manager Server 4.0 (s390x):
kernel-default-man-4.12.14-197.92.1
kernel-zfcpdump-debuginfo-4.12.14-197.92.1
kernel-zfcpdump-debugsource-4.12.14-197.92.1
o SUSE Manager Retail Branch Server 4.0 (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Manager Proxy 4.0 (x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Manager Proxy 4.0 (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-197.92.1
kernel-zfcpdump-debuginfo-4.12.14-197.92.1
kernel-zfcpdump-debugsource-4.12.14-197.92.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-livepatch-4.12.14-197.92.1
kernel-default-livepatch-devel-4.12.14-197.92.1
kernel-livepatch-4_12_14-197_92-default-1-3.3.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-4.12.14-197.92.1
cluster-md-kmp-default-debuginfo-4.12.14-197.92.1
dlm-kmp-default-4.12.14-197.92.1
dlm-kmp-default-debuginfo-4.12.14-197.92.1
gfs2-kmp-default-4.12.14-197.92.1
gfs2-kmp-default-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
ocfs2-kmp-default-4.12.14-197.92.1
ocfs2-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
o SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-197.92.1
kernel-docs-4.12.14-197.92.1
kernel-macros-4.12.14-197.92.1
kernel-source-4.12.14-197.92.1
o SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-197.92.1
kernel-default-base-4.12.14-197.92.1
kernel-default-base-debuginfo-4.12.14-197.92.1
kernel-default-debuginfo-4.12.14-197.92.1
kernel-default-debugsource-4.12.14-197.92.1
kernel-default-devel-4.12.14-197.92.1
kernel-default-devel-debuginfo-4.12.14-197.92.1
kernel-obs-build-4.12.14-197.92.1
kernel-obs-build-debugsource-4.12.14-197.92.1
kernel-syms-4.12.14-197.92.1
reiserfs-kmp-default-4.12.14-197.92.1
reiserfs-kmp-default-debuginfo-4.12.14-197.92.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1181161
o https://bugzilla.suse.com/1183405
o https://bugzilla.suse.com/1183738
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184675
o https://bugzilla.suse.com/1185642
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185725
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185860
o https://bugzilla.suse.com/1185862
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1185898
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1185950
o https://bugzilla.suse.com/1185987
o https://bugzilla.suse.com/1186060
o https://bugzilla.suse.com/1186061
o https://bugzilla.suse.com/1186062
o https://bugzilla.suse.com/1186111
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186390
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1186498
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1887-1
Rating: important
References: #1064802 #1066129 #1087082 #1101816 #1103992 #1104427
#1104745 #1109837 #1112374 #1113431 #1126390 #1133021
#1152457 #1174682 #1176081 #1177666 #1180552 #1181383
#1182256 #1183738 #1183754 #1183947 #1184040 #1184081
#1184082 #1184611 #1184675 #1184855 #1185428 #1185481
#1185642 #1185680 #1185703 #1185724 #1185758 #1185859
#1185860 #1185863 #1185898 #1185899 #1185906 #1185938
#1186060 #1186062 #1186285 #1186416 #1186439 #1186441
#1186460 #1186484
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141
CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 38 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
o CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to
privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)
The following non-security bugs were fixed:
o ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
(git-fixes).
o ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
o ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
(git-fixes).
o ACPI: custom_method: fix a possible memory leak (git-fixes).
o ACPI: custom_method: fix potential use-after-free issue (git-fixes).
o ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
o ALSA: aloop: Fix initialization of controls (git-fixes).
o ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
o ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
(git-fixes).
o ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(git-fixes).
o ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
(git-fixes).
o ALSA: hda/realtek: reset eapd coeff to default value for alc287
(git-fixes).
o ALSA: hdsp: do not disable if not enabled (git-fixes).
o ALSA: hdspm: do not disable if not enabled (git-fixes).
o ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
o ALSA: rme9652: do not disable if not enabled (git-fixes).
o ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
o ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
o ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
(git-fixes).
o ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails
(git-fixes).
o ARM: footbridge: fix PCI interrupt mapping (git-fixes).
o ASoC: cs35l33: fix an error code in probe() (git-fixes).
o ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
o ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
o ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
o ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
o ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
o ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
(git-fixes).
o Avoid potentially erroneos RST drop (bsc#1183947).
o Bluetooth: SMP: Fail if remote and local public keys are identical
(git-fixes).
o Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
o Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
o Do not drop out of segments RST if tcp_be_liberal is set (bsc#1183947).
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
o Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
o EDAC/amd64: Gather hardware information early (bsc#1180552).
o EDAC/amd64: Make struct amd64_family_type global (bsc#1180552).
o EDAC/amd64: Save max number of controllers to family type (bsc#1180552).
o HID: alps: fix error return code in alps_input_configured() (git-fixes).
o HID: plantronics: Workaround for double volume key presses (git-fixes).
o HID: wacom: Assign boolean values to a bool variable (git-fixes).
o HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
(git-fixes).
o Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
devices (git-fixes).
o Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
o Input: nspire-keypad - enable interrupts only when opened (git-fixes).
o Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
stuck state (git-fixes).
o KVM: s390: fix guarded storage control register handling (bsc#1133021).
o NFC: fix possible resource leak (git-fixes).
o NFC: fix resource leak when target index is invalid (git-fixes).
o NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
o NFSv4: Replace closed stateids with the "invalid special stateid" (bsc#
1185481).
o PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
o PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
o RDMA/hns: Delete redundant condition judgment related to eq (bsc#1104427).
o RDMA/srpt: Fix error return code in srpt_cm_req_recv() (bsc#1103992).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(git-fixes).
o USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
o USB: serial: fix return value for unsupported ioctls (git-fixes).
o USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
o USB: trancevibrator: fix control-request direction (git-fixes).
o af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#
1176081).
o ata: libahci_platform: fix IRQ check (git-fixes).
o ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
(git-fixes).
o backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
o batman-adv: Do not always reallocate the fragmentation skb head
(git-fixes).
o bluetooth: eliminate the potential race condition when removing the HCI
controller (git-fixes).
o bnxt_en: Fix PCI AER error recovery flow (git-fixes).
o bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (bsc#1104745).
o bpf: Fix masking negation logic upon negative dst register (git-fixes).
o btrfs: fix race between transaction aborts and fsyncs leading to
use-after-free (bsc#1186441).
o btrfs: fix race when picking most recent mod log operation for an old root
(bsc#1186439).
o bus: qcom: Put child node before return (git-fixes).
o cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
o cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
o clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
o clk: fix invalid usage of list cursor in register (git-fixes).
o clk: fix invalid usage of list cursor in unregister (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1
GHz (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
(git-fixes).
o clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
(git-fixes).
o clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
o clk: uniphier: Fix potential infinite loop (git-fixes).
o cpufreq: Add NULL checks to show() and store() methods of cpufreq (bsc#
1184040).
o cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bsc#1184040).
o cpufreq: Kconfig: fix documentation links (git-fixes).
o cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#
1185758).
o crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
(git-fixes).
o crypto: qat - Fix a double free in adf_create_ring (git-fixes).
o crypto: qat - do not release uninitialized resources (git-fixes).
o crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
o cxgb4: Fix unintentional sign extension issues (bsc#1064802 bsc#1066129).
o dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
o dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
o docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
o docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
o drivers: net: fix memory leak in atusb_probe (git-fixes).
o drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
o drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
(git-fixes).
o drm/amdgpu: fix NULL pointer dereference (git-fixes).
o drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
o drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
o drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
o drm/meson: fix shutdown crash when component not probed (git-fixes).
o drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
o drm/omap: fix misleading indentation in pixinc() (git-fixes).
o drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected (git-fixes).
o drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
o drm/radeon: fix copy of uninitialized variable back to userspace
(git-fixes).
o e1000e: Fix duplicate include guard (git-fixes).
o e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
o e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
o ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (bsc#
1113431).
o extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
been unplugged (git-fixes).
o fbdev: zero-fill colormap in fbcmap.c (git-fixes).
o ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
o genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
o gianfar: Handle error code at MAC address change (git-fixes).
o gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
o gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
(git-fixes).
o i2c: cadence: add IRQ check (git-fixes).
o i2c: emev2: add IRQ check (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: jz4780: add IRQ check (git-fixes).
o i2c: s3c2410: fix possible NULL pointer deref on read message after write
(git-fixes).
o i2c: sh7760: add IRQ check (git-fixes).
o i2c: sh7760: fix IRQ error path (git-fixes).
o i40e: Added Asym_Pause to supported link modes (git-fixes).
o i40e: Fix PHY type identifiers for 2.5G and 5G adapters (jsc#SLE-4797).
o i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
o i40e: Fix use-after-free in i40e_client_subtask() (bsc#1101816 ).
o i40e: fix broken XDP support (git-fixes).
o i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
o i40e: fix the restart auto-negotiation after FEC modified (jsc#SLE-4797).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432
git-fixes).
o igb: Fix duplicate include guard (git-fixes).
o igb: check timestamp validity (git-fixes).
o iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
o iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
o iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
o iio: tsl2583: Fix division by a zero lux_val (git-fixes).
o intel_th: Consistency and off-by-one fix (git-fixes).
o ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#
1184855).
o ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
(git-fixes).
o kABI: powerpc/64: add back start_tb and accum_tb to thread_struct.
o kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
o leds: lp5523: check return value of lp5xx_read and jump to cleanup code
(git-fixes).
o liquidio: Fix unintented sign extension of a left shift of a u16
(git-fixes).
o mac80211: bail out if cipher schemes are invalid (git-fixes).
o mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
o mac80211: clear the beacon's CRC after channel switch (git-fixes).
o macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
o md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o md: do not flush workqueue unconditionally in md_open (bsc#1184081).
o md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
o md: md_open returns -EBUSY when entering racing area (bsc#1184081).
o md: split mddev_find (bsc#1184081).
o media: adv7604: fix possible use-after-free in adv76xx_remove()
(git-fixes).
o media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
o media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
o media: em28xx: fix memory leak (git-fixes).
o media: gspca/sq905.c: fix uninitialized variable (git-fixes).
o media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
(git-fixes).
o media: ite-cir: check for receive overflow (git-fixes).
o media: m88rs6000t: avoid potential out-of-bounds reads on arrays
(git-fixes).
o media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
(git-fixes).
o media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
o mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000"
(git-fixes).
o mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
o misc/uss720: fix memory leak in uss720_probe (git-fixes).
o misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
(git-fixes).
o mlxsw: spectrum_mr: Update egress RIF list before route's action (bsc#
1112374).
o mm: mempolicy: fix potential pte_unmap_unlock pte error (bsc#1185906).
o mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
(bsc#1185906).
o mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
o mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
o mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
o mmc: core: Set read only for SD cards with permanent write protect bit
(git-fixes).
o mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
o mt7601u: fix always true expression (git-fixes).
o mtd: require write permissions for locking and badblock ioctls (git-fixes).
o net, xdp: Update pkt_type if generic XDP changes unicast MAC (bsc#1109837).
o net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
o net/mlx4_en: update moderation when config reset (git-fixes).
o net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
o net/mlx5e: Remove the wrong assumption about transport offset (bsc#
1176081).
o net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
o net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
o net/packet: Remove redundant skb->protocol set (bsc#1176081).
o net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
(git-fixes).
o net: Do not set transport offset to invalid value (bsc#1176081).
o net: Introduce parse_protocol header_ops callback (bsc#1176081).
o net: enic: Cure the enic api locking trainwreck (git-fixes).
o net: hns3: Fix for geneve tx checksum bug (bsc#1104353 ).
o net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet
() (bsc#1104353).
o net: hns3: disable phy loopback setting in hclge_mac_start_phy (bsc#
1104353).
o net: hns3: fix for vxlan gpe tx checksum bug (bsc#1104353 ).
o net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1104353).
o net: hns3: initialize the message content in hclge_get_link_mode() (bsc#
1126390).
o net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1104353).
o net: phy: intel-xway: enable integrated led functions (git-fixes).
o net: qed: RDMA personality shouldn't fail VF load (git-fixes).
o net: thunderx: Fix unintentional sign extension issue (git-fixes).
o net: usb: fix memory leak in smsc75xx_bind (git-fixes).
o netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#
1183947 bsc#1185950).
o nfc: pn533: prevent potential memory corruption (git-fixes).
o nvme-fc: clear q_live at beginning of association teardown (git-fixes).
o nvme-loop: Introduce no merge flag for biovec (bsc#1174682).
o pata_arasan_cf: fix IRQ check (git-fixes).
o pata_ipx4xx_cf: fix IRQ check (git-fixes).
o pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
o phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
unconditionally (git-fixes).
o phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
(git-fixes).
o pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
o pinctrl: lewisburg: Update number of pins in community (git-fixes).
o pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
o platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
o platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
critclk_systems DMI table (git-fixes).
o platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
o power: supply: Use IRQF_ONESHOT (git-fixes).
o power: supply: generic-adc-battery: fix possible use-after-free in
gab_remove() (git-fixes).
o power: supply: s3c_adc_battery: fix possible use-after-free in
s3c_adc_bat_remove() (git-fixes).
o powerpc/64: remove start_tb and accum_tb from thread_struct (bsc#1186487
ltc#177613).
o powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
git-fixes).
o powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
o powerpc/pseries: lparcfg calculate PURR on demand (bsc#1186487 ltc#177613).
o regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
o rsxx: remove extraneous 'const' qualifier (git-fixes).
o rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
o rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
o s390/dasd: fix hanging DASD driver unbind (bsc#1183754 LTC#192081).
o s390/dasd: fix hanging IO request during DASD driver unbind (bsc#1183754
LTC#192081).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o s390/kdump: fix out-of-memory with PCI (bsc#1182256 LTC#191375).
o sata_mv: add IRQ checks (git-fixes).
o scsi: core: Run queue in case of I/O resource contention failure (bsc#
1186416).
o scsi: libfc: Avoid invoking response handler twice if ep is already
completed (bsc#1186573).
o scsi: lpfc: Add a option to enable interlocked ABTS before job completion
(bsc#1186452).
o scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186452).
o scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#
1186452).
o scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
(bsc#1186452).
o scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#
1186452).
o scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs (bsc#1186452).
o scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller
(bsc#1186452).
o scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186452).
o scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186452).
o scsi: lpfc: Ignore GID-FT response that may be received after a link flip
(bsc#1186452).
o scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
controller (bsc#1186452).
o scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186452).
o scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
o serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
o serial: stm32: fix incorrect characters on console (git-fixes).
o smc: disallow TCP_ULP in smc_setsockopt() (bsc#1109837).
o soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes).
o spi: dln2: Fix reference leak to master (git-fixes).
o spi: omap-100k: Fix reference leak to master (git-fixes).
o spi: spi-ti-qspi: Free DMA resources (git-fixes).
o staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
o staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
o staging: rtl8192u: Fix potential infinite loop (git-fixes).
o tcp: fix to update snd_wl1 in bulk receiver fast path (bsc#1185827).
o thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
(git-fixes).
o thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
o tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
o tracing: Map all PIDs to command lines (git-fixes).
o uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
o uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
o uio_hv_generic: Fix another memory leak in error handling paths
(git-fixes).
o uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
o usb: dwc3: omap: improve extcon initialization (git-fixes).
o usb: fotg210-hcd: Fix an error message (git-fixes).
o usb: sl811-hcd: improve misleading indentation (git-fixes).
o usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
(git-fixes).
o usb: xhci: Fix port minor revision (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
o vsock/vmci: log once the failed queue pair allocation (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
o xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
o xsk: Respect device's headroom and tailroom on generic xmit path (bsc#
1109837).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1887=1
Package List:
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-azure-4.12.14-16.59.1
kernel-azure-base-4.12.14-16.59.1
kernel-azure-base-debuginfo-4.12.14-16.59.1
kernel-azure-debuginfo-4.12.14-16.59.1
kernel-azure-debugsource-4.12.14-16.59.1
kernel-azure-devel-4.12.14-16.59.1
kernel-syms-azure-4.12.14-16.59.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-azure-4.12.14-16.59.1
kernel-source-azure-4.12.14-16.59.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1064802
o https://bugzilla.suse.com/1066129
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1101816
o https://bugzilla.suse.com/1103992
o https://bugzilla.suse.com/1104427
o https://bugzilla.suse.com/1104745
o https://bugzilla.suse.com/1109837
o https://bugzilla.suse.com/1112374
o https://bugzilla.suse.com/1113431
o https://bugzilla.suse.com/1126390
o https://bugzilla.suse.com/1133021
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1174682
o https://bugzilla.suse.com/1176081
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1180552
o https://bugzilla.suse.com/1181383
o https://bugzilla.suse.com/1182256
o https://bugzilla.suse.com/1183738
o https://bugzilla.suse.com/1183754
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184040
o https://bugzilla.suse.com/1184081
o https://bugzilla.suse.com/1184082
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184675
o https://bugzilla.suse.com/1184855
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185481
o https://bugzilla.suse.com/1185642
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185703
o https://bugzilla.suse.com/1185724
o https://bugzilla.suse.com/1185758
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185860
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1185898
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185906
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1186060
o https://bugzilla.suse.com/1186062
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186416
o https://bugzilla.suse.com/1186439
o https://bugzilla.suse.com/1186441
o https://bugzilla.suse.com/1186460
o https://bugzilla.suse.com/1186484
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1888-1
Rating: important
References: #1087082 #1133021 #1152457 #1155518 #1156395 #1164648
#1177666 #1178378 #1178418 #1178612 #1179519 #1179825
#1179827 #1179851 #1182999 #1183346 #1183868 #1183873
#1183947 #1184081 #1184082 #1184611 #1185428 #1185495
#1185497 #1185589 #1185606 #1185645 #1185680 #1185703
#1185725 #1185758 #1185859 #1185860 #1185862 #1185899
#1185911 #1185938 #1185988 #1186061 #1186062 #1186285
#1186320 #1186390 #1186416 #1186439 #1186441 #1186451
#1186460 #1186479 #1186484 #1186501 #1186573 #1186681
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139
CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 42 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
o CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is
mandatory as part of 802.11n), an adversary can abuse this to inject
arbitrary network packets. (bnc#1185861)
The following non-security bugs were fixed:
o ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
(git-fixes).
o ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
(git-fixes).
o ACPI: custom_method: fix a possible memory leak (git-fixes).
o ACPI: custom_method: fix potential use-after-free issue (git-fixes).
o ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
o ALSA: bebob: enable to deliver MIDI messages for multiple ports
(git-fixes).
o ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
(git-fixes).
o ALSA: dice: fix stream format for TC Electronic Konnekt Live at high
sampling transfer frequency (git-fixes).
o ALSA: firewire-lib: fix calculation for size of IR context payload
(git-fixes).
o ALSA: firewire-lib: fix check for the size of isochronous packet payload
(git-fixes).
o ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
o ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
(git-fixes).
o ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
o ALSA: hda/realtek: Headphone volume is controlled by Front mixer
(git-fixes).
o ALSA: hda/realtek: reset eapd coeff to default value for alc287
(git-fixes).
o ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
o ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
(git-fixes).
o ALSA: hdsp: do not disable if not enabled (git-fixes).
o ALSA: hdspm: do not disable if not enabled (git-fixes).
o ALSA: intel8x0: Do not update period unless prepared (git-fixes).
o ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
o ALSA: rme9652: do not disable if not enabled (git-fixes).
o ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
o ALSA: usb-audio: fix control-request direction (git-fixes).
o ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
o ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
o ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be
static (git-fixes).
o ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
o ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
(git-fixes).
o ASoC: cs35l33: fix an error code in probe() (git-fixes).
o ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
o ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
(git-fixes).
o ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
o ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
o ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
o Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
o Bluetooth: SMP: Fail if remote and local public keys are identical
(git-fixes).
o Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
o Bluetooth: check for zapped sk before connecting (git-fixes).
o Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
o Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
o Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
o Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
devices (git-fixes).
o Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
stuck state (git-fixes).
o KVM: s390: fix guarded storage control register handling (bsc#1133021).
o Move upstreamed media fixes into sorted section
o NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
o PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
o PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
o PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
o PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
o PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
o PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
o PCI: thunder: Fix compile testing (git-fixes).
o PM / devfreq: Use more accurate returned new_freq as resume_freq
(git-fixes).
o RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
o RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
o RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
o RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
o RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
o RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
o Revert "arm64: vdso: Fix compilation with clang older than 8" (git-fixes).
o Revert "gdrom: fix a memory leak bug" (git-fixes).
o Revert "i3c master: fix missing destroy_workqueue() on error in
i3c_master_register" (git-fixes).
o Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
(git-fixes).
o Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
op") (git-fixes).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(git-fixes).
o USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
o USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
o USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
o USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
(git-fixes).
o USB: trancevibrator: fix control-request direction (git-fixes).
o amdgpu: avoid incorrect %hu format string (git-fixes).
o arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
o arm64: Add missing ISB after invalidating TLB in __primary_switch
(git-fixes).
o arm64: avoid -Woverride-init warning (git-fixes).
o arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
o arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
o arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into()
fails (git-fixes).
o arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
o arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
o arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
o arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter()
(git-fixes).
o arm64: vdso32: make vdso32 install conditional (git-fixes).
o arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
o ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
o blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
o blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
o block/genhd: use atomic_t for disk_event->block (bsc#1185497).
o block: Fix three kernel-doc warnings (git-fixes).
o block: fix get_max_io_size() (git-fixes).
o bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
o bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
o bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#
1155518).
o bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
o btrfs: fix race between transaction aborts and fsyncs leading to
use-after-free (bsc#1186441).
o btrfs: fix race when picking most recent mod log operation for an old root
(bsc#1186439).
o cdc-wdm: untangle a circular dependency between callback and softint
(git-fixes).
o cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
(git-fixes).
o cdrom: gdrom: initialize global variable at init time (git-fixes).
o ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
o ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
o ceph: fix up error handling with snapdirs (bsc#1186501).
o ceph: only check pool permissions for regular files (bsc#1186501).
o cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
o clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
(git-fixes).
o cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#
1185758).
o crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
o crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
o crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
(git-fixes).
o crypto: qat - Fix a double free in adf_create_ring (git-fixes).
o crypto: qat - do not release uninitialized resources (git-fixes).
o crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
o crypto: qat - fix unmap invalid dma address (git-fixes).
o crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
o crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
o cxgb4: Fix unintentional sign extension issues (git-fixes).
o dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
o dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
o docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
o docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
o drivers: hv: Fix whitespace errors (bsc#1185725).
o drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
(git-fixes).
o drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
o drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
o drm/amd/display: Reject non-zero src_y and src_x for video planes
(git-fixes).
o drm/amd/display: fix dml prefetch validation (git-fixes).
o drm/amd/display: fixed divide by zero kernel crash during dsc enablement
(git-fixes).
o drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
(git-fixes).
o drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang
(git-fixes).
o drm/amdgpu: fix NULL pointer dereference (git-fixes).
o drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
(git-fixes).
o drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
(git-fixes).
o drm/i915: Avoid div-by-zero on gen2 (git-fixes).
o drm/meson: fix shutdown crash when component not probed (git-fixes).
o drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
o drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
o drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected (git-fixes).
o drm/radeon: Avoid power table parsing memory leaks (git-fixes).
o drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
o drm/vkms: fix misuse of WARN_ON (git-fixes).
o drm: Added orientation quirk for OneGX1 Pro (git-fixes).
o ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
(git-fixes).
o extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
been unplugged (git-fixes).
o extcon: arizona: Fix various races on driver unbind (git-fixes).
o fbdev: zero-fill colormap in fbcmap.c (git-fixes).
o firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
o fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
o ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
o futex: Change utime parameter to be 'const ... *' (git-fixes).
o futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#
1164648).
o futex: Get rid of the val2 conditional dance (git-fixes).
o futex: Make syscall entry points less convoluted (git-fixes).
o genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
o genirq: Disable interrupts for force threaded handlers (git-fixes)
o genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
o gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
o gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
(git-fixes).
o hrtimer: Update softirq_expires_next correctly after (git-fixes)
o hwmon: (occ) Fix poll rate limiting (git-fixes).
o i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
o i2c: bail out early when RDWR parameters are wrong (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: s3c2410: fix possible NULL pointer deref on read message after write
(git-fixes).
o i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
o i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
o i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
o i40e: fix broken XDP support (git-fixes).
o i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432
git-fixes).
o ics932s401: fix broken handling of errors when word reading fails
(git-fixes).
o iio: adc: ad7124: Fix missbalanced regulator enable / disable on error
(git-fixes).
o iio: adc: ad7124: Fix potential overflow due to non sequential channel
numbers (git-fixes).
o iio: adc: ad7768-1: Fix too small buffer passed to
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
o iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
o iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
o iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
o iio: tsl2583: Fix division by a zero lux_val (git-fixes).
o intel_th: Consistency and off-by-one fix (git-fixes).
o iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
o ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry
(bsc#1185988).
o ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#
1184855).
o kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle
UTF-8 input in non-UTF-8 locale.
o leds: lp5523: check return value of lp5xx_read and jump to cleanup code
(git-fixes).
o lpfc: Decouple port_template and vport_template (bsc#185032).
o mac80211: clear the beacon's CRC after channel switch (git-fixes).
o md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o md: do not flush workqueue unconditionally in md_open (bsc#1184081).
o md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
o md: md_open returns -EBUSY when entering racing area (bsc#1184081).
o md: split mddev_find (bsc#1184081).
o media: adv7604: fix possible use-after-free in adv76xx_remove()
(git-fixes).
o media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
(git-fixes).
o media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
o media: em28xx: fix memory leak (git-fixes).
o media: gspca/sq905.c: fix uninitialized variable (git-fixes).
o media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
(git-fixes).
o media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
(git-fixes).
o media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
(git-fixes).
o media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt()
(git-fixes).
o media: ite-cir: check for receive overflow (git-fixes).
o media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
(git-fixes).
o media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
o media: tc358743: fix possible use-after-free in tc358743_remove()
(git-fixes).
o mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
o misc/uss720: fix memory leak in uss720_probe (git-fixes).
o mlxsw: spectrum_mr: Update egress RIF list before route's action
(git-fixes).
o mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
o mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
o mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
o mmc: core: Set read only for SD cards with permanent write protect bit
(git-fixes).
o mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
o mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
o mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
controllers (git-fixes).
o mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
o net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
o net: enetc: fix link error again (git-fixes).
o net: hns3: Fix for geneve tx checksum bug (git-fixes).
o net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet
() (git-fixes).
o net: hns3: clear unnecessary reset request in hclge_reset_rebuild
(git-fixes).
o net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
o net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
o net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
o net: hns3: initialize the message content in hclge_get_link_mode()
(git-fixes).
o net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
o net: thunderx: Fix unintentional sign extension issue (git-fixes).
o net: usb: fix memory leak in smsc75xx_bind (git-fixes).
o netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o nvme-core: add cancel tagset helpers (bsc#1183976).
o nvme-fabrics: decode host pathing error for connect (bsc#1179827).
o nvme-fc: check sgl supported by target (bsc#1179827).
o nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
o nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
(bsc#1184259).
o nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#
1184259).
o nvme-fc: short-circuit reconnect retries (bsc#1179827).
o nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#
1184259).
o nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#
1182999).
o nvme-pci: Remove tag from process cq (git-fixes).
o nvme-pci: Remove two-pass completions (git-fixes).
o nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
o nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
o nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll()
(git-fixes).
o nvme-pci: dma read memory barrier for completions (git-fixes).
o nvme-pci: fix "slimmer CQ head update" (git-fixes).
o nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
o nvme-pci: remove last_sq_tail (git-fixes).
o nvme-pci: remove volatile cqes (git-fixes).
o nvme-pci: slimmer CQ head update (git-fixes).
o nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
o nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
o nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
o nvme-tcp: add clean action for failed reconnection (bsc#1183976).
o nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
o nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
o nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
o nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
o nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
o nvme: add 'kato' sysfs attribute (bsc#1179825).
o nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
o nvme: define constants for identification values (git-fixes).
o nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
o nvme: do not intialize hwmon for discovery controllers (git-fixes).
o nvme: document nvme controller states (git-fixes).
o nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
o nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
o nvme: fix controller instance leak (git-fixes).
o nvme: fix deadlock in disconnect during scan_work and/or ana_work
(git-fixes).
o nvme: fix possible deadlock when I/O is blocked (git-fixes).
o nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
o nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
o nvme: sanitize KATO setting (bsc#1179825).
o nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
o nvmet: fix a memory leak (git-fixes).
o nvmet: seset ns->file when open fails (bsc#1183873).
o nvmet: use new ana_log_size instead the old one (bsc#1184259).
o nxp-i2c: restore includes for kABI (bsc#1185589).
o nxp-nci: add NXP1002 id (bsc#1185589).
o phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
(git-fixes).
o pinctrl: ingenic: Improve unreachable code generation (git-fixes).
o pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
o platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
o platform/x86: intel_pmc_core: Do not use global pmcdev in quirks
(git-fixes).
o platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
o posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
o power: supply: Use IRQF_ONESHOT (git-fixes).
o power: supply: generic-adc-battery: fix possible use-after-free in
gab_remove() (git-fixes).
o power: supply: s3c_adc_battery: fix possible use-after-free in
s3c_adc_bat_remove() (git-fixes).
o powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
git-fixes).
o powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
o qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
(git-fixes).
o rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
o s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
o sched/eas: Do not update misfit status if the task is pinned (git-fixes)
o sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
o sched/fair: Fix unfairness caused by missing load decay (git-fixes)
o scripts/git_sort/git_sort.py: Update nvme repositories
o scripts/git_sort/git_sort.py: add bpf git repo
o scsi: core: Run queue in case of I/O resource contention failure (bsc#
1186416).
o scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
o scsi: libfc: Avoid invoking response handler twice if ep is already
completed (bsc#1186573).
o scsi: lpfc: Add a option to enable interlocked ABTS before job completion
(bsc#1186451).
o scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
o scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#
1186451).
o scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
(bsc#1186451).
o scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#
1186451).
o scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs (bsc#1186451).
o scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller
(bsc#1186451).
o scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
o scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
o scsi: lpfc: Ignore GID-FT response that may be received after a link flip
(bsc#1186451).
o scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
controller (bsc#1186451).
o scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
o sctp: delay auto_asconf init until binding the first addr
(<cover.1620748346.git.mkubecek@suse.cz>).
o serial: core: fix suspicious security_locked_down() call (git-fixes).
o serial: core: return early on unsupported ioctls (git-fixes).
o serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
o serial: stm32: fix incorrect characters on console (git-fixes).
o serial: stm32: fix tx_empty condition (git-fixes).
o serial: tegra: Fix a mask operation that is always true (git-fixes).
o smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
o spi: ath79: always call chipselect function (git-fixes).
o spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
o spi: dln2: Fix reference leak to master (git-fixes).
o spi: omap-100k: Fix reference leak to master (git-fixes).
o spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
o spi: spi-fsl-dspi: Fix a resource leak in an error handling path
(git-fixes).
o staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
o staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
o tcp: fix to update snd_wl1 in bulk receiver fast path
(<cover.1620748346.git.mkubecek@suse.cz>).
o thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
(git-fixes).
o thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
o tracing: Map all PIDs to command lines (git-fixes).
o tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
o tty: fix memory leak in vc_deallocate (git-fixes).
o tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
o tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
o uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
o uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
o uio_hv_generic: Fix another memory leak in error handling paths
(git-fixes).
o uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
o usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
o usb: dwc3: gadget: Enable suspend events (git-fixes).
o usb: dwc3: gadget: Return success always for kick transfer in ep queue
(git-fixes).
o usb: dwc3: omap: improve extcon initialization (git-fixes).
o usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
(git-fixes).
o usb: fotg210-hcd: Fix an error message (git-fixes).
o usb: gadget/function/f_fs string table fix for multiple languages
(git-fixes).
o usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
o usb: gadget: f_uac1: validate input parameters (git-fixes).
o usb: gadget: f_uac2: validate input parameters (git-fixes).
o usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
(git-fixes).
o usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
o usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
o usb: sl811-hcd: improve misleading indentation (git-fixes).
o usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
o usb: xhci: Fix port minor revision (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
o vrf: fix a comment about loopback device (git-fixes).
o watchdog/softlockup: Remove obsolete check of last reported task (bsc#
1185982).
o watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
o watchdog: explicitly update timestamp when reporting softlockup (bsc#
1185982).
o watchdog: rename __touch_watchdog() to a better descriptive name (bsc#
1185982).
o whitespace cleanup
o wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
o workqueue: Minor follow-ups to the rescuer destruction change (bsc#
1185911).
o workqueue: more destroy_workqueue() fixes (bsc#1185911).
o x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#
1152489).
o xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
o xhci: check control context is valid before dereferencing it (git-fixes).
o xhci: fix potential array out of bounds with several interrupters
(git-fixes).
o xsk: Respect device's headroom and tailroom on generic xmit path
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Public Cloud 15-SP2:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1888=1
Package List:
o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
kernel-devel-azure-5.3.18-18.50.2
kernel-source-azure-5.3.18-18.50.2
o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
kernel-azure-5.3.18-18.50.2
kernel-azure-debuginfo-5.3.18-18.50.2
kernel-azure-debugsource-5.3.18-18.50.2
kernel-azure-devel-5.3.18-18.50.2
kernel-azure-devel-debuginfo-5.3.18-18.50.2
kernel-syms-azure-5.3.18-18.50.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1133021
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1156395
o https://bugzilla.suse.com/1164648
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1178378
o https://bugzilla.suse.com/1178418
o https://bugzilla.suse.com/1178612
o https://bugzilla.suse.com/1179519
o https://bugzilla.suse.com/1179825
o https://bugzilla.suse.com/1179827
o https://bugzilla.suse.com/1179851
o https://bugzilla.suse.com/1182999
o https://bugzilla.suse.com/1183346
o https://bugzilla.suse.com/1183868
o https://bugzilla.suse.com/1183873
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184081
o https://bugzilla.suse.com/1184082
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185495
o https://bugzilla.suse.com/1185497
o https://bugzilla.suse.com/1185589
o https://bugzilla.suse.com/1185606
o https://bugzilla.suse.com/1185645
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185703
o https://bugzilla.suse.com/1185725
o https://bugzilla.suse.com/1185758
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185860
o https://bugzilla.suse.com/1185862
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185911
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1185988
o https://bugzilla.suse.com/1186061
o https://bugzilla.suse.com/1186062
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186320
o https://bugzilla.suse.com/1186390
o https://bugzilla.suse.com/1186416
o https://bugzilla.suse.com/1186439
o https://bugzilla.suse.com/1186441
o https://bugzilla.suse.com/1186451
o https://bugzilla.suse.com/1186460
o https://bugzilla.suse.com/1186479
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1186501
o https://bugzilla.suse.com/1186573
o https://bugzilla.suse.com/1186681
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1890-1
Rating: important
References: #1087082 #1133021 #1152457 #1152489 #1155518 #1156395
#1164648 #1177666 #1178378 #1178418 #1178612 #1179519
#1179825 #1179827 #1179851 #1182257 #1182378 #1182999
#1183346 #1183868 #1183873 #1183932 #1183947 #1183976
#1184081 #1184082 #1184259 #1184611 #1184855 #1185428
#1185495 #1185497 #1185589 #1185606 #1185642 #1185645
#1185677 #1185680 #1185703 #1185725 #1185758 #1185859
#1185860 #1185861 #1185862 #1185863 #1185898 #1185899
#1185911 #1185938 #1185950 #1185982 #1185987 #1185988
#1186060 #1186061 #1186062 #1186111 #1186285 #1186320
#1186390 #1186416 #1186439 #1186441 #1186451 #1186460
#1186479 #1186484 #1186498 #1186501 #1186573 #1186681
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139
CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE MicroOS 5.0
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 60 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is
mandatory as part of 802.11n), an adversary can abuse this to inject
arbitrary network packets. (bnc#1185861)
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
o ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
(git-fixes).
o ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
(git-fixes).
o ACPI: custom_method: fix a possible memory leak (git-fixes).
o ACPI: custom_method: fix potential use-after-free issue (git-fixes).
o ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
o ALSA: bebob: enable to deliver MIDI messages for multiple ports
(git-fixes).
o ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
(git-fixes).
o ALSA: dice: fix stream format for TC Electronic Konnekt Live at high
sampling transfer frequency (git-fixes).
o ALSA: firewire-lib: fix calculation for size of IR context payload
(git-fixes).
o ALSA: firewire-lib: fix check for the size of isochronous packet payload
(git-fixes).
o ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
o ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
(git-fixes).
o ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
o ALSA: hda/realtek: Headphone volume is controlled by Front mixer
(git-fixes).
o ALSA: hda/realtek: reset eapd coeff to default value for alc287
(git-fixes).
o ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
o ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
(git-fixes).
o ALSA: hdsp: do not disable if not enabled (git-fixes).
o ALSA: hdspm: do not disable if not enabled (git-fixes).
o ALSA: intel8x0: Do not update period unless prepared (git-fixes).
o ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
o ALSA: rme9652: do not disable if not enabled (git-fixes).
o ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
o ALSA: usb-audio: fix control-request direction (git-fixes).
o ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
o ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
o ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be
static (git-fixes).
o ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
o ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
(git-fixes).
o ASoC: cs35l33: fix an error code in probe() (git-fixes).
o ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
o ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
(git-fixes).
o ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
o ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
o ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
o Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
o Bluetooth: SMP: Fail if remote and local public keys are identical
(git-fixes).
o Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
o Bluetooth: check for zapped sk before connecting (git-fixes).
o Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
o Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
o Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
o Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
devices (git-fixes).
o Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
stuck state (git-fixes).
o KVM: s390: fix guarded storage control register handling (bsc#1133021).
o Move upstreamed media fixes into sorted section
o NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
o PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
o PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
o PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
o PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
o PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
o PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
o PCI: thunder: Fix compile testing (git-fixes).
o PM / devfreq: Use more accurate returned new_freq as resume_freq
(git-fixes).
o RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
o RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
o RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
o RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
o RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
o RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
o Revert "arm64: vdso: Fix compilation with clang older than 8" (git-fixes).
o Revert "gdrom: fix a memory leak bug" (git-fixes).
o Revert "i3c master: fix missing destroy_workqueue() on error in
i3c_master_register" (git-fixes).
o Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
(git-fixes).
o Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
op") (git-fixes).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(git-fixes).
o USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
o USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
o USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
o USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
(git-fixes).
o USB: trancevibrator: fix control-request direction (git-fixes).
o amdgpu: avoid incorrect %hu format string (git-fixes).
o arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
o arm64: Add missing ISB after invalidating TLB in __primary_switch
(git-fixes).
o arm64: avoid -Woverride-init warning (git-fixes).
o arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
o arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
o arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into()
fails (git-fixes).
o arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
o arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
o arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
o arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter()
(git-fixes).
o arm64: vdso32: make vdso32 install conditional (git-fixes).
o arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
o ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
o blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
o blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
o block/genhd: use atomic_t for disk_event->block (bsc#1185497).
o block: Fix three kernel-doc warnings (git-fixes).
o block: fix get_max_io_size() (git-fixes).
o bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
o bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
o bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#
1155518).
o bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
o btrfs: fix race between transaction aborts and fsyncs leading to
use-after-free (bsc#1186441).
o btrfs: fix race when picking most recent mod log operation for an old root
(bsc#1186439).
o cdc-wdm: untangle a circular dependency between callback and softint
(git-fixes).
o cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
(git-fixes).
o cdrom: gdrom: initialize global variable at init time (git-fixes).
o ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
o ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
o ceph: fix up error handling with snapdirs (bsc#1186501).
o ceph: only check pool permissions for regular files (bsc#1186501).
o cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
o clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
(git-fixes).
o cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#
1185758).
o crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
o crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
o crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
(git-fixes).
o crypto: qat - Fix a double free in adf_create_ring (git-fixes).
o crypto: qat - do not release uninitialized resources (git-fixes).
o crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
o crypto: qat - fix unmap invalid dma address (git-fixes).
o crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
o crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
o cxgb4: Fix unintentional sign extension issues (git-fixes).
o dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
o dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
o docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
o docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
o drivers: hv: Fix whitespace errors (bsc#1185725).
o drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
(git-fixes).
o drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
o drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
o drm/amd/display: Reject non-zero src_y and src_x for video planes
(git-fixes).
o drm/amd/display: fix dml prefetch validation (git-fixes).
o drm/amd/display: fixed divide by zero kernel crash during dsc enablement
(git-fixes).
o drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
(git-fixes).
o drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang
(git-fixes).
o drm/amdgpu: fix NULL pointer dereference (git-fixes).
o drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
(git-fixes).
o drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
(git-fixes).
o drm/i915: Avoid div-by-zero on gen2 (git-fixes).
o drm/meson: fix shutdown crash when component not probed (git-fixes).
o drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
o drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
o drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected (git-fixes).
o drm/radeon: Avoid power table parsing memory leaks (git-fixes).
o drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
o drm/vkms: fix misuse of WARN_ON (git-fixes).
o drm: Added orientation quirk for OneGX1 Pro (git-fixes).
o ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
(git-fixes).
o extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
been unplugged (git-fixes).
o extcon: arizona: Fix various races on driver unbind (git-fixes).
o fbdev: zero-fill colormap in fbcmap.c (git-fixes).
o firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
o fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
o ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
o futex: Change utime parameter to be 'const ... *' (git-fixes).
o futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#
1164648).
o futex: Get rid of the val2 conditional dance (git-fixes).
o futex: Make syscall entry points less convoluted (git-fixes).
o genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
o genirq: Disable interrupts for force threaded handlers (git-fixes)
o genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
o gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
o gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
(git-fixes).
o hrtimer: Update softirq_expires_next correctly after (git-fixes)
o hwmon: (occ) Fix poll rate limiting (git-fixes).
o i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
o i2c: bail out early when RDWR parameters are wrong (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: s3c2410: fix possible NULL pointer deref on read message after write
(git-fixes).
o i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
o i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
o i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
o i40e: fix broken XDP support (git-fixes).
o i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432
git-fixes).
o ics932s401: fix broken handling of errors when word reading fails
(git-fixes).
o iio: adc: ad7124: Fix missbalanced regulator enable / disable on error
(git-fixes).
o iio: adc: ad7124: Fix potential overflow due to non sequential channel
numbers (git-fixes).
o iio: adc: ad7768-1: Fix too small buffer passed to
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
o iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
o iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
o iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
o iio: tsl2583: Fix division by a zero lux_val (git-fixes).
o intel_th: Consistency and off-by-one fix (git-fixes).
o iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
o ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry
(bsc#1185988).
o ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#
1184855).
o kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle
UTF-8 input in non-UTF-8 locale.
o leds: lp5523: check return value of lp5xx_read and jump to cleanup code
(git-fixes).
o lpfc: Decouple port_template and vport_template (bsc#185032).
o mac80211: clear the beacon's CRC after channel switch (git-fixes).
o md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o md: do not flush workqueue unconditionally in md_open (bsc#1184081).
o md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
o md: md_open returns -EBUSY when entering racing area (bsc#1184081).
o md: split mddev_find (bsc#1184081).
o media: adv7604: fix possible use-after-free in adv76xx_remove()
(git-fixes).
o media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
(git-fixes).
o media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
o media: em28xx: fix memory leak (git-fixes).
o media: gspca/sq905.c: fix uninitialized variable (git-fixes).
o media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
(git-fixes).
o media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
(git-fixes).
o media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
(git-fixes).
o media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt()
(git-fixes).
o media: ite-cir: check for receive overflow (git-fixes).
o media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
(git-fixes).
o media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
o media: tc358743: fix possible use-after-free in tc358743_remove()
(git-fixes).
o mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
o misc/uss720: fix memory leak in uss720_probe (git-fixes).
o mlxsw: spectrum_mr: Update egress RIF list before route's action
(git-fixes).
o mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
o mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
o mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
o mmc: core: Set read only for SD cards with permanent write protect bit
(git-fixes).
o mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
o mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
o mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
controllers (git-fixes).
o mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
o net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
o net: enetc: fix link error again (git-fixes).
o net: hns3: Fix for geneve tx checksum bug (git-fixes).
o net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet
() (git-fixes).
o net: hns3: clear unnecessary reset request in hclge_reset_rebuild
(git-fixes).
o net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
o net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
o net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
o net: hns3: initialize the message content in hclge_get_link_mode()
(git-fixes).
o net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
o net: thunderx: Fix unintentional sign extension issue (git-fixes).
o net: usb: fix memory leak in smsc75xx_bind (git-fixes).
o netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o nvme-core: add cancel tagset helpers (bsc#1183976).
o nvme-fabrics: decode host pathing error for connect (bsc#1179827).
o nvme-fc: check sgl supported by target (bsc#1179827).
o nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
o nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
(bsc#1184259).
o nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#
1184259).
o nvme-fc: short-circuit reconnect retries (bsc#1179827).
o nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#
1184259).
o nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#
1182999).
o nvme-pci: Remove tag from process cq (git-fixes).
o nvme-pci: Remove two-pass completions (git-fixes).
o nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
o nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
o nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll()
(git-fixes).
o nvme-pci: dma read memory barrier for completions (git-fixes).
o nvme-pci: fix "slimmer CQ head update" (git-fixes).
o nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
o nvme-pci: remove last_sq_tail (git-fixes).
o nvme-pci: remove volatile cqes (git-fixes).
o nvme-pci: slimmer CQ head update (git-fixes).
o nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
o nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
o nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
o nvme-tcp: add clean action for failed reconnection (bsc#1183976).
o nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
o nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
o nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
o nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
o nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
o nvme: add 'kato' sysfs attribute (bsc#1179825).
o nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
o nvme: define constants for identification values (git-fixes).
o nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
o nvme: do not intialize hwmon for discovery controllers (git-fixes).
o nvme: document nvme controller states (git-fixes).
o nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
o nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
o nvme: fix controller instance leak (git-fixes).
o nvme: fix deadlock in disconnect during scan_work and/or ana_work
(git-fixes).
o nvme: fix possible deadlock when I/O is blocked (git-fixes).
o nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
o nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
o nvme: sanitize KATO setting (bsc#1179825).
o nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
o nvmet: fix a memory leak (git-fixes).
o nvmet: seset ns->file when open fails (bsc#1183873).
o nvmet: use new ana_log_size instead the old one (bsc#1184259).
o nxp-i2c: restore includes for kABI (bsc#1185589).
o nxp-nci: add NXP1002 id (bsc#1185589).
o phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
(git-fixes).
o pinctrl: ingenic: Improve unreachable code generation (git-fixes).
o pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
o platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
o platform/x86: intel_pmc_core: Do not use global pmcdev in quirks
(git-fixes).
o platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
o posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
o power: supply: Use IRQF_ONESHOT (git-fixes).
o power: supply: generic-adc-battery: fix possible use-after-free in
gab_remove() (git-fixes).
o power: supply: s3c_adc_battery: fix possible use-after-free in
s3c_adc_bat_remove() (git-fixes).
o powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
git-fixes).
o powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
o qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
(git-fixes).
o rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
o s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
o sched/eas: Do not update misfit status if the task is pinned (git-fixes)
o sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
o sched/fair: Fix unfairness caused by missing load decay (git-fixes)
o scripts/git_sort/git_sort.py: add bpf git repo
o scsi: core: Run queue in case of I/O resource contention failure (bsc#
1186416).
o scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
o scsi: libfc: Avoid invoking response handler twice if ep is already
completed (bsc#1186573).
o scsi: lpfc: Add a option to enable interlocked ABTS before job completion
(bsc#1186451).
o scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
o scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#
1186451).
o scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
(bsc#1186451).
o scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#
1186451).
o scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs (bsc#1186451).
o scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller
(bsc#1186451).
o scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
o scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
o scsi: lpfc: Ignore GID-FT response that may be received after a link flip
(bsc#1186451).
o scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
controller (bsc#1186451).
o scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
o sctp: delay auto_asconf init until binding the first addr
(<cover.1620748346.git.mkubecek@suse.cz>).
o serial: core: fix suspicious security_locked_down() call (git-fixes).
o serial: core: return early on unsupported ioctls (git-fixes).
o serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
o serial: stm32: fix incorrect characters on console (git-fixes).
o serial: stm32: fix tx_empty condition (git-fixes).
o serial: tegra: Fix a mask operation that is always true (git-fixes).
o smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
o spi: ath79: always call chipselect function (git-fixes).
o spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
o spi: dln2: Fix reference leak to master (git-fixes).
o spi: omap-100k: Fix reference leak to master (git-fixes).
o spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
o spi: spi-fsl-dspi: Fix a resource leak in an error handling path
(git-fixes).
o staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
o staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
o tcp: fix to update snd_wl1 in bulk receiver fast path
(<cover.1620748346.git.mkubecek@suse.cz>).
o thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
(git-fixes).
o thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
o tracing: Map all PIDs to command lines (git-fixes).
o tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
o tty: fix memory leak in vc_deallocate (git-fixes).
o tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
o tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
o uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
o uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
o uio_hv_generic: Fix another memory leak in error handling paths
(git-fixes).
o uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
o usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
o usb: dwc3: gadget: Enable suspend events (git-fixes).
o usb: dwc3: gadget: Return success always for kick transfer in ep queue
(git-fixes).
o usb: dwc3: omap: improve extcon initialization (git-fixes).
o usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
(git-fixes).
o usb: fotg210-hcd: Fix an error message (git-fixes).
o usb: gadget/function/f_fs string table fix for multiple languages
(git-fixes).
o usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
o usb: gadget: f_uac1: validate input parameters (git-fixes).
o usb: gadget: f_uac2: validate input parameters (git-fixes).
o usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
(git-fixes).
o usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
o usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
o usb: sl811-hcd: improve misleading indentation (git-fixes).
o usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
o usb: xhci: Fix port minor revision (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
o vrf: fix a comment about loopback device (git-fixes).
o watchdog/softlockup: Remove obsolete check of last reported task (bsc#
1185982).
o watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
o watchdog: explicitly update timestamp when reporting softlockup (bsc#
1185982).
o watchdog: rename __touch_watchdog() to a better descriptive name (bsc#
1185982).
o whitespace cleanup
o wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
o workqueue: Minor follow-ups to the rescuer destruction change (bsc#
1185911).
o workqueue: more destroy_workqueue() fixes (bsc#1185911).
o x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#
1152489).
o xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
o xhci: check control context is valid before dereferencing it (git-fixes).
o xhci: fix potential array out of bounds with several interrupters
(git-fixes).
o xsk: Respect device's headroom and tailroom on generic xmit path
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1890=1
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1890=1
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1890=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1890=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1890=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1890=1
o SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1890=1
Package List:
o SUSE MicroOS 5.0 (aarch64 x86_64):
kernel-default-5.3.18-24.67.3
kernel-default-base-5.3.18-24.67.3.9.30.2
kernel-default-debuginfo-5.3.18-24.67.3
kernel-default-debugsource-5.3.18-24.67.3
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.67.3
kernel-default-debugsource-5.3.18-24.67.3
kernel-default-extra-5.3.18-24.67.3
kernel-default-extra-debuginfo-5.3.18-24.67.3
kernel-preempt-extra-5.3.18-24.67.4
kernel-preempt-extra-debuginfo-5.3.18-24.67.4
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-24.67.3
kernel-default-debugsource-5.3.18-24.67.3
kernel-default-livepatch-5.3.18-24.67.3
kernel-default-livepatch-devel-5.3.18-24.67.3
kernel-livepatch-5_3_18-24_67-default-1-5.3.2
kernel-livepatch-5_3_18-24_67-default-debuginfo-1-5.3.2
kernel-livepatch-SLE15-SP2_Update_14-debugsource-1-5.3.2
o SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-24.67.3
kernel-default-debugsource-5.3.18-24.67.3
reiserfs-kmp-default-5.3.18-24.67.3
reiserfs-kmp-default-debuginfo-5.3.18-24.67.3
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-24.67.2
kernel-obs-build-debugsource-5.3.18-24.67.2
kernel-syms-5.3.18-24.67.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.67.4
kernel-preempt-debugsource-5.3.18-24.67.4
kernel-preempt-devel-5.3.18-24.67.4
kernel-preempt-devel-debuginfo-5.3.18-24.67.4
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.67.3
kernel-source-5.3.18-24.67.2
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-24.67.3
kernel-default-base-5.3.18-24.67.3.9.30.2
kernel-default-debuginfo-5.3.18-24.67.3
kernel-default-debugsource-5.3.18-24.67.3
kernel-default-devel-5.3.18-24.67.3
kernel-default-devel-debuginfo-5.3.18-24.67.3
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.67.4
kernel-preempt-debuginfo-5.3.18-24.67.4
kernel-preempt-debugsource-5.3.18-24.67.4
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.67.2
kernel-macros-5.3.18-24.67.2
o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-24.67.3
cluster-md-kmp-default-debuginfo-5.3.18-24.67.3
dlm-kmp-default-5.3.18-24.67.3
dlm-kmp-default-debuginfo-5.3.18-24.67.3
gfs2-kmp-default-5.3.18-24.67.3
gfs2-kmp-default-debuginfo-5.3.18-24.67.3
kernel-default-debuginfo-5.3.18-24.67.3
kernel-default-debugsource-5.3.18-24.67.3
ocfs2-kmp-default-5.3.18-24.67.3
ocfs2-kmp-default-debuginfo-5.3.18-24.67.3
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1133021
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1156395
o https://bugzilla.suse.com/1164648
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1178378
o https://bugzilla.suse.com/1178418
o https://bugzilla.suse.com/1178612
o https://bugzilla.suse.com/1179519
o https://bugzilla.suse.com/1179825
o https://bugzilla.suse.com/1179827
o https://bugzilla.suse.com/1179851
o https://bugzilla.suse.com/1182257
o https://bugzilla.suse.com/1182378
o https://bugzilla.suse.com/1182999
o https://bugzilla.suse.com/1183346
o https://bugzilla.suse.com/1183868
o https://bugzilla.suse.com/1183873
o https://bugzilla.suse.com/1183932
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1183976
o https://bugzilla.suse.com/1184081
o https://bugzilla.suse.com/1184082
o https://bugzilla.suse.com/1184259
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184855
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185495
o https://bugzilla.suse.com/1185497
o https://bugzilla.suse.com/1185589
o https://bugzilla.suse.com/1185606
o https://bugzilla.suse.com/1185642
o https://bugzilla.suse.com/1185645
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185703
o https://bugzilla.suse.com/1185725
o https://bugzilla.suse.com/1185758
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185860
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1185862
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1185898
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185911
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1185950
o https://bugzilla.suse.com/1185982
o https://bugzilla.suse.com/1185987
o https://bugzilla.suse.com/1185988
o https://bugzilla.suse.com/1186060
o https://bugzilla.suse.com/1186061
o https://bugzilla.suse.com/1186062
o https://bugzilla.suse.com/1186111
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186320
o https://bugzilla.suse.com/1186390
o https://bugzilla.suse.com/1186416
o https://bugzilla.suse.com/1186439
o https://bugzilla.suse.com/1186441
o https://bugzilla.suse.com/1186451
o https://bugzilla.suse.com/1186460
o https://bugzilla.suse.com/1186479
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1186498
o https://bugzilla.suse.com/1186501
o https://bugzilla.suse.com/1186573
o https://bugzilla.suse.com/1186681
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1889-1
Rating: important
References: #1087082 #1133021 #1152457 #1152489 #1155518 #1156395
#1162702 #1164648 #1176564 #1177666 #1178418 #1178612
#1179827 #1179851 #1182378 #1182999 #1183346 #1183868
#1183873 #1183932 #1183947 #1184081 #1184082 #1184611
#1184855 #1185428 #1185497 #1185589 #1185606 #1185645
#1185677 #1185680 #1185696 #1185703 #1185725 #1185758
#1185859 #1185861 #1185863 #1185898 #1185899 #1185911
#1185938 #1185987 #1185988 #1186061 #1186285 #1186320
#1186439 #1186441 #1186460 #1186498 #1186501 #1186573
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139
CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 42 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is
mandatory as part of 802.11n), an adversary can abuse this to inject
arbitrary network packets. (bnc#1185861)
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
o ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
(git-fixes).
o ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
(git-fixes).
o ACPI: custom_method: fix a possible memory leak (git-fixes).
o ACPI: custom_method: fix potential use-after-free issue (git-fixes).
o ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
o ALSA: bebob: enable to deliver MIDI messages for multiple ports
(git-fixes).
o ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
(git-fixes).
o ALSA: dice: fix stream format for TC Electronic Konnekt Live at high
sampling transfer frequency (git-fixes).
o ALSA: firewire-lib: fix calculation for size of IR context payload
(git-fixes).
o ALSA: firewire-lib: fix check for the size of isochronous packet payload
(git-fixes).
o ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
o ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
(git-fixes).
o ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
o ALSA: hda/realtek: Headphone volume is controlled by Front mixer
(git-fixes).
o ALSA: hda/realtek: reset eapd coeff to default value for alc287
(git-fixes).
o ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
o ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
(git-fixes).
o ALSA: hdsp: do not disable if not enabled (git-fixes).
o ALSA: hdspm: do not disable if not enabled (git-fixes).
o ALSA: intel8x0: Do not update period unless prepared (git-fixes).
o ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
o ALSA: rme9652: do not disable if not enabled (git-fixes).
o ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
o ALSA: usb-audio: fix control-request direction (git-fixes).
o ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
o ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
o ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be
static (git-fixes).
o ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
o ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
(git-fixes).
o ASoC: cs35l33: fix an error code in probe() (git-fixes).
o ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
o ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
(git-fixes).
o ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
o ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
o ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
o Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
o Bluetooth: SMP: Fail if remote and local public keys are identical
(git-fixes).
o Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
o Bluetooth: check for zapped sk before connecting (git-fixes).
o Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
o Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
o Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
o Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
devices (git-fixes).
o Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
stuck state (git-fixes).
o KVM: s390: fix guarded storage control register handling (bsc#1133021).
o Move upstreamed media fixes into sorted section
o NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
o PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
o PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
o PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
o PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
o PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
o PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
o PCI: thunder: Fix compile testing (git-fixes).
o PM / devfreq: Use more accurate returned new_freq as resume_freq
(git-fixes).
o RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
o RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
o RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
o RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
o RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
o RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(git-fixes).
o USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
o USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
o USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
o USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
(git-fixes).
o USB: trancevibrator: fix control-request direction (git-fixes).
o amdgpu: avoid incorrect %hu format string (git-fixes).
o arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
o arm64: Add missing ISB after invalidating TLB in __primary_switch
(git-fixes).
o arm64: avoid -Woverride-init warning (git-fixes).
o arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
o arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
o arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into()
fails (git-fixes).
o arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
o arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
o arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
o arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter()
(git-fixes).
o arm64: vdso32: make vdso32 install conditional (git-fixes).
o arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
o ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
o blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
o blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
o block/genhd: use atomic_t for disk_event->block (bsc#1185497).
o block: Fix three kernel-doc warnings (git-fixes).
o block: fix get_max_io_size() (git-fixes).
o bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
o bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
o bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#
1155518).
o bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
o btrfs: fix race between transaction aborts and fsyncs leading to
use-after-free (bsc#1186441).
o btrfs: fix race when picking most recent mod log operation for an old root
(bsc#1186439).
o cdc-wdm: untangle a circular dependency between callback and softint
(git-fixes).
o cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
(git-fixes).
o cdrom: gdrom: initialize global variable at init time (git-fixes).
o ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
o ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
o ceph: fix up error handling with snapdirs (bsc#1186501).
o ceph: only check pool permissions for regular files (bsc#1186501).
o cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
o clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
(git-fixes).
o cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#
1185758).
o crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
o crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
o crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
(git-fixes).
o crypto: qat - Fix a double free in adf_create_ring (git-fixes).
o crypto: qat - do not release uninitialized resources (git-fixes).
o crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
o crypto: qat - fix unmap invalid dma address (git-fixes).
o crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
o crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
o cxgb4: Fix unintentional sign extension issues (git-fixes).
o dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
o dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
o docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
o docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
o drivers: hv: Fix whitespace errors (bsc#1185725).
o drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
(git-fixes).
o drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
o drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
o drm/amd/display: Reject non-zero src_y and src_x for video planes
(git-fixes).
o drm/amd/display: fix dml prefetch validation (git-fixes).
o drm/amd/display: fixed divide by zero kernel crash during dsc enablement
(git-fixes).
o drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
(git-fixes).
o drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang
(git-fixes).
o drm/amdgpu: fix NULL pointer dereference (git-fixes).
o drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
(git-fixes).
o drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
(git-fixes).
o drm/i915: Avoid div-by-zero on gen2 (git-fixes).
o drm/meson: fix shutdown crash when component not probed (git-fixes).
o drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
o drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
o drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected (git-fixes).
o drm/radeon: Avoid power table parsing memory leaks (git-fixes).
o drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
o drm/vkms: fix misuse of WARN_ON (git-fixes).
o drm: Added orientation quirk for OneGX1 Pro (git-fixes).
o ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
(git-fixes).
o extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
been unplugged (git-fixes).
o extcon: arizona: Fix various races on driver unbind (git-fixes).
o fbdev: zero-fill colormap in fbcmap.c (git-fixes).
o firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
o fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
o ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
o futex: Change utime parameter to be 'const ... *' (git-fixes).
o futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#
1164648).
o futex: Get rid of the val2 conditional dance (git-fixes).
o futex: Make syscall entry points less convoluted (git-fixes).
o genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
o genirq: Disable interrupts for force threaded handlers (git-fixes)
o genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
o gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
o gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
(git-fixes).
o hrtimer: Update softirq_expires_next correctly after (git-fixes)
o hwmon: (occ) Fix poll rate limiting (git-fixes).
o i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
o i2c: bail out early when RDWR parameters are wrong (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: s3c2410: fix possible NULL pointer deref on read message after write
(git-fixes).
o i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
o i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
o i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
o i40e: fix broken XDP support (git-fixes).
o i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432
git-fixes).
o ics932s401: fix broken handling of errors when word reading fails
(git-fixes).
o iio: adc: ad7124: Fix missbalanced regulator enable / disable on error
(git-fixes).
o iio: adc: ad7124: Fix potential overflow due to non sequential channel
numbers (git-fixes).
o iio: adc: ad7768-1: Fix too small buffer passed to
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
o iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
o iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
o iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
o iio: tsl2583: Fix division by a zero lux_val (git-fixes).
o intel_th: Consistency and off-by-one fix (git-fixes).
o iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
o ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry
(bsc#1185988).
o ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#
1184855).
o kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle
UTF-8 input in non-UTF-8 locale.
o leds: lp5523: check return value of lp5xx_read and jump to cleanup code
(git-fixes).
o locking/seqlock: Tweak DEFINE_SEQLOCK() kernel doc (bsc#1176564 bsc#
1162702).
o lpfc: Decouple port_template and vport_template (bsc#185032).
o mac80211: clear the beacon's CRC after channel switch (git-fixes).
o md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o md: do not flush workqueue unconditionally in md_open (bsc#1184081).
o md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
o md: md_open returns -EBUSY when entering racing area (bsc#1184081).
o md: split mddev_find (bsc#1184081).
o media: adv7604: fix possible use-after-free in adv76xx_remove()
(git-fixes).
o media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
(git-fixes).
o media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
o media: em28xx: fix memory leak (git-fixes).
o media: gspca/sq905.c: fix uninitialized variable (git-fixes).
o media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
(git-fixes).
o media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
(git-fixes).
o media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
(git-fixes).
o media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt()
(git-fixes).
o media: ite-cir: check for receive overflow (git-fixes).
o media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
(git-fixes).
o media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
o media: tc358743: fix possible use-after-free in tc358743_remove()
(git-fixes).
o mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
o misc/uss720: fix memory leak in uss720_probe (git-fixes).
o mlxsw: spectrum_mr: Update egress RIF list before route's action
(git-fixes).
o mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
o mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
o mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
o mmc: core: Set read only for SD cards with permanent write protect bit
(git-fixes).
o mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
o mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
o mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
controllers (git-fixes).
o mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
o net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
o net: enetc: fix link error again (git-fixes).
o net: hns3: Fix for geneve tx checksum bug (git-fixes).
o net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet
() (git-fixes).
o net: hns3: clear unnecessary reset request in hclge_reset_rebuild
(git-fixes).
o net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
o net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
o net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
o net: hns3: initialize the message content in hclge_get_link_mode()
(git-fixes).
o net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
o net: thunderx: Fix unintentional sign extension issue (git-fixes).
o net: usb: fix memory leak in smsc75xx_bind (git-fixes).
o net: xfrm: Localize sequence counter per network namespace (bsc#1185696).
o net: xfrm: Use sequence counter with associated spinlock (bsc#1185696).
o netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o nvme-core: add cancel tagset helpers (bsc#1183976).
o nvme-fabrics: decode host pathing error for connect (bsc#1179827).
o nvme-fc: check sgl supported by target (bsc#1179827).
o nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
o nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
(bsc#1184259).
o nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#
1184259).
o nvme-fc: short-circuit reconnect retries (bsc#1179827).
o nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#
1184259).
o nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#
1182999).
o nvme-pci: Remove tag from process cq (git-fixes).
o nvme-pci: Remove two-pass completions (git-fixes).
o nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
o nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
o nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll()
(git-fixes).
o nvme-pci: dma read memory barrier for completions (git-fixes).
o nvme-pci: fix "slimmer CQ head update" (git-fixes).
o nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
o nvme-pci: remove last_sq_tail (git-fixes).
o nvme-pci: remove volatile cqes (git-fixes).
o nvme-pci: slimmer CQ head update (git-fixes).
o nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
o nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
o nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
o nvme-tcp: add clean action for failed reconnection (bsc#1183976).
o nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
o nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
o nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
o nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
o nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
o nvme: add 'kato' sysfs attribute (bsc#1179825).
o nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
o nvme: define constants for identification values (git-fixes).
o nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
o nvme: do not intialize hwmon for discovery controllers (git-fixes).
o nvme: document nvme controller states (git-fixes).
o nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
o nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
o nvme: fix controller instance leak (git-fixes).
o nvme: fix deadlock in disconnect during scan_work and/or ana_work
(git-fixes).
o nvme: fix possible deadlock when I/O is blocked (git-fixes).
o nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
o nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
o nvme: sanitize KATO setting (bsc#1179825).
o nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
o nvmet: fix a memory leak (git-fixes).
o nvmet: seset ns->file when open fails (bsc#1183873).
o nvmet: use new ana_log_size instead the old one (bsc#1184259).
o nxp-i2c: restore includes for kABI (bsc#1185589).
o nxp-nci: add NXP1002 id (bsc#1185589).
o phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
(git-fixes).
o pinctrl: ingenic: Improve unreachable code generation (git-fixes).
o pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
o platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
o platform/x86: intel_pmc_core: Do not use global pmcdev in quirks
(git-fixes).
o platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
o posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
o power: supply: Use IRQF_ONESHOT (git-fixes).
o power: supply: generic-adc-battery: fix possible use-after-free in
gab_remove() (git-fixes).
o power: supply: s3c_adc_battery: fix possible use-after-free in
s3c_adc_bat_remove() (git-fixes).
o powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
git-fixes).
o powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
o qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
(git-fixes).
o rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
o s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
o sched/eas: Do not update misfit status if the task is pinned (git-fixes)
o sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
o sched/fair: Fix unfairness caused by missing load decay (git-fixes)
o scripts/git_sort/git_sort.py: add bpf git repo
o scsi: core: Run queue in case of I/O resource contention failure (bsc#
1186416).
o scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
o scsi: libfc: Avoid invoking response handler twice if ep is already
completed (bsc#1186573).
o scsi: lpfc: Add a option to enable interlocked ABTS before job completion
(bsc#1186451).
o scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
o scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#
1186451).
o scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
(bsc#1186451).
o scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#
1186451).
o scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs (bsc#1186451).
o scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller
(bsc#1186451).
o scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
o scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
o scsi: lpfc: Ignore GID-FT response that may be received after a link flip
(bsc#1186451).
o scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
controller (bsc#1186451).
o scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
o sctp: delay auto_asconf init until binding the first addr
o seqlock,lockdep: Fix seqcount_latch_init() (bsc#1176564 bsc#1162702).
o serial: core: fix suspicious security_locked_down() call (git-fixes).
o serial: core: return early on unsupported ioctls (git-fixes).
o serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
o serial: stm32: fix incorrect characters on console (git-fixes).
o serial: stm32: fix tx_empty condition (git-fixes).
o serial: tegra: Fix a mask operation that is always true (git-fixes).
o smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
o spi: ath79: always call chipselect function (git-fixes).
o spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
o spi: dln2: Fix reference leak to master (git-fixes).
o spi: omap-100k: Fix reference leak to master (git-fixes).
o spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
o spi: spi-fsl-dspi: Fix a resource leak in an error handling path
(git-fixes).
o staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
o staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
o tcp: fix to update snd_wl1 in bulk receiver fast path
o thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
(git-fixes).
o thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
o tracing: Map all PIDs to command lines (git-fixes).
o tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
o tty: fix memory leak in vc_deallocate (git-fixes).
o tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
o tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
o uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
o uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
o uio_hv_generic: Fix another memory leak in error handling paths
(git-fixes).
o uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
o usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
o usb: dwc3: gadget: Enable suspend events (git-fixes).
o usb: dwc3: gadget: Return success always for kick transfer in ep queue
(git-fixes).
o usb: dwc3: omap: improve extcon initialization (git-fixes).
o usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
(git-fixes).
o usb: fotg210-hcd: Fix an error message (git-fixes).
o usb: gadget/function/f_fs string table fix for multiple languages
(git-fixes).
o usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
o usb: gadget: f_uac1: validate input parameters (git-fixes).
o usb: gadget: f_uac2: validate input parameters (git-fixes).
o usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
(git-fixes).
o usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
o usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
o usb: sl811-hcd: improve misleading indentation (git-fixes).
o usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
o usb: xhci: Fix port minor revision (git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
o vrf: fix a comment about loopback device (git-fixes).
o watchdog/softlockup: Remove obsolete check of last reported task (bsc#
1185982).
o watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
o watchdog: explicitly update timestamp when reporting softlockup (bsc#
1185982).
o watchdog: rename __touch_watchdog() to a better descriptive name (bsc#
1185982).
o whitespace cleanup
o wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
o workqueue: Minor follow-ups to the rescuer destruction change (bsc#
1185911).
o workqueue: more destroy_workqueue() fixes (bsc#1185911).
o x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#
1152489).
o xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
o xhci: check control context is valid before dereferencing it (git-fixes).
o xhci: fix potential array out of bounds with several interrupters
(git-fixes).
o xsk: Respect device's headroom and tailroom on generic xmit path
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Realtime 15-SP2:
zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1889=1
Package List:
o SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):
cluster-md-kmp-rt-5.3.18-39.1
cluster-md-kmp-rt-debuginfo-5.3.18-39.1
dlm-kmp-rt-5.3.18-39.1
dlm-kmp-rt-debuginfo-5.3.18-39.1
gfs2-kmp-rt-5.3.18-39.1
gfs2-kmp-rt-debuginfo-5.3.18-39.1
kernel-rt-5.3.18-39.1
kernel-rt-debuginfo-5.3.18-39.1
kernel-rt-debugsource-5.3.18-39.1
kernel-rt-devel-5.3.18-39.1
kernel-rt-devel-debuginfo-5.3.18-39.1
kernel-rt_debug-5.3.18-39.1
kernel-rt_debug-debuginfo-5.3.18-39.1
kernel-rt_debug-debugsource-5.3.18-39.1
kernel-rt_debug-devel-5.3.18-39.1
kernel-rt_debug-devel-debuginfo-5.3.18-39.1
kernel-syms-rt-5.3.18-39.1
ocfs2-kmp-rt-5.3.18-39.1
ocfs2-kmp-rt-debuginfo-5.3.18-39.1
o SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):
kernel-devel-rt-5.3.18-39.1
kernel-source-rt-5.3.18-39.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1133021
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1156395
o https://bugzilla.suse.com/1162702
o https://bugzilla.suse.com/1164648
o https://bugzilla.suse.com/1176564
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1178418
o https://bugzilla.suse.com/1178612
o https://bugzilla.suse.com/1179827
o https://bugzilla.suse.com/1179851
o https://bugzilla.suse.com/1182378
o https://bugzilla.suse.com/1182999
o https://bugzilla.suse.com/1183346
o https://bugzilla.suse.com/1183868
o https://bugzilla.suse.com/1183873
o https://bugzilla.suse.com/1183932
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184081
o https://bugzilla.suse.com/1184082
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184855
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185497
o https://bugzilla.suse.com/1185589
o https://bugzilla.suse.com/1185606
o https://bugzilla.suse.com/1185645
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185696
o https://bugzilla.suse.com/1185703
o https://bugzilla.suse.com/1185725
o https://bugzilla.suse.com/1185758
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1185898
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185911
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1185987
o https://bugzilla.suse.com/1185988
o https://bugzilla.suse.com/1186061
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186320
o https://bugzilla.suse.com/1186439
o https://bugzilla.suse.com/1186441
o https://bugzilla.suse.com/1186460
o https://bugzilla.suse.com/1186498
o https://bugzilla.suse.com/1186501
o https://bugzilla.suse.com/1186573
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1891-1
Rating: important
References: #1176081 #1180846 #1183947 #1184611 #1184675 #1185642
#1185677 #1185680 #1185724 #1185859 #1185860 #1185862
#1185863 #1185898 #1185899 #1185901 #1185938 #1185950
#1185987 #1186060 #1186061 #1186062 #1186111 #1186285
#1186390 #1186484 #1186498
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141
CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 15 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to
privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
o af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#
1176081).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
o kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
o kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
o kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#
1180846).
o kernel/smp: add more data to CSD lock debugging (bsc#1180846).
o kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
o kernel/smp: prepare more CSD lock debugging (bsc#1180846).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
o net/mlx5e: Remove the wrong assumption about transport offset (bsc#
1176081).
o net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
o net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
o net/packet: Remove redundant skb->protocol set (bsc#1176081).
o net: Do not set transport offset to invalid value (bsc#1176081).
o net: Introduce parse_protocol header_ops callback (bsc#1176081).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#
1183947 bsc#1185950).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1891=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1891=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1891=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1891=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1891=1
o SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1891=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-default-devel-debuginfo-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
o SUSE OpenStack Cloud Crowbar 9 (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
o SUSE OpenStack Cloud 9 (x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-default-devel-debuginfo-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
o SUSE OpenStack Cloud 9 (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.77.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.77.1
kernel-default-base-4.12.14-95.77.1
kernel-default-base-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
kernel-default-devel-4.12.14-95.77.1
kernel-syms-4.12.14-95.77.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.77.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
kernel-devel-4.12.14-95.77.1
kernel-macros-4.12.14-95.77.1
kernel-source-4.12.14-95.77.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
kernel-default-man-4.12.14-95.77.1
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kernel-default-kgraft-4.12.14-95.77.1
kernel-default-kgraft-devel-4.12.14-95.77.1
kgraft-patch-4_12_14-95_77-default-1-6.3.1
o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.77.1
cluster-md-kmp-default-debuginfo-4.12.14-95.77.1
dlm-kmp-default-4.12.14-95.77.1
dlm-kmp-default-debuginfo-4.12.14-95.77.1
gfs2-kmp-default-4.12.14-95.77.1
gfs2-kmp-default-debuginfo-4.12.14-95.77.1
kernel-default-debuginfo-4.12.14-95.77.1
kernel-default-debugsource-4.12.14-95.77.1
ocfs2-kmp-default-4.12.14-95.77.1
ocfs2-kmp-default-debuginfo-4.12.14-95.77.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1176081
o https://bugzilla.suse.com/1180846
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184675
o https://bugzilla.suse.com/1185642
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185724
o https://bugzilla.suse.com/1185859
o https://bugzilla.suse.com/1185860
o https://bugzilla.suse.com/1185862
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1185898
o https://bugzilla.suse.com/1185899
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1185950
o https://bugzilla.suse.com/1185987
o https://bugzilla.suse.com/1186060
o https://bugzilla.suse.com/1186061
o https://bugzilla.suse.com/1186062
o https://bugzilla.suse.com/1186111
o https://bugzilla.suse.com/1186285
o https://bugzilla.suse.com/1186390
o https://bugzilla.suse.com/1186484
o https://bugzilla.suse.com/1186498
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1899-1
Rating: important
References: #1064802 #1066129 #1087082 #1101816 #1103992 #1104353
#1104427 #1104745 #1109837 #1113431 #1126390 #1133021
#1152457 #1174682 #1176081 #1177666 #1180552 #1181383
#1182256 #1183738 #1183947 #1184081 #1184082 #1184611
#1184855 #1185428 #1185481 #1185680 #1185703 #1185724
#1185758 #1185827 #1185901 #1185906 #1185938 #1186060
#1186111 #1186390 #1186416 #1186439 #1186441 #1186452
#1186460 #1186498
Cross-References: CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141
CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134
CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 32 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic
operations by the BPF verifier could be abused to perform out-of-bounds
reads and writes in kernel memory (bsc#1186484).
o CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This
could lead to writing an arbitrary values. (bsc#1186111)
o CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP)
forwards EAPOL frames to other clients even though the sender has not yet
successfully authenticated to the AP. (bnc#1186062)
o CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local
attackers to elevate their privileges. (bnc#1186060)
o CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This
vulnerability is related to the PROVIDE_BUFFERS operation, which allowed
the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
o CVE-2021-32399: Fixed a race condition when removing the HCI controller
(bnc#1184611).
o CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that received fragments be cleared from memory after (re)connecting to a
network. Under the right circumstances this can be abused to inject
arbitrary network packets and/or exfiltrate user data (bnc#1185859).
o CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require
that all fragments of a frame are encrypted under the same key. An
adversary can abuse this to decrypt selected fragments when another device
sends fragmented frames and the WEP, CCMP, or GCMP encryption key is
periodically renewed (bnc#1185859 bnc#1185862).
o CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble
fragments, even though some of them were sent in plaintext. This
vulnerability can be abused to inject packets and/or exfiltrate selected
fragments when another device sends fragmented frames and the WEP, CCMP, or
GCMP data-confidentiality protocol is used (bnc#1185859).
o CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4
devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or
subsequent) broadcast fragments even when sent in plaintext and process
them as full unfragmented frames. An adversary can abuse this to inject
arbitrary network packets independent of the network configuration. (bnc#
1185860)
o CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H,
where the Message Integrity Check (authenticity) of fragmented TKIP frames
was not verified. An adversary can abuse this to inject and possibly
decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol. (bnc#1185987)
o CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to
privilege escalation from the context of a network service or an
unprivileged process. (bnc#1184675)
The following non-security bugs were fixed:
o ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
o ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
o ALSA: aloop: Fix initialization of controls (git-fixes).
o ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
(git-fixes).
o ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
(git-fixes).
o ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails
(git-fixes).
o ARM: footbridge: fix PCI interrupt mapping (git-fixes).
o ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
o ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
o ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
(git-fixes).
o Avoid potentially erroneos RST drop (bsc#1183947).
o Do not drop out of segments RST if tcp_be_liberal is set (bsc#1183947).
o Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
o Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
o Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
o EDAC/amd64: Gather hardware information early (bsc#1180552).
o EDAC/amd64: Make struct amd64_family_type global (bsc#1180552).
o EDAC/amd64: Save max number of controllers to family type (bsc#1180552).
o HID: alps: fix error return code in alps_input_configured() (git-fixes).
o HID: plantronics: Workaround for double volume key presses (git-fixes).
o HID: wacom: Assign boolean values to a bool variable (git-fixes).
o HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
(git-fixes).
o Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
o Input: nspire-keypad - enable interrupts only when opened (git-fixes).
o KVM: s390: fix guarded storage control register handling (bsc#1133021).
o NFSv4: Replace closed stateids with the "invalid special stateid" (bsc#
1185481).
o PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
o RDMA/hns: Delete redundant condition judgment related to eq (bsc#1104427).
o RDMA/srpt: Fix error return code in srpt_cm_req_recv() (bsc#1103992).
o SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#
1185428).
o USB: serial: fix return value for unsupported ioctls (git-fixes).
o USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
o af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#
1176081).
o ata: libahci_platform: fix IRQ check (git-fixes).
o ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
(git-fixes).
o backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
o batman-adv: Do not always reallocate the fragmentation skb head
(git-fixes).
o bluetooth: eliminate the potential race condition when removing the HCI
controller (git-fixes).
o bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (bsc#1104745).
o bpf: Fix masking negation logic upon negative dst register (git-fixes).
o btrfs: fix race between transaction aborts and fsyncs leading to
use-after-free (bsc#1186441).
o btrfs: fix race when picking most recent mod log operation for an old root
(bsc#1186439).
o bus: qcom: Put child node before return (git-fixes).
o cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
o clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
o clk: fix invalid usage of list cursor in register (git-fixes).
o clk: fix invalid usage of list cursor in unregister (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1
GHz (git-fixes).
o clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
(git-fixes).
o clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
(git-fixes).
o clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
o clk: uniphier: Fix potential infinite loop (git-fixes).
o cpufreq: Kconfig: fix documentation links (git-fixes).
o cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#
1185758).
o crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
(git-fixes).
o crypto: qat - Fix a double free in adf_create_ring (git-fixes).
o crypto: qat - do not release uninitialized resources (git-fixes).
o crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
o cxgb4: Fix unintentional sign extension issues (bsc#1064802 bsc#1066129).
o dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
o dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
o docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
o docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
o drivers: net: fix memory leak in atusb_probe (git-fixes).
o drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
o drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
o drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
o drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
o drm/omap: fix misleading indentation in pixinc() (git-fixes).
o drm/radeon: fix copy of uninitialized variable back to userspace
(git-fixes).
o e1000e: Fix duplicate include guard (git-fixes).
o e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
o e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
o ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (bsc#
1113431).
o ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
o genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
o gianfar: Handle error code at MAC address change (git-fixes).
o i2c: cadence: add IRQ check (git-fixes).
o i2c: emev2: add IRQ check (git-fixes).
o i2c: jz4780: add IRQ check (git-fixes).
o i40e: Added Asym_Pause to supported link modes (git-fixes).
o i40e: Fix PHY type identifiers for 2.5G and 5G adapters (jsc#SLE-4797).
o i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
o i40e: Fix use-after-free in i40e_client_subtask() (bsc#1101816 ).
o i40e: fix broken XDP support (git-fixes).
o i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
o i40e: fix the restart auto-negotiation after FEC modified (jsc#SLE-4797).
o ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
o ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
o ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
o ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432
git-fixes).
o igb: Fix duplicate include guard (git-fixes).
o igb: check timestamp validity (git-fixes).
o ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#
1184855).
o ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
(git-fixes).
o kABI: powerpc/64: add back start_tb and accum_tb to thread_struct.
o kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
o liquidio: Fix unintented sign extension of a left shift of a u16
(git-fixes).
o mac80211: bail out if cipher schemes are invalid (git-fixes).
o mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
o macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
o md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
o md/raid1: properly indicate failure when ending a failed write request (bsc
#1185680).
o md: do not flush workqueue unconditionally in md_open (bsc#1184081).
o md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
o md: md_open returns -EBUSY when entering racing area (bsc#1184081).
o md: split mddev_find (bsc#1184081).
o media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
o media: m88rs6000t: avoid potential out-of-bounds reads on arrays
(git-fixes).
o media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
o mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000"
(git-fixes).
o mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
o misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
o misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
(git-fixes).
o mlxsw: spectrum_mr: Update egress RIF list before route's action (bsc#
1112374).
o mm: mempolicy: fix potential pte_unmap_unlock pte error (bsc#1185906).
o mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
(bsc#1185906).
o mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
o mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
o mt7601u: fix always true expression (git-fixes).
o mtd: require write permissions for locking and badblock ioctls (git-fixes).
o net, xdp: Update pkt_type if generic XDP changes unicast MAC (bsc#1109837).
o net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
o net/mlx4_en: update moderation when config reset (git-fixes).
o net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
o net/mlx5e: Remove the wrong assumption about transport offset (bsc#
1176081).
o net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
o net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
o net/packet: Remove redundant skb->protocol set (bsc#1176081).
o net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
(git-fixes).
o net: Do not set transport offset to invalid value (bsc#1176081).
o net: Introduce parse_protocol header_ops callback (bsc#1176081).
o net: hns3: Fix for geneve tx checksum bug (bsc#1104353 ).
o net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet
() (bsc#1104353).
o net: hns3: disable phy loopback setting in hclge_mac_start_phy (bsc#
1104353).
o net: hns3: fix for vxlan gpe tx checksum bug (bsc#1104353 ).
o net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1104353).
o net: hns3: initialize the message content in hclge_get_link_mode() (bsc#
1126390).
o net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1104353).
o net: thunderx: Fix unintentional sign extension issue (git-fixes).
o netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
o netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#
1185950).
o netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: improve RST handling when tuple is re-used (bsc#
1183947 bsc#1185950).
o netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#
1183947 bsc#1185950).
o nfc: pn533: prevent potential memory corruption (git-fixes).
o nvme-fc: clear q_live at beginning of association teardown (git-fixes).
o nvme-loop: Introduce no merge flag for biovec (bsc#1174682).
o pata_arasan_cf: fix IRQ check (git-fixes).
o pata_ipx4xx_cf: fix IRQ check (git-fixes).
o pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
o phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
unconditionally (git-fixes).
o pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
o pinctrl: lewisburg: Update number of pins in community (git-fixes).
o platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
critclk_systems DMI table (git-fixes).
o powerpc/64: remove start_tb and accum_tb from thread_struct (bsc#1186487
ltc#177613).
o powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666
git-fixes).
o powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
o powerpc/pseries: lparcfg calculate PURR on demand (bsc#1186487 ltc#177613).
o regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
o rsxx: remove extraneous 'const' qualifier (git-fixes).
o rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
o rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
o s390/dasd: fix hanging DASD driver unbind (bsc#1183754 LTC#192081).
o s390/dasd: fix hanging IO request during DASD driver unbind (bsc#1183754
LTC#192081).
o s390/entry: save the caller of psw_idle (bsc#1185677).
o s390/kdump: fix out-of-memory with PCI (bsc#1182256 LTC#191375).
o sata_mv: add IRQ checks (git-fixes).
o scsi: core: Run queue in case of I/O resource contention failure (bsc#
1186416).
o scsi: libfc: Avoid invoking response handler twice if ep is already
completed (bsc#1186573).
o scsi: lpfc: Add a option to enable interlocked ABTS before job completion
(bsc#1186452).
o scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186452).
o scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#
1186452).
o scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
(bsc#1186452).
o scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#
1186452).
o scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs (bsc#1186452).
o scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller
(bsc#1186452).
o scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186452).
o scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186452).
o scsi: lpfc: Ignore GID-FT response that may be received after a link flip
(bsc#1186452).
o scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric
controller (bsc#1186452).
o scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186452).
o scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
o smc: disallow TCP_ULP in smc_setsockopt() (bsc#1109837).
o soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes).
o spi: spi-ti-qspi: Free DMA resources (git-fixes).
o staging: rtl8192u: Fix potential infinite loop (git-fixes).
o tcp: fix to update snd_wl1 in bulk receiver fast path (bsc#1185827).
o thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val'
(git-fixes).
o tracing: Map all PIDs to command lines (git-fixes).
o uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
o uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
o uio_hv_generic: Fix another memory leak in error handling paths
(git-fixes).
o uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
o usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
o usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
(git-fixes).
o usb: xhci: Increase timeout for HC halt (git-fixes).
o video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
o xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
o xsk: Respect device's headroom and tailroom on generic xmit path (bsc#
1109837).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Real Time Extension 12-SP5:
zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1899=1
Package List:
o SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
kernel-devel-rt-4.12.14-10.46.1
kernel-source-rt-4.12.14-10.46.1
o SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
cluster-md-kmp-rt-4.12.14-10.46.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.46.1
dlm-kmp-rt-4.12.14-10.46.1
dlm-kmp-rt-debuginfo-4.12.14-10.46.1
gfs2-kmp-rt-4.12.14-10.46.1
gfs2-kmp-rt-debuginfo-4.12.14-10.46.1
kernel-rt-4.12.14-10.46.1
kernel-rt-base-4.12.14-10.46.1
kernel-rt-base-debuginfo-4.12.14-10.46.1
kernel-rt-debuginfo-4.12.14-10.46.1
kernel-rt-debugsource-4.12.14-10.46.1
kernel-rt-devel-4.12.14-10.46.1
kernel-rt-devel-debuginfo-4.12.14-10.46.1
kernel-rt_debug-4.12.14-10.46.1
kernel-rt_debug-debuginfo-4.12.14-10.46.1
kernel-rt_debug-debugsource-4.12.14-10.46.1
kernel-rt_debug-devel-4.12.14-10.46.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.46.1
kernel-syms-rt-4.12.14-10.46.1
ocfs2-kmp-rt-4.12.14-10.46.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.46.1
References:
o https://www.suse.com/security/cve/CVE-2020-24586.html
o https://www.suse.com/security/cve/CVE-2020-24587.html
o https://www.suse.com/security/cve/CVE-2020-26139.html
o https://www.suse.com/security/cve/CVE-2020-26141.html
o https://www.suse.com/security/cve/CVE-2020-26145.html
o https://www.suse.com/security/cve/CVE-2020-26147.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://www.suse.com/security/cve/CVE-2021-23134.html
o https://www.suse.com/security/cve/CVE-2021-32399.html
o https://www.suse.com/security/cve/CVE-2021-33034.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-3491.html
o https://bugzilla.suse.com/1064802
o https://bugzilla.suse.com/1066129
o https://bugzilla.suse.com/1087082
o https://bugzilla.suse.com/1101816
o https://bugzilla.suse.com/1103992
o https://bugzilla.suse.com/1104353
o https://bugzilla.suse.com/1104427
o https://bugzilla.suse.com/1104745
o https://bugzilla.suse.com/1109837
o https://bugzilla.suse.com/1113431
o https://bugzilla.suse.com/1126390
o https://bugzilla.suse.com/1133021
o https://bugzilla.suse.com/1152457
o https://bugzilla.suse.com/1174682
o https://bugzilla.suse.com/1176081
o https://bugzilla.suse.com/1177666
o https://bugzilla.suse.com/1180552
o https://bugzilla.suse.com/1181383
o https://bugzilla.suse.com/1182256
o https://bugzilla.suse.com/1183738
o https://bugzilla.suse.com/1183947
o https://bugzilla.suse.com/1184081
o https://bugzilla.suse.com/1184082
o https://bugzilla.suse.com/1184611
o https://bugzilla.suse.com/1184855
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185481
o https://bugzilla.suse.com/1185680
o https://bugzilla.suse.com/1185703
o https://bugzilla.suse.com/1185724
o https://bugzilla.suse.com/1185758
o https://bugzilla.suse.com/1185827
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1185906
o https://bugzilla.suse.com/1185938
o https://bugzilla.suse.com/1186060
o https://bugzilla.suse.com/1186111
o https://bugzilla.suse.com/1186390
o https://bugzilla.suse.com/1186416
o https://bugzilla.suse.com/1186439
o https://bugzilla.suse.com/1186441
o https://bugzilla.suse.com/1186452
o https://bugzilla.suse.com/1186460
o https://bugzilla.suse.com/1186498
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYMGPEuNLKJtyKPYoAQgkzg/+N4AgsXNOZLqoRHYN73U+ejF/uJKH9l15
1y8JFEIv3rTaAKDK7/vV9LkUkik2YTHj+ovN+8BySIkxNLTKB/MWHyGBAx476E/a
waJTpAFYSTKuSgcwOHEBvnECHmDnQQ221pwhm+3i20W1c46SpmlIbHQ5Kn5DS347
Xrm1l6tb2K92Z7tQRBqJF3iwxQl2esLGq6ZZ8EqXvHZRmAd2P90sK2ZZ7xkNnhX1
oiUNd3v15ckW+foxOXhWJ6ho4tW7vdXq9IPpChCVPtXg26uMetESHTZzhKxAHS7g
nYTQNsU9vCmx1/i7z2TQx2WbD4DrgHqCkLpymZgNeHvIuSxmsqQJhAk6a+8dChLm
oVIl8yM6MwuKkDVHTgx4zh7Xt7WODMoYXSrBARDvThFJuK2ZUBbyNy5SRaA6fwg+
v+XI02X6kyB5+8JLUCgccdyV9gPwowqs61SP5ibWZvZsyi+l8YuO9p26WhVY3H4x
5xouFVuV7z0boshWjfglnmmGa/22Lc0MnxMkBAYHT82++kGgJpofGDGXrbkVWe4H
ArO33fSoMaCXURsz0iG+Ttbw2+98vQUCivirq8QbkhJzc2eo/N5XgBVFTy77WM+X
5bFxeiZfvXlr7Tf1d+mFgHP3FY5lBhK3fp96bd0plQ/d8frUocD0zeSAfNplW+W+
cGOtBuhcgVw=
=d3iZ
-----END PGP SIGNATURE-----