openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:1062-1
Rating:             important
References:         #1152472 #1152489 #1153274 #1154353 #1155518 
                    #1155798 #1156395 #1158983 #1162702 #1167773 
                    #1169094 #1170284 #1170617 #1171150 #1171529 
                    #1171530 #1171732 #1172344 #1172543 #1172687 
                    #1172871 #1173284 #1173514 #1173552 #1173573 
                    #1173625 #1173746 #1173776 #1173817 #1173818 
                    #1173820 #1173822 #1173823 #1173824 #1173825 
                    #1173826 #1173827 #1173828 #1173830 #1173831 
                    #1173832 #1173833 #1173834 #1173836 #1173837 
                    #1173838 #1173839 #1173841 #1173843 #1173844 
                    #1173845 #1173847 #1173860 #1173894 #1174018 
                    #1174244 #1174345 
Cross-References:   CVE-2020-12771 CVE-2020-15393
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that solves two vulnerabilities and has 55 fixes
   is now available.

Description:



   The openSUSE Leap 15.2 was updated to receive various security and
   bugfixes.

   The following security bugs were fixed:

   - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a
     memory leak, aka CID-28ebeb8db770 (bnc#1173514).
   - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a
     deadlock if a coalescing operation fails (bnc#1171732).

   The following non-security bugs were fixed:

   - ACPI: configfs: Disallow loading ACPI tables when locked down
     (git-fixes).
   - ACPI: sysfs: Fix pm_profile_attr type (git-fixes).
   - aio: fix async fsync creds (bsc#1173828).
   - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
     (git-fixes).
   - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
     (git-fixes).
   - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes).
   - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes).
   - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems
     (git-fixes).
   - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes).
   - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC
     (git-fixes).
   - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC
     (git-fixes).
   - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with
     ALC269VC (git-fixes).
   - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id
     (git-fixes).
   - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
   - ALSA: opl3: fix infoleak in opl3 (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes).
   - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes).
   - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
   - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes).
   - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
   - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
   - ALSA: usb-audio: Fix packet size calculation (bsc#1173847).
   - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes).
   - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes).
   - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).
   - ASoC: core: only convert non DPCM link to DPCM link (git-fixes).
   - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
     (git-fixes).
   - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
     (git-fixes).
   - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet
     (git-fixes).
   - ASoC: max98373: reorder max98373_reset() in resume (git-fixes).
   - ASoc: q6afe: add support to get port direction (git-fixes).
   - ASoC: q6asm: handle EOS correctly (git-fixes).
   - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes).
   - ASoC: rockchip: Fix a reference count leak (git-fixes).
   - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes).
   - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags
     (git-fixes).
   - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes).
   - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()'
     (git-fixes).
   - ata/libata: Fix usage of page address by page_address in
     ata_scsi_mode_select_xlat function (git-fixes).
   - ath10k: fix kernel null pointer dereference (git-fixes).
   - ath10k: Fix the race condition in firmware dump work queue (git-fixes).
   - b43: Fix connection problem with WPA3 (git-fixes).
   - b43_legacy: Fix connection problem with WPA3 (git-fixes).
   - backlight: lp855x: Ensure regulators are disabled on probe failure
     (git-fixes).
   - batman-adv: Revert "disable ethtool link speed detection when auto
     negotiation off" (git-fixes).
   - bdev: fix bdev inode reference count disbalance regression (bsc#1174244)
   - block/bio-integrity: do not free 'buf' if bio_integrity_add_page()
     failed (bsc#1173817).
   - block: Fix use-after-free in blkdev_get() (bsc#1173834).
   - block: nr_sects_write(): Disable preemption on seqcount write
     (bsc#1173818).
   - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes).
   - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes).
   - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150).
   - bnxt_en: fix firmware message length endianness (bsc#1173894).
   - bnxt_en: Fix return code to "flash_device" (bsc#1173894).
   - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Return from timer if interface is not in open state
     (jsc#SLE-8371 bsc#1153274).
   - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274).
   - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks
     (bsc#1155518).
   - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE
     (bsc#1155518).
   - bpf: Fix an error code in check_btf_func() (bsc#1154353).
   - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier
     (bsc#1172344).
   - bpf, xdp, samples: Fix null pointer dereference in *_user code
     (bsc#1155518).
   - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094).
   - bus: ti-sysc: Ignore clockactivity unless specified as a quirk
     (git-fixes).
   - carl9170: remove P2P_GO support (git-fixes).
   - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
   - clk: qcom: msm8916: Fix the address location of pll->config_reg
     (git-fixes).
   - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
     (git-fixes).
   - clk: sifive: allocate sufficient memory for struct __prci_data
     (git-fixes).
   - clk: ti: composite: fix memory leak (git-fixes).
   - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes).
   - clocksource: dw_apb_timer: Make CPU-affiliation being optional
     (git-fixes).
   - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes).
   - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
     (git-fixes).
   - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
     (git-fixes).
   - cpuidle: Fix three reference count leaks (git-fixes).
   - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes).
   - crypto - Avoid free() namespace collision (git-fixes).
   - Crypto/chcr: fix for ccm(aes) failed test (git-fixes).
   - crypto: omap-sham - add proper load balancing support for multicore
     (git-fixes).
   - debugfs: Check module state before warning in {full/open}_proxy_open()
     (bsc#1173746).
   - devlink: fix return value after hitting end in region read
     (networking-stable-20_05_12).
   - devmap: Use bpf_map_area_alloc() for allocating hash buckets
     (bsc#1154353).
   - dm writecache: reject asynchronous pmem devices (bsc#1156395).
   - dpaa2-eth: prevent array underflow in update_cls_rule()
     (networking-stable-20_05_16).
   - dpaa2-eth: properly handle buffer size restrictions
     (networking-stable-20_05_16).
   - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).
   - drivers: base: Fix NULL pointer exception in __platform_driver_probe()
     if a driver developer is foolish (git-fixes).
   - Drivers: hv: Change flag to write log level in panic msg to false
     (bsc#1170617).
   - drm: amd/display: fix Kconfig help text (bsc#1152489) 	* context changes
   - drm/amd/display: Revalidate bandwidth before commiting DC updates
     (git-fixes).
   - drm/amd: fix potential memleak in err branch (git-fixes).
   - drm/amdgpu: add fw release for sdma v5_0 (git-fixes).
   - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes).
   - drm/amdgpu: fix gfx hang during suspend with video playback (v2)
     (git-fixes).
   - drm/amdgpu: fix the hw hang during perform system reboot and reset
     (git-fixes).
   - drm/amdgpu: Init data to avoid oops while reading pp_num_states
     (git-fixes).
   - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes).
   - drm/amdgpu: Replace invalid device ID with a valid device ID
     (bsc#1152472)
   - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and
     raven (git-fixes).
   - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes).
   - drm/connector: notify userspace on hotplug after register complete
     (bsc#1152489) 	* context changes
   - drm/i915/gt: Do not schedule normal requests immediately along
     (bsc#1152489)
   - drm/i915/gvt: Fix two CFL MMIO handling caused by regression.
     (bsc#1152489)
   - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes).
   - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
     (bsc#1152489)
   - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489)
   - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489)
   - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes).
   - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
     (git-fixes).
   - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection
     (git-fixes).
   - drm/qxl: Use correct notify port address when creating cursor ring
     (bsc#1152472)
   - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
   - drm: rcar-du: Fix build error (bsc#1152472)
   - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489)
   - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes).
   - e1000: Distribute switch variables for initialization (git-fixes).
   - e1000e: Relax condition to trigger reset for ME workaround (git-fixes).
   - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843).
   - ext4: fix error pointer dereference (bsc#1173837).
   - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836).
   - ext4: fix partial cluster initialization when splitting extent
     (bsc#1173839).
   - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).
   - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error
     handlers (bsc#1173833).
   - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841).
   - fat: do not allow to mount if the FAT length == 0 (bsc#1173831).
   - Fix boot crash with MD (bsc#1173860)
   - fix multiplication overflow in copy_fdtable() (bsc#1173825).
   - fork: prevent accidental access to clone3 features (bsc#1174018).
   - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
     (networking-stable-20_05_12).
   - geneve: allow changing DF behavior after creation (git-fixes).
   - geneve: change from tx_error to tx_dropped on missing metadata
     (git-fixes).
   - gfs2: fix glock reference problem in gfs2_trans_remove_revoke
     (bsc#1173823).
   - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822).
   - gpio: pca953x: fix handling of automatic address incrementing
     (git-fixes).
   - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes).
   - hinic: fix a bug of ndo_stop (networking-stable-20_05_16).
   - hinic: fix wrong para of wait_for_completion_timeout
     (networking-stable-20_05_16).
   - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes).
   - hwmon: (acpi_power_meter) Fix potential memory leak in
     acpi_power_meter_add() (git-fixes).
   - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes).
   - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes).
   - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes).
   - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes).
   - i2c: core: check returned size of emulated smbus block read (git-fixes).
   - i2c: fsi: Fix the port number field in status register (git-fixes).
   - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes).
   - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
     (git-fixes).
   - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
     (git-fixes).
   - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
   - IB/rdmavt: Free kernel completion queue when done (bsc#1173625).
   - iio: bmp280: fix compensation of humidity (git-fixes).
   - input: i8042 - Remove special PowerPC handling (git-fixes).
   - ionic: add pcie_print_link_status (bsc#1167773).
   - ionic: export features for vlans to use (bsc#1167773).
   - ionic: no link check while resetting queues (bsc#1167773).
   - ionic: remove support for mgmt device (bsc#1167773).
   - ionic: tame the watchdog timer on reconfig (bsc#1167773).
   - ionic: wait on queue start until after IFF_UP (bsc#1167773).
   - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832).
   - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes).
   - iwlwifi: mvm: fix aux station leak (git-fixes).
   - ixgbe: do not check firmware errors (bsc#1170284).
   - jbd2: avoid leaking transaction credits when unreserving handle
     (bsc#1173845).
   - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).
   - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes).
   - kabi: hv: prevent struct device_node to become defined (bsc#1172871).
   - kABI: protect struct fib_dump_filter (kabi).
   - kABI: protect struct mlx5_cmd_work_ent (kabi).
   - libceph: do not omit recovery_deletes in target_copy() (git-fixes).
   - loop: replace kill_bdev with invalidate_bdev (bsc#1173820).
   - media: dvbdev: Fix tuner->demod media controller link (git-fixes).
   - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776).
   - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776).
   - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling
     (git-fixes).
   - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes).
   - media: ov5640: fix use of destroyed mutex (git-fixes).
   - media: si2157: Better check for running tuner in init (git-fixes).
   - media: si2168: add support for Mygica T230C v2 (bsc#1173776).
   - media: staging: imgu: do not hold spinlock during freeing mmu page table
     (git-fixes).
   - media: staging/intel-ipu3: Implement lock for stream on/off operations
     (git-fixes).
   - media: vicodec: Fix error codes in probe function (git-fixes).
   - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
   - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
     (networking-stable-20_05_12).
   - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes).
   - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
     (git-fixes).
   - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844).
   - mm/memory_hotplug: refrain from adding memory into an impossible node
     (bsc#1173552).
   - mvpp2: remove module bugfix (bsc#1154353).
   - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824).
   - neigh: send protocol value in neighbor create notification
     (networking-stable-20_05_12).
   - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702).
   - net: do not return invalid table id error when we fall back to PF_UNSPEC
     (networking-stable-20_05_27).
   - net: dsa: Do not leave DSA master with NULL netdev_ops
     (networking-stable-20_05_12).
   - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).
   - net: dsa: mt7530: fix roaming from DSA user ports
     (networking-stable-20_05_27).
   - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
     (networking-stable-20_05_27).
   - net: fix a potential recursive NETDEV_FEAT_CHANGE
     (networking-stable-20_05_16).
   - __netif_receive_skb_core: pass skb by reference
     (networking-stable-20_05_27).
   - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
     (networking-stable-20_05_27).
   - net: ipip: fix wrong address family in init error path
     (networking-stable-20_05_27).
   - net: macb: fix an issue about leak related system resources
     (networking-stable-20_05_12).
   - net: macsec: preserve ingress frame ordering
     (networking-stable-20_05_12).
   - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
     (networking-stable-20_05_12).
   - net/mlx5: Add command entry handling completion
     (networking-stable-20_05_27).
   - net/mlx5: Disable reload while removing the device (jsc#SLE-8464).
   - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464).
   - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27).
   - net/mlx5e: kTLS, Destroy key object after destroying the TIS
     (networking-stable-20_05_27).
   - net/mlx5e: Update netdev txq on completions during closure
     (networking-stable-20_05_27).
   - net/mlx5: Fix command entry leak in Internal Error State
     (networking-stable-20_05_12).
   - net/mlx5: Fix error flow in case of function_setup failure
     (networking-stable-20_05_27).
   - net/mlx5: Fix forced completion access non initialized command entry
     (networking-stable-20_05_12).
   - net/mlx5: Fix memory leak in mlx5_events_init
     (networking-stable-20_05_27).
   - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del()
     (networking-stable-20_05_12).
   - net: mvpp2: fix RX hashing for non-10G ports
     (networking-stable-20_05_27).
   - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx()
     (networking-stable-20_05_12).
   - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27).
   - net: phy: fix aneg restart in phy_ethtool_set_eee
     (networking-stable-20_05_16).
   - netprio_cgroup: Fix unlimited memory leak of v2 cgroups
     (networking-stable-20_05_16).
   - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
     (networking-stable-20_05_27).
   - net sched: fix reporting the first-time use timestamp
     (networking-stable-20_05_27).
   - net_sched: sch_skbprio: add message validation to skbprio_change()
     (networking-stable-20_05_12).
   - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069).
   - net: stmmac: fix num_por initialization (networking-stable-20_05_16).
   - net: stricter validation of untrusted gso packets
     (networking-stable-20_05_12).
   - net: tc35815: Fix phydev supported/advertising mask
     (networking-stable-20_05_12).
   - net: tcp: fix rx timestamp behavior for tcp_recvmsg
     (networking-stable-20_05_16).
   - net/tls: fix race condition causing kernel panic
     (networking-stable-20_05_27).
   - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
     (networking-stable-20_05_12).
   - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
     (networking-stable-20_05_12).
   - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).
   - nexthop: Fix attribute checking for groups (networking-stable-20_05_27).
   - nfp: abm: fix a memory leak bug (networking-stable-20_05_12).
   - nfp: abm: fix error return code in nfp_abm_vnic_alloc()
     (networking-stable-20_05_16).
   - nfsd4: fix nfsdfs reference count loop (git-fixes).
   - nfsd: apply umask on fs without ACL support (git-fixes).
   - nfsd: fix nfsdfs inode reference count leak (git-fixes).
   - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes).
   - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to
     read-only register (git-fixes).
   - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
     (git-fixes).
   - PCI: Add Loongson vendor ID (git-fixes).
   - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).
   - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
   - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
   - PCI: Do not disable decoding when mmio_always_on is set (git-fixes).
   - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes).
   - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871).
   - PCI: hv: Decouple the func definition in hv_dr_state from VSP message
     (bsc#1172871).
   - PCI: hv: Fix the PCI HyperV probe failure path to release resource
     properly (bsc#1172871).
   - PCI: hv: Introduce hv_msi_entry (bsc#1172871).
   - PCI: hv: Move hypercall related definitions into tlfs header
     (bsc#1172871).
   - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871).
   - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871).
   - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871).
   - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes).
   - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes).
   - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes).
   - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes).
   - platform/x86: asus_wmi: Reserve more space for struct bias_args
     (git-fixes).
   - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
     (git-fixes).
   - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
     (git-fixes).
   - pNFS/flexfiles: Fix list corruption if the mirror count changes
     (git-fixes).
   - pppoe: only process PADT targeted at local interfaces
     (networking-stable-20_05_16).
   - proc: Use new_inode not new_inode_pseudo (bsc#1173830).
   - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
     (git-fixes).
   - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449).
   - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes).
   - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use
     (git-fixes).
   - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102")
     (git-fixes).
   - Revert "i2c: tegra: Fix suspending in active runtime PM state"
     (git-fixes).
   - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
     (networking-stable-20_05_16).
   - ring-buffer: Zero out time extend if it is nested and not absolute
     (git-fixes).
   - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes).
   - sch_choke: avoid potential panic in choke_reset()
     (networking-stable-20_05_12).
   - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler
     functional and performance backports)).
   - sched: Fix race against ptrace_freeze_trace() (bsc#1174345).
   - sch_sfq: validate silly quantum values (networking-stable-20_05_12).
   - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Add support to display if adapter dumps are available
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Allow applications to issue Common Set Features mailbox
     command (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix interrupt assignments when multiple vectors are
     supported on same CPU (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix language in 0373 message to reflect non-error message
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530).
   - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request
     (bsc#1158983).
   - sctp: Do not add the shutdown timer if its already been added
     (networking-stable-20_05_27).
   - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state
     and socket is closed (networking-stable-20_05_27).
   - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518).
   - signal: Avoid corrupting si_pid and si_uid in do_notify_parent
     (bsc#1171529).
   - slimbus: ngd: get drvdata from correct device (git-fixes).
   - socionext: account for napi_gro_receive never returning GRO_DROP
     (bsc#1154353).
   - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).
   - spi: dw: Fix Rx-only DMA transfers (git-fixes).
   - spi: dw: Return any value retrieved from the dma_transfer callback
     (git-fixes).
   - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes).
   - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH
     (git-fixes).
   - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
     (git-fixes).
   - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).
   - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
     (git-fixes).
   - tcp: fix error recovery in tcp_zerocopy_receive()
     (networking-stable-20_05_16).
   - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16).
   - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
     (bsc#1173284).
   - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes).
   - thermal/drivers/rcar_gen3: Fix undefined temperature if negative
     (git-fixes).
   - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes).
   - tipc: block BH before using dst_cache (networking-stable-20_05_27).
   - tipc: fix partial topology connection closure
     (networking-stable-20_05_12).
   - tpm: Fix TIS locality timeout problems (git-fixes).
   - tpm_tis: Remove the HID IFX0102 (git-fixes).
   - tracing: Fix event trigger to accept redundant spaces (git-fixes).
   - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
     (networking-stable-20_05_12).
   - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827).
   - ubifs: remove broken lazytime support (bsc#1173826).
   - Update patch reference tag for ACPI lockdown fix (bsc#1173573)
   - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).
   - usb/ehci-platform: Set PM runtime as active on resume (git-fixes).
   - USB: ehci: reopen solution for Synopsys HC bug (git-fixes).
   - usb: gadget: udc: Potential Oops in error handling code (git-fixes).
   - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
     (git-fixes).
   - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes).
   - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
   - usblp: poison URBs upon disconnect (git-fixes).
   - usb/ohci-platform: Fix a warning when hibernating (git-fixes).
   - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes).
   - usb: renesas_usbhs: getting residue from callback_result (git-fixes).
   - USB: serial: ch341: add basis for quirk detection (git-fixes).
   - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs
     (git-fixes).
   - usb/xhci-plat: Set PM runtime as active on resume (git-fixes).
   - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489)
   - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16).
   - watchdog: da9062: No need to ping manually before setting timeout
     (git-fixes).
   - wil6210: account for napi_gro_receive never returning GRO_DROP
     (bsc#1154353).
   - wil6210: add wil_netif_rx() helper function (bsc#1154353).
   - wil6210: use after free in wil_netif_rx_any() (bsc#1154353).
   - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes).
   - xhci: Fix enumeration issue when setting max packet size for FS devices
     (git-fixes).
   - xhci: Fix incorrect EP_STATE_MASK (git-fixes).
   - xhci: Poll for U0 after disabling USB2 LPM (git-fixes).
   - xhci: Return if xHCI does not support LPM (git-fixes).
   - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2020-1062=1



Package List:

   - openSUSE Leap 15.2 (x86_64):

      kernel-debug-5.3.18-lp152.33.1
      kernel-debug-debuginfo-5.3.18-lp152.33.1
      kernel-debug-debugsource-5.3.18-lp152.33.1
      kernel-debug-devel-5.3.18-lp152.33.1
      kernel-debug-devel-debuginfo-5.3.18-lp152.33.1
      kernel-default-5.3.18-lp152.33.1
      kernel-default-base-5.3.18-lp152.33.1.lp152.8.4.4
      kernel-default-base-rebuild-5.3.18-lp152.33.1.lp152.8.4.4
      kernel-default-debuginfo-5.3.18-lp152.33.1
      kernel-default-debugsource-5.3.18-lp152.33.1
      kernel-default-devel-5.3.18-lp152.33.1
      kernel-default-devel-debuginfo-5.3.18-lp152.33.1
      kernel-kvmsmall-5.3.18-lp152.33.1
      kernel-kvmsmall-debuginfo-5.3.18-lp152.33.1
      kernel-kvmsmall-debugsource-5.3.18-lp152.33.1
      kernel-kvmsmall-devel-5.3.18-lp152.33.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.33.1
      kernel-obs-build-5.3.18-lp152.33.1
      kernel-obs-build-debugsource-5.3.18-lp152.33.1
      kernel-obs-qa-5.3.18-lp152.33.1
      kernel-preempt-5.3.18-lp152.33.1
      kernel-preempt-debuginfo-5.3.18-lp152.33.1
      kernel-preempt-debugsource-5.3.18-lp152.33.1
      kernel-preempt-devel-5.3.18-lp152.33.1
      kernel-preempt-devel-debuginfo-5.3.18-lp152.33.1
      kernel-syms-5.3.18-lp152.33.1

   - openSUSE Leap 15.2 (noarch):

      kernel-devel-5.3.18-lp152.33.1
      kernel-docs-5.3.18-lp152.33.1
      kernel-docs-html-5.3.18-lp152.33.1
      kernel-macros-5.3.18-lp152.33.1
      kernel-source-5.3.18-lp152.33.1
      kernel-source-vanilla-5.3.18-lp152.33.1


References:

   https://www.suse.com/security/cve/CVE-2020-12771.html
   https://www.suse.com/security/cve/CVE-2020-15393.html
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1153274
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1155798
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1158983
   https://bugzilla.suse.com/1162702
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1169094
   https://bugzilla.suse.com/1170284
   https://bugzilla.suse.com/1170617
   https://bugzilla.suse.com/1171150
   https://bugzilla.suse.com/1171529
   https://bugzilla.suse.com/1171530
   https://bugzilla.suse.com/1171732
   https://bugzilla.suse.com/1172344
   https://bugzilla.suse.com/1172543
   https://bugzilla.suse.com/1172687
   https://bugzilla.suse.com/1172871
   https://bugzilla.suse.com/1173284
   https://bugzilla.suse.com/1173514
   https://bugzilla.suse.com/1173552
   https://bugzilla.suse.com/1173573
   https://bugzilla.suse.com/1173625
   https://bugzilla.suse.com/1173746
   https://bugzilla.suse.com/1173776
   https://bugzilla.suse.com/1173817
   https://bugzilla.suse.com/1173818
   https://bugzilla.suse.com/1173820
   https://bugzilla.suse.com/1173822
   https://bugzilla.suse.com/1173823
   https://bugzilla.suse.com/1173824
   https://bugzilla.suse.com/1173825
   https://bugzilla.suse.com/1173826
   https://bugzilla.suse.com/1173827
   https://bugzilla.suse.com/1173828
   https://bugzilla.suse.com/1173830
   https://bugzilla.suse.com/1173831
   https://bugzilla.suse.com/1173832
   https://bugzilla.suse.com/1173833
   https://bugzilla.suse.com/1173834
   https://bugzilla.suse.com/1173836
   https://bugzilla.suse.com/1173837
   https://bugzilla.suse.com/1173838
   https://bugzilla.suse.com/1173839
   https://bugzilla.suse.com/1173841
   https://bugzilla.suse.com/1173843
   https://bugzilla.suse.com/1173844
   https://bugzilla.suse.com/1173845
   https://bugzilla.suse.com/1173847
   https://bugzilla.suse.com/1173860
   https://bugzilla.suse.com/1173894
   https://bugzilla.suse.com/1174018
   https://bugzilla.suse.com/1174244
   https://bugzilla.suse.com/1174345

--