openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0579-1
Rating:             important
References:         #1047233 #1065729 #1113295 #1152489 #1154353 
                    #1155518 #1156395 #1167574 #1175995 #1178181 
                    #1181507 #1183405 #1184074 #1184120 #1184194 
                    #1184211 #1184388 #1184391 #1184393 #1184485 
                    #1184509 #1184511 #1184512 #1184514 #1184583 
                    #1184585 #1184647 
Cross-References:   CVE-2020-25670 CVE-2020-25671 CVE-2020-25672
                    CVE-2020-25673 CVE-2020-36310 CVE-2020-36311
                    CVE-2020-36312 CVE-2020-36322 CVE-2021-28950
                    CVE-2021-29154 CVE-2021-30002 CVE-2021-3483
                   
CVSS scores:
                    CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 15 fixes
   is now available.

Description:

   The openSUSE Linux Leap 15.2 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
   - CVE-2021-30002: Fixed a memory leak for large arguments in
     video_usercopy (bsc#1184120).
   - CVE-2021-29154: Fixed incorrect computation of branch displacements,
     allowing arbitrary code execution (bsc#1184391).
   - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop
     continually was finding the same bad inode (bsc#1184194).
   - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509
     ).
   - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering
     destruction of a large SEV VM (bsc#1184511).
   - CVE-2020-36310: Fixed infinite loop for certain nested page faults
     (bsc#1184512).
   - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed
     multiple bugs in NFC subsytem (bsc#1178181).
   - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem
     implementation which could have caused a system crash (bsc#1184211).

   The following non-security bugs were fixed:

   - ALSA: aloop: Fix initialization of controls (git-fixes).
   - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
   - appletalk: Fix skb allocation size in loopback case (git-fixes).
   - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
   - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
   - ASoC: intel: atom: Remove 44100 sample-rate from the media and
     deep-buffer DAI descriptions (git-fixes).
   - ASoC: intel: atom: Stop advertising non working S24LE support
     (git-fixes).
   - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
   - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
   - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
     (git-fixes).
   - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
     (git-fixes).
   - atl1c: fix error return code in atl1c_probe() (git-fixes).
   - atl1e: fix error return code in atl1e_probe() (git-fixes).
   - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
     (git-fixes).
   - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
   - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
   - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
   - brcmfmac: clear EAP/association status bits on linkdown events
     (git-fixes).
   - bus: ti-sysc: Fix warning on unbind if reset is not deasserted
     (git-fixes).
   - cifs: change noisy error message to FYI (bsc#1181507).
   - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
   - cifs: do not send close in compound create+close requests (bsc#1181507).
   - cifs: New optype for session operations (bsc#1181507).
   - cifs: print MIDs in decimal notation (bsc#1181507).
   - cifs: return proper error code in statfs(2) (bsc#1181507).
   - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
   - clk: fix invalid usage of list cursor in register (git-fixes).
   - clk: fix invalid usage of list cursor in unregister (git-fixes).
   - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
   - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574,
     bsc#1175995, bsc#1184485).
   - drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
     (git-fixes).
   - drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
   - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
     (git-fixes).
   - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
   - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs
     (git-fixes).
   - drm/msm: Ratelimit invalid-fence message (git-fixes).
   - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
   - enetc: Fix reporting of h/w packet counters (git-fixes).
   - fix Patch-mainline:
     patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch
   - fix patch metadata
   - fuse: fix bad inode (bsc#1184211).
   - fuse: fix live lock in fuse_iget() (bsc#1184211).
   - gianfar: Handle error code at MAC address change (git-fixes).
   - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
   - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
   - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
   - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
   - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
   - libbpf: Fix INSTALL flag order (bsc#1155518).
   - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
   - locking/mutex: Fix non debug version of mutex_lock_io_nested()
     (git-fixes).
   - mac80211: choose first enabled channel for monitor (git-fixes).
   - mac80211: fix TXQ AC confusion (git-fixes).
   - mISDN: fix crash in fritzpci (git-fixes).
   - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
   - net: b44: fix error return code in b44_init_one() (git-fixes).
   - net: ethernet: ti: cpsw: fix error return code in cpsw_probe()
     (git-fixes).
   - net: hns3: Remove the left over redundant check & assignment
     (bsc#1154353).
   - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
   - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
   - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
   - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
   - net: qualcomm: rmnet: Fix incorrect receive packet handling during
     cleanup (git-fixes).
   - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
   - net: wan/lmc: unregister device when no matching device is found
     (git-fixes).
   - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2
     (git-fixes).
   - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state
     (git-fixes).
   - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
   - post.sh: Return an error when module update fails (bsc#1047233
     bsc#1184388).
   - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
     (bsc#1065729).
   - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
   - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
   - powerpc/sstep: Check instruction validity against ISA version before
     emulation (bsc#1156395).
   - powerpc/sstep: Fix darn emulation (bsc#1156395).
   - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
   - powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
   - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
   - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
   - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
   - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
   - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package
     (bsc#1184514) The devel package requires the kernel binary package
     itself for building modules externally.
   - samples/bpf: Fix possible hang in xdpsock with multiple threads
     (bsc#1155518).
   - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647
     ltc#191231).
   - smb3: add dynamic trace point to trace when credits obtained
     (bsc#1181507).
   - smb3: fix crediting for compounding when only one request in flight
     (bsc#1181507).
   - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
   - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes).
   - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes).
   - thermal/core: Add NULL pointer check before using cooling device stats
     (git-fixes).
   - USB: cdc-acm: downgrade message to debug (git-fixes).
   - USB: cdc-acm: untangle a circular dependency between callback and
     softint (git-fixes).
   - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
     (git-fixes).
   - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
     (git-fixes).
   - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
     (bsc#1152489).
   - x86/ioapic: Ignore IRQ2 again (bsc#1152489).
   - x86/mem_encrypt: Correct physical address calculation in
     __set_clr_pte_enc() (bsc#1152489).
   - xen/events: fix setting irq affinity (bsc#1184583).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-579=1



Package List:

   - openSUSE Leap 15.2 (x86_64):

      kernel-debug-5.3.18-lp152.72.1
      kernel-debug-debuginfo-5.3.18-lp152.72.1
      kernel-debug-debugsource-5.3.18-lp152.72.1
      kernel-debug-devel-5.3.18-lp152.72.1
      kernel-debug-devel-debuginfo-5.3.18-lp152.72.1
      kernel-default-5.3.18-lp152.72.1
      kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1
      kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1
      kernel-default-debuginfo-5.3.18-lp152.72.1
      kernel-default-debugsource-5.3.18-lp152.72.1
      kernel-default-devel-5.3.18-lp152.72.1
      kernel-default-devel-debuginfo-5.3.18-lp152.72.1
      kernel-kvmsmall-5.3.18-lp152.72.1
      kernel-kvmsmall-debuginfo-5.3.18-lp152.72.1
      kernel-kvmsmall-debugsource-5.3.18-lp152.72.1
      kernel-kvmsmall-devel-5.3.18-lp152.72.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.72.1
      kernel-obs-build-5.3.18-lp152.72.1
      kernel-obs-build-debugsource-5.3.18-lp152.72.1
      kernel-obs-qa-5.3.18-lp152.72.1
      kernel-preempt-5.3.18-lp152.72.1
      kernel-preempt-debuginfo-5.3.18-lp152.72.1
      kernel-preempt-debugsource-5.3.18-lp152.72.1
      kernel-preempt-devel-5.3.18-lp152.72.1
      kernel-preempt-devel-debuginfo-5.3.18-lp152.72.1
      kernel-syms-5.3.18-lp152.72.1

   - openSUSE Leap 15.2 (noarch):

      kernel-devel-5.3.18-lp152.72.1
      kernel-docs-5.3.18-lp152.72.1
      kernel-docs-html-5.3.18-lp152.72.1
      kernel-macros-5.3.18-lp152.72.1
      kernel-source-5.3.18-lp152.72.1
      kernel-source-vanilla-5.3.18-lp152.72.1


References:

   https://www.suse.com/security/cve/CVE-2020-25670.html
   https://www.suse.com/security/cve/CVE-2020-25671.html
   https://www.suse.com/security/cve/CVE-2020-25672.html
   https://www.suse.com/security/cve/CVE-2020-25673.html
   https://www.suse.com/security/cve/CVE-2020-36310.html
   https://www.suse.com/security/cve/CVE-2020-36311.html
   https://www.suse.com/security/cve/CVE-2020-36312.html
   https://www.suse.com/security/cve/CVE-2020-36322.html
   https://www.suse.com/security/cve/CVE-2021-28950.html
   https://www.suse.com/security/cve/CVE-2021-29154.html
   https://www.suse.com/security/cve/CVE-2021-30002.html
   https://www.suse.com/security/cve/CVE-2021-3483.html
   https://bugzilla.suse.com/1047233
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1113295
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1155518
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1167574
   https://bugzilla.suse.com/1175995
   https://bugzilla.suse.com/1178181
   https://bugzilla.suse.com/1181507
   https://bugzilla.suse.com/1183405
   https://bugzilla.suse.com/1184074
   https://bugzilla.suse.com/1184120
   https://bugzilla.suse.com/1184194
   https://bugzilla.suse.com/1184211
   https://bugzilla.suse.com/1184388
   https://bugzilla.suse.com/1184391
   https://bugzilla.suse.com/1184393
   https://bugzilla.suse.com/1184485
   https://bugzilla.suse.com/1184509
   https://bugzilla.suse.com/1184511
   https://bugzilla.suse.com/1184512
   https://bugzilla.suse.com/1184514
   https://bugzilla.suse.com/1184583
   https://bugzilla.suse.com/1184585
   https://bugzilla.suse.com/1184647

openSUSE: 2021:0579-1 important: the Linux Kernel

April 19, 2021
An update that solves 12 vulnerabilities and has 15 fixes is now available

Description

The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - fix Patch-mainline: patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch - fix patch metadata - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - gianfar: Handle error code at MAC address change (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: wan/lmc: unregister device when no matching device is found (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: fix setting irq affinity (bsc#1184583). Special Instructions and Notes: Please reboot the system after installing this update.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-579=1


Package List

- openSUSE Leap 15.2 (x86_64): kernel-debug-5.3.18-lp152.72.1 kernel-debug-debuginfo-5.3.18-lp152.72.1 kernel-debug-debugsource-5.3.18-lp152.72.1 kernel-debug-devel-5.3.18-lp152.72.1 kernel-debug-devel-debuginfo-5.3.18-lp152.72.1 kernel-default-5.3.18-lp152.72.1 kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 kernel-default-debuginfo-5.3.18-lp152.72.1 kernel-default-debugsource-5.3.18-lp152.72.1 kernel-default-devel-5.3.18-lp152.72.1 kernel-default-devel-debuginfo-5.3.18-lp152.72.1 kernel-kvmsmall-5.3.18-lp152.72.1 kernel-kvmsmall-debuginfo-5.3.18-lp152.72.1 kernel-kvmsmall-debugsource-5.3.18-lp152.72.1 kernel-kvmsmall-devel-5.3.18-lp152.72.1 kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.72.1 kernel-obs-build-5.3.18-lp152.72.1 kernel-obs-build-debugsource-5.3.18-lp152.72.1 kernel-obs-qa-5.3.18-lp152.72.1 kernel-preempt-5.3.18-lp152.72.1 kernel-preempt-debuginfo-5.3.18-lp152.72.1 kernel-preempt-debugsource-5.3.18-lp152.72.1 kernel-preempt-devel-5.3.18-lp152.72.1 kernel-preempt-devel-debuginfo-5.3.18-lp152.72.1 kernel-syms-5.3.18-lp152.72.1 - openSUSE Leap 15.2 (noarch): kernel-devel-5.3.18-lp152.72.1 kernel-docs-5.3.18-lp152.72.1 kernel-docs-html-5.3.18-lp152.72.1 kernel-macros-5.3.18-lp152.72.1 kernel-source-5.3.18-lp152.72.1 kernel-source-vanilla-5.3.18-lp152.72.1


References

https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184074 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184485 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184585 https://bugzilla.suse.com/1184647


Severity
Announcement ID: openSUSE-SU-2021:0579-1
Rating: important
Affected Products: openSUSE Leap 15.2 ble.

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved