SUSE: 2020:0605-1 moderate: the Linux Kernel
Summary
The SUSE Linux Enterprise 12 SP5 real-time kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-14615: An information disclosure vulnerability existed due to
insufficient control flow in certain data structures for some Intel(R)
Processors (bnc#1160195).
- CVE-2019-14896: A heap overflow was found in the add_ie_rates() function
of the Marvell Wifi Driver (bsc#1157157).
- CVE-2019-14897: A stack overflow was found in the
lbs_ibss_join_existing() function of the Marvell Wifi Driver
(bsc#1157155).
- CVE-2019-16994: A memory leak existed in sit_init_net() in
net/ipv6/sit.c which might have caused denial of service, aka
CID-07f12b26e21a (bnc#1161523).
- CVE-2019-19036: An issue discovered in btrfs_root_node in
fs/btrfs/ctree.c allowed a NULL pointer dereference because
rcu_dereference(root->node) can be zero (bnc#1157692).
- CVE-2019-19045: A memory leak in
drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to
cause a denial of service (memory consumption) by triggering
mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).
- CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in
drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a
denial of service (memory consumption) by triggering kfifo_alloc()
failures, aka CID-a7b2df76b42b (bnc#1161518).
- CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a
use-after-free (bnc#1158026).
- CVE-2019-19927: A slab-out-of-bounds read access could have been caused
when mounting a crafted f2fs filesystem image and performing some
operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147).
- CVE-2019-19965: There was a NULL pointer dereference in
drivers/scsi/libsas/sas_discover.c because of mishandling of port
disconnection during discovery, related to a PHY down race condition,
aka CID-f70267f379b5 (bnc#1159911).
- CVE-2020-7053: There was a use-after-free (write) in the
i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka
CID-7dc40713618c (bnc#1160966).
The following non-security bugs were fixed:
- ALSA: hda - Apply sync-write workaround to old Intel platforms, too
(bsc#1111666).
- ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
(bsc#1111666).
- ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666).
- ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th
gen (bsc#1111666).
- ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
(bsc#1111666).
- ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666).
- ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
- ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
(bsc#1111666).
- ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
- ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
- ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI
(bsc#1111666).
- Fix partial checked out tree build ... so that bisection does not break.
- Fix the locking in dcache_readdir() and friends (bsc#1123328).
- HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
- IB/hfi1: Do not cancel unused work item (bsc#1114685 ).
- NFC: pn533: fix bulk-message timeout (bsc#1051510).
- RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
- Temporary workaround for bsc#1159096 should no longer be needed.
- USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
- USB: serial: io_edgeport: add missing active-port sanity check
(bsc#1051510).
- USB: serial: keyspan: handle unbound ports (bsc#1051510).
- USB: serial: opticon: fix control-message timeouts (bsc#1051510).
- USB: serial: quatech2: handle unbound ports (bsc#1051510).
- USB: serial: suppress driver bind attributes (bsc#1051510).
- blk-mq: avoid sysfs buffer overflow with too many CPU cores
(bsc#1159377).
- blk-mq: make sure that line break can be printed (bsc#1159377).
- bnxt: apply computed clamp value for coalece parameter (bsc#1104745).
- bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ).
- bnxt_en: Return error if FW returns more data than dump length
(bsc#1104745).
- bpf/sockmap: Read psock ingress_msg before sk_receive_queue
(bsc#1083647).
- bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647).
- bpf: Reject indirect var_off stack access in raw mode (bsc#1160618).
- bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618).
- bpf: Sanity check max value for var_off stack access (bco#1160618).
- bpf: Support variable offset stack access from helpers (bco#1160618).
- bpf: add self-check logic to liveness analysis (bsc#1160618).
- bpf: add verifier stats and log_level bit 2 (bsc#1160618).
- bpf: improve stacksafe state comparison (bco#1160618).
- bpf: improve verification speed by droping states (bsc#1160618).
- bpf: improve verification speed by not remarking live_read (bsc#1160618).
- bpf: improve verifier branch analysis (bsc#1160618).
- bpf: increase complexity limit and maximum program size (bsc#1160618).
- bpf: increase verifier log limit (bsc#1160618).
- bpf: speed up stacksafe check (bco#1160618).
- bpf: verifier: teach the verifier to reason about the BPF_JSET
instruction (bco#1160618).
- btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
(dependency for bsc#1157692).
- btrfs: fix block group remaining RO forever after error during device
replace (bsc#1160442).
- btrfs: fix infinite loop during nocow writeback due to race
(bsc#1160804).
- btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
- btrfs: fix negative subv_writers counter and data space leak after
buffered write (bsc#1160802).
- btrfs: fix removal logic of the tree mod log that leads to
use-after-free issues (bsc#1160803).
- btrfs: fix selftests failure due to uninitialized i_mode in test inodes
(Fix for dependency of bsc#1157692).
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference
(dependency for bsc#1157692).
- btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
- btrfs: tree-checker: Check chunk item at tree block read time
(dependency for bsc#1157692).
- btrfs: tree-checker: Check level for leaves and nodes (dependency for
bsc#1157692).
- btrfs: tree-checker: Enhance chunk checker to validate chunk profile
(dependency for bsc#1157692).
- btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency
of bsc#1157692).
- btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN
instead of EIO (dependency for bsc#1157692).
- btrfs: tree-checker: Make chunk item checker messages more readable
(dependency for bsc#1157692).
- btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
- btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in block_group_err (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_block_group_item
(dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_extent_data_item
(dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for
bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for
bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for
bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for
bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency
for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in generic_err (dependency for
bsc#1157692).
- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
(bsc#1051510).
- can: mscan: mscan_rx_poll(): fix rx path lockup when returning from
polling to irq mode (bsc#1051510).
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function
(bsc#1051510).
- cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
- cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
- cifs: Close cached root handle only if it had a lease (bsc#1144333).
- cifs: Close open handle after interrupted close (bsc#1144333).
- cifs: Do not miss cancelled OPEN responses (bsc#1144333).
- cifs: Fix NULL pointer dereference in mid callback (bsc#1144333).
- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks
(bsc#1144333).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd()
(bsc#1144333).
- cifs: Fix mount options set in automount (bsc#1144333).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
- cifs: Properly process SMB3 lease breaks (bsc#1144333).
- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
- cifs: add support for flock (bsc#1144333).
- cifs: close the shared root handle on tree disconnect (bsc#1144333).
- cifs: remove set but not used variables 'cinode' and 'netfid'
(bsc#1144333).
- clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes).
- clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
- clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
(bsc#1051510).
- clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
- drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
- drm/i810: Prevent underflow in ioctl (bsc#1114279)
- drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178)
- drm/i915/gvt: set guest display buffer as readonly (bsc#1112178)
- drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178)
- drm/i915: Add missing include file
References
#1050244 #1051510 #1051858 #1065600 #1065729
#1071995 #1083647 #1085030 #1086301 #1086313
#1086314 #1104745 #1109837 #1111666 #1112178
#1112374 #1113956 #1114279 #1114685 #1123328
#1144333 #1151927 #1153917 #1154601 #1157155
#1157157 #1157692 #1158013 #1158026 #1158071
#1159028 #1159096 #1159377 #1159394 #1159588
#1159911 #1160147 #1160195 #1160210 #1160211
#1160433 #1160442 #1160469 #1160470 #1160476
#1160560 #1160618 #1160678 #1160755 #1160756
#1160784 #1160787 #1160802 #1160803 #1160804
#1160917 #1160966 #1161087 #1161243 #1161472
#1161514 #1161518 #1161522 #1161523 #1161549
#1161674 #1161875 #1162028
Cross- CVE-2019-14615 CVE-2019-14896 CVE-2019-14897
CVE-2019-16994 CVE-2019-19036 CVE-2019-19045
CVE-2019-19054 CVE-2019-19318 CVE-2019-19927
CVE-2019-19965 CVE-2020-7053
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP5
https://www.suse.com/security/cve/CVE-2019-14615.html
https://www.suse.com/security/cve/CVE-2019-14896.html
https://www.suse.com/security/cve/CVE-2019-14897.html
https://www.suse.com/security/cve/CVE-2019-16994.html
https://www.suse.com/security/cve/CVE-2019-19036.html
https://www.suse.com/security/cve/CVE-2019-19045.html
https://www.suse.com/security/cve/CVE-2019-19054.html
https://www.suse.com/security/cve/CVE-2019-19318.html
https://www.suse.com/security/cve/CVE-2019-19927.html
https://www.suse.com/security/cve/CVE-2019-19965.html
https://www.suse.com/security/cve/CVE-2020-7053.html
https://bugzilla.suse.com/1050244
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1051858
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1086301
https://bugzilla.suse.com/1086313
https://bugzilla.suse.com/1086314
https://bugzilla.suse.com/1104745
https://bugzilla.suse.com/1109837
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1112374
https://bugzilla.suse.com/1113956
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114685
https://bugzilla.suse.com/1123328
https://bugzilla.suse.com/1144333
https://bugzilla.suse.com/1151927
https://bugzilla.suse.com/1153917
https://bugzilla.suse.com/1154601
https://bugzilla.suse.com/1157155
https://bugzilla.suse.com/1157157
https://bugzilla.suse.com/1157692
https://bugzilla.suse.com/1158013
https://bugzilla.suse.com/1158026
https://bugzilla.suse.com/1158071
https://bugzilla.suse.com/1159028
https://bugzilla.suse.com/1159096
https://bugzilla.suse.com/1159377
https://bugzilla.suse.com/1159394
https://bugzilla.suse.com/1159588
https://bugzilla.suse.com/1159911
https://bugzilla.suse.com/1160147
https://bugzilla.suse.com/1160195
https://bugzilla.suse.com/1160210
https://bugzilla.suse.com/1160211
https://bugzilla.suse.com/1160433
https://bugzilla.suse.com/1160442
https://bugzilla.suse.com/1160469
https://bugzilla.suse.com/1160470
https://bugzilla.suse.com/1160476
https://bugzilla.suse.com/1160560
https://bugzilla.suse.com/1160618
https://bugzilla.suse.com/1160678
https://bugzilla.suse.com/1160755
https://bugzilla.suse.com/1160756
https://bugzilla.suse.com/1160784
https://bugzilla.suse.com/1160787
https://bugzilla.suse.com/1160802
https://bugzilla.suse.com/1160803
https://bugzilla.suse.com/1160804
https://bugzilla.suse.com/1160917
https://bugzilla.suse.com/1160966
https://bugzilla.suse.com/1161087
https://bugzilla.suse.com/1161243
https://bugzilla.suse.com/1161472
https://bugzilla.suse.com/1161514
https://bugzilla.suse.com/1161518
https://bugzilla.suse.com/1161522
https://bugzilla.suse.com/1161523
https://bugzilla.suse.com/1161549
https://bugzilla.suse.com/1161674
https://bugzilla.suse.com/1161875
https://bugzilla.suse.com/1162028