
   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1693-1
Rating:             important
References:         #1051510 #1065729 #1071995 #1085030 #1111666 
                    #1113956 #1114279 #1144333 #1148868 #1158983 
                    #1161016 #1162063 #1166985 #1168081 #1169194 
                    #1170592 #1171904 #1172458 #1172472 #1172537 
                    #1172538 #1172759 #1172775 #1172781 #1172782 
                    #1172783 #1172884 
Cross-References:   CVE-2019-20810 CVE-2020-10766 CVE-2020-10767
                    CVE-2020-10768 CVE-2020-13974
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 22 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-10768: The prctl() function could be used to enable indirect
     branch speculation even after it has been disabled. (bnc#1172783)
   - CVE-2020-10766: A bug in the logic handling could allow an attacker with
     a local account to disable SSBD protection. (bnc#1172781)
   - CVE-2020-10767: A IBPB would be disabled when STIBP was not available or
     when Enhanced Indirect Branch Restricted Speculation (IBRS) was
     available. This is unexpected behaviour could leave the system open to a
     spectre v2 style attack (bnc#1172782)
   - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if
     k_ascii was called several times in a row (bnc#1172775)
   - CVE-2019-20810: go7007_snd_init did not call snd_card_free for a failure
     path, which caused a memory leak (bnc#1172458)

   The following non-security bugs were fixed:

   - ACPI: PM: Avoid using power resources if there are none for D0
     (bsc#1051510).
   - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
   - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio
     (bsc#1111666).
   - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666).
   - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666).
   - ALSA: hda/realtek - Fix unused variable warning w/o
     CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666).
   - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO
     (bsc#1111666).
   - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
     (bsc#1111666).
   - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666).
   - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up
     (bsc#1111666).
   - ALSA: pcm: disallow linking stream to itself (bsc#1111666).
   - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666).
   - ALSA: usb-audio: Add duplex sound support for USB devices using implicit
     feedback (bsc#1111666).
   - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
     Dock (bsc#1111666).
   - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666).
   - ALSA: usb-audio: Fix inconsistent card PM state after resume
     (bsc#1111666).
   - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666).
   - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666).
   - ALSA: usb-audio: Use the new macro for HP Dock rename quirks
     (bsc#1111666).
   - CDC-ACM: heed quirk also in error handling (git-fixes).
   - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
   - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
     (bsc#1171904).
   - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
   - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
     (bsc#1170592).
   - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
   - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes).
   - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
     (bsc#1051510).
   - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
   - PCI: Fix pci_register_host_bridge() device_register() error handling
     (bsc#1051510).
   - PCI: Program MPS for RCiEP devices (bsc#1051510).
   - RDMA/efa: Fix setting of wrong bit in get/set_feature commands
     (bsc#1111666)
   - RDMA/efa: Support remote read access in MR registration (bsc#1111666)
   - RDMA/efa: Unified getters/setters for device structs bitmask access
     (bsc#1111666)
   - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
     s3c2410_udc_nuke (bsc#1051510).
   - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
     (bsc#1051510).
   - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
   - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510).
   - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors     (bsc#1051510).
   - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors     (git-fixes).
   - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423).
   - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
   - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
   - block: sed-opal: fix sparse warning: convert __be64 data (git fixes
     (block drivers)).
   - brcmfmac: fix wrong location to get firmware feature (bsc#1111666).
   - btrfs: do not zero f_bavail if we have available space (bsc#1168081).
   - btrfs: do not zero f_bavail if we have available space (bsc#1168081).
   - char/random: Add a newline at the end of the file (jsc#SLE-12423).
   - cifs: get rid of unused parameter in reconn_setup_dfs_targets()
     (bsc#1144333).
   - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333
     bsc#1161016).
   - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333
     bsc#1161016).
   - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
   - clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
   - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
   - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block
     drivers)).
   - compat_ioctl: block: handle Persistent Reservations (git fixes (block
     drivers)).
   - copy_{to,from}_user(): consolidate object size checks (git fixes).
   - crypto: caam - update xts sector size for large input length
     (bsc#1111666).
   - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666).
   - dm btree: increase rebalance threshold in __rebalance2() (git fixes
     (block drivers)).
   - dm cache: fix a crash due to incorrect work item cancelling (git fixes
     (block drivers)).
   - dm crypt: fix benbi IV constructor crash if used in authenticated mode
     (git fixes (block drivers)).
   - dm space map common: fix to ensure new block isn't already in use (git
     fixes (block drivers)).
   - dm verity fec: fix hash block number in verity_fec_decode (git fixes
     (block drivers)).
   - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block
     drivers)).
   - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block
     drivers)).
   - dm: various cleanups to md->queue initialization code (git fixes).
   - dmaengine: tegra210-adma: Fix an error handling path in
     'tegra_adma_probe()' (bsc#1111666).
   - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static
     (bsc#1051510).
   - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
     (bsc#1111666).
   - drm: amd/display: fix Kconfig help text (bsc#1113956)
   - efi/random: Increase size of firmware supplied randomness
     (jsc#SLE-12423).
   - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness
     (jsc#SLE-12423).
   - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423).
   - efi: Reorder pr_notice() with add_device_randomness() call
     (jsc#SLE-12423).
   - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
   - evm: Fix a small race in init_desc() (bsc#1051510).
   - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
     (bsc#1051510).
   - fdt: Update CRC check for rng-seed (jsc#SLE-12423).
   - fdt: add support for rng-seed (jsc#SLE-12423).
   - firmware: imx: scu: Fix corruption of header (git-fixes).
   - firmware: imx: scu: Fix possible memory leak in imx_scu_probe()
     (bsc#1111666).
   - firmware: revert letter case change which broke compatibility with the
     SAP license generator (bsc#1172472).
   - fpga: dfl: afu: Corrected error handling levels (git-fixes).
   - fs/reiserfs: Reenabled reiserfs (bsc#1172884)
   - gpiolib: Document that GPIO line names are not globally unique
     (bsc#1051510).
   - gpu: ipu-v3: pre: do not trigger update if buffer address does not
     change (bsc#1111666).
   - iio: buffer: Do not allow buffers without any channels enabled to be
     activated (bsc#1051510).
   - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
   - ima: Directly assign the ima_default_policy pointer to ima_rules
     (bsc#1051510).
   - ima: Fix ima digest hash table key calculation (bsc#1051510).
   - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
     (bsc#1148868).
   - kabi: ppc64le: prevent struct dma_map_ops to become defined
     (jsc#SLE-12423).
   - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
   - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
   - livepatch: Disallow vmlinux.ko (bsc#1071995).
   - livepatch: Make klp_apply_object_relocs static (bsc#1071995).
   - livepatch: Prevent module-specific KLP rela sections from referencing
     vmlinux symbols (bsc#1071995).
   - livepatch: Remove .klp.arch (bsc#1071995).
   - mac80211: add option for setting control flags (bsc#1111666).
   - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX
     (bsc#1111666).
   - mailbox: imx: Disable the clock on devm_mbox_controller_register()
     failure (git-fixes).
   - md: Avoid namespace collision with bitmap API (git fixes (block
     drivers)).
   - md: use memalloc scope APIs in mddev_suspend()/mddev_resume()
     (bsc#1166985)).
   - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes
     (block drivers)).
   - mdraid: fix read/write bytes accounting (bsc#1172537).
   - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666).
   - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666).
   - mmc: fix compilation of user API (bsc#1051510).
   - netfilter: connlabels: prefer static lock initialiser (git-fixes).
   - netfilter: not mark a spinlock as __read_mostly (git-fixes).
   - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666).
   - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983
     bsc#1172538).
   - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed
     (bsc#1158983 bsc#1172538).
   - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983
     bsc#1172538).
   - overflow.h: Add arithmetic shift helper (git fixes).
   - overflow: Fix -Wtype-limits compilation warnings (git fixes).
   - p54usb: add AirVasT USB stick device-id (bsc#1051510).
   - pcm_native: result of put_user() needs to be checked (bsc#1111666).
   - perf, pt, coresight: Fix address filters for vmas with non-zero offset
     (git-fixes).
   - perf, pt, coresight: Fix address filters for vmas with non-zero offset
     (git-fixes).
   - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
   - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
   - perf/core: Add sanity check to deal with pinned event failure
     (git-fixes).
   - perf/core: Add sanity check to deal with pinned event failure
     (git-fixes).
   - perf/core: Avoid freeing static PMU contexts when PMU is unregistered
     (git-fixes).
   - perf/core: Avoid freeing static PMU contexts when PMU is unregistered
     (git-fixes).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
   - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
   - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
   - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent
     patch)).
   - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent
     patch)).
   - perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
   - perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
   - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
   - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
   - perf/core: Fix error handling in perf_event_alloc() (git-fixes).
   - perf/core: Fix error handling in perf_event_alloc() (git-fixes).
   - perf/core: Fix exclusive events' grouping (git-fixes).
   - perf/core: Fix exclusive events' grouping (git-fixes).
   - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
   - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
   - perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
   - perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
   - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes
     (dependent patch for 18736eef1213)).
   - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes
     (dependent patch for 18736eef1213)).
   - perf/core: Fix locking for children siblings group read (git-fixes).
   - perf/core: Fix locking for children siblings group read (git-fixes).
   - perf/core: Fix perf_event_read_value() locking (git-fixes).
   - perf/core: Fix perf_event_read_value() locking (git-fixes).
   - perf/core: Fix perf_pmu_unregister() locking (git-fixes).
   - perf/core: Fix perf_pmu_unregister() locking (git-fixes).
   - perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
   - perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
   - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
   - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
   - perf/core: Fix race between close() and fork() (git-fixes).
   - perf/core: Fix race between close() and fork() (git-fixes).
   - perf/core: Fix the address filtering fix (git-fixes).
   - perf/core: Fix the address filtering fix (git-fixes).
   - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
   - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
   - perf/core: Force USER_DS when recording user stack data (git-fixes).
   - perf/core: Force USER_DS when recording user stack data (git-fixes).
   - perf/core: Restore mmap record type correctly (git-fixes).
   - perf/core: Restore mmap record type correctly (git-fixes).
   - perf/ioctl: Add check for the sample_period value (git-fixes).
   - perf/ioctl: Add check for the sample_period value (git-fixes).
   - perf/x86/pt, coresight: Clean up address filter structure (git fixes
     (dependent patch)).
   - perf: Allocate context task_ctx_data for child event (git-fixes).
   - perf: Allocate context task_ctx_data for child event (git-fixes).
   - perf: Copy parent's address filter offsets on clone (git-fixes).
   - perf: Copy parent's address filter offsets on clone (git-fixes).
   - perf: Fix header.size for namespace events (git-fixes).
   - perf: Fix header.size for namespace events (git-fixes).
   - perf: Return proper values for user stack errors (git-fixes).
   - perf: Return proper values for user stack errors (git-fixes).
   - pid: Improve the comment about waiting in zap_pid_ns_processes (git
     fixes)).
   - pinctrl: freescale: imx: Fix an error handling path in
     'imx_pinctrl_probe()' (bsc#1051510).
   - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
     (bsc#1051510).
   - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE
     GPIOs (bsc#1051510).
   - platform/x86: dell-laptop: do not register micmute LED if there is no
     token (bsc#1111666).
   - pnp: Use list_for_each_entry() instead of open coding (git fixes).
   - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with
     select (bsc#1051510).
   - power: supply: lp8788: Fix an error handling path in
     'lp8788_charger_probe()' (bsc#1051510).
   - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
   - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
   - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
     (bsc#1065729).
   - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
   - raid5: remove gfp flags from scribble_alloc() (bsc#1166985).
   - raid5: remove gfp flags from scribble_alloc() (git fixes (block
     drivers)).
   - resolve KABI warning for perf-pt-coresight (git-fixes).
   - resolve KABI warning for perf-pt-coresight (git-fixes).
   - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
   - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM
     (bsc#1172759 ltc#184814).
   - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510).
   - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666).
   - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
   - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
   - tty: n_gsm: Fix SOF skipping (bsc#1051510).
   - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
   - tty: n_gsm: Fix waking up upper tty layer when room available
     (bsc#1051510).
   - usb: dwc2: gadget: move gadget resume after the core is in L0 state
     (bsc#1051510).
   - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null
     check (bsc#1051510).
   - usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
   - usb: musb: start session in resume for host port (bsc#1051510).
   - virtio-blk: handle block_device_operations callbacks after hot unplug
     (git fixes (block drivers)).
   - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
     (bsc#1051510).
   - watchdog: sp805: fix restart handler (bsc#1111666).
   - wil6210: add general initialization/size checks (bsc#1111666).
   - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666).
   - wil6210: ignore HALP ICR if already handled (bsc#1111666).
   - work around mvfs bug (bsc#1162063).
   - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
   - x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
   - xfrm: fix error in comment (git fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2020-1693=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1693=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1693=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2020-1693=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.26.1
      kernel-default-debugsource-4.12.14-122.26.1
      kernel-default-extra-4.12.14-122.26.1
      kernel-default-extra-debuginfo-4.12.14-122.26.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.26.1
      kernel-obs-build-debugsource-4.12.14-122.26.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.26.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.26.1
      kernel-default-base-4.12.14-122.26.1
      kernel-default-base-debuginfo-4.12.14-122.26.1
      kernel-default-debuginfo-4.12.14-122.26.1
      kernel-default-debugsource-4.12.14-122.26.1
      kernel-default-devel-4.12.14-122.26.1
      kernel-syms-4.12.14-122.26.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.26.1
      kernel-macros-4.12.14-122.26.1
      kernel-source-4.12.14-122.26.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.26.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.26.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.26.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.26.1
      dlm-kmp-default-4.12.14-122.26.1
      dlm-kmp-default-debuginfo-4.12.14-122.26.1
      gfs2-kmp-default-4.12.14-122.26.1
      gfs2-kmp-default-debuginfo-4.12.14-122.26.1
      kernel-default-debuginfo-4.12.14-122.26.1
      kernel-default-debugsource-4.12.14-122.26.1
      ocfs2-kmp-default-4.12.14-122.26.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.26.1


References:

   https://www.suse.com/security/cve/CVE-2019-20810.html
   https://www.suse.com/security/cve/CVE-2020-10766.html
   https://www.suse.com/security/cve/CVE-2020-10767.html
   https://www.suse.com/security/cve/CVE-2020-10768.html
   https://www.suse.com/security/cve/CVE-2020-13974.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1111666
   https://bugzilla.suse.com/1113956
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1144333
   https://bugzilla.suse.com/1148868
   https://bugzilla.suse.com/1158983
   https://bugzilla.suse.com/1161016
   https://bugzilla.suse.com/1162063
   https://bugzilla.suse.com/1166985
   https://bugzilla.suse.com/1168081
   https://bugzilla.suse.com/1169194
   https://bugzilla.suse.com/1170592
   https://bugzilla.suse.com/1171904
   https://bugzilla.suse.com/1172458
   https://bugzilla.suse.com/1172472
   https://bugzilla.suse.com/1172537
   https://bugzilla.suse.com/1172538
   https://bugzilla.suse.com/1172759
   https://bugzilla.suse.com/1172775
   https://bugzilla.suse.com/1172781
   https://bugzilla.suse.com/1172782
   https://bugzilla.suse.com/1172783
   https://bugzilla.suse.com/1172884

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:1693-1 important: the Linux Kernel

June 19, 2020

An update that solves 5 vulnerabilities and has 22 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10768: The prctl() function could be used to enable indirect branch speculation even after it has been disabled. (bnc#1172783) - CVE-2020-10766: A bug in the logic handling could allow an attacker with a local account to disable SSBD protection. (bnc#1172781) - CVE-2020-10767: A IBPB would be disabled when STIBP was not available or when Enhanced Indirect Branch Restricted Speculation (IBRS) was available. This is unexpected behaviour could leave the system open to a spectre v2 style attack (bnc#1172782) - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii was called several times in a row (bnc#1172775) - CVE-2019-20810: go7007_snd_init did not call snd_card_free for a failure path, which caused a memory leak (bnc#1172458) The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm: amd/display: fix Kconfig help text (bsc#1113956) - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - fdt: add support for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - firmware: revert letter case change which broke compatibility with the SAP license generator (bsc#1172472). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fs/reiserfs: Reenabled reiserfs (bsc#1172884) - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - overflow.h: Add arithmetic shift helper (git fixes). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - resolve KABI warning for perf-pt-coresight (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - xfrm: fix error in comment (git fixes).

References

#1051510 #1065729 #1071995 #1085030 #1111666

#1113956 #1114279 #1144333 #1148868 #1158983

#1161016 #1162063 #1166985 #1168081 #1169194

#1170592 #1171904 #1172458 #1172472 #1172537

#1172538 #1172759 #1172775 #1172781 #1172782

#1172783 #1172884

Cross- CVE-2019-20810 CVE-2020-10766 CVE-2020-10767

CVE-2020-10768 CVE-2020-13974

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

https://www.suse.com/security/cve/CVE-2019-20810.html

https://www.suse.com/security/cve/CVE-2020-10766.html

https://www.suse.com/security/cve/CVE-2020-10767.html

https://www.suse.com/security/cve/CVE-2020-10768.html

https://www.suse.com/security/cve/CVE-2020-13974.html

https://bugzilla.suse.com/1051510

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1085030

https://bugzilla.suse.com/1111666

https://bugzilla.suse.com/1113956

https://bugzilla.suse.com/1114279

https://bugzilla.suse.com/1144333

https://bugzilla.suse.com/1148868

https://bugzilla.suse.com/1158983

https://bugzilla.suse.com/1161016

https://bugzilla.suse.com/1162063

https://bugzilla.suse.com/1166985

https://bugzilla.suse.com/1168081

https://bugzilla.suse.com/1169194

https://bugzilla.suse.com/1170592

https://bugzilla.suse.com/1171904

https://bugzilla.suse.com/1172458

https://bugzilla.suse.com/1172472

https://bugzilla.suse.com/1172537

https://bugzilla.suse.com/1172538

https://bugzilla.suse.com/1172759

https://bugzilla.suse.com/1172775

https://bugzilla.suse.com/1172781

https://bugzilla.suse.com/1172782

https://bugzilla.suse.com/1172783

https://bugzilla.suse.com/1172884

Severity

Announcement ID: SUSE-SU-2020:1693-1

Rating: important

What Are You Looking For?

SUSE: 2020:1693-1 important: the Linux Kernel

Summary

References

Kubernetes Security on AWS: A Practical Guide

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

What Are You Looking For?

SUSE: 2020:1693-1 important: the Linux Kernel

Summary

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By