Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:2102-1 important: the Linux Kernel

    Date
    201
    Posted By
    An update that solves four vulnerabilities and has 41 fixes is now available.
    
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:2102-1
    Rating:             important
    References:         #1065729 #1152472 #1152489 #1153274 #1154353 
                        #1154488 #1155518 #1155798 #1165933 #1167773 
                        #1168959 #1169771 #1171857 #1171988 #1172201 
                        #1173074 #1173849 #1173941 #1174072 #1174116 
                        #1174126 #1174127 #1174128 #1174129 #1174185 
                        #1174205 #1174247 #1174263 #1174264 #1174331 
                        #1174332 #1174333 #1174356 #1174362 #1174396 
                        #1174398 #1174407 #1174409 #1174411 #1174438 
                        #1174462 #1174513 #1174527 #1174627 #1174645 
                        
    Cross-References:   CVE-2020-0305 CVE-2020-10135 CVE-2020-10781
                        CVE-2020-14331
    Affected Products:
                        SUSE Linux Enterprise Module for Public Cloud 15-SP2
    ______________________________________________________________________________
    
       An update that solves four vulnerabilities and has 41 fixes
       is now available.
    
    Description:
    
       The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive
       various security and bugfixes.
    
    
       The following security bugs were fixed:
    
       - CVE-2020-10781: Fixed a denial of service issue in the ZRAM
         implementation (bnc#1173074).
       - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
         use-after-free due to a race condition. This could lead to local
         escalation of privilege with System execution privileges needed. User
         interaction is not needed for exploitation (bnc#1174462).
       - CVE-2020-10135: Legacy pairing and secure-connections pairing
         authentication in bluetooth may have allowed an unauthenticated user to
         complete authentication without pairing credentials via adjacent access.
         An unauthenticated, adjacent attacker could impersonate a Bluetooth
         BR/EDR master or slave to pair with a previously paired remote device to
         successfully complete the authentication procedure without knowing the
         link key (bnc#1171988).
       - CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update()
         (bnc#1174205).
    
       The following non-security bugs were fixed:
    
       - ACPICA: Dispatcher: add status checks (git-fixes).
       - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes).
       - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes).
       - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes).
       - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL
         (jsc#SLE-13261).
       - ALSA: hda/realtek - change to suitable link model for ASUS platform
         (git-fixes).
       - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
         ALC256 (git-fixes).
       - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401)
         series with ALC289 (git-fixes).
       - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes).
       - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes).
       - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
         Notebook Pen S (git-fixes).
       - ALSA: hda/realtek - fixup for yet another Intel reference board
         (git-fixes).
       - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
       - ALSA: line6: Perform sanity check for each URB creation (git-fixes).
       - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes).
       - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight
         S (git-fixes).
       - ALSA: usb-audio: Fix race against the error recovery URB submission
         (git-fixes).
       - apparmor: ensure that dfa state tables have entries (git-fixes).
       - apparmor: fix introspection of of task mode for unconfined tasks
         (git-fixes).
       - apparmor: Fix memory leak of profile proxy (git-fixes).
       - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes).
       - apparmor: remove useless aafs_create_symlink (git-fixes).
       - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
         (bsc#1174398).
       - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
         (bsc#1174398).
       - ASoC: codecs: max98373: Removed superfluous volume control from chip
         default (git-fixes).
       - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend
         (git-fixes).
       - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes).
       - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes).
       - ASoC: rt286: fix unexpected interrupt happens (git-fixes).
       - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the
         Lenovo Miix 2 10 (git-fixes).
       - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
       - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of
         10 (git-fixes).
       - ASoC: rt5682: Report the button event in the headset type only
         (git-fixes).
       - ASoC: topology: fix kernel oops on route addition error (git-fixes).
       - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes).
       - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes).
       - ASoC: wm8974: remove unsupported clock mode (git-fixes).
       - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes).
       - ath9k: Fix regression with Atheros 9271 (git-fixes).
       - ax88172a: fix ax88172a_unbind() failures (git-fixes).
       - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
         (bsc#1165933).
       - bnxt_en: Init ethtool link settings after reading updated PHY
         configuration (jsc#SLE-8371 bsc#1153274).
       - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518).
       - brcmfmac: Transform compatible string for FW loading (bsc#1169771).
       - bridge: Avoid infinite loop when suppressing NS messages with invalid
         options (networking-stable-20_06_10).
       - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes).
       - btrfs: add assertions for tree == inode->io_tree to extent IO helpers
         (bsc#1174438).
       - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range
         (bsc#1174438).
       - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
         (bsc#1174438).
       - btrfs: fix hang on snapshot creation after RWF_NOWAIT write
         (bsc#1174438).
       - btrfs: fix RWF_NOWAIT write not failling when we need to cow
         (bsc#1174438).
       - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO
         (bsc#1174438).
       - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
       - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes).
       - dccp: Fix possible memleak in dccp_init and dccp_fini
         (networking-stable-20_06_16).
       - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
       - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
       - /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
       - dmaengine: dmatest: stop completed threads when running without set
         channel (git-fixes).
       - dmaengine: dw: Initialize channel before each transfer (git-fixes).
       - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes).
       - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
         (git-fixes).
       - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes).
       - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler
         (git-fixes).
       - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes).
       - dm: do not use waitqueue for request-based DM (bsc#1165933).
       - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396).
       - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396).
       - drm/amd/display: Use kfree() to free rgb_user in
         calculate_user_regamma_ramp() (git-fixes).
       - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes).
       - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes).
       - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes).
       - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes).
       - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472)
       - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes).
       - drm/exynos: Properly propagate return value in drm_iommu_attach_device()
         (git-fixes).
       - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489)
       - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes).
       - drm/i915/gt: Only swap to a random sibling once upon creation
         (bsc#1152489)
       - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.
         (bsc#1152489)
       - drm: mcde: Fix display initialization problem (git-fixes).
       - drm/mediatek: Check plane visibility in atomic_update (git-fixes).
       - drm/msm/dpu: allow initialization of encoder locks during encoder init
         (git-fixes).
       - drm/msm: fix potential memleak in error branch (git-fixes).
       - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
         (git-fixes).
       - drm: panel-orientation-quirks: Use generic orientation-data for Acer
         S1003 (git-fixes).
       - drm/radeon: fix double free (git-fixes).
       - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes).
       - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes).
       - drm/tegra: hub: Do not enable orphaned window group (git-fixes).
       - exfat: add missing brelse() calls on error paths (git-fixes).
       - exfat: fix incorrect update of stream entry in __exfat_truncate()
         (git-fixes).
       - exfat: fix memory leak in exfat_parse_param() (git-fixes).
       - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes).
       - fpga: dfl: fix bug in port reset handshake (git-fixes).
       - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config
         file
       - fuse: copy_file_range should truncate cache (git-fixes).
       - fuse: fix copy_file_range cache issues (git-fixes).
       - geneve: fix an uninitialized value in geneve_changelink() (git-fixes).
       - gpio: pca953x: disable regmap locking for automatic address incrementing
         (git-fixes).
       - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes).
       - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
         (git-fixes).
       - gpu: host1x: Detach driver on unregister (git-fixes).
       - habanalabs: increase timeout during reset (git-fixes).
       - HID: logitech-hidpp: avoid repeated "multiplier = " log messages
         (git-fixes).
       - HID: magicmouse: do not set up autorepeat (git-fixes).
       - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes).
       - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes).
       - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
         (git-fixes).
       - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
         path (git-fixes).
       - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
         (git-fixes).
       - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes).
       - i2c: eg20t: Load module automatically if ID matches (git-fixes).
       - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes).
       - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes).
       - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes).
       - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes).
       - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes).
       - i40iw: Report correct firmware version (git-fixes).
       - IB/cma: Fix ports memory leak in cma_configfs (git-fixes).
       - IB/core: Fix potential NULL pointer dereference in pkey cache
         (git-fixes).
       - IB/hfi1: Do not destroy hfi1_wq when the device is shut down
         (bsc#1174409).
       - IB/hfi1: Do not destroy link_wq when the device is shut down
         (bsc#1174409).
       - IB/hfi1: Ensure pq is not left on waitlist (git-fixes).
       - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411).
       - IB/hfi1: Fix memory leaks in sysfs registration and unregistration
         (git-fixes).
       - IB/hfi1: Fix module use count flaw due to leftover module put calls
         (bsc#1174407).
       - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes).
       - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
         (git-fixes).
       - IB/mad: Fix use after free when destroying MAD agent (git-fixes).
       - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes).
       - IB/mlx5: Fix 50G per lane indication (git-fixes).
       - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
         (git-fixes).
       - IB/mlx5: Fix missing congestion control debugfs on rep rdma device
         (git-fixes).
       - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads
         (git-fixes).
       - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes).
       - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes).
       - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes).
       - ieee802154: fix one possible memleak in adf7242_probe (git-fixes).
       - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()'
         (git-fixes).
       - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes).
       - iio:health:afe4404 Fix timestamp alignment and prevent data leak
         (git-fixes).
       - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes).
       - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes).
       - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes).
       - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes).
       - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
         (git-fixes).
       - iio:pressure:ms5611 Fix buffer element alignment (git-fixes).
       - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes).
       - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes).
       - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes).
       - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes).
       - Input: mms114 - add extra compatible for mms345l (git-fixes).
       - intel_th: Fix a NULL dereference when hub driver is not loaded
         (git-fixes).
       - intel_th: pci: Add Emmitsburg PCH support (git-fixes).
       - intel_th: pci: Add Jasper Lake CPU support (git-fixes).
       - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes).
       - iommu/arm-smmu-v3: Do not reserve implementation defined register space
         (bsc#1174126).
       - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127).
       - iommu/vt-d: Update scalable mode paging structure coherency
         (bsc#1174128).
       - ionic: centralize queue reset code (bsc#1167773).
       - ionic: fix up filter locks and debug msgs (bsc#1167773).
       - ionic: keep rss hash after fw update (bsc#1167773).
       - ionic: update filter id after replay (bsc#1167773).
       - ionic: update the queue count on open (bsc#1167773).
       - ionic: use mutex to protect queue operations (bsc#1167773).
       - ionic: use offset for ethtool regs data (bsc#1167773).
       - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
       - keys: asymmetric: fix error return code in software_key_query()
         (git-fixes).
       - KVM: nVMX: always update CR3 in VMCS (git-fixes).
       - l2tp: add sk_family checks to l2tp_validate_socket
         (networking-stable-20_06_07).
       - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
       - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and
         strnlen_user() (bsc#1174331).
       - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
         (git-fixes).
       - mei: bus: do not clean driver pointer (git-fixes).
       - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602).
       - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3
         (bsc#1154488).
       - mlxsw: core: Use different get_trend() callbacks for different thermal
         zones (networking-stable-20_06_10).
       - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
         (git-fixes).
       - mmc: sdhci: do not enable card detect interrupt for gpio cd type
         (git-fixes).
       - mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
         (bsc#1174527).
       - nbd: Fix memory leak in nbd_add_socket (git-fixes).
       - net: be more gentle about silly gso requests coming from user
         (networking-stable-20_06_07).
       - net: check untrusted gso_size at kernel entry
         (networking-stable-20_06_07).
       - netdevsim: fix unbalaced locking in nsim_create() (git-fixes).
       - net: dsa: bcm_sf2: Fix node reference count (git-fixes).
       - net_failover: fixed rollback in net_failover_open()
         (networking-stable-20_06_10).
       - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c
         (bsc#1171857).
       - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and
         exit helpers (bsc#1171857).
       - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c
         (bsc#1171857).
       - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit
         helpers (bsc#1171857).
       - net: fsl/fman: treat all RGMII modes in memac_adjust_link()
         (bsc#1174398).
       - net: hns3: check reset pending after FLR prepare (bsc#1154353).
       - net: hns3: fix error handling for desc filling (git-fixes).
       - net: hns3: fix for not calculating TX BD send size correctly (git-fixes).
       - net: hns3: fix return value error when query MAC link status fail
         (git-fixes).
       - net: ipv4: Fix wrong type conversion from hint to rt in
         ip_route_use_hint() (bsc#1154353).
       - net: macb: call pm_runtime_put_sync on failure path (git-fixes).
       - net/mlx5: drain health workqueue in case of driver load error
         (networking-stable-20_06_16).
       - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash
         (jsc#SLE-8464).
       - net/mlx5e: Fix repeated XSK usage on one channel
         (networking-stable-20_06_16).
       - net/mlx5e: Fix VXLAN configuration restore after function reload
         (jsc#SLE-8464).
       - net/mlx5: Fix fatal error handling during device load
         (networking-stable-20_06_16).
       - net: phy: realtek: add support for configuring the RX delay on RTL8211F
         (bsc#1174398).
       - net/smc: fix restoring of fallback changes (git-fixes).
       - net: stmmac: do not attach interface until resume finishes (bsc#1174072).
       - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072).
       - net: stmmac: dwc-qos: use generic device api (bsc#1174072).
       - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
         v5.10a (networking-stable-20_06_07).
       - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072).
       - net/tls: fix encryption error checking (git-fixes).
       - net/tls: free record only on encryption error (git-fixes).
       - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
         (networking-stable-20_06_07).
       - nfc: nci: add missed destroy_workqueue in nci_register_device
         (git-fixes).
       - nfp: flower: fix used time of merge flow statistics
         (networking-stable-20_06_07).
       - NFS: Fix interrupted slots by sending a solo SEQUENCE operation
         (bsc#1174264).
       - NTB: Fix static check warning in perf_clear_test (git-fixes).
       - NTB: Fix the default port and peer numbers for legacy drivers
         (git-fixes).
       - ntb: hw: remove the code that sets the DMA mask (git-fixes).
       - NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes).
       - NTB: ntb_test: Fix bug when counting remote files (git-fixes).
       - NTB: ntb_tool: reading the link file should not end in a NULL byte
         (git-fixes).
       - NTB: perf: Do not require one more memory window than number of peers
         (git-fixes).
       - NTB: perf: Fix race condition when run with ntb_test (git-fixes).
       - NTB: perf: Fix support for hardware that does not have port numbers
         (git-fixes).
       - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes).
       - NTB: Revert the change to use the NTB device dev for DMA allocations
         (git-fixes).
       - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes).
       - ovl: inode reference leak in ovl_is_inuse true case (git-fixes).
       - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes).
       - padata: kABI fixup for struct padata_instance splitting nodes
         (git-fixes).
       - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership
         (bsc#1174356).
       - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
       - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513).
       - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2
         (bsc#1172201).
       - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
       - percpu: Separate decrypted varaibles anytime encryption can be enabled
         (bsc#1174332).
       - phy: sun4i-usb: fix dereference of pointer phy0 before it is null
         checked (git-fixes).
       - platform/x86: ISST: Increase timeout (bsc#1174185).
       - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable
         pkey (bsc#1065729).
       - powerpc/fadump: fix race between pstore write and fadump crash trigger
         (bsc#1168959 ltc#185010).
       - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes).
       - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
       - qed: suppress "do not support RoCE & iWARP" flooding on HW init
         (git-fixes).
       - qed: suppress false-positives interrupt error messages on HW init
         (git-fixes).
       - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
         (git-fixes).
       - RDMA/cma: Protect bind_list and listen_list while finding matching cm id
         (git-fixes).
       - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes).
       - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes).
       - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id()
         (git-fixes).
       - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes).
       - RDMA/cm: Remove a race freeing timewait_info (git-fixes).
       - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
         (git-fixes).
       - RDMA/core: Fix double destruction of uobject (git-fixes).
       - RDMA/core: Fix double put of resource (git-fixes).
       - RDMA/core: Fix missing error check on dev_set_name() (git-fixes).
       - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes).
       - RDMA/core: Fix race between destroy and release FD object (git-fixes).
       - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes).
       - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes).
       - RDMA/counter: Query a counter before release (git-fixes).
       - RDMA/efa: Set maximum pkeys device attribute (git-fixes).
       - RDMA/hns: Bugfix for querying qkey (git-fixes).
       - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes).
       - RDMA/iwcm: Fix iwcm work deallocation (git-fixes).
       - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes).
       - RDMA/mad: Do not crash if the rdma device does not have a umad interface
         (git-fixes).
       - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
         (git-fixes).
       - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes).
       - RDMA/mlx5: Add init2init as a modify command (git-fixes).
       - RDMA/mlx5: Fix access to wrong pointer while performing flush due to
         error (git-fixes).
       - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes).
       - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes).
       - RDMA/mlx5: Prevent prefetch from racing with implicit destruction
         (jsc#SLE-8446).
       - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes).
       - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes).
       - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes).
       - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
         (git-fixes).
       - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes).
       - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
         (git-fixes).
       - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes).
       - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes).
       - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes).
       - RDMA/rxe: Set default vendor ID (git-fixes).
       - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
         (git-fixes).
       - RDMA/siw: Fix failure handling during device creation (git-fixes).
       - RDMA/siw: Fix passive connection establishment (git-fixes).
       - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes).
       - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr()
         (git-fixes).
       - RDMA/siw: Fix reporting vendor_part_id (git-fixes).
       - RDMA/siw: Fix setting active_mtu attribute (git-fixes).
       - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes).
       - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes).
       - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes).
       - regmap: debugfs: Do not sleep while atomic for fast_io regmaps
         (git-fixes).
       - regmap: fix alignment issue (git-fixes).
       - regmap: Fix memory leak from regmap_register_patch (git-fixes).
       - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes).
       - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes).
       - Revert "thermal: mediatek: fix register index error" (git-fixes).
       - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
         (git-fixes).
       - rtnetlink: Fix memory(net_device) leak when ->newlink fails
         (bsc#1154353).
       - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
       - s390: fix syscall_get_error for compat processes (git-fixes).
       - s390/ism: fix error return code in ism_probe() (git-fixes).
       - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes).
       - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes).
       - s390/qdio: consistently restore the IRQ handler (git-fixes).
       - s390/qdio: put thinint indicator after early error (git-fixes).
       - s390/qdio: tear down thinint indicator after early error (git-fixes).
       - s390/qeth: fix error handling for isolation mode cmds (git-fixes).
       - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU
         scheduler functional and performance backports)).
       - scsi: libfc: free response frame from GPN_ID (bsc#1173849).
       - scsi: libfc: Handling of extra kref (bsc#1173849).
       - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849).
       - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted
         (bsc#1173849).
       - scsi: libfc: Skip additional kref updating work event (bsc#1173849).
       - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes).
       - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
         (git-fixes).
       - selftests/net: in rxtimestamp getopt_long needs terminating null entry
         (networking-stable-20_06_16).
       - selinux: fall back to ref-walk if audit is required (bsc#1174333).
       - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
         (bsc#1174333).
       - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941).
       - SMB3: Honor lease disabling for multiuser mounts (git-fixes).
       - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes).
       - spi: spidev: fix a potential use-after-free in spidev_release()
         (git-fixes).
       - spi: spidev: fix a race between spidev_release and spidev_remove
         (git-fixes).
       - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
         (git-fixes).
       - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
         (git-fixes).
       - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
         (git-fixes).
       - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
         (git-fixes).
       - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
         (git-fixes).
       - staging: comedi: verify array index is correct before using it
         (git-fixes).
       - SUNRPC dont update timeout value on connection reset (bsc#1174263).
       - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116).
       - tcp: md5: allow changing MD5 keys in all socket states (git-fixes).
       - thermal/drivers: imx: Fix missing of_node_put() at probe time
         (git-fixes).
       - thermal: int3403_thermal: Downgrade error message (git-fixes).
       - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362).
       - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
         (git-fixes).
       - tty: hvc_console, fix crashes on parallel open/close (git-fixes).
       - udp: Copy has_conns in reuseport_grow() (git-fixes).
       - udp: Improve load balancing for SO_REUSEPORT (git-fixes).
       - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes).
       - usb: chipidea: core: add wakeup support for extcon (git-fixes).
       - usb: dwc2: Fix shutdown callback in platform (git-fixes).
       - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
         (git-fixes).
       - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes).
       - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes).
       - usb: gadget: udc: atmel: fix uninitialized read in debug printk
         (git-fixes).
       - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
         (git-fixes).
       - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes).
       - USB: serial: ch341: add new Product ID for CH340 (git-fixes).
       - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes).
       - USB: serial: iuu_phoenix: fix memory corruption (git-fixes).
       - USB: serial: option: add GosunCn GM500 series (git-fixes).
       - USB: serial: option: add Quectel EG95 LTE modem (git-fixes).
       - usb: tegra: Fix allocation for the FPCI context (git-fixes).
       - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
       - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129).
       - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc
         serial (git-fixes).
       - virt: vbox: Fix guest capabilities mask check (git-fixes).
       - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to
         match upstream (git-fixes).
       - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
       - vxlan: Avoid infinite loop when suppressing NS messages with invalid
         options (networking-stable-20_06_10).
       - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202).
       - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes).
       - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Module for Public Cloud 15-SP2:
    
          zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
    
          kernel-azure-5.3.18-18.12.1
          kernel-azure-debuginfo-5.3.18-18.12.1
          kernel-azure-debugsource-5.3.18-18.12.1
          kernel-azure-devel-5.3.18-18.12.1
          kernel-azure-devel-debuginfo-5.3.18-18.12.1
          kernel-syms-azure-5.3.18-18.12.1
    
       - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
    
          kernel-devel-azure-5.3.18-18.12.1
          kernel-source-azure-5.3.18-18.12.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-0305.html
       https://www.suse.com/security/cve/CVE-2020-10135.html
       https://www.suse.com/security/cve/CVE-2020-10781.html
       https://www.suse.com/security/cve/CVE-2020-14331.html
       https://bugzilla.suse.com/1065729
       https://bugzilla.suse.com/1152472
       https://bugzilla.suse.com/1152489
       https://bugzilla.suse.com/1153274
       https://bugzilla.suse.com/1154353
       https://bugzilla.suse.com/1154488
       https://bugzilla.suse.com/1155518
       https://bugzilla.suse.com/1155798
       https://bugzilla.suse.com/1165933
       https://bugzilla.suse.com/1167773
       https://bugzilla.suse.com/1168959
       https://bugzilla.suse.com/1169771
       https://bugzilla.suse.com/1171857
       https://bugzilla.suse.com/1171988
       https://bugzilla.suse.com/1172201
       https://bugzilla.suse.com/1173074
       https://bugzilla.suse.com/1173849
       https://bugzilla.suse.com/1173941
       https://bugzilla.suse.com/1174072
       https://bugzilla.suse.com/1174116
       https://bugzilla.suse.com/1174126
       https://bugzilla.suse.com/1174127
       https://bugzilla.suse.com/1174128
       https://bugzilla.suse.com/1174129
       https://bugzilla.suse.com/1174185
       https://bugzilla.suse.com/1174205
       https://bugzilla.suse.com/1174247
       https://bugzilla.suse.com/1174263
       https://bugzilla.suse.com/1174264
       https://bugzilla.suse.com/1174331
       https://bugzilla.suse.com/1174332
       https://bugzilla.suse.com/1174333
       https://bugzilla.suse.com/1174356
       https://bugzilla.suse.com/1174362
       https://bugzilla.suse.com/1174396
       https://bugzilla.suse.com/1174398
       https://bugzilla.suse.com/1174407
       https://bugzilla.suse.com/1174409
       https://bugzilla.suse.com/1174411
       https://bugzilla.suse.com/1174438
       https://bugzilla.suse.com/1174462
       https://bugzilla.suse.com/1174513
       https://bugzilla.suse.com/1174527
       https://bugzilla.suse.com/1174627
       https://bugzilla.suse.com/1174645
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.