SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2122-1
Rating:             important
References:         #1051510 #1065729 #1104967 #1111666 #1112178 
                    #1113956 #1114279 #1150660 #1151927 #1152107 
                    #1152624 #1158983 #1159058 #1162002 #1163309 
                    #1167104 #1168959 #1169514 #1169771 #1169795 
                    #1170011 #1170442 #1170617 #1170618 #1171124 
                    #1171424 #1171529 #1171530 #1171558 #1171673 
                    #1171732 #1171739 #1171743 #1171753 #1171759 
                    #1171761 #1171835 #1171841 #1171868 #1171988 
                    #1172247 #1172257 #1172344 #1172484 #1172687 
                    #1172719 #1172871 #1172872 #1172999 #1173060 
                    #1173074 #1173146 #1173265 #1173280 #1173284 
                    #1173428 #1173462 #1173514 #1173567 #1173573 
                    #1173746 #1173818 #1173820 #1173825 #1173826 
                    #1173833 #1173838 #1173839 #1173845 #1173857 
                    #1174113 #1174115 #1174122 #1174123 #1174130 
                    #1174205 #1174296 #1174343 #1174356 #1174409 
                    #1174438 #1174462 #1174543 
Cross-References:   CVE-2019-16746 CVE-2019-20908 CVE-2020-0305
                    CVE-2020-10135 CVE-2020-10769 CVE-2020-10773
                    CVE-2020-10781 CVE-2020-12771 CVE-2020-12888
                    CVE-2020-14331 CVE-2020-14416 CVE-2020-15393
                    CVE-2020-15780
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 70 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-14331: A buffer over write in vgacon_scroll was fixed
     (bnc#1174205).
   - CVE-2020-10135: Legacy pairing and secure-connections pairing
     authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier
     may have allowed an unauthenticated user to complete authentication
     without pairing credentials via adjacent access. An unauthenticated,
     adjacent attacker could impersonate a Bluetooth BR/EDR master or slave
     to pair with a previously paired remote device to successfully complete
     the authentication procedure without knowing the link key (bnc#1171988).
   - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
     use-after-free due to a race condition. This could lead to local
     escalation of privilege with System execution privileges needed. User
     interaction is not needed for exploitation (bnc#1174462).
   - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c
     where incorrect access permissions for the efivar_ssdt ACPI variable
     could be used by attackers to bypass lockdown or secure boot
     restrictions, aka CID-1957a85b0032 (bnc#1173567).
   - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074).
   - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c
     where injection of malicious ACPI tables via configfs could be used by
     attackers to bypass lockdown and secure boot restrictions, aka
     CID-75b0cea7bf30 (bnc#1173573).
   - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a
     memory leak, aka CID-28ebeb8db770 (bnc#1173514).
   - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a
     deadlock if a coalescing operation fails (bnc#1171732).
   - CVE-2019-16746: net/wireless/nl80211.c did not check the length of
     variable elements in a beacon head, leading to a buffer overflow
     (bnc#1152107).
   - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access
     disabled memory space (bnc#1171868).
   - CVE-2020-10769: A buffer over-read flaw was found in
     crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
     Cryptographic algorithm's module, authenc. When a payload longer than 4
     bytes, and is not following 4-byte alignment boundary guidelines, it
     causes a buffer over-read threat, leading to a system crash. This flaw
     allowed a local attacker with user privileges to cause a denial of
     service (bnc#1173265).
   - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed
     (bnc#1172999).
   - CVE-2020-14416: A race condition in tty->disc_data handling in the slip
     and slcan line discipline could lead to a use-after-free, aka
     CID-0ace17d56824. This affects drivers/net/slip/slip.c and
     drivers/net/can/slcan.c (bnc#1162002).

   The following non-security bugs were fixed:

   - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666).
   - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
     (bsc#1111666).
   - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753).
   - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666).
   - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666).
   - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666).
   - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666).
   - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
     (bsc#1111666).
   - ALSA: lx6464es - add support for LX6464ESe pci express variant
     (bsc#1111666).
   - ALSA: opl3: fix infoleak in opl3 (bsc#1111666).
   - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666).
   - ALSA: usb-audio: Fix packet size calculation (bsc#1111666).
   - ALSA: usb-audio: Improve frames size computation (bsc#1111666).
   - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).
   - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666).
   - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666).
   - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666).
   - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
     (bsc#1111666).
   - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27).
   - b43: Fix connection problem with WPA3 (bsc#1111666).
   - b43_legacy: Fix connection problem with WPA3 (bsc#1111666).
   - be2net: fix link failure after ethtool offline test (git-fixes).
   - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
   - block, bfq: postpone rq preparation to insert or merge (bsc#1104967
     bsc#1171673). Refresh
     patches.suse/block-bfq-fix-use-after-free-in-bfq_idle_slice_timer.patch
   - block: nr_sects_write(): Disable preemption on seqcount write
     (bsc#1173818).
   - Bluetooth: Add SCO fallback for invalid LMP parameters error
     (bsc#1111666).
   - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes).
   - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes).
   - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
     (git-fixes).
   - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes).
   - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
     (git-fixes).
   - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12).
   - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features()
     (networking-stable-20_05_12).
   - bnxt_en: Improve AER slot reset (networking-stable-20_05_12).
   - brcmfmac: Transform compatible string for FW loading (bsc#1169771).
   - btrfs: add assertions for tree == inode->io_tree to extent IO helpers     (bsc#1174438).
   - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438).
   - btrfs: Always use a cached extent_state in
     btrfs_lock_and_flush_ordered_range (bsc#1174438).
   - btrfs: always wait on ordered extents at fsync time (bsc#1171761).
   - btrfs: clean up the left over logged_list usage (bsc#1171761).
   - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range
     (bsc#1174438).
   - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range
     (bsc#1174438).
   - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
     (bsc#1174438).
   - btrfs: fix hang on snapshot creation after RWF_NOWAIT write
     (bsc#1174438).
   - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
   - btrfs: fix missing data checksums after a ranged fsync (msync)
     (bsc#1171761).
   - btrfs: fix missing file extent item for hole after ranged fsync
     (bsc#1171761).
   - btrfs: fix missing hole after hole punching and fsync when using
     NO_HOLES (bsc#1171761).
   - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
   - btrfs: fix rare chances for data loss when doing a fast fsync
     (bsc#1171761).
   - btrfs: fix RWF_NOWAIT write not failling when we need to cow
     (bsc#1174438).
   - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO
     (bsc#1174438).
   - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after
     disable (bsc#1172247).
   - btrfs: Remove extra parentheses from condition in copy_items()
     (bsc#1171761).
   - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
   - btrfs: remove no longer used logged range variables when logging extents
     (bsc#1171761).
   - btrfs: remove no longer used 'sync' member from transaction handle
     (bsc#1171761).
   - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
   - btrfs: remove the logged extents infrastructure (bsc#1171761).
   - btrfs: remove the wait ordered logic in the log_one_extent path
     (bsc#1171761).
   - btrfs: Return EAGAIN if we can't start no snpashot write in
     check_can_nocow (bsc#1174438).
   - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
   - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range
     (bsc#1174438).
   - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
   - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
     (bsc#1111666).
   - carl9170: remove P2P_GO support (bsc#1111666).
   - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104).
   - ceph: request expedited service on session's last cap flush
     (bsc#1167104).
   - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
     (bsc#1173857).
   - clocksource: dw_apb_timer: Make CPU-affiliation being optional
     (bsc#1111666).
   - crypto: algboss - do not wait during notifier callback (bsc#1111666).
   - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666).
   - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
     fully iterated (bsc#1111666).
   - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
     fully iterated (git-fixes).
   - crypto/chcr: fix for ccm(aes) failed test (bsc#1111666).
   - crypto: talitos - fix IPsec cipher in length (git-fixes).
   - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes).
   - debugfs: Check module state before warning in {full/open}_proxy_open()
     (bsc#1173746).
   - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
   - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
   - /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
   - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).
   - driver-core, libnvdimm: Let device subsystems add local lockdep coverage
     (bsc#1171753).
   - Drivers: hv: Change flag to write log level in panic msg to false
     (bsc#1170617, bsc#1170618).
   - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666).
   - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956)  * context
     changes
   - drm: encoder_slave: fix refcouting error for modules (bsc#1111666).
   - drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
   - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
     (bsc#1112178)
   - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956)  *
     context changes
   - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666).
   - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
     (bsc#1111666).
   - drm: panel-orientation-quirks: Use generic orientation-data for Acer
     S1003 (bsc#1111666).
   - drm/qxl: Use correct notify port address when creating cursor ring
     (bsc#1113956)
   - drm/radeon: fix double free (bsc#1113956)
   - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956)
   - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666).
   - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666).
   - drm/vkms: Hold gem object while still in-use (bsc#1113956)  * context
     changes
   - e1000: Distribute switch variables for initialization (bsc#1111666).
   - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
   - e1000e: Do not wake up the system via WOL if device wakeup is disabled
     (bsc#1051510).
   - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666).
   - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
   - ext4: fix a data race at inode->i_blocks (bsc#1171835).
   - ext4: fix partial cluster initialization when splitting extent
     (bsc#1173839).
   - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).
   - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error
     handlers (bsc#1173833).
   - fanotify: fix ignore mask logic for events on child and on dir
     (bsc#1172719).
   - Fix boot crash with MD (bsc#1174343) Refresh
     patches.suse/mdraid-fix-read-write-bytes-accounting.patch
   - fix multiplication overflow in copy_fdtable() (bsc#1173825).
   - Fix Patch-mainline tag in the previous zram fix patch
   - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
     (networking-stable-20_05_12).
   - gpu: host1x: Detach driver on unregister (bsc#1111666).
   - HID: magicmouse: do not set up autorepeat (git-fixes).
   - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes).
   - hwmon: (acpi_power_meter) Fix potential memory leak in
     acpi_power_meter_add() (bsc#1111666).
   - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
     (bsc#1111666).
   - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666).
   - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
     (bsc#1111666).
   - i2c: eg20t: Load module automatically if ID matches (bsc#1111666).
   - i2c: mlxcpld: check correct size of maximum RECV_LEN packet
     (bsc#1111666).
   - i40e: reduce stack usage in i40e_set_fc (git-fixes).
   - IB/hfi1: Do not destroy hfi1_wq when the device is shut down
     (bsc#1174409).
   - IB/hfi1: Do not destroy link_wq when the device is shut down
     (bsc#1174409).
   - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
   - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280
     ltc#185369).
   - ibmvnic: Flush existing work items before device removal (bsc#1065729).
   - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
   - iio:health:afe4404 Fix timestamp alignment and prevent data leak
     (bsc#1111666).
   - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666).
   - iio:magnetometer:ak8974: Fix alignment and data leak issues
     (bsc#1111666).
   - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
     (bsc#1111666).
   - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666).
   - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666).
   - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
     (bsc#1111666).
   - input: i8042 - Remove special PowerPC handling (git-fixes).
   - Input: synaptics - add a second working PNP_ID for Lenovo T470s
     (bsc#1111666).
   - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
   - intel_th: Fix a NULL dereference when hub driver is not loaded
     (bsc#1111666).
   - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130).
   - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes).
   - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes).
   - jbd2: avoid leaking transaction credits when unreserving handle
     (bsc#1173845).
   - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).
   - kabi: hv: prevent struct device_node to become defined (bsc#1172871).
   - kABI: protect struct mlx5_cmd_work_ent (kabi).
   - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
   - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666).
   - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS
     (bsc#1114279).
   - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
     (bsc#1114279).
   - KVM: x86: Fix APIC page invalidation race (bsc#1174122).
   - l2tp: add sk_family checks to l2tp_validate_socket
     (networking-stable-20_06_07).
   - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
   - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
   - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113).
   - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146).
   - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
     (bsc#1171753).
   - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
     (bsc#1171753).
   - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
     (bsc#1171753).
   - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753).
   - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759).
   - libnvdimm/dax: Pick the right alignment default when creating dax
     devices (bsc#1171759).
   - libnvdimm/label: Remove the dpa align check (bsc#1171759).
   - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739).
   - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct
     page size change (bsc#1171743).
   - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock
     (bsc#1171759).
   - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid
     (bsc#1171743).
   - libnvdimm/pmem: Advance namespace seed for specific probe errors     (bsc#1171743).
   - libnvdimm/region: Initialize bad block for volatile namespaces
     (bnc#1151927 5.3.6).
   - libnvdimm/region: Rewrite _probe_success() to _advance_seeds()
     (bsc#1171743).
   - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759).
   - loop: replace kill_bdev with invalidate_bdev (bsc#1173820).
   - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530).
   - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo
     (bcs#1173060).
   - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
     (git-fixes).
   - media: si2157: Better check for running tuner in init (bsc#1111666).
   - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
     (git-fixes).
   - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes).
   - mlxsw: pci: Return error on PCI reset timeout (git-fixes).
   - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
     (networking-stable-20_05_12).
   - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
     (git-fixes).
   - mlxsw: spectrum_dpipe: Add missing error path (git-fixes).
   - mlxsw: spectrum: Prevent force of 56G (git-fixes).
   - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead
     (git-fixes).
   - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
     (git-fixes).
   - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes).
   - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
     (git-fixes).
   - mmc: sdhci: do not enable card detect interrupt for gpio cd type
     (bsc#1111666).
   - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
     (bsc#1111666).
   - mvpp2: remove misleading comment (git-fixes).
   - net: be more gentle about silly gso requests coming from user
     (networking-stable-20_06_07).
   - net: check untrusted gso_size at kernel entry
     (networking-stable-20_06_07).
   - net/cxgb4: Check the return from t4_query_params properly (git-fixes).
   - net: dsa: bcm_sf2: Fix node reference count (git-fixes).
   - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).
   - net: dsa: mt7530: fix roaming from DSA user ports
     (networking-stable-20_05_27).
   - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
     (git-fixes).
   - net: ena: add missing ethtool TX timestamping indication (git-fixes).
   - net: ena: avoid memory access violation by validating req_id properly
     (git-fixes).
   - net: ena: do not wake up tx queue when down (git-fixes).
   - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes).
   - net: ena: ethtool: use correct value for crc32 hash (git-fixes).
   - net: ena: fix continuous keep-alive resets (git-fixes).
   - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes).
   - net: ena: fix default tx interrupt moderation interval (git-fixes).
   - net: ena: fix incorrect default RSS key (git-fixes).
   - net: ena: fix incorrectly saving queue numbers when setting RSS
     indirection table (git-fixes).
   - net: ena: fix issues in setting interrupt moderation params in ethtool
     (git-fixes).
   - net: ena: fix potential crash when rxfh key is NULL (git-fixes).
   - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
     (git-fixes).
   - net: ena: fix uses of round_jiffies() (git-fixes).
   - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes).
   - net: ena: reimplement set/get_coalesce() (git-fixes).
   - net: ena: rss: do not allocate key when not supported (git-fixes).
   - net: ena: rss: fix failure to get indirection table (git-fixes).
   - net: ena: rss: store hash function as values and not bits (git-fixes).
   - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
   - net: fix a potential recursive NETDEV_FEAT_CHANGE
     (networking-stable-20_05_16).
   - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
     (networking-stable-20_05_27).
   - net: ipip: fix wrong address family in init error path
     (networking-stable-20_05_27).
   - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
     (git-fixes).
   - net: macsec: preserve ingress frame ordering
     (networking-stable-20_05_12).
   - net/mlx4_core: drop useless LIST_HEAD (git-fixes).
   - net/mlx4_core: fix a memory leak bug (git-fixes).
   - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
     (networking-stable-20_05_12).
   - net/mlx5: Add command entry handling completion
     (networking-stable-20_05_27).
   - net/mlx5: Avoid panic when setting vport rate (git-fixes).
   - net/mlx5: Continue driver initialization despite debugfs failure
     (git-fixes).
   - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes).
   - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes).
   - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes).
   - net/mlx5e: Update netdev txq on completions during closure
     (networking-stable-20_05_27).
   - net/mlx5: Fix command entry leak in Internal Error State
     (networking-stable-20_05_12).
   - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07).
   - net/mlx5: Fix forced completion access non initialized command entry
     (networking-stable-20_05_12).
   - net: mvmdio: allow up to four clocks to be specified for orion-mdio
     (git-fixes).
   - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift
     (git-fixes).
   - net: phy: fix aneg restart in phy_ethtool_set_eee
     (networking-stable-20_05_16).
   - netprio_cgroup: Fix unlimited memory leak of v2 cgroups
     (networking-stable-20_05_16).
   - net: qede: stop adding events on an already destroyed workqueue
     (git-fixes).
   - net: qed: fix excessive QM ILT lines consumption (git-fixes).
   - net: qed: fix NVMe login fails over VFs (git-fixes).
   - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
     (networking-stable-20_05_27).
   - net: revert "net: get rid of an signed integer overflow in
     ip_idents_reserve()" (networking-stable-20_05_27).
   - net sched: fix reporting the first-time use timestamp
     (networking-stable-20_05_27).
   - net: stricter validation of untrusted gso packets
     (networking-stable-20_05_12).
   - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
     (networking-stable-20_05_12).
   - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
     (networking-stable-20_05_12).
   - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).
   - net: usb: qmi_wwan: add Telit 0x1050 composition
     (networking-stable-20_06_07).
   - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
     (networking-stable-20_06_07).
   - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
     vmxnet3_get_rss() (bsc#1172484).
   - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes).
   - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
     (bsc#1173857).
   - nvdimm: Avoid race between probe and reading device attributes
     (bsc#1170442).
   - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558
     bsc#1159058).
   - nvme: do not update multipath disk information if the controller is down
     (bcs#1171558 bsc#1159058).
   - objtool: Clean instruction state before each function validation
     (bsc#1169514).
   - objtool: Ignore empty alternatives (bsc#1169514).
   - ocfs2: no need try to truncate file beyond i_size (bsc#1171841).
   - padata: ensure the reorder timer callback runs on the correct CPU
     (git-fixes).
   - padata: reorder work kABI fixup (git-fixes).
   - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership
     (bsc#1174356).
   - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
   - PCI: Generalize multi-function power dependency device links
     (bsc#1111666).
   - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871,
     bsc#1172872).
   - PCI: hv: Fix the PCI HyperV probe failure path to release resource
     properly (bsc#1172871, bsc#1172872).
   - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872).
   - PCI: hv: Move hypercall related definitions into tlfs header
     (bsc#1172871, bsc#1172872).
   - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871,
     bsc#1172872).
   - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871,
     bsc#1172872).
   - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871,
     bsc#1172872).
   - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes).
   - PCI: pciehp: Support interrupts sent from D3hot (git-fixes).
   - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
   - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
   - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
   - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus
     precise RIP validity (git-fixes).
   - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus
     precise RIP validity (git-fixes).
   - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
   - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
   - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family
     (10h) (git-fixes).
   - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family
     (10h) (git-fixes).
   - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static
     (git-fixes).
   - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static
     (git-fixes).
   - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3
     PMCs (git-fixes stable).
   - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3
     PMCs (git-fixes stable).
   - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
   - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
   - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf
     events (git-fixes stable).
   - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf
     events (git-fixes stable).
   - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
   - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
   - perf/x86: Fix incorrect PEBS_REGS (git-fixes).
   - perf/x86: Fix incorrect PEBS_REGS (git-fixes).
   - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
     (git-fixes).
   - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
     (git-fixes).
   - perf/x86/intel: Add proper condition to run sched_task callbacks
     (git-fixes).
   - perf/x86/intel: Add proper condition to run sched_task callbacks
     (git-fixes).
   - perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
   - perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
   - perf/x86/intel: Fix PT PMI handling (git-fixes).
   - perf/x86/intel: Fix PT PMI handling (git-fixes).
   - perf/x86/intel: Move branch tracing setup to the Intel-specific source
     file (git-fixes).
   - perf/x86/intel: Move branch tracing setup to the Intel-specific source
     file (git-fixes).
   - perf/x86/intel/uncore: Add Node ID mask (git-fixes).
   - perf/x86/intel/uncore: Add Node ID mask (git-fixes).
   - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
   - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
   - perf/x86/intel/uncore: Handle invalid event coding for free-running
     counter (git-fixes).
   - perf/x86/uncore: Fix event group support (git-fixes).
   - perf/x86/uncore: Fix event group support (git-fixes).
   - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
     (bsc#1111666).
   - PM / Domains: Allow genpd users to specify default active wakeup
     behavior (git-fixes).
   - powerpc/book3s64: Export has_transparent_hugepage() related functions
     (bsc#1171759).
   - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable
     pkey (bsc#1065729).
   - powerpc/fadump: fix race between pstore write and fadump crash trigger
     (bsc#1168959 ltc#185010).
   - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
   - power: vexpress: add suppress_bind_attrs to true (bsc#1111666).
   - pppoe: only process PADT targeted at local interfaces
     (networking-stable-20_05_16).
   - qed: reduce maximum stack frame size (git-fixes).
   - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).
   - r8152: support additional Microsoft Surface Ethernet Adapter variant
     (networking-stable-20_05_27).
   - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666)
   - README.BRANCH: Add Takashi Iwai as primary maintainer.
   - regmap: debugfs: Do not sleep while atomic for fast_io regmaps
     (bsc#1111666).
   - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102")
     (bsc#1111666).
   - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
     (networking-stable-20_05_16).
   - Revert "thermal: mediatek: fix register index error" (bsc#1111666).
   - rpm/kernel-docs.spec.in: Require python-packaging for build.
   - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
   - s390: fix syscall_get_error for compat processes (git-fixes).
   - s390/qdio: consistently restore the IRQ handler (git-fixes).
   - s390/qdio: lock device while installing IRQ handler (git-fixes).
   - s390/qdio: put thinint indicator after early error (git-fixes).
   - s390/qdio: tear down thinint indicator after early error (git-fixes).
   - s390/qeth: fix error handling for isolation mode cmds (git-fixes).
   - sch_choke: avoid potential panic in choke_reset()
     (networking-stable-20_05_12).
   - sch_sfq: validate silly quantum values (networking-stable-20_05_12).
   - scsi: aacraid: fix a signedness bug (bsc#1174296).
   - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296).
   - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Add support to display if adapter dumps are available
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Allow applications to issue Common Set Features mailbox
     command (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset()
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix inconsistent indenting (bsc#1158983).
   - scsi: lpfc: Fix interrupt assignments when multiple vectors are
     supported on same CPU (bsc#1158983).
   - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix language in 0373 message to reflect non-error message
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix less-than-zero comparison of unsigned value
     (bsc#1158983).
   - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687
     bsc#1171530).
   - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test
     (bsc#1172687 bsc#1171530).
   - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983).
   - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296).
   - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296).
   - scsi: qedf: Add port_id getter (bsc#1150660).
   - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs()
     (bsc#1174296).
   - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request
     (bsc#1158983).
   - sctp: Do not add the shutdown timer if its already been added
     (networking-stable-20_05_27).
   - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state
     and socket is closed (networking-stable-20_05_27).
   - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666).
   - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666).
   - spi: spidev: fix a race between spidev_release and spidev_remove
     (bsc#1111666).
   - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
     (bsc#1111666).
   - staging: comedi: verify array index is correct before using it
     (bsc#1111666).
   - SUNRPC: The TCP back channel mustn't disappear while requests are
     outstanding (bsc#1152624).
   - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
     (bsc#1173284).
   - timers: Add a function to start/reduce a timer
     (networking-stable-20_05_27).
   - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
     (bsc#1111666).
   - tpm_tis: Remove the HID IFX0102 (bsc#1111666).
   - tracing: Fix event trigger to accept redundant spaces (git-fixes).
   - tty: hvc_console, fix crashes on parallel open/close (git-fixes).
   - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
     (networking-stable-20_05_12).
   - ubifs: remove broken lazytime support (bsc#1173826).
   - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).
   - usb: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666).
   - usb: chipidea: core: add wakeup support for extcon (bsc#1111666).
   - usb: dwc2: Fix shutdown callback in platform (bsc#1111666).
   - usb: dwc3: gadget: introduce cancelled_list (git-fixes).
   - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes).
   - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes).
   - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes).
   - usb: ehci: reopen solution for Synopsys HC bug (git-fixes).
   - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666).
   - usb: gadget: udc: atmel: fix uninitialized read in debug printk
     (bsc#1111666).
   - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
     (bsc#1111666).
   - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666).
   - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
     (bsc#1111666).
   - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666).
   - usb: ohci-sm501: Add missed iounmap() in remove (bsc#1111666).
   - usb: serial: ch341: add new Product ID for CH340 (bsc#1111666).
   - usb: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666).
   - usb: serial: iuu_phoenix: fix memory corruption (bsc#1111666).
   - usb: serial: option: add GosunCn GM500 series (bsc#1111666).
   - usb: serial: option: add Quectel EG95 LTE modem (bsc#1111666).
   - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123).
   - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6).
   - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc
     serial (git-fixes).
   - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
   - vmxnet3: add support to get/set rx flow hash (bsc#1172484).
   - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
   - vmxnet3: avoid format strint overflow warning (bsc#1172484).
   - vmxnet3: prepare for version 4 changes (bsc#1172484).
   - vmxnet3: Remove always false conditional statement (bsc#1172484).
   - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
   - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter
     (bsc#1172484).
   - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
   - vmxnet3: update to version 4 (bsc#1172484).
   - vmxnet3: use correct hdr reference when packet is encapsulated
     (bsc#1172484).
   - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
   - vxlan: Avoid infinite loop when suppressing NS messages with invalid
     options (git-fixes).
   - wil6210: make sure Rx ring sizes are correlated (git-fixes).
   - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309).
   - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS
     (git-fixes).
   - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS
     (git-fixes).
   - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
     poisoned (bsc#1172257).
   - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
   - xhci: Fix incorrect EP_STATE_MASK (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2122=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2122=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2122=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2122=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2122=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.29.1
      kernel-default-debugsource-4.12.14-122.29.1
      kernel-default-extra-4.12.14-122.29.1
      kernel-default-extra-debuginfo-4.12.14-122.29.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.29.1
      kernel-obs-build-debugsource-4.12.14-122.29.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.29.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.29.1
      kernel-default-base-4.12.14-122.29.1
      kernel-default-base-debuginfo-4.12.14-122.29.1
      kernel-default-debuginfo-4.12.14-122.29.1
      kernel-default-debugsource-4.12.14-122.29.1
      kernel-default-devel-4.12.14-122.29.1
      kernel-syms-4.12.14-122.29.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.29.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.29.1
      kernel-macros-4.12.14-122.29.1
      kernel-source-4.12.14-122.29.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.29.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.29.1
      kernel-default-debugsource-4.12.14-122.29.1
      kernel-default-kgraft-4.12.14-122.29.1
      kernel-default-kgraft-devel-4.12.14-122.29.1
      kgraft-patch-4_12_14-122_29-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.29.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.29.1
      dlm-kmp-default-4.12.14-122.29.1
      dlm-kmp-default-debuginfo-4.12.14-122.29.1
      gfs2-kmp-default-4.12.14-122.29.1
      gfs2-kmp-default-debuginfo-4.12.14-122.29.1
      kernel-default-debuginfo-4.12.14-122.29.1
      kernel-default-debugsource-4.12.14-122.29.1
      ocfs2-kmp-default-4.12.14-122.29.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.29.1


References:

   https://www.suse.com/security/cve/CVE-2019-16746.html
   https://www.suse.com/security/cve/CVE-2019-20908.html
   https://www.suse.com/security/cve/CVE-2020-0305.html
   https://www.suse.com/security/cve/CVE-2020-10135.html
   https://www.suse.com/security/cve/CVE-2020-10769.html
   https://www.suse.com/security/cve/CVE-2020-10773.html
   https://www.suse.com/security/cve/CVE-2020-10781.html
   https://www.suse.com/security/cve/CVE-2020-12771.html
   https://www.suse.com/security/cve/CVE-2020-12888.html
   https://www.suse.com/security/cve/CVE-2020-14331.html
   https://www.suse.com/security/cve/CVE-2020-14416.html
   https://www.suse.com/security/cve/CVE-2020-15393.html
   https://www.suse.com/security/cve/CVE-2020-15780.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1104967
   https://bugzilla.suse.com/1111666
   https://bugzilla.suse.com/1112178
   https://bugzilla.suse.com/1113956
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1150660
   https://bugzilla.suse.com/1151927
   https://bugzilla.suse.com/1152107
   https://bugzilla.suse.com/1152624
   https://bugzilla.suse.com/1158983
   https://bugzilla.suse.com/1159058
   https://bugzilla.suse.com/1162002
   https://bugzilla.suse.com/1163309
   https://bugzilla.suse.com/1167104
   https://bugzilla.suse.com/1168959
   https://bugzilla.suse.com/1169514
   https://bugzilla.suse.com/1169771
   https://bugzilla.suse.com/1169795
   https://bugzilla.suse.com/1170011
   https://bugzilla.suse.com/1170442
   https://bugzilla.suse.com/1170617
   https://bugzilla.suse.com/1170618
   https://bugzilla.suse.com/1171124
   https://bugzilla.suse.com/1171424
   https://bugzilla.suse.com/1171529
   https://bugzilla.suse.com/1171530
   https://bugzilla.suse.com/1171558
   https://bugzilla.suse.com/1171673
   https://bugzilla.suse.com/1171732
   https://bugzilla.suse.com/1171739
   https://bugzilla.suse.com/1171743
   https://bugzilla.suse.com/1171753
   https://bugzilla.suse.com/1171759
   https://bugzilla.suse.com/1171761
   https://bugzilla.suse.com/1171835
   https://bugzilla.suse.com/1171841
   https://bugzilla.suse.com/1171868
   https://bugzilla.suse.com/1171988
   https://bugzilla.suse.com/1172247
   https://bugzilla.suse.com/1172257
   https://bugzilla.suse.com/1172344
   https://bugzilla.suse.com/1172484
   https://bugzilla.suse.com/1172687
   https://bugzilla.suse.com/1172719
   https://bugzilla.suse.com/1172871
   https://bugzilla.suse.com/1172872
   https://bugzilla.suse.com/1172999
   https://bugzilla.suse.com/1173060
   https://bugzilla.suse.com/1173074
   https://bugzilla.suse.com/1173146
   https://bugzilla.suse.com/1173265
   https://bugzilla.suse.com/1173280
   https://bugzilla.suse.com/1173284
   https://bugzilla.suse.com/1173428
   https://bugzilla.suse.com/1173462
   https://bugzilla.suse.com/1173514
   https://bugzilla.suse.com/1173567
   https://bugzilla.suse.com/1173573
   https://bugzilla.suse.com/1173746
   https://bugzilla.suse.com/1173818
   https://bugzilla.suse.com/1173820
   https://bugzilla.suse.com/1173825
   https://bugzilla.suse.com/1173826
   https://bugzilla.suse.com/1173833
   https://bugzilla.suse.com/1173838
   https://bugzilla.suse.com/1173839
   https://bugzilla.suse.com/1173845
   https://bugzilla.suse.com/1173857
   https://bugzilla.suse.com/1174113
   https://bugzilla.suse.com/1174115
   https://bugzilla.suse.com/1174122
   https://bugzilla.suse.com/1174123
   https://bugzilla.suse.com/1174130
   https://bugzilla.suse.com/1174205
   https://bugzilla.suse.com/1174296
   https://bugzilla.suse.com/1174343
   https://bugzilla.suse.com/1174356
   https://bugzilla.suse.com/1174409
   https://bugzilla.suse.com/1174438
   https://bugzilla.suse.com/1174462
   https://bugzilla.suse.com/1174543

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2122-1 important: the Linux Kernel

August 4, 2020
An update that solves 13 vulnerabilities and has 70 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14331: A buffer over write in vgacon_scroll was fixed (bnc#1174205). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - be2net: fix link failure after ethtool offline test (git-fixes). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). Refresh patches.suse/block-bfq-fix-use-after-free-in-bfq_idle_slice_timer.patch - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - Fix boot crash with MD (bsc#1174343) Refresh patches.suse/mdraid-fix-read-write-bytes-accounting.patch - fix multiplication overflow in copy_fdtable() (bsc#1173825). - Fix Patch-mainline tag in the previous zram fix patch - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpu: host1x: Detach driver on unregister (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" (networking-stable-20_05_16). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - usb: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - usb: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - usb: serial: ch341: add new Product ID for CH340 (bsc#1111666). - usb: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - usb: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - usb: serial: option: add GosunCn GM500 series (bsc#1111666). - usb: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xhci: Fix incorrect EP_STATE_MASK (git-fixes).

References

#1051510 #1065729 #1104967 #1111666 #1112178

#1113956 #1114279 #1150660 #1151927 #1152107

#1152624 #1158983 #1159058 #1162002 #1163309

#1167104 #1168959 #1169514 #1169771 #1169795

#1170011 #1170442 #1170617 #1170618 #1171124

#1171424 #1171529 #1171530 #1171558 #1171673

#1171732 #1171739 #1171743 #1171753 #1171759

#1171761 #1171835 #1171841 #1171868 #1171988

#1172247 #1172257 #1172344 #1172484 #1172687

#1172719 #1172871 #1172872 #1172999 #1173060

#1173074 #1173146 #1173265 #1173280 #1173284

#1173428 #1173462 #1173514 #1173567 #1173573

#1173746 #1173818 #1173820 #1173825 #1173826

#1173833 #1173838 #1173839 #1173845 #1173857

#1174113 #1174115 #1174122 #1174123 #1174130

#1174205 #1174296 #1174343 #1174356 #1174409

#1174438 #1174462 #1174543

Cross- CVE-2019-16746 CVE-2019-20908 CVE-2020-0305

CVE-2020-10135 CVE-2020-10769 CVE-2020-10773

CVE-2020-10781 CVE-2020-12771 CVE-2020-12888

CVE-2020-14331 CVE-2020-14416 CVE-2020-15393

CVE-2020-15780

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Live Patching 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

https://www.suse.com/security/cve/CVE-2019-16746.html

https://www.suse.com/security/cve/CVE-2019-20908.html

https://www.suse.com/security/cve/CVE-2020-0305.html

https://www.suse.com/security/cve/CVE-2020-10135.html

https://www.suse.com/security/cve/CVE-2020-10769.html

https://www.suse.com/security/cve/CVE-2020-10773.html

https://www.suse.com/security/cve/CVE-2020-10781.html

https://www.suse.com/security/cve/CVE-2020-12771.html

https://www.suse.com/security/cve/CVE-2020-12888.html

https://www.suse.com/security/cve/CVE-2020-14331.html

https://www.suse.com/security/cve/CVE-2020-14416.html

https://www.suse.com/security/cve/CVE-2020-15393.html

https://www.suse.com/security/cve/CVE-2020-15780.html

https://bugzilla.suse.com/1051510

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1104967

https://bugzilla.suse.com/1111666

https://bugzilla.suse.com/1112178

https://bugzilla.suse.com/1113956

https://bugzilla.suse.com/1114279

https://bugzilla.suse.com/1150660

https://bugzilla.suse.com/1151927

https://bugzilla.suse.com/1152107

https://bugzilla.suse.com/1152624

https://bugzilla.suse.com/1158983

https://bugzilla.suse.com/1159058

https://bugzilla.suse.com/1162002

https://bugzilla.suse.com/1163309

https://bugzilla.suse.com/1167104

https://bugzilla.suse.com/1168959

https://bugzilla.suse.com/1169514

https://bugzilla.suse.com/1169771

https://bugzilla.suse.com/1169795

https://bugzilla.suse.com/1170011

https://bugzilla.suse.com/1170442

https://bugzilla.suse.com/1170617

https://bugzilla.suse.com/1170618

https://bugzilla.suse.com/1171124

https://bugzilla.suse.com/1171424

https://bugzilla.suse.com/1171529

https://bugzilla.suse.com/1171530

https://bugzilla.suse.com/1171558

https://bugzilla.suse.com/1171673

https://bugzilla.suse.com/1171732

https://bugzilla.suse.com/1171739

https://bugzilla.suse.com/1171743

https://bugzilla.suse.com/1171753

https://bugzilla.suse.com/1171759

https://bugzilla.suse.com/1171761

https://bugzilla.suse.com/1171835

https://bugzilla.suse.com/1171841

https://bugzilla.suse.com/1171868

https://bugzilla.suse.com/1171988

https://bugzilla.suse.com/1172247

https://bugzilla.suse.com/1172257

https://bugzilla.suse.com/1172344

https://bugzilla.suse.com/1172484

https://bugzilla.suse.com/1172687

https://bugzilla.suse.com/1172719

https://bugzilla.suse.com/1172871

https://bugzilla.suse.com/1172872

https://bugzilla.suse.com/1172999

https://bugzilla.suse.com/1173060

https://bugzilla.suse.com/1173074

https://bugzilla.suse.com/1173146

https://bugzilla.suse.com/1173265

https://bugzilla.suse.com/1173280

https://bugzilla.suse.com/1173284

https://bugzilla.suse.com/1173428

https://bugzilla.suse.com/1173462

https://bugzilla.suse.com/1173514

https://bugzilla.suse.com/1173567

https://bugzilla.suse.com/1173573

https://bugzilla.suse.com/1173746

https://bugzilla.suse.com/1173818

https://bugzilla.suse.com/1173820

https://bugzilla.suse.com/1173825

https://bugzilla.suse.com/1173826

https://bugzilla.suse.com/1173833

https://bugzilla.suse.com/1173838

https://bugzilla.suse.com/1173839

https://bugzilla.suse.com/1173845

https://bugzilla.suse.com/1173857

https://bugzilla.suse.com/1174113

https://bugzilla.suse.com/1174115

https://bugzilla.suse.com/1174122

https://bugzilla.suse.com/1174123

https://bugzilla.suse.com/1174130

https://bugzilla.suse.com/1174205

https://bugzilla.suse.com/1174296

https://bugzilla.suse.com/1174343

https://bugzilla.suse.com/1174356

https://bugzilla.suse.com/1174409

https://bugzilla.suse.com/1174438

https://bugzilla.suse.com/1174462

https://bugzilla.suse.com/1174543

Severity
Announcement ID: SUSE-SU-2020:2122-1
Rating: important

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo