SUSE: 2020:3798-1 important: the Linux Kernel
Summary
The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in
drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).
- CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA
fault statistics were inappropriately freed, aka CID-16d51a590a8c
(bsc#1179663).
- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
which could have allowed local users to gain privileges or cause a
denial of service (bsc#1179141).
- CVE-2020-15437: Fixed a null pointer dereference which could have
allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()
(bsc#1178182).
- CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)
- CVE-2020-27786: Fixed a use after free in kernel midi subsystem
snd_rawmidi_kernel_read1() (bsc#1179601).
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could
have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could
have been used by local attackers to read privileged information or
potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace
(bsc#1179429).
- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have
allowed a local user to obtain sensitive information from the data in
the L1 cache under extenuating circumstances (bsc#1177666).
The following non-security bugs were fixed:
- ACPI: GED: fix -Wformat (git-fixes).
- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
(git-fixes).
- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model
(git-fixes).
- ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
(git-fixes).
- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294
(git-fixes).
- ALSA: mixart: Fix mutex deadlock (git-fixes).
- ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
- arm64: KVM: Fix system register enumeration (bsc#1174726).
- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
- ath10k: Acquire tx_lock in tx error paths (git-fixes).
- Avoid a GCC warning about "/*" within a comment.
- batman-adv: set .owner to THIS_MODULE (git-fixes).
- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth
controllers (git-fixes).
- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
- bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex
(bsc#1050242).
- btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).
- btrfs: account ticket size at add/delete time (bsc#1178897).
- btrfs: add helper to obtain number of devices with ongoing dev-replace
(bsc#1178897).
- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).
- btrfs: do not delete mismatched root refs (bsc#1178962).
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).
- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).
- btrfs: fix invalid removal of root ref (bsc#1178962).
- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
- btrfs: fix reclaim_size counter leak after stealing from global reserve
(bsc#1178897).
- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).
- btrfs: qgroup: do not commit transaction when we already hold the handle
(bsc#1178634).
- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).
- btrfs: split dev-replace locking helpers for read and write
(bsc#1178897).
- can: af_can: prevent potential access of uninitialized member in
canfd_rcv() (git-fixes).
- can: af_can: prevent potential access of uninitialized member in
can_rcv() (git-fixes).
- can: dev: can_restart(): post buffer from the right context (git-fixes).
- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1
(git-fixes).
- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
- can: m_can: m_can_stop(): set device to software init mode before
closing (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to
can_put_echo_skb() (git-fixes).
- can: peak_usb: fix potential integer overflow on shift of a int
(git-fixes).
- ceph: add check_session_state() helper and make it global (bsc#1179259).
- ceph: check session state after bumping session->s_seq (bsc#1179259).
- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: Return the error from crypt_message when enc/dec key not found
(bsc#1179426).
- Convert trailing spaces and periods in path components (bsc#1179424).
- coredump: fix core_pattern parse error (git-fixes).
- cxgb4: Fix offset when clearing filter byte counters (bsc#1064802
bsc#1066129).
- docs: ABI: stable: remove a duplicated documentation (git-fixes).
- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
- Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context
(git-fixes).
- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind()
(git-fixes).
- efi: cper: Fix possible out-of-bounds access (git-fixes).
- efi/efivars: Add missing kobject_put() in sysfs entry creation error
path (git-fixes).
- efi/esrt: Fix reference count leak in esre_create_sysfs_entry
(git-fixes).
- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
- efivarfs: fix memory leak in efivarfs_create() (git-fixes).
- efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes).
- efi/x86: Do not panic or BUG() on non-critical error conditions
(git-fixes).
- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).
- efi/x86: Ignore the memory attributes table on i386 (git-fixes).
- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
- ext4: correctly report "not supported" for {usr,grp}jquota when
!CONFIG_QUOTA (bsc#1179672).
- ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).
- ext4: limit entries returned when counting fsmap records (bsc#1179671).
- ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
(bsc#1179673).
- fs: Do not invalidate page buffers in block_write_full_page()
(bsc#1179711).
- fs/proc/array.c: allow reporting eip/esp for all coredumping threads
(bsc#1050549).
- fuse: fix page dereference after free (bsc#1179213).
- futex: Do not enable IRQs unconditionally in put_pi_state()
(bsc#1067665).
- futex: Handle transient "ownerless" rtmutex state correctly
(bsc#1067665).
- hv_balloon: disable warning when floor reached (git-fixes).
- hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819,
bsc#1177820).
- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853,
bsc#1178854).
- hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).
- i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
(git-fixes).
- i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
- i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
- i40iw: Report correct firmware version (bsc#1111666)
- IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
- IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
(bsc#1111666)
- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)
- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
- IB/hfi1: Define variables as unsigned long to fix KASAN warning
(bsc#1111666)
- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration
(bsc#1111666)
- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
- IB/hfi1: Handle port down properly in pio (bsc#1111666)
- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
(bsc#1111666)
- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
(bsc#1111666)
- IB/hfi1: Remove unused define (bsc#1111666)
- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
(bsc#1111666)
- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)
- IB/iser: Fix dma_nents type definition (bsc#1111666)
- IB/iser: Pass the correct number of entries for dma mapped SGL
(bsc#1111666)
- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
- IB/mlx4: Add and improve logging (bsc#1111666)
- IB/mlx4: Add support for MRA (bsc#1111666)
- IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)
- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
- IB/mlx4: Fix race condition between catas error reset and aliasguid
flows (bsc#1111666)
- IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
- IB/mlx4: Follow mirror sequence of device add during device removal
(bsc#1111666)
- IB/mlx4: Remove unneeded NULL check (bsc#1111666)
- IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
- IB/mlx5: Fix implicit MR release flow (bsc#1111666)
- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
(bsc#1111666)
- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
- IB/mlx5: Improve ODP debugging messages (bsc#1111666)
- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
(bsc#1111666)
- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
- IB/mlx5: Reset access mask when looping inside page fault handler
(bsc#1111666)
- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
(bsc#1111666)
- IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
- IB/mthca: fix return value of error branch in mthca_init_cq()
(bsc#1111666)
- IB/qib: Call kobject_put() when kobject_init_and_add() fails
(bsc#1111666)
- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)
- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)
- IB/qib: Remove a set-but-not-used variable (bsc#1111666)
- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)
- IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
- IB/rxe: Make counters thread safe (bsc#1111666)
- IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
- IB/umad: Avoid additional device reference during open()/close()
(bsc#1111666)
- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)
- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
- igc: Fix returning wrong statistics (bsc#1118657).
- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting
tablet-mode (git-fixes).
- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
(git-fixes).
- inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
(git-fixes).
- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
- Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).
- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497
bsc#1176109 ltc#187964).
- kABI fix for g2d (git-fixes).
- kABI workaround for usermodehelper changes (bsc#1179406).
- kgdb: Fix spurious true from in_dbg_master() (git-fixes).
- KVM: arm64: Add missing #include of -
References
#1050242 #1050536 #1050545 #1050549 #1056653
#1056657 #1056787 #1064802 #1066129 #1067665
#1103990 #1103992 #1104389 #1104393 #1109837
#1110096 #1111666 #1112178 #1112374 #1118657
#1122971 #1136460 #1136461 #1139944 #1158775
#1170139 #1170630 #1172542 #1172694 #1174726
#1174852 #1175916 #1176109 #1176558 #1176559
#1176956 #1177304 #1177397 #1177666 #1177805
#1177808 #1177819 #1177820 #1178182 #1178270
#1178589 #1178590 #1178634 #1178635 #1178669
#1178853 #1178854 #1178878 #1178886 #1178897
#1178940 #1178962 #1179107 #1179140 #1179141
#1179204 #1179211 #1179213 #1179259 #1179403
#1179406 #1179418 #1179419 #1179421 #1179424
#1179426 #1179427 #1179429 #1179520 #1179578
#1179601 #1179616 #1179663 #1179666 #1179670
#1179671 #1179672 #1179673 #1179711 #1179713
#1179714 #1179715 #1179716 #1179722 #1179723
#1179724
Cross- CVE-2018-20669 CVE-2019-20934 CVE-2020-15436
CVE-2020-15437 CVE-2020-25669 CVE-2020-27777
CVE-2020-27786 CVE-2020-28915 CVE-2020-28974
CVE-2020-29371 CVE-2020-4788
Affected Products:
SUSE Linux Enterprise Module for Realtime 15-SP1
https://www.suse.com/security/cve/CVE-2018-20669.html
https://www.suse.com/security/cve/CVE-2019-20934.html
https://www.suse.com/security/cve/CVE-2020-15436.html
https://www.suse.com/security/cve/CVE-2020-15437.html
https://www.suse.com/security/cve/CVE-2020-25669.html
https://www.suse.com/security/cve/CVE-2020-27777.html
https://www.suse.com/security/cve/CVE-2020-27786.html
https://www.suse.com/security/cve/CVE-2020-28915.html
https://www.suse.com/security/cve/CVE-2020-28974.html
https://www.suse.com/security/cve/CVE-2020-29371.html
https://www.suse.com/security/cve/CVE-2020-4788.html
https://bugzilla.suse.com/1050242
https://bugzilla.suse.com/1050536
https://bugzilla.suse.com/1050545
https://bugzilla.suse.com/1050549
https://bugzilla.suse.com/1056653
https://bugzilla.suse.com/1056657
https://bugzilla.suse.com/1056787
https://bugzilla.suse.com/1064802
https://bugzilla.suse.com/1066129
https://bugzilla.suse.com/1067665
https://bugzilla.suse.com/1103990
https://bugzilla.suse.com/1103992
https://bugzilla.suse.com/1104389
https://bugzilla.suse.com/1104393
https://bugzilla.suse.com/1109837
https://bugzilla.suse.com/1110096
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1112374
https://bugzilla.suse.com/1118657
https://bugzilla.suse.com/1122971
https://bugzilla.suse.com/1136460
https://bugzilla.suse.com/1136461
https://bugzilla.suse.com/1139944
https://bugzilla.suse.com/1158775
https://bugzilla.suse.com/1170139
https://bugzilla.suse.com/1170630
https://bugzilla.suse.com/1172542
https://bugzilla.suse.com/1172694
https://bugzilla.suse.com/1174726
https://bugzilla.suse.com/1174852
https://bugzilla.suse.com/1175916
https://bugzilla.suse.com/1176109
https://bugzilla.suse.com/1176558
https://bugzilla.suse.com/1176559
https://bugzilla.suse.com/1176956
https://bugzilla.suse.com/1177304
https://bugzilla.suse.com/1177397
https://bugzilla.suse.com/1177666
https://bugzilla.suse.com/1177805
https://bugzilla.suse.com/1177808
https://bugzilla.suse.com/1177819
https://bugzilla.suse.com/1177820
https://bugzilla.suse.com/1178182
https://bugzilla.suse.com/1178270
https://bugzilla.suse.com/1178589
https://bugzilla.suse.com/1178590
https://bugzilla.suse.com/1178634
https://bugzilla.suse.com/1178635
https://bugzilla.suse.com/1178669
https://bugzilla.suse.com/1178853
https://bugzilla.suse.com/1178854
https://bugzilla.suse.com/1178878
https://bugzilla.suse.com/1178886
https://bugzilla.suse.com/1178897
https://bugzilla.suse.com/1178940
https://bugzilla.suse.com/1178962
https://bugzilla.suse.com/1179107
https://bugzilla.suse.com/1179140
https://bugzilla.suse.com/1179141
https://bugzilla.suse.com/1179204
https://bugzilla.suse.com/1179211
https://bugzilla.suse.com/1179213
https://bugzilla.suse.com/1179259
https://bugzilla.suse.com/1179403
https://bugzilla.suse.com/1179406
https://bugzilla.suse.com/1179418
https://bugzilla.suse.com/1179419
https://bugzilla.suse.com/1179421
https://bugzilla.suse.com/1179424
https://bugzilla.suse.com/1179426
https://bugzilla.suse.com/1179427
https://bugzilla.suse.com/1179429
https://bugzilla.suse.com/1179520
https://bugzilla.suse.com/1179578
https://bugzilla.suse.com/1179601
https://bugzilla.suse.com/1179616
https://bugzilla.suse.com/1179663
https://bugzilla.suse.com/1179666
https://bugzilla.suse.com/1179670
https://bugzilla.suse.com/1179671
https://bugzilla.suse.com/1179672
https://bugzilla.suse.com/1179673
https://bugzilla.suse.com/1179711
https://bugzilla.suse.com/1179713
https://bugzilla.suse.com/1179714
https://bugzilla.suse.com/1179715
https://bugzilla.suse.com/1179716
https://bugzilla.suse.com/1179722
https://bugzilla.suse.com/1179723
https://bugzilla.suse.com/1179724