Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:0117-1
Rating:	moderate
References:	bsc#1040855 bsc#1044120 bsc#1044767 bsc#1055117 bsc#1065729 bsc#1094840 bsc#1109695 bsc#1115431 bsc#1138374 bsc#1139944 bsc#1149032 bsc#1152457 bsc#1152472 bsc#1152489 bsc#1155518 bsc#1156315 bsc#1156395 bsc#1158775 bsc#1161099 bsc#1163727 bsc#1165933 bsc#1167657 bsc#1168952 bsc#1171000 bsc#1171078 bsc#1171688 bsc#1172145 bsc#1172733 bsc#1174486 bsc#1175079 bsc#1175480 bsc#1175995 bsc#1176396 bsc#1176942 bsc#1176956 bsc#1177326 bsc#1177500 bsc#1177666 bsc#1177679 bsc#1177733 bsc#1178049 bsc#1178203 bsc#1178270 bsc#1178372 bsc#1178590 bsc#1178612 bsc#1178634 bsc#1178660 bsc#1178756 bsc#1178780 bsc#1179107 bsc#1179204 bsc#1179419 bsc#1179434 bsc#1179435 bsc#1179519 bsc#1179575 bsc#1179578 bsc#1179601 bsc#1179604 bsc#1179639 bsc#1179652 bsc#1179656 bsc#1179670 bsc#1179671 bsc#1179672 bsc#1179673 bsc#1179675 bsc#1179676 bsc#1179677 bsc#1179678 bsc#1179679 bsc#1179680 bsc#1179681 bsc#1179682 bsc#1179683 bsc#1179684 bsc#1179685 bsc#1179687 bsc#1179688 bsc#1179689 bsc#1179690 bsc#1179703 bsc#1179704 bsc#1179707 bsc#1179709 bsc#1179710 bsc#1179711 bsc#1179712 bsc#1179713 bsc#1179714 bsc#1179715 bsc#1179716 bsc#1179745 bsc#1179763 bsc#1179888 bsc#1179892 bsc#1179896 bsc#1179960 bsc#1179963 bsc#1180027 bsc#1180029 bsc#1180031 bsc#1180052 bsc#1180056 bsc#1180086 bsc#1180117 bsc#1180258 bsc#1180261 bsc#1180506 bsc#1180541 bsc#1180559 bsc#1180566
Cross-References:	CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29370 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158
CVSS scores:	CVE-2020-0444 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-11668 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-11668 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-27068 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27068 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27825 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-27825 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27830 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27830 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28374 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-29370 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29370 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29373 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29373 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2020-29660 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29660 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29661 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Basesystem Module 15-SP2 Development Tools Module 15-SP2 Legacy Module 15-SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 15 vulnerabilities and has 98 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).
CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).
CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656).
CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).
CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).

The following non-security bugs were fixed:

ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610).
ACPI: PNP: compare the string length in the matching_id() (git-fixes).
ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes).
ALSA: core: memalloc: add page alignment for iram (git-fixes).
ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).
ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).
ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes).
ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes).
ALSA: hda/proc - print DP-MST connections (git-fixes).
ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes).
ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).
ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes).
ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes).
ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).
ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes).
ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes).
ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).
ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes).
ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes).
ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).
ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes).
ALSA: seq: remove useless function (git-fixes).
ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203).
ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203).
ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes).
ALSA: usb-audio: Add implicit_fb module option (bsc#1178203).
ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes).
ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203).
ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203).
ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes).
ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes).
ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203).
ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203).
ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203).
ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203).
ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203).
ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203).
ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203).
ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203).
ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).
ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203).
ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203).
ALSA: usb-audio: Drop debug.h (bsc#1178203).
ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203).
ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203).
ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203).
ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).
ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203).
ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203).
ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203).
ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203).
ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203).
ALSA: usb-audio: Improve some debug prints (bsc#1178203).
ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203).
ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203).
ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203).
ALSA: usb-audio: Properly match with audio interface class (bsc#1178203).
ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203).
ALSA: usb-audio: Refactor endpoint management (bsc#1178203).
ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203).
ALSA: usb-audio: Replace slave/master terms (bsc#1178203).
ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203).
ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203).
ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203).
ALSA: usb-audio: Simplify hw_params rules (bsc#1178203).
ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203).
ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203).
ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203).
ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203).
ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203).
ALSA: usb-audio: Support PCM sync_stop (bsc#1178203).
ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203).
ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203).
ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203).
ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203).
ALSA: usb-audio: Use managed buffer allocation (bsc#1178203).
ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203).
ALSA: usb-audio: workaround for iface reset issue (bsc#1178203).
arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610).
ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes).
ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).
ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).
ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes).
ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).
ASoC: meson: fix COMPILE_TEST error (git-fixes).
ASoC: pcm: DRAIN support reactivation (git-fixes).
ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes).
ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes).
ASoC: tegra20-spdif: remove "default m" (git-fixes).
ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes).
ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).
ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes).
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes).
ath10k: Fix an error handling path (git-fixes).
ath10k: Release some resources in an error handling path (git-fixes).
ath6kl: fix enum-conversion warning (git-fixes).
batman-adv: Consider fragmentation for needed_headroom (git-fixes).
batman-adv: Do not always reallocate the fragmentation skb head (git-fixes).
batman-adv: Reserve needed_*room for fragments (git-fixes).
blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486).
block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933).
Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes).
Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes).
Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes).
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).
Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes).
bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes).
btrfs: add missing check for nocow and compression inode flags (bsc#1178780).
btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099).
btrfs: delete duplicated words + other fixes in comments (bsc#1180566).
btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566).
btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566).
btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963).
btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).
btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).
btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).
bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).
can: c_can: c_can_power_up(): fix error handling (git-fixes).
can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes).
can: softing: softing_netdev_open(): fix error handling (git-fixes).
can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes).
cfg80211: initialize rekey_data (git-fixes).
cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
cifs: do not share tcons with DFS (bsc#1178270).
cifs: document and cleanup dfs mount (bsc#1178270).
cifs: ensure correct super block for DFS reconnect (bsc#1178270).
cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
cifs: fix check of tcon dfs in smb1 (bsc#1178270).
cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
cifs: fix double free error on share and prefix (bsc#1178270).
cifs: fix leaked reference on requeued write (bsc#1178270).
cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
cifs: merge __{cifs,smb2}_reconnect_tcon into cifs_tree_connect() (bsc#1178270).
cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
cifs: rename reconn_inval_dfs_target() (bsc#1178270).
cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes).
clk: ingenic: Fix divider calculation with div tables (git-fixes).
clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes).
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
clk: renesas: r9a06g032: Drop __packed for portability (git-fixes).
clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).
clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
clk: tegra: Do not return 0 on failure (git-fixes).
clk: tegra: Fix duplicated SE clock entry (git-fixes).
clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes).
clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes).
clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes).
clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes).
compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203