Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2021:1176-1
Rating:	important
References:	bsc#1065600 bsc#1065729 bsc#1103990 bsc#1103991 bsc#1103992 bsc#1104270 bsc#1104353 bsc#1109837 bsc#1111981 bsc#1112374 bsc#1113994 bsc#1118657 bsc#1118661 bsc#1119113 bsc#1126390 bsc#1129770 bsc#1132477 bsc#1142635 bsc#1152446 bsc#1154048 bsc#1169709 bsc#1172455 bsc#1173485 bsc#1175165 bsc#1176720 bsc#1176855 bsc#1177411 bsc#1178163 bsc#1179243 bsc#1179428 bsc#1179454 bsc#1179660 bsc#1179755 bsc#1180846 bsc#1181515 bsc#1181544 bsc#1181655 bsc#1181674 bsc#1181747 bsc#1181753 bsc#1181843 bsc#1182011 bsc#1182175 bsc#1182485 bsc#1182574 bsc#1182715 bsc#1182716 bsc#1182717 bsc#1183018 bsc#1183022 bsc#1183023 bsc#1183378 bsc#1183379 bsc#1183380 bsc#1183381 bsc#1183382 bsc#1183416 bsc#1183509 bsc#1183593 bsc#1183646 bsc#1183686 bsc#1183692 bsc#1183696 bsc#1183775 bsc#1183861 bsc#1183871 bsc#1184114 bsc#1184167 bsc#1184168 bsc#1184170 bsc#1184192 bsc#1184193 bsc#1184196 bsc#1184198
Cross-References:	CVE-2020-0433 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-3428 CVE-2021-3444
CVSS scores:	CVE-2020-0433 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27170 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27673 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27815 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27815 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2020-29374 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2020-35519 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26931 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27363 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27364 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28660 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28688 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28964 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29264 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29647 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3428 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3428 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3444 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Real Time 12 SP5 SUSE Linux Enterprise Server 12 SP5

An update that solves 25 vulnerabilities and has 49 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).
CVE-2020-27673: Fixed a potential denial of service at high rate of events to dom0, aka CID-e99502f76271 (bsc#1177411 ).

The following non-security bugs were fixed:

ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
amba: Fix resource leak for drivers without .remove (git-fixes).
bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455).
bfq: update internal depth state when queue depth changes (bsc#1172455).
block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).
bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170).
bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163).
bpf_lru_list: Read double-checked variable once without lock (git-fixes).
bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
can: peak_usb: add forgotten supported devices (git-fixes).
can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes).
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
cifs: check all path components in resolved dfs target (bsc#1179755).
cifs: fix nodfs mount option (bsc#1179755).
cifs: introduce helper for finding referral server (bsc#1179755).
cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270).
dmaengine: hsu: disable spurious interrupt (git-fixes).
drm/amdgpu: Fix macro name AMDGPU_TRACE_H in preprocessor if (bsc#1129770) Backporting notes: * context changes
drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635) Backporting notes: * taken for 427c4a0680a2 ("drm/vc4: crtc: Rework a bit the CRTC state code") * renamed drm_atomic_state_helper.{c,h} to drm_atomic_helper.{c,h} * context changes
drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770) Backporting notes: * context changes
drm/compat: Clear bounce structures (bsc#1129770) Backporting notes: * context changes
drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048) Backporting notes: * context changes
drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770)
drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446) Backporting notes: * context changes
drm/mediatek: Fix aal size config (bsc#1129770) Backporting notes: * access I/O memory with writel()
drm: meson_drv add shutdown function (git-fixes).
drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770)
drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
drm: mxsfb: check framebuffer pitch (bsc#1129770) Backporting notes: * context changes
drm/omap: fix max fclk divider for omap36xx (bsc#1152446)
drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770)
drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770) Backporting notes: * context changes
drm/radeon: fix AGP dependency (git-fixes).
drm: rcar-du: Put reference to VSP device (bsc#1129770) Backporting notes: * context changes
drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770) Backporting notes: * context changes
drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770) Backporting notes: * context changes
ethernet: alx: fix order of calls on resume (git-fixes).
fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770)
firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
futex: Prevent robust futex exit race (git-fixes).
gma500: clean up error handling in init (bsc#1129770)
gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
HID: make arrays usage and value to be the same (git-fixes).
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).
i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc#1111981).
i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ).
i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ).
IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991).
ibmvnic: add comment