Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2020:2575-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves eight vulnerabilities and has 121 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- ACPI: kABI fixes for subsys exports (bsc#1174968).
- ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968).
- ACPI / LPSS: Use acpi_lpss_ instead of acpi_subsys_ functions for hibernate (bsc#1174968).
- ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968).
- ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968).
- af_key: pfkey_dump needs parameter validation (git-fixes).
- agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
- ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666).
- ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666).
- ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666).
- ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666).
- ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666).
- ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666).
- ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666).
- ALSA: hda: fix NULL pointer dereference during suspend (git-fixes).
- ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666).
- ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666).
- ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666).
- ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
- ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666).
- ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666).
- ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666).
- ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
- ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666).
- ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666).
- ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666).
- ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666).
- ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666).
- ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666).
- ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666).
- ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666).
- ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666).
- ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666).
- ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666).
- ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666).
- ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666).
- ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666).
- ALSA: hda/realtek - Fix unused variable warning (bsc#1111666).
- ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666).
- ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666).
- ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes).
- ALSA: pci: delete repeated words in comments (bsc#1111666).
- ALSA: seq: oss: Serialize ioctls (bsc#1111666).
- ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
- ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666).
- ALSA: usb-audio: add startech usb audio dock name (bsc#1111666).
- ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666).
- ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666).
- ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666).
- ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666).
- ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625).
- ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666).
- ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).
- ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666).
- ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666).
- arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547).
- arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547).
- arm64: add sysfs vulnerability show for meltdown (bsc#1174547).
- arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547).
- arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547).
- arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547).
- arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547).
- arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547).
- arm64: Always enable ssb vulnerability detection (bsc#1174547).
- arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397).
- arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547).
- arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547).
- arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547).
- arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398).
- arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393).
- arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default
- arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394).
- arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547).
- arm64: errata: Update stale comment (bsc#1174547).
- arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547).
- arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547).
- arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547).
- arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547).
- arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547).
- arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021).
- arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547).
- arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547).
- arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526).
- arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547).
- arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396).
- arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547).
- arm64: ssbd: explicitly depend on <linux/prctl.h> (bsc#1175399).
- arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547).
- arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669).
- arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400).
- arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h> (bsc#1175401).
- arm64: tlbflush: avoid writing RES0 bits (bsc#1175402).
- arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547).
- ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021).
- ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021).
- ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021).
- ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666).
- ASoC: intel: Fix memleak in sst_media_open (git-fixes).
- ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
- AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes).
- AX.25: Prevent integer overflows in connect and sendmsg (git-fixes).
- AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes).
- ax88172a: fix ax88172a_unbind() failures (git-fixes).
- b43: Remove uninitialized_var() usage (git-fixes).
- bcache: allocate meta data pages as compound pages (bsc#1172873).
- block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148).
- block: Fix use-after-free in blkdev_get() (bsc#1174843).
- block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148).
- Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666).
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666).
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666).
- bonding: fix active-backup failover for current ARP slave (bsc#1174771).
- bonding: fix a potential double-unregister (git-fixes).
- bonding: show saner speed for broadcast mode (git-fixes).
- bpf: Fix map leak in HASH_OF_MAPS map (git-fixes).
- brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666).
- brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666).
- brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666).
- btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247).
- btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247).
- btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149).
- btrfs: fix block group leak when removing fails (bsc#1175149).
- btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149).
- btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149).
- btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149).
- btrfs: fix double free on ulist after backref resolution failure (bsc#1175149).
- btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149).
- btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550).
- btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149).
- btrfs: fix race between block group removal and block group creation (bsc#1175149).
- btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149).
- btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149).
- btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149).
- btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484).
- btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247).
- btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247).
- btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247).
- btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149).
- btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163).
- btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247).
- btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163).
- btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163).
- btrfs: Rename and export clear_btree_io_tree (bsc#1175149).
- btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).
- bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658).
- bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658).
- bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658).
- cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
- cfg80211: check vendor command doit pointer before use (git-fixes).
- char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
- cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
- cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
- cifs: merge __{cifs,smb2}_reconnect_tcon into cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
- cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
- clk: at91: clk-generated: check best_rate against ranges (bsc#1111666).
- clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666).
- clk: iproc: round clock rate to the closest (bsc#1111666).
- clk: spear: Remove uninitialized_var() usage (git-fixes).
- clk: st: Remove uninitialized_var() usage (git-fixes).
- config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549
- console: newport_con: fix an issue about leak related system resources (git-fixes).
- constrants: fix malformed XML Closing tag of an element is "</foo>", not "<foo/>". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs")
- Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
- crypto: ccp - Fix use of merged scatterlists (git-fixes).
- crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes).
- crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes).
- crypto: rockchip - fix scatterlist nents error (git-fixes).
- crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes).
- crypto: talitos - check AES key size (git-fixes).
- crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
- dev: Defer free of skbs in flush_backlog (git-fixes).
- device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).
- devres: keep both device name and resource name in pretty name (git-fixes).
- dlm: Fix kobject memleak (bsc#1175768).
- dlm: remove BUG() before panic() (bsc#1174844).
- dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes).
- Documentation/networking: Add net DIM documentation (bsc#1174852).
- dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403).
- dpaa2-eth: free already allocated channels on probe defer (bsc#1175404).
- dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405).
- dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550).
- dpaa_eth: add newline in dev_err() msg (bsc#1174550).
- dpaa_eth: avoid timestamp read on error paths (bsc#1175406).
- dpaa_eth: change DMA device (bsc#1174550).
- dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550).
- dpaa_eth: defer probing after qbman (bsc#1174550).
- dpaa_eth: extend delays in ndo_stop (bsc#1174550).
- dpaa_eth: fix DMA mapping leak (bsc#1174550).
- dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550).
- dpaa_eth: FMan erratum A050385 workaround (bsc#1174550).
- dpaa_eth: perform DMA unmapping before read (bsc#1175407).
- dpaa_eth: register a device link for the qman portal used (bsc#1174550).
- dpaa_eth: remove netdev_err() for user errors (bsc#1174550).
- dpaa_eth: remove redundant code (bsc#1174550).
- dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550).
- dpaa_eth: use a page to store the SGT (bsc#1174550).
- dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550).
- dpaa_eth: use only one buffer pool per interface (bsc#1174550).
- dpaa_eth: use page backed rx buffers (bsc#1174550).
- driver core: Avoid binding drivers to dead devices (git-fixes).
- Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes).
- Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes).
- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128).
- Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes).
- drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408).
- drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410).
- drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409).
- drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666).
- drm/amd/display: fix pow() crashing when given base 0 (git-fixes).
- drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666).
- drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666).
- drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes
- drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes).
- drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956)
- drm/arm: fix unintentional integer overflow on left shift (git-fixes).
- drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes
- drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes).
- drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes
- drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666).
- drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes).
- drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666).
- drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions
- drm: hold gem reference until object is no longer accessed (bsc#1113956)
- drm/imx: fix use after free (git-fixes).
- drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes).
- drm/imx: tve: fix regulator_disable error path (git-fixes).
- drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes).
- drm/msm/adreno: fix updating ring fence (git-fixes).
- drm/msm: ratelimit crtc event overflow error (bsc#1111666).
- drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes).
- drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes).
- drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666).
- drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes).
- drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes).
- drm/radeon: disable AGP by default (bsc#1111666).
- drm/radeon: fix array out-of-bounds read and write issues (git-fixes).
- drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666).
- drm/rockchip: fix VOP_WIN_GET macro (bsc