Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2020:3522-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 12 vulnerabilities and has 103 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP2 realtime kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).
- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470).
- CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" (bsc#1177725).
- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka "BleedingTooth (bsc#1177726).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon (bsc#1178589)
The following non-security bugs were fixed:
- 9P: Cast to loff_t before multiplying (git-fixes).
- ACPI: Always build evged in (git-fixes).
- ACPI: button: fix handling lid state changes when input device closed (git-fixes).
- ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes).
- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
- ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
- ACPI: dock: fix enum-conversion warning (git-fixes).
- ACPI / extlog: Check for RDMSR failure (git-fixes).
- ACPI: GED: fix -Wformat (git-fixes).
- ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
- act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24).
- ALSA: ac97: (cosmetic) align argument names (git-fixes).
- ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
- ALSA: asihpi: fix spellint typo in comments (git-fixes).
- ALSA: atmel: ac97: clarify operator precedence (git-fixes).
- ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
- ALSA: compress_offload: remove redundant initialization (git-fixes).
- ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
- ALSA: core: pcm: simplify locking for timers (git-fixes).
- ALSA: core: timer: clarify operator precedence (git-fixes).
- ALSA: core: timer: remove redundant assignment (git-fixes).
- ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).
- ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes).
- ALSA: fix kernel-doc markups (git-fixes).
- ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
- ALSA: hda: (cosmetic) align function parameters (git-fixes).
- ALSA: hda - Do not register a cb func if it is registered already (git-fixes).
- ALSA: hda - Fix the return value if cb func is already registered (git-fixes).
- ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).
- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).
- ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).
- ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).
- ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).
- ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).
- ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes).
- ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).
- ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).
- ALSA: hdspm: Fix typo arbitary (git-fixes).
- ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
- ALSA: portman2x4: fix repeated word 'if' (git-fixes).
- ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
- ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
- ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
- ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).
- ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
- ALSA: usb-audio: fix spelling mistake "Frequence" -> "Frequency" (git-fixes).
- ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes).
- ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).
- ALSA: vx: vx_core: clarify operator precedence (git-fixes).
- ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).
- arm64: Enable PCI write-combine resources under sysfs (bsc#1175807).
- ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).
- ASoC: cs42l51: manage mclk shutdown delay (git-fixes).
- ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes).
- ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes).
- ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).
- ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
- ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
- ASoC: qcom: sdm845: set driver name correctly (git-fixes).
- ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes).
- ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).
- ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes).
- ata: sata_rcar: Fix DMA boundary mask (git-fixes).
- ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
- ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).
- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).
- ath10k: provide survey info as accumulated data (git-fixes).
- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).
- ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).
- ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).
- ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).
- ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).
- ath9k_htc: Use appropriate rs_datalen type (git-fixes).
- backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).
- blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).
- block: ensure bdi->io_pages is always initialized (bsc#1177749).
- block: Fix page_is_mergeable() for compound pages (bsc#1177814).
- block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes).
- Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes).
- Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
- Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
- Bluetooth: Only mark socket zapped after unlocking (git-fixes).
- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes).
- bonding: show saner speed for broadcast mode (networking-stable-20_08_24).
- brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
- brcmfmac: check ndev pointer (git-fixes).
- brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
- btrfs: Account for merged patches upstream Move below patches to sorted section.
- btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854).
- btrfs: allocate scrub workqueues outside of locks (bsc#1178183).
- btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).
- btrfs: cleanup cow block on error (bsc#1178584).
- btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
- btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).
- btrfs: drop path before adding new uuid tree entry (bsc#1178176).
- btrfs: fix filesystem corruption after a device replace (bsc#1178395).
- btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).
- btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).
- btrfs: fix race between page release and a fast fsync (bsc#1177687).
- btrfs: fix space cache memory leak after transaction abort (bsc#1178173).
- btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395).
- btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395).
- btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).
- btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
- btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).
- btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).
- btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
- btrfs: release old extent maps during page release (bsc#1177687).
- btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).
- btrfs: reschedule if necessary when logging directory items (bsc#1178585).
- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).
- btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).
- btrfs: set the correct lockdep class for new nodes (bsc#1178184).
- btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).
- btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).
- btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).
- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).
- can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).
- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).
- can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).
- can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).
- can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes).
- can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).
- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).
- can: peak_usb: add range checking in decode operations (git-fixes).
- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).
- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
- can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).
- ceph: promote to unsigned long long before shifting (bsc#1178175).
- clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).
- clk: at91: remove the checking of parent_name (git-fixes).
- clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).
- clk: imx8mq: Fix usdhc parents order (git-fixes).
- clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes).
- clk: meson: g12a: mark fclk_div2 as critical (git-fixes).
- clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).
- cosa: Add missing kfree in error path of cosa_write (git-fixes).
- create Storage / NVMe subsection
- crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes).
- crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
- crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).
- crypto: ccp - fix error handling (git-fixes).
- crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).
- crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).
- crypto: picoxcell - Fix potential race condition bug (git-fixes).
- crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes).
- cxgb4: fix memory leak during module unload (networking-stable-20_09_24).
- cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24).
- cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
- cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
- dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817).
- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).
- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).
- Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes
- Disable module compression on SLE15 SP2 (bsc#1178307)
- dma-buf: Remove custom seqcount lockdep class key (bsc#1176564 bsc#1162702).
- dma-buf: Use sequence counter with associated wound/wait mutex (bsc#1176564 bsc#1162702).
- dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743).
- dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743).
- dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743).
- dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743).
- dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743).
- dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743).
- dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743).
- dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743).
- dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).
- dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743).
- dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages (bsc#1175898, ECO-2743).
- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
- dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes).
- dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).
- dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743).
- dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743).
- dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).
- dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743).
- dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743).
- dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743).
- dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).
- dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743).
- dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).
- dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743).
- dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).
- dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).
- dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743).
- dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743).
- dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743).
- dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743).
- dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743).
- dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).
- dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743).
- dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743).
- dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743).
- dm: Call proper helper to determine dax support (bsc#1177817).
- dm/dax: Fix table reference counts (bsc#1178246).
- docs: driver-api: remove a duplicated index entry (git-fixes).
- Documentation: locking: Describe seqlock design and usage (bsc#1176564 bsc#1162702).
- Do not create null.i000.ipa-clones file (bsc#1178330)
- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).
- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).
- drop Storage / bsc#1171688 subsection No effect on expanded tree.
- EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489).
- eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
- exfat: fix name_hash computation on big endian systems (git-fixes).
- exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).
- exfat: fix possible memory leak in exfat_find() (git-fixes).
- exfat: fix use of uninitialized spinlock on error path (git-fixes).
- exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).
- exfat: fix wrong size update of stream entry by typo (git-fixes).
- extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes).
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).
- ftrace: Fix recursion check for NMI test (git-fixes).
- ftrace: Handle tracing when switching between context (git-fixes).
- futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).
- futex: Consistently use fshared as boolean (bsc#1149032).
- futex: Fix incorrect should_fail_futex() handling (bsc#1149032).
- futex: Remove put_futex_key() (bsc#1149032).
- futex: Remove unused or redundant includes (bsc#1149032).
- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).
- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).
- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).
- gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).
- gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).
- HID: hid-input: fix stylus battery reporting (git-fixes).
- HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).
- HID: roccat: add bounds checking in kone_sysfs_w