Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2021:0741-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves nine vulnerabilities and has 117 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).
- CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).
- CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).
- CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes).
- ACPI: property: Fix fwnode string properties matching (git-fixes).
- ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes).
- ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes).
- ALSA: hda: Add another CometLake-H PCI ID (git-fixes).
- ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes).
- ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
- ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes).
- ALSA: pcm: Call sync_stop at disconnection (git-fixes).
- ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes).
- ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes).
- ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes).
- ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes).
- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes).
- ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes).
- ALSA: usb-audio: More strict state change in EP (git-fixes).
- amba: Fix resource leak for drivers without .remove (git-fixes).
- arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)
- ASoC: cpcap: fix microphone timeslot mask (git-fixes).
- ASoC: cs42l56: fix up error handling in probe (git-fixes).
- ASoC: simple-card-utils: Fix device module clock (git-fixes).
- ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes).
- ata: ahci_brcm: Add back regulators management (git-fixes).
- ata: sata_nv: Fix retrieving of active qcs (git-fixes).
- ath10k: Fix error handling in case of CE pipe init failure (git-fixes).
- ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes).
- bcache: fix overflow in offset_to_stripe() (git-fixes).
- blk-mq: call commit_rqs while list empty but error happen (bsc#1182442).
- blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443).
- blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444).
- block: fix inflight statistics of part0 (bsc#1182445).
- block: respect queue limit of max discard segment (bsc#1182441).
- block: virtio_blk: fix handling single range discard request (bsc#1182439).
- Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes).
- Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes).
- Bluetooth: drop HCI device reference before return (git-fixes).
- Bluetooth: Fix initializing response id after clearing struct (git-fixes).
- Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).
- Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes).
- bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes).
- bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
- bnxt_en: fix error return code in bnxt_init_one() (git-fixes).
- bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes).
- bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
- bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes).
- bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).
- bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).
- bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).
- bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518).
- bpf, cgroup: Fix problematic bounds check (bsc#1155518).
- btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626).
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).
- btrfs: fix race between RO remount and the cleaner task (bsc#1182626).
- btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626).
- btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626).
- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: lift read-write mount setup from mount and remount (bsc#1182626).
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626).
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
- caif: no need to check return value of debugfs_create functions (git-fixes).
- ceph: fix flush_snap logic after putting caps (bsc#1182854).
- cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683).
- cgroup: fix psi monitor for root cgroup (bsc#1182686).
- cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684).
- chelsio/chtls: correct function return and return type (git-fixes).
- chelsio/chtls: correct netdevice for vlan interface (git-fixes).
- chelsio/chtls: fix a double free in chtls_setkey() (git-fixes).
- chelsio/chtls: fix always leaking ctrl_skb (git-fixes).
- chelsio/chtls: fix deadlock issue (git-fixes).
- chelsio/chtls: fix memory leaks caused by a race (git-fixes).
- chelsio/chtls: fix memory leaks in CPL handlers (git-fixes).
- chelsio/chtls: fix panic during unload reload chtls (git-fixes).
- chelsio/chtls: fix socket lock (git-fixes).
- chelsio/chtls: fix tls record info to user (git-fixes).
- Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268).
- chtls: Added a check to avoid NULL pointer dereference (git-fixes).
- chtls: Fix chtls resources release sequence (git-fixes).
- chtls: Fix hardware tid leak (git-fixes).
- chtls: Fix panic when route to peer not configured (git-fixes).
- chtls: Remove invalid set_tcb call (git-fixes).
- chtls: Replace skb_dequeue with skb_peek (git-fixes).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).
- cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes).
- clk: meson: clk-pll: make "ret" a signed integer (git-fixes).
- clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes).
- clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes).
- clk: sunxi-ng: h6: Fix CEC clock (git-fixes).
- clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes).
- clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes).
- clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes).
- cpuset: fix race between hotplug work and later CPU offline (bsc#1182676).
- crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes).
- crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes).
- cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
- cxgb4: fix all-mask IP address comparison (git-fixes).
- cxgb4: fix checks for max queues to allocate (git-fixes).
- cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
- cxgb4: fix set but unused variable when DCB is disabled (git-fixes).
- cxgb4: fix SGE queue dump destination buffer context (git-fixes).
- cxgb4: fix the panic caused by non smac rewrite (git-fixes).
- cxgb4: move DCB version extern to header file (git-fixes).
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes).
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- cxgb4: remove cast when saving IPv4 partial checksum (git-fixes).
- cxgb4: set up filter action after rewrites (git-fixes).
- cxgb4: use correct type for all-mask IP address comparison (git-fixes).
- cxgb4: use unaligned conversion for fetching timestamp (git-fixes).
- dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes).
- dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes).
- dmaengine: hsu: disable spurious interrupt (git-fixes).
- dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes).
- dm crypt: avoid truncating the logical block size (git-fixes).
- dm: fix bio splitting and its bio completion order for regular IO (git-fixes).
- dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529).
- dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529).
- dm thin metadata: fix lockdep complaint (bsc#1177529).
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529).
- dm: use noio when sending kobject event (bsc#1177529).
- docs: filesystems: vfs: correct flag name (bsc#1182856).
- dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes).
- drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
- drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes).
- drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes).
- drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes).
- drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes).
- drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes).
- drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes).
- drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes).
- drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes).
- drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes).
- drm/amd/display: Revert "Fix EDID parsing after resume from suspend" (git-fixes).
- drm/amdgpu: Fix macro name AMDGPU_TRACE_H in preprocessor if condition (git-fixes).
- drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes).
- drm/gma500: Fix error return code in psb_driver_load() (git-fixes).
- drm/meson: Unbind all connectors on module removal (bsc#1152472)
- drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472)
- drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472)
- drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472)
- drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472)
- drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489)
- Drop HID logitech patch that caused a regression (bsc#1182259)
- exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes).
- exfat: Avoid allocating upcase table using kcalloc() (git-fixes).
- ext4: do not remount read-only with errors=continue on reboot (bsc#1182464).
- ext4: fix a memory leak of ext4_free_data (bsc#1182447).
- ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).
- ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).
- ext4: fix superblock checksum failure when setting password salt (bsc#1182465).
- ext4: prevent creating duplicate encrypted filenames (bsc#1182446).
- fgraph: Initialize tracing_graph_pause at task creation (git-fixes).
- firmware_loader: align .builtin_fw to 8 (git-fixes).
- fscrypt: add fscrypt_is_nokey_name() (bsc#1182446).
- fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446).
- fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466).
- gma500: clean up error handling in init (git-fixes).
- gpio: pcf857x: Fix missing first interrupt (git-fixes).
- HID: core: detect and skip invalid inputs to snto32() (git-fixes).
- HID: make arrays usage and value to be the same (git-fixes).
- HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes).
- hwrng: timeriomem - Fix cooldown period calculation (git-fixes).
- i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).
- i2c: iproc: handle only slave interrupts which are enabled (git-fixes).
- i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes).
- i2c: stm32f7: fix configuration of the digital filter (git-fixes).
- i3c: master: dw: Drop redundant disec call (git-fixes).
- i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025).
- i40e: avoid premature Rx buffer reuse (git-fixes).
- i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).
- i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
- i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).
- i40e: Revert "i40e: do not report link up for a VF who hasn't enabled queues" (jsc#SLE-8025).
- iavf: fix double-release of rtnl_lock (git-fixes).
- iavf: fix error return code in iavf_init_get_resources() (git-fixes).
- iavf: fix speed reporting over virtchnl (git-fixes).
- iavf: Fix updating statistics (git-fixes).
- ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591).
- ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591).
- ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: device remove has higher precedence over reset (bsc#1065729).
- ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591).
- ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).
- ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960).
- ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: serialize access to work queue on remove (bsc#1065729).
- ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes).
- ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591).
- ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926).
- ice: Fix MSI-X vector fallback logic (jsc#SLE-7926).
- igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes).
- igc: fix link speed advertising (git-fixes).
- igc: Fix returning wrong statistics (git-fixes).
- igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes).
- igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes).
- include/linux/memremap.h: remove stale comments (git-fixes).
- Input: elo - fix an error code in elo_connect() (git-fixes).
- Input: i8042 - unbreak Pegatron C15B (git-fixes).
- Input: joydev - prevent potential read overflow in ioctl (git-fixes).
- Input: sur40 - fix an error code in sur40_probe() (git-fixes).
- Input: xpad - sync supported devices with fork on GitHub (git-fixes).
- iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes).
- iwlwifi: mvm: guard against device removal in reprobe (git-fixes).
- iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes).
- iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes).
- iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes).
- iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes).
- iwlwifi: pcie: fix co