The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM subsystem, related to an xfrm_state_fini panic. (bsc#1187049) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861)
The following non-security bugs were fixed:
- ALSA: timer: Fix master timer notification (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453). - blk-wbt: Fix missed wakeup (bsc#1186627). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add missing error handling after doing leaf/node binary search (bsc#1187833). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change insert_dirty_subvol to return errors (bsc#1187833). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check record_root_in_trans related failures in select_reloc_root (bsc#1187833). - btrfs: check return value of btrfs_commit_transaction in relocation (bsc#1187833). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: cleanup error handling in prepare_to_merge (bsc#1187833). - btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833). - btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#1187833). - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#1187833). - btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#1187833). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: do not force commit if we are data (bsc#1135481). - btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833). - btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481). - btrfs: do not panic in __add_reloc_root (bsc#1187833). - btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833). - btrfs: do proper error handling in create_reloc_inode (bsc#1187833). - btrfs: do proper error handling in create_reloc_root (bsc#1187833). - btrfs: do proper error handling in merge_reloc_roots (bsc#1187833). - btrfs: do proper error handling in record_reloc_root_in_trans (bsc#1187833). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#1187833). - btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#1187833). - btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#1187833). - btrfs: handle errors from select_reloc_root() (bsc#1187833). - btrfs: handle errors in reference count manipulation in replace_path (bsc#1187833). - btrfs: handle extent corruption with select_one_root properly (bsc#1187833). - btrfs: handle extent reference errors in do_relocation (bsc#1187833). - btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans (bsc#1187833). - btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#1187833). - btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#1187833). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1187833). - btrfs: remove err variable from do_relocation (bsc#1187833). - btrfs: remove nr_async_bios (bsc#1135481). - btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481). Preparation for ticketed data space flushing in btrfs. - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: remove the extent item sanity checks in relocate_block_group (bsc#1187833). - btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1187833). - btrfs: unset reloc control if we fail to recover (bsc#1187833). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use customized batch size for total_bytes_pinned (bsc#1135481). Turns out using the batched percpu api had an effect on timing w.r.t metadata/data reclaim. So backport this patch as well, side effect is it's also bringing the code closer to upstream so future backports shall be made easier. - btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481). Preparation for introducing ticketed space handling for data space. Due to the sequence of patches, the main patch has embedded in it changes from other patches which remove some unused arguments. This is done to ease backporting itself and shouldn't have any repercussions on functionality. - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - btrfs: validate root::reloc_root after recording root in trans (bsc#1187833). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - char: hpet: add checks after calling ioremap (git-fixes). - cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#SLE-4681). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drbd: Remove uninitialized_var() usage (bsc#1186515). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770) Backporting changes: * move from driver/video/fbdev/core to driver/video/console * context changes - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - ixgbevf: add correct exception tracing for XDP (bsc#1113994 ). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264). - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - libertas: register sysfs groups properly (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - Move nfs backports into sorted section - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353). - net: netcp: Fix an error message (git-fixes). - net: stmmac: ensure that the device has released ownership before reading data (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/smc: remove device from smcd_dev_list after failed device_add() (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFS: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NFS: Do not rebind to the same source port when reconnecting to the server (bnc#1186264). - NFS: fix handling of sr_eof in SEEK's reply (git-fixes). - NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFS: fix return value of _nfs4_get_security_label() (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770) - pid: take a reference when initializing `cad_pid` (bsc#1114648). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - ravb: fix invalid context bug while calling auto-negotiation by ethtool (git-fixes). - ravb: fix invalid context bug while changing link options by ethtool (git-fixes). - RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - scsi: aacraid: Fix an oops in error handling (bsc#1186698). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186518). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186519). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1186699). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520). - scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521). - scsi: bnx2i: Requires MMU (bsc#1186522). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186524). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525). - scsi: cxgb4i: Fix TLS dependency (bsc#1186526). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186527). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529). - scsi: hisi_sas: Fix IRQ checks (bsc#1186530). - scsi: hisi_sas: Remove preemptible() (bsc#1186638). - scsi: jazz_esp: Add IRQ check (bsc#1186531). - scsi: libfc: Fix enum-conversion warning (bsc#1186532). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186534). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186535). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701). - scsi: mesh: Fix panic after host or bus reset (bsc#1186537). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186538). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186540). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186542). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186543). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186545). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186546). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186547). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix optimal I/O size for devices that change reported values (bsc#1186548). - scsi: sg: add sg_remove_request in sg_write (bsc#1186635). - scsi: sni_53c710: Add IRQ check (bsc#1186549). - scsi: sun3x_esp: Add IRQ check (bsc#1186550). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186551). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186552). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630). - scsi: ufs: fix ktime_t kabi change (bsc#1187630). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1186555). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - swiotlb: fix 'x86: Do not panic if can not alloc buffer for swiotlb' (git-fixes). - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - USB: cdc-acm: always claim data interface (git-fixes). - USB: cdc-acm: do not log successful probe on later errors (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - video: hgafb: correctly handle card detect failure during probe (bsc#1129770) - video: hgafb: fix potential NULL pointer dereference (bsc#1129770) Backporting changes: * context changes - x86: fix seq_file iteration for pat/memtype.c (git-fixes). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1114648).
openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8