Oval Definition:oval:org.opensuse.security:def:60384
Revision Date:2021-10-12Version:1
Title:Security update for the Linux Kernel (Important)
Description:



The SUSE Linux Enterprise 12 SP56 kernel was updated.



The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)

The following non-security bugs were fixed:

- be2net: Fix an error handling path in 'be_probe()' (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt: Add missing DMA memory barriers (git-fixes). - bnxt: do not disable an already disabled PCI device (git-fixes). - bnxt: disable napi before canceling DIM (bsc#1104745 ). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - crypto: x86/aes-ni-xts - use direct calls to and 4-way stride (bsc#1114648). - cxgb4: fix IRQ free race during driver unload (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - docs: Fix infiniband uverbs minor number (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (bsc#1129770) Backporting changes: * refresh - drm/imx: ipuv3-plane: Remove two unnecessary export symbols (bsc#1129770) Backporting changes: * refreshed - drm/mediatek: Add AAL output size configuration (bsc#1129770) Backporting changes: * adapted code to use writel() function - drm/msm: Small msm_gem_purge() fix (bsc#1129770) Backporting changes: * context changes in msm_gem_purge() * remove test for non-existant msm_gem_is_locked() - drm/msm/dsi: Fix some reference counted resource leaks (bsc#1129770) - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (bsc#1186785). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 (bsc#1129770) Backporting changes * context changes - dt-bindings: pwm: stm32: Add #pwm-cells (git-fixes). - e1000e: Do not take care about recovery NVM checksum (bsc#1158533). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1114648). - fbmem: add margin check to fb_check_caps() (bsc#1129770) Backporting changes: * context chacnges in fb_set_var() - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fs/select: avoid clang stack usage warning (git-fixes). - fuse: truncate pagecache on atomic_o_trunc (bsc#1191051). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185727). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (bsc#1109837 bsc#1111981). - i40e: Fix logic of disabling queues (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ice: Prevent probing virtual functions (bsc#1118661 ). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - irqchip/gic-v2: Reset APRn registers at boot time (bsc#1189407). - irqchip/gic-v3: Do not try to reset AP0Rn (bsc#1189407). - irqchip/gic-v3: Reset APgRn registers at boot time (bsc#1189407). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - kdb: do a sanity check on the cpu in kdb_per_cpu() (git-fixes). - KVM: x86: Use kernel's x86_phys_bits to handle reduced MAXPHYADDR (bsc#1114648). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1109837). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: qed: fix left elements count calculation (git-fixes). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: cls_api: Fix the the wrong parameter (bsc#1109837). - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed (bsc#1056657 bsc#1056653 bsc#1056787). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/mm: Fix section mismatch warning (bsc#1148868). - powerpc/mm: Fix section mismatch warning in early_check_vec5() (bsc#1148868). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1065729). - powerpc/numa: Early request for home node associativity (bsc#1190914). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Move mm/book3s64/vphn.c under platforms/pseries/ (bsc#1190914). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - profiling: fix shift-out-of-bounds bugs (git-fixes). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/efa: Be consistent with modify QP bitmask (git-fixes) - RDMA/efa: Use the correct current and new states in modify QP (git-fixes) - resource: Fix find_next_iomem_res() iteration issue (bsc#1181193). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - SUNRPC: Ensure to ratelimit the 'server not responding' syslog messages (bsc#1191136). - USB: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: serial: option: remove duplicate USB device ID (git-fixes). - video: fbdev: imxfb: Fix an error message (bsc#1129770) Backporting changes: * context changes in imxfb_probe() - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/crash: Add e820 reserved ranges to kdump kernel's e820 table (bsc#1181193). - x86/e820, ioport: Add a new I/O resource descriptor IORES_DESC_RESERVED (bsc#1181193). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1114648). - x86/mm: Rework ioremap resource mapping determination (bsc#1181193). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1114648). - x86/resctrl: Fix default monitoring groups reporting (bsc#1114648). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
Family:unixClass:patch
Status:Reference(s):1025046
1050244
1056653
1056657
1056787
1057389
1065729
1087102
1104745
1109837
1111981
1114648
1118661
1129770
1136468
1139945
1142880
1142882
1142883
1142885
1144903
1148868
1153108
1153158
1153161
1158533
1158763
1161799
1164692
1168874
1172405
1173746
1176940
1181193
1184439
1185677
1185727
1186785
1189297
1189407
1189884
1190023
1190115
1190159
1190523
1190534
1190543
1190576
1190601
1190620
1190626
1190717
1190914
1191051
1191136
1191193
CVE-2009-0946
CVE-2010-2497
CVE-2010-2805
CVE-2010-3053
CVE-2010-3054
CVE-2010-3311
CVE-2010-3814
CVE-2010-3855
CVE-2010-4651
CVE-2011-0226
CVE-2011-3256
CVE-2011-3439
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CVE-2012-5668
CVE-2012-5669
CVE-2012-5670
CVE-2014-0004
CVE-2014-2240
CVE-2014-2241
CVE-2014-5461
CVE-2014-9656
CVE-2014-9657
CVE-2014-9658
CVE-2014-9659
CVE-2014-9660
CVE-2014-9661
CVE-2014-9662
CVE-2014-9663
CVE-2014-9664
CVE-2014-9665
CVE-2014-9666
CVE-2014-9667
CVE-2014-9668
CVE-2014-9669
CVE-2014-9670
CVE-2014-9671
CVE-2014-9672
CVE-2014-9673
CVE-2014-9674
CVE-2014-9675
CVE-2015-1196
CVE-2015-1395
CVE-2015-1396
CVE-2015-5185
CVE-2017-1000251
CVE-2017-2625
CVE-2018-0739
CVE-2019-10220
CVE-2019-12308
CVE-2019-12781
CVE-2019-14232
CVE-2019-14233
CVE-2019-14234
CVE-2019-14235
CVE-2019-17133
CVE-2019-18900
CVE-2020-1938
CVE-2020-3702
CVE-2020-6796
CVE-2020-6797
CVE-2020-6798
CVE-2020-6799
CVE-2020-6800
CVE-2020-6821
CVE-2020-6821
CVE-2020-6822
CVE-2020-6822
CVE-2020-6825
CVE-2020-6825
CVE-2020-6827
CVE-2020-6827
CVE-2020-6828
CVE-2020-6828
CVE-2020-8022
CVE-2021-3744
CVE-2021-3752
CVE-2021-3764
CVE-2021-40490
SUSE-SU-2017:2523-1
SUSE-SU-2018:0338-1
SUSE-SU-2018:0925-1
SUSE-SU-2019:2257-1
SUSE-SU-2020:0079-2
SUSE-SU-2020:0384-1
SUSE-SU-2020:0725-1
SUSE-SU-2020:0978-1
SUSE-SU-2020:1791-1
SUSE-SU-2021:3386-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • python-Twisted-17.9.0-lp151.3.6 is installed
  • OR python-Twisted-doc-17.9.0-lp151.3.6 is installed
  • OR python2-Twisted-17.9.0-lp151.3.6 is installed
  • OR python3-Twisted-17.9.0-lp151.3.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • gnutls-3.6.7-lp151.2.3 is installed
  • OR gnutls-guile-3.6.7-lp151.2.3 is installed
  • OR libgnutls-dane-devel-3.6.7-lp151.2.3 is installed
  • OR libgnutls-dane0-3.6.7-lp151.2.3 is installed
  • OR libgnutls-devel-3.6.7-lp151.2.3 is installed
  • OR libgnutls-devel-32bit-3.6.7-lp151.2.3 is installed
  • OR libgnutls30-3.6.7-lp151.2.3 is installed
  • OR libgnutls30-32bit-3.6.7-lp151.2.3 is installed
  • OR libgnutlsxx-devel-3.6.7-lp151.2.3 is installed
  • OR libgnutlsxx28-3.6.7-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libfreetype6-2.6.3-7.10 is installed
  • OR libfreetype6-32bit-2.6.3-7.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-68.5.0-109.106 is installed
  • OR MozillaFirefox-translations-common-68.5.0-109.106 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • bzip2-1.0.6-30.8 is installed
  • OR bzip2-doc-1.0.6-30.8 is installed
  • OR libbz2-1-1.0.6-30.8 is installed
  • OR libbz2-1-32bit-1.0.6-30.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_176-94_88-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_24-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libSoundTouch0-1.7.1-5.3 is installed
  • OR soundtouch-1.7.1-5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • apache2-mod_apparmor-2.8.2-49 is installed
  • OR apparmor-docs-2.8.2-49 is installed
  • OR apparmor-parser-2.8.2-49 is installed
  • OR apparmor-profiles-2.8.2-49 is installed
  • OR apparmor-utils-2.8.2-49 is installed
  • OR libapparmor1-2.8.2-49 is installed
  • OR libapparmor1-32bit-2.8.2-49 is installed
  • OR pam_apparmor-2.8.2-49 is installed
  • OR pam_apparmor-32bit-2.8.2-49 is installed
  • OR perl-apparmor-2.8.2-49 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • AND
  • kernel-default-4.12.14-122.91.2 is installed
  • OR kernel-default-base-4.12.14-122.91.2 is installed
  • OR kernel-default-devel-4.12.14-122.91.2 is installed
  • OR kernel-default-man-4.12.14-122.91.2 is installed
  • OR kernel-devel-4.12.14-122.91.2 is installed
  • OR kernel-macros-4.12.14-122.91.2 is installed
  • OR kernel-source-4.12.14-122.91.2 is installed
  • OR kernel-syms-4.12.14-122.91.2 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND
  • kernel-default-4.12.14-122.91.2 is installed
  • OR kernel-default-base-4.12.14-122.91.2 is installed
  • OR kernel-default-devel-4.12.14-122.91.2 is installed
  • OR kernel-default-man-4.12.14-122.91.2 is installed
  • OR kernel-devel-4.12.14-122.91.2 is installed
  • OR kernel-macros-4.12.14-122.91.2 is installed
  • OR kernel-source-4.12.14-122.91.2 is installed
  • OR kernel-syms-4.12.14-122.91.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND python-Django-1.11.23-3.12 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • mariadb-10.2.29-3.22 is installed
  • OR mariadb-galera-10.2.29-3.22 is installed
    • BACK