Revision Date: | 2020-12-01 | Version: | 1 |
Title: | Security update for the Linux Kernel (Important) |
Description: |
The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206). - CVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121). - CVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).
The following non-security bugs were fixed:
- 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes). - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019). - btrfs: block-group: refactor how we delete one block group item (bsc#1176019). - btrfs: block-group: refactor how we insert a block group item (bsc#1176019). - btrfs: block-group: refactor how we read one block group item (bsc#1176019). - btrfs: block-group: rename write_one_cache_group() (bsc#1176019). - btrfs: do not take an extra root ref at allocation time (bsc#1176019). - btrfs: drop logs when we've aborted a transaction (bsc#1176019). - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019). - btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019). - btrfs: free block groups after free'ing fs trees (bsc#1176019). - btrfs: hold a ref on the root on the dead roots list (bsc#1176019). - btrfs: kill the subvol_srcu (bsc#1176019). - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019). - btrfs: make inodes hold a ref on their roots (bsc#1176019). - btrfs: make the extent buffer leak check per fs info (bsc#1176019). - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019). - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019). - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019). - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019). - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019). - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019). - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes). - clk: tegra: Always program PLL_E when enabled (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes). - cpuidle: Poll for a minimum of 30ns and poll for a tick if lower c-states are disabled (bnc#1176588). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: ecdh - check validity of Z before export (bsc#1175718). - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes). - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (bsc#1177384). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193). - gpio: mockup: fix resource leak in error path (git-fixes). - gpio: rcar: Fix runtime PM imbalance on error (git-fixes). - gpio: siox: explicitly support only threaded irqs (git-fixes). - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes). - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes). - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes). - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes). - i2c: tegra: Restore pinmux on system resume (git-fixes). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297). - iommu/amd: Fix potential @entry null deref (bsc#1177283). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286). - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - leds: mlxreg: Fix possible buffer overflow (git-fixes). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: skip mpath lookup also for control port tx (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mmc: core: Rework wp-gpio handling (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mt76: add missing locking around ampdu action (git-fixes). - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes). - mt76: do not use devm API for led classdev (git-fixes). - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes). - mt76: fix LED link time failure (git-fixes). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes). - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes). - nfs: Fix security label length not being reset (bsc#1176381). - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes). - PCI: tegra: Fix runtime PM imbalance on error (git-fixes). - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes). - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes). - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - power: supply: max17040: Correct voltage reading (git-fixes). - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675). - rtc: ds1374: fix possible race condition (git-fixes). - rtc: sa1100: fix possible race condition (git-fixes). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Avoid creating large imbalances at task creation time (bnc#1176588). - sched/numa: Check numa balancing information only when enabled (bnc#1176588). - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: uartps: Wait for tx_empty in console setup (git-fixes). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes). - thermal: rcar_thermal: Handle probe error gracefully (git-fixes). - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194). - usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes). - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - yam: fix possible memory leak in yam_init_driver (git-fixes).
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1065600 1155798 1168468 1171675 1175599 1175718 1176019 1176381 1176588 1176979 1177027 1177121 1177193 1177194 1177206 1177258 1177283 1177284 1177285 1177286 1177297 1177384 1177511 954532 CVE-2014-0104 CVE-2020-25212 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 SUSE-SU-2020:3230-1
|
Platform(s): | SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise Module for Realtime packages 15 SP2
| Product(s): | |
Definition Synopsis |
SUSE Linux Enterprise High Availability 15 SP1 is installed AND Package Information
fence-agents-4.2.1+git.1537269352.7b1fd536-5 is installed
OR fence-agents-devel-4.2.1+git.1537269352.7b1fd536-5 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Realtime packages 15 SP2 is installed
AND Package Information
cluster-md-kmp-rt-5.3.18-13 is installed
OR dlm-kmp-rt-5.3.18-13 is installed
OR gfs2-kmp-rt-5.3.18-13 is installed
OR kernel-devel-rt-5.3.18-13 is installed
OR kernel-rt-5.3.18-13 is installed
OR kernel-rt-devel-5.3.18-13 is installed
OR kernel-rt_debug-5.3.18-13 is installed
OR kernel-rt_debug-devel-5.3.18-13 is installed
OR kernel-source-rt-5.3.18-13 is installed
OR kernel-syms-rt-5.3.18-13 is installed
OR ocfs2-kmp-rt-5.3.18-13 is installed
|