Oval Definition:oval:org.opensuse.security:def:70620
Revision Date:2020-12-01Version:1
Title:Security update for the Linux Kernel (Important)
Description:

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bug was fixed:

- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

The following non-security bugs were fixed:

- bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - ext4: handle read only external journal device (bsc#1176063). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - kabi: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). Replace patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-driver-devloss_tmo.patch with upstream version of the fix. - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes).
Family:unixClass:patch
Status:Reference(s):1058115
1065600
1065729
1071995
1085030
1136666
1148868
1152148
1152472
1152489
1153274
1154353
1154492
1155518
1155798
1156395
1157169
1158050
1158242
1158265
1158748
1158765
1158983
1159781
1159867
1160947
1161495
1162002
1162063
1162400
1162702
1164648
1164777
1164780
1165211
1165933
1165975
1166985
1167104
1167651
1167773
1168230
1168779
1168838
1168959
1169021
1169094
1169194
1169514
1169681
1169771
1170011
1170232
1170284
1170442
1170617
1170774
1170879
1170891
1170895
1171000
1171073
1171150
1171189
1171191
1171219
1171220
1171246
1171417
1171513
1171529
1171530
1171558
1171662
1171688
1171699
1171732
1171739
1171743
1171759
1171828
1171857
1171868
1171904
1171915
1171982
1171983
1171988
1172017
1172046
1172061
1172062
1172063
1172064
1172065
1172066
1172067
1172068
1172069
1172073
1172086
1172095
1172169
1172170
1172201
1172208
1172223
1172342
1172343
1172344
1172365
1172366
1172374
1172391
1172393
1172394
1172419
1172453
1172458
1172467
1172484
1172537
1172543
1172687
1172719
1172739
1172751
1172759
1172775
1172781
1172782
1172783
1172814
1172823
1172841
1172871
1172873
1172938
1172939
1172940
1172956
1172983
1172984
1172985
1172986
1172987
1172988
1172989
1172990
1172999
1173060
1173068
1173074
1173085
1173139
1173206
1173267
1173271
1173280
1173284
1173428
1173438
1173461
1173514
1173552
1173573
1173625
1173746
1173776
1173817
1173818
1173820
1173822
1173823
1173824
1173825
1173826
1173827
1173828
1173830
1173831
1173832
1173833
1173834
1173836
1173837
1173838
1173839
1173841
1173843
1173844
1173845
1173847
1173849
1173860
1173894
1173941
1174018
1174029
1174072
1174110
1174111
1174116
1174126
1174127
1174128
1174129
1174185
1174244
1174263
1174264
1174331
1174332
1174333
1174345
1174356
1174396
1174398
1174407
1174409
1174411
1174438
1174462
1174484
1174486
1174513
1174527
1174543
1174627
1175263
1175667
1175787
1175952
1175996
1175997
1175998
1175999
1176000
1176001
1176022
1176063
1176069
962849
CVE-2019-19462
CVE-2019-20810
CVE-2019-20812
CVE-2020-0305
CVE-2020-10135
CVE-2020-10711
CVE-2020-10732
CVE-2020-10751
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10773
CVE-2020-10781
CVE-2020-12656
CVE-2020-12769
CVE-2020-12771
CVE-2020-12888
CVE-2020-13143
CVE-2020-13974
CVE-2020-14386
CVE-2020-14416
CVE-2020-15393
CVE-2020-15780
Platform(s):SUSE Linux Enterprise Module for Live Patching 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.9 is installed
  • OR kernel-default-livepatch-5.3.18-24.9 is installed
  • OR kernel-default-livepatch-devel-5.3.18-24.9 is installed
  • OR kernel-livepatch-5_3_18-24_9-default-1-5.3 is installed
  • OR kernel-livepatch-SLE15-SP2_Update_1-1-5.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-azure-5.3.18-18.18 is installed
  • OR dlm-kmp-azure-5.3.18-18.18 is installed
  • OR gfs2-kmp-azure-5.3.18-18.18 is installed
  • OR kernel-azure-5.3.18-18.18 is installed
  • OR kernel-azure-extra-5.3.18-18.18 is installed
  • OR kernel-azure-livepatch-devel-5.3.18-18.18 is installed
  • OR kselftests-kmp-azure-5.3.18-18.18 is installed
  • OR ocfs2-kmp-azure-5.3.18-18.18 is installed
  • OR reiserfs-kmp-azure-5.3.18-18.18 is installed
  • BACK