Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:0348-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-25639 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-25639 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-27835 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27835 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-28374 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-28374 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-29568 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-29568 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2020-29569 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2020-29569 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2020-36158 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-36158 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-0342 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-0342 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-20177 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-20177 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-3347 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-3347 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves nine vulnerabilities and has 75 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
  • CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).
  • CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812)
  • CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
  • CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
  • CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
  • CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
  • CVE-2020-36158: Fixed an issue wich might have allowed a remote attackers to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).
  • CVE-2020-28374: Fixed a vulnerability caused by insufficient identifier checking in the LIO SCSI target code. This could have been used by a remote attackers to read or write files via directory traversal in an XCOPY request (bnc#1178372).

The following non-security bugs were fixed:

  • ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes).
  • ACPICA: Do not increment operation_region reference counts for field units (git-fixes).
  • ACPI: PNP: compare the string length in the matching_id() (git-fixes).
  • ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes).
  • ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes).
  • ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes).
  • ALSA: ca0106: fix error code handling (git-fixes).
  • ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes).
  • ALSA: doc: Fix reference to mixart.rst (git-fixes).
  • ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).
  • ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes).
  • ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).
  • ALSA: hda: Fix potential race in unsol event handler (git-fixes).
  • ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).
  • ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
  • ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).
  • ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).
  • ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).
  • ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).
  • ALSA: hda/via: Add minimum mute flag (git-fixes).
  • ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
  • ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
  • ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
  • ALSA: line6: Perform sanity check for each URB creation (git-fixes).
  • ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).
  • ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
  • ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
  • ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).
  • ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes).
  • ALSA: timer: Limit max amount of slave instances (git-fixes).
  • ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
  • ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
  • ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
  • ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
  • ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
  • ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
  • ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
  • ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes).
  • ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes).
  • ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).
  • ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).
  • ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).
  • ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
  • ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
  • ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes).
  • arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130).
  • arm64: pgtable: Fix pte_accessible() (bsc#1180130).
  • ASoC: dapm: remove widget from dirty list on free (git-fixes).
  • ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes).
  • ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
  • ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).
  • ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).
  • ASoC: sti: fix possible sleep-in-atomic (git-fixes).
  • ASoC: wm8904: fix regcache handling (git-fixes).
  • ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).
  • ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes).
  • ath10k: fix backtrace on coredump (git-fixes).
  • ath10k: fix get invalid tx rate for Mesh metric (git-fixes).
  • ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes).
  • ath9k_htc: Discard undersized packets (git-fixes).
  • ath9k_htc: Modify byte order for an error message (git-fixes).
  • ath9k_htc: Silence undersized packet warnings (git-fixes).
  • ath9k_htc: Use appropriate rs_datalen type (git-fixes).
  • backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes).
  • Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).
  • Bluetooth: Fix advertising duplicated flags (git-fixes).
  • bnxt_en: Do not query FW when netif_running() is false (bsc#1086282).
  • bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ).
  • bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
  • bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ).
  • bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745).
  • bnxt_en: Improve stats context resource accounting with RDMA driver loaded (bsc#1104745).
  • bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
  • bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes).
  • bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282).
  • bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745).
  • bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).
  • btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206).
  • btrfs: add a flag to iterate_inodes_from_logical to find all
  • btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
  • btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
  • btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
  • btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).
  • caif: no need to check return value of debugfs_create functions (git-fixes).
  • can: c_can: c_can_power_up(): fix error handling (git-fixes).
  • can: dev: prevent potential information leak in can_fill_info() (git-fixes).
  • can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
  • cfg80211: initialize rekey_data (git-fixes).
  • cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
  • chelsio/chtls: correct function return and return type (bsc#1104270).
  • chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ).
  • chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ).
  • chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ).
  • chelsio/chtls: fix deadlock issue (bsc#1104270).
  • chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ).
  • chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ).
  • chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ).
  • chelsio/chtls: fix socket lock (bsc#1104270).
  • chelsio/chtls: fix tls record info to user (bsc#1104270 ).
  • chtls: Added a check to avoid NULL pointer dereference (bsc#1104270).
  • chtls: Fix chtls resources release sequence (bsc#1104270 ).
  • chtls: Fix hardware tid leak (bsc#1104270).
  • chtls: Remove invalid set_tcb call (bsc#1104270).
  • chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ).
  • clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).
  • clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
  • clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).
  • clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes).
  • clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).
  • clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).
  • clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
  • clk: tegra: Fix duplicated SE clock entry (git-fixes).
  • clk: tegra: Fix Tegra PMC clock out parents (git-fixes).
  • clk: ti: composite: fix memory leak (git-fixes).
  • clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).
  • clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
  • clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).
  • cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#1109837).
  • cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
  • cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540 bsc#1046542).
  • cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
  • cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129).
  • cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648).
  • cxgb4: fix SGE queue dump destination buffer context (bsc#1073513).
  • cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129).
  • cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277).
  • cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#1127371).
  • cxgb4: move DCB version extern to header file (bsc#1104279 ).
  • cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220).
  • cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129).
  • cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc#1066129).
  • cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#1046648).
  • dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes).
  • dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).
  • docs: Fix reST markup when linking to sections (git-fixes).
  • drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes).
  • drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes).
  • drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting changes: * context changes
  • drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
  • drm/atomic: put state on error path (git-fixes).
  • drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770)
  • drm/i915: Check for all subplatform bits (git-fixes).
  • drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting changes: * context changes
  • drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: * context changes
  • drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770) Backporting changes: * context changes * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc
  • drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770) Backporting changes: * context changes * removed reference to msm_gem_is_locked()
  • drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting changes: * context changes
  • drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).
  • drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes).
  • drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).
  • drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting changes: * context changes
  • drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
  • drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
  • drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178) Backporting changes: * context changes
  • EDAC/amd64: Fix PCI component registration (bsc#1112178).
  • ehci: fix EHCI host controller initialization sequence (git-fixes).
  • ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).
  • fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console
  • fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes
  • firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes).
  • floppy: reintroduce O_NDELAY fix (boo#1181018).
  • futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
  • futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).
  • futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
  • futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
  • futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
  • futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
  • futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
  • futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).
  • geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).
  • gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).
  • gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes).
  • gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes).
  • gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes).
  • gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes).
  • gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).
  • gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes).
  • gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes).
  • gpiolib: fix up emulated open drain outputs (git-fixes).
  • gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).
  • gpio: max77620: Fixup debounce delays (git-fixes).
  • gpio: max77620: Use correct unit for debounce times (git-fixes).
  • gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).
  • gpio: mvebu: fix potential user-after-free on probe (git-fixes).
  • HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).
  • HID: core: check whether Usage Page item is after Usage ID items (git-fixes).
  • HID: core: Correctly handle ReportSize being zero (git-fixes).
  • HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).
  • HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).
  • HID: Improve Windows Precision Touchpad detection (git-fixes).
  • HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes).
  • HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes).
  • hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).
  • hwmon: (jc42) Fix name to have no illegal characters (git-fixes).
  • i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
  • i2c: i801: Fix resume bug (git-fixes).
  • i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).
  • i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes).
  • i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes).
  • i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
  • i40e: avoid premature Rx buffer reuse (bsc#1111981).
  • i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).
  • IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#1103991).
  • igb: Report speed and duplex as unknown when device is runtime suspended (git-fixes).
  • igc: fix link speed advertising (jsc#SLE-4799).
  • iio: ad5504: Fix setting power-down state (git-fixes).
  • iio: adc: max1027: Reset the device at probe time (git-fixes).
  • iio: bmp280: fix compensation of humidity (git-fixes).
  • iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).
  • iio: fix center temperature of bmc150-accel-core (git-fixes).
  • iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes).
  • iio:imu:bmi160: Fix too large a buffer (git-fixes).
  • iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes).
  • iio: srf04: fix wrong limitation in distance measuring (git-fixes).
  • Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).
  • Input: cm109 - do not stomp on control URB (git-fixes).
  • Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes).
  • Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes).
  • Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).
  • Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes).
  • Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).
  • iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191).
  • iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191).
  • ipw2x00: Fix -Wcast-function-type (git-fixes).
  • irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes).
  • iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).
  • iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).
  • iwlwifi: pcie: limit memory read spin time (git-fixes).
  • ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ).
  • ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837).
  • kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
  • kABI workaround for HD-audio generic parser (git-fixes).
  • KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
  • KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (bsc#1181230).
  • lockd: do not use interval-based rebinding over TCP (git-fixes).
  • locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032).
  • mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).
  • mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes).
  • mac80211: fix authentication with iwlwifi/mvm (git-fixes).
  • mac80211: fix use of skb payload instead of header (git-fixes).
  • md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
  • md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
  • md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
  • md/cluster: block reshape with remote resync job (bsc#1163727).
  • md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
  • md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
  • md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
  • md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
  • md: fix a warning caused by a race between concurrent md_ioctl()s (git-fixes).
  • md/raid10: initialize r10_bio->read_slot before use (git-fixes).
  • media: am437x-vpfe: Setting STD to current value is not an error (git-fixes).
  • media: cec-funcs.h: add status_req checks (git-fixes).
  • media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes).
  • media: gp8psk: initialize stats at power control logic (git-fixes).
  • media: gspca: Fix memory leak in probe (git-fixes).
  • media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).
  • media: i2c: ov2659: Fix missing 720p register config (git-fixes).
  • media: i2c: ov2659: fix s_stream return value (git-fixes).
  • media: msi2500: assign SPI bus number dynamically (git-fixes).
  • media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).
  • media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes).
  • media: si470x-i2c: add missed operations in remove (git-fixes).
  • media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes).
  • media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).
  • media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes).
  • media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes).
  • media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes).
  • media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes).
  • media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes).
  • media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).
  • media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).
  • media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes).
  • mei: bus: do not clean driver pointer (git-fixes).
  • mei: protect mei_cl_mtu from null dereference (git-fixes).
  • mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
  • misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).
  • misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
  • mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).
  • mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#1112374).
  • mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes).
  • mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (bsc#1112374).
  • mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes).
  • mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
  • mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)).
  • mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/hwpoison)).
  • mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/hotplug)).
  • mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git fixes (mm/pgalloc)).
  • mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git fixes (mm/hmm)).
  • mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)).
  • module: delay kobject uevent until after module init call (bsc#1178631).
  • net/af_iucv: always register net_device notifier (git-fixes).
  • net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#190108).
  • net/af_iucv: set correct sk_protocol for child sockets (git-fixes).
  • net: atlantic: fix potential error handling (git-fixes).
  • net: atlantic: fix use after free kasan warn (git-fixes).
  • net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
  • net: bcmgenet: reapply manual settings to the PHY (git-fixes).
  • net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes).
  • net: cbs: Fix software cbs to consider packet sending time (bsc#1109837).
  • net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
  • net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
  • net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).
  • net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes).
  • net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes).
  • net_failover: fixed rollback in net_failover_open() (bsc#1109837).
  • net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc#1109837).
  • net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
  • net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353).
  • net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE (git-fixes).
  • net: hns3: add management table after IMP reset (bsc#1104353 ).
  • net: hns3: check reset interrupt status when reset fails (git-fixes).
  • net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes).
  • net: hns3: fix a TX timeout issue (bsc#1104353).
  • net: hns3: fix a wrong reset interrupt status mask (git-fixes).
  • net: hns3: fix error handling for desc filling (bsc#1104353 ).
  • net: hns3: fix error VF index when setting VLAN offload (bsc#1104353).
  • net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390).
  • net: hns3: fix interrupt clearing error for VF (bsc#1104353 ).
  • net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353).
  • net: hns3: fix shaper parameter algorithm (bsc#1104353 ).
  • net: hns3: fix the number of queues actually used by ARQ (bsc#1104353).
  • net: hns3: fix use-after-free when doing self test (bsc#1104353 ).
  • net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353).
  • __netif_receive_skb_core: pass skb by reference (bsc#1109837).
  • net/liquidio: Delete driver version assignment (git-fixes).
  • net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes).
  • net/mlx4_en: Avoid scheduling restart task if it is already running (git-fixes).
  • net/mlx5: Add handling of port type in rule deletion (bsc#1103991).
  • net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#1103990).
  • net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).
  • net/mlx5e: Fix two double free cases (bsc#1046305).
  • net/mlx5e: Fix VLAN cleanup flow (git-fixes).
  • net/mlx5e: Fix VLAN create flow (git-fixes).
  • net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#1075020).
  • net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ).
  • net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305).
  • net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ).
  • net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#1098633).
  • net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633).
  • net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes).
  • net: phy: Avoid multiple suspends (git-fixes).
  • net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes).
  • net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
  • net: phy: micrel: make sure the factory test bit is cleared (git-fixes).
  • net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
  • net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels (bsc#1109837).
  • net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc#1056787).
  • net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
  • net/smc: cancel event worker during device removal (git-fixes).
  • net/smc: check for valid ib_client_data (git-fixes).
  • net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).
  • net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
  • net/smc: receive returns without data (git-fixes).
  • net/sonic: Add mutual exclusion for accessing shared state (git-fixes).
  • net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
  • net: stmmac: Do not accept invalid MTU values (git-fixes).
  • net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).
  • net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).
  • net: stmmac: Enable 16KB buffer size (git-fixes).
  • net: stmmac: fix length of PTP clock's name string (git-fixes).
  • net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes).
  • net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
  • net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes).
  • net: team: fix memory leak in __team_options_register (git-fixes).
  • net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
  • net: usb: lan78xx: Fix error message format specifier (git-fixes).
  • net: usb: sr9800: fix uninitialized local variable (git-fixes).
  • net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes).
  • nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).
  • NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
  • nfp: validate the return code from dev_queue_xmit() (git-fixes).
  • NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (git-fixes).
  • nfs_common: need lock during iterate through the list (git-fixes).
  • nfsd4: r