Security update for the Linux Kernel

Announcement ID: SUSE-SU-2020:3273-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-25656 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-25656 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-25705 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-25705 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-8694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • Basesystem Module 15-SP2
  • Development Tools Module 15-SP2
  • Legacy Module 15-SP2
  • SUSE Linux Enterprise Desktop 15 SP2
  • SUSE Linux Enterprise High Availability Extension 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise Live Patching 15-SP2
  • SUSE Linux Enterprise Real Time 15 SP2
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Linux Enterprise Workstation Extension 15 SP2
  • SUSE Manager Proxy 4.1
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1

An update that solves three vulnerabilities and has 25 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bug fixes.

The following security bugs were fixed:

  • CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
  • CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
  • CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)

The following non-security bugs were fixed:

  • act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24).
  • ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
  • ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).
  • block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes).
  • Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes).
  • Bluetooth: Only mark socket zapped after unlocking (git-fixes).
  • bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes).
  • bonding: show saner speed for broadcast mode (networking-stable-20_08_24).
  • brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
  • brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
  • btrfs: allocate scrub workqueues outside of locks (bsc#1178183).
  • btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
  • btrfs: drop path before adding new uuid tree entry (bsc#1178176).
  • btrfs: fix filesystem corruption after a device replace (bsc#1178395).
  • btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).
  • btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).
  • btrfs: fix space cache memory leak after transaction abort (bsc#1178173).
  • btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395).
  • btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395).
  • btrfs: set the correct lockdep class for new nodes (bsc#1178184).
  • btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).
  • can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).
  • ceph: promote to unsigned long long before shifting (bsc#1178175).
  • crypto: ccp - fix error handling (git-fixes).
  • cxgb4: fix memory leak during module unload (networking-stable-20_09_24).
  • cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24).
  • Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes
  • Disable module compression on SLE15 SP2 (bsc#1178307)
  • dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).
  • eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
  • futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).
  • futex: Consistently use fshared as boolean (bsc#1149032).
  • futex: Fix incorrect should_fail_futex() handling (bsc#1149032).
  • futex: Remove put_futex_key() (bsc#1149032).
  • futex: Remove unused or redundant includes (bsc#1149032).
  • gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).
  • gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).
  • HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).
  • ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
  • ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
  • icmp: randomize the global rate limiter (git-fixes).
  • ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).
  • ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24).
  • ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).
  • ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24).
  • ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24).
  • ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11).
  • ipvlan: fix device features (networking-stable-20_08_24).
  • kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes).
  • kbuild: enforce -Werror=return-type (bsc#1177281).
  • KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes).
  • libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177).
  • mac80211: handle lack of sband->bitrates in rates (git-fixes).
  • mailbox: avoid timer start from callback (git-fixes).
  • media: ati_remote: sanity check for both endpoints (git-fixes).
  • media: bdisp: Fix runtime PM imbalance on error (git-fixes).
  • media: exynos4-is: Fix a reference count leak (git-fixes).
  • media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).
  • media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).
  • media: firewire: fix memory leak (git-fixes).
  • media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).
  • media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes).
  • media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes).
  • media: media/pci: prevent memory leak in bttv_probe (git-fixes).
  • media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).
  • media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
  • media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes).
  • media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).
  • media: saa7134: avoid a shift overflow (git-fixes).
  • media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
  • media: sti: Fix reference count leaks (git-fixes).
  • media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
  • media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).
  • media: vsp1: Fix runtime PM imbalance on error (git-fixes).
  • mic: vop: copy data to kernel space then write to io memory (git-fixes).
  • misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
  • misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).
  • mm: fix a race during THP splitting (bsc#1178255).
  • mm: madvise: fix vma user-after-free (git-fixes).
  • mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
  • module: Correctly truncate sysfs sections output (git-fixes).
  • module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).
  • module: Refactor section attr into bin attribute (git-fixes).
  • module: statically initialize init section freeing data (git-fixes).
  • mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).
  • net/core: check length before updating Ethertype in skb_mpls_{push,pop} (git-fixes).
  • net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).
  • net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24).
  • net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24).
  • net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24).
  • net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24).
  • net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24).
  • net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24).
  • net: disable netpoll on fresh napis (networking-stable-20_09_11).
  • net: dsa: b53: check for timeout (networking-stable-20_08_24).
  • net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24).
  • net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24).
  • net: Fix bridge enslavement failure (networking-stable-20_09_24).
  • net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).
  • net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).
  • net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).
  • net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24).
  • net: lantiq: Use napi_complete_done() (networking-stable-20_09_24).
  • net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24).
  • net: lantiq: Wake TX queue again (networking-stable-20_09_24).
  • net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).
  • net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24).
  • net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).
  • net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24).
  • net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24).
  • net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).
  • net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).
  • net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
  • net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).
  • netlabel: fix problems with mapping removal (networking-stable-20_09_11).
  • nfp: use correct define to return NONE fec (networking-stable-20_09_24).
  • PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).
  • r8169: fix issue with forced threading in combination with shared interrupts (git-fixes).
  • rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files.
  • rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
  • rtl8xxxu: prevent potential memory leak (git-fixes).
  • rtw88: increse the size of rx buffer size (git-fixes).
  • s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733).
  • s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).
  • scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).
  • sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).
  • selftests/timers: Turn off timeout setting (git-fixes).
  • spi: spi-s3c64xx: Check return values (git-fixes).
  • spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes).
  • taprio: Fix allowing too small intervals (networking-stable-20_09_24).
  • time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648).
  • tipc: fix memory leak caused by tipc_buf_append() (git-fixes).
  • tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24).
  • tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).
  • tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).
  • tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).
  • tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).
  • tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).
  • tty: ipwireless: fix error handling (git-fixes).
  • tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).
  • usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
  • usb: cdc-acm: handle broken union descriptors (git-fixes).
  • usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).
  • usb: core: Solve race condition in anchor cleanup functions (git-fixes).
  • usb: dwc3: simple: add support for Hikey 970 (git-fixes).
  • usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).
  • usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes).
  • usb: ohci: Default to per-port over-current protection (git-fixes).
  • x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).
  • xen/gntdev.c: Mark pages as dirty (bsc#1065600).
  • xfs: fix high key handling in the rt allocator's query_range function (git-fixes).
  • xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes).
  • xfs: limit entries returned when counting fsmap records (git-fixes).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3273=1
  • Development Tools Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3273=1
  • Legacy Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3273=1
  • SUSE Linux Enterprise Live Patching 15-SP2
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3273=1
    Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.
  • SUSE Linux Enterprise High Availability Extension 15 SP2
    zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3273=1
  • SUSE Linux Enterprise Workstation Extension 15 SP2
    zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3273=1

Package List:

  • Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-5.3.18-24.37.1
    • kernel-default-base-5.3.18-24.37.1.9.13.1
    • kernel-default-devel-debuginfo-5.3.18-24.37.1
    • kernel-default-devel-5.3.18-24.37.1
    • kernel-default-debugsource-5.3.18-24.37.1
  • Basesystem Module 15-SP2 (noarch)
    • kernel-devel-5.3.18-24.37.1
    • kernel-macros-5.3.18-24.37.1
  • Basesystem Module 15-SP2 (aarch64 nosrc x86_64)
    • kernel-preempt-5.3.18-24.37.1
  • Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-5.3.18-24.37.1
  • Basesystem Module 15-SP2 (aarch64 x86_64)
    • kernel-preempt-debuginfo-5.3.18-24.37.1
    • kernel-preempt-debugsource-5.3.18-24.37.1
  • Development Tools Module 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-obs-build-5.3.18-24.37.1
    • kernel-obs-build-debugsource-5.3.18-24.37.1
    • kernel-syms-5.3.18-24.37.1
  • Development Tools Module 15-SP2 (noarch)
    • kernel-source-5.3.18-24.37.1
  • Development Tools Module 15-SP2 (noarch nosrc)
    • kernel-docs-5.3.18-24.37.1
  • Development Tools Module 15-SP2 (nosrc)
    • kernel-preempt-5.3.18-24.37.1
  • Development Tools Module 15-SP2 (aarch64 x86_64)
    • kernel-preempt-debuginfo-5.3.18-24.37.1
    • kernel-preempt-debugsource-5.3.18-24.37.1
    • kernel-preempt-devel-debuginfo-5.3.18-24.37.1
    • kernel-preempt-devel-5.3.18-24.37.1
  • Legacy Module 15-SP2 (nosrc)
    • kernel-default-5.3.18-24.37.1
  • Legacy Module 15-SP2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-5.3.18-24.37.1
    • reiserfs-kmp-default-5.3.18-24.37.1
    • kernel-default-debugsource-5.3.18-24.37.1
    • reiserfs-kmp-default-debuginfo-5.3.18-24.37.1
  • SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
    • kernel-livepatch-5_3_18-24_37-default-debuginfo-1-5.3.1
    • kernel-default-livepatch-devel-5.3.18-24.37.1
    • kernel-default-debuginfo-5.3.18-24.37.1
    • kernel-livepatch-SLE15-SP2_Update_7-debugsource-1-5.3.1
    • kernel-default-livepatch-5.3.18-24.37.1
    • kernel-livepatch-5_3_18-24_37-default-1-5.3.1
    • kernel-default-debugsource-5.3.18-24.37.1
  • SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
    • kernel-default-5.3.18-24.37.1
  • SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
    • dlm-kmp-default-5.3.18-24.37.1
    • kernel-default-debuginfo-5.3.18-24.37.1
    • cluster-md-kmp-default-5.3.18-24.37.1
    • ocfs2-kmp-default-5.3.18-24.37.1
    • gfs2-kmp-default-debuginfo-5.3.18-24.37.1
    • gfs2-kmp-default-5.3.18-24.37.1
    • ocfs2-kmp-default-debuginfo-5.3.18-24.37.1
    • cluster-md-kmp-default-debuginfo-5.3.18-24.37.1
    • kernel-default-debugsource-5.3.18-24.37.1
    • dlm-kmp-default-debuginfo-5.3.18-24.37.1
  • SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
    • kernel-default-5.3.18-24.37.1
  • SUSE Linux Enterprise Workstation Extension 15 SP2 (x86_64)
    • kernel-default-extra-5.3.18-24.37.1
    • kernel-default-debugsource-5.3.18-24.37.1
    • kernel-default-debuginfo-5.3.18-24.37.1
    • kernel-default-extra-debuginfo-5.3.18-24.37.1
  • SUSE Linux Enterprise Workstation Extension 15 SP2 (nosrc)
    • kernel-default-5.3.18-24.37.1

References: