Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2020:2102-1
Rating: important
References: #1065729 #1152472 #1152489 #1153274 #1154353 #1154488 #1155518 #1155798 #1165933 #1167773 #1168959 #1169771 #1171857 #1171988 #1172201 #1173074 #1173849 #1173941 #1174072 #1174116 #1174126 #1174127 #1174128 #1174129 #1174185 #1174205 #1174247 #1174263 #1174264 #1174331 #1174332 #1174333 #1174356 #1174362 #1174396 #1174398 #1174407 #1174409 #1174411 #1174438 #1174462 #1174513 #1174527 #1174627 #1174645
Cross-References:CVE-2020-0305 CVE-2020-10135 CVE-2020-10781 CVE-2020-14331
Affected Products:
  • SUSE Linux Enterprise Module for Public Cloud 15-SP2

An update that solves four vulnerabilities and has 41 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074).
  • CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
  • CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988).
  • CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update() (bnc#1174205).

The following non-security bugs were fixed:
  • ACPICA: Dispatcher: add status checks (git-fixes).
  • ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes).
  • ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes).
  • ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes).
  • ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261).
  • ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes).
  • ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes).
  • ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes).
  • ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes).
  • ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes).
  • ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes).
  • ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes).
  • ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
  • ALSA: line6: Perform sanity check for each URB creation (git-fixes).
  • ALSA: line6: Sync the pending work cancel at disconnection (git-fixes).
  • ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes).
  • ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes).
  • apparmor: ensure that dfa state tables have entries (git-fixes).
  • apparmor: fix introspection of of task mode for unconfined tasks (git-fixes).
  • apparmor: Fix memory leak of profile proxy (git-fixes).
  • apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes).
  • apparmor: remove useless aafs_create_symlink (git-fixes).
  • arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398).
  • arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398).
  • ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes).
  • ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes).
  • ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes).
  • ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes).
  • ASoC: rt286: fix unexpected interrupt happens (git-fixes).
  • ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes).
  • ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
  • ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
  • ASoC: rt5682: Report the button event in the headset type only (git-fixes).
  • ASoC: topology: fix kernel oops on route addition error (git-fixes).
  • ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes).
  • ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes).
  • ASoC: wm8974: remove unsupported clock mode (git-fixes).
  • ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes).
  • ath9k: Fix regression with Atheros 9271 (git-fixes).
  • ax88172a: fix ax88172a_unbind() failures (git-fixes).
  • blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() (bsc#1165933).
  • bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274).
  • bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518).
  • brcmfmac: Transform compatible string for FW loading (bsc#1169771).
  • bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10).
  • bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes).
  • btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438).
  • btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438).
  • btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438).
  • btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438).
  • btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438).
  • btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438).
  • btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
  • bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes).
  • dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16).
  • devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
  • /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
  • /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
  • dmaengine: dmatest: stop completed threads when running without set channel (git-fixes).
  • dmaengine: dw: Initialize channel before each transfer (git-fixes).
  • dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes).
  • dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes).
  • dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes).
  • dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes).
  • dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes).
  • dm: do not use waitqueue for request-based DM (bsc#1165933).
  • dpaa_eth: FMan erratum A050385 workaround (bsc#1174396).
  • dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396).
  • drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes).
  • drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes).
  • drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes).
  • drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes).
  • drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes).
  • drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472)
  • drm/exynos: fix ref count leak in mic_pre_enable (git-fixes).
  • drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes).
  • drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489)
  • drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes).
  • drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489)
  • drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489)
  • drm: mcde: Fix display initialization problem (git-fixes).
  • drm/mediatek: Check plane visibility in atomic_update (git-fixes).
  • drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes).
  • drm/msm: fix potential memleak in error branch (git-fixes).
  • drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes).
  • drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes).
  • drm/radeon: fix double free (git-fixes).
  • drm: sun4i: hdmi: Fix inverted HPD result (git-fixes).
  • drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes).
  • drm/tegra: hub: Do not enable orphaned window group (git-fixes).
  • exfat: add missing brelse() calls on error paths (git-fixes).
  • exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes).
  • exfat: fix memory leak in exfat_parse_param() (git-fixes).
  • exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes).
  • fpga: dfl: fix bug in port reset handshake (git-fixes).
  • fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file
  • fuse: copy_file_range should truncate cache (git-fixes).
  • fuse: fix copy_file_range cache issues (git-fixes).
  • geneve: fix an uninitialized value in geneve_changelink() (git-fixes).
  • gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes).
  • gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes).
  • gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes).
  • gpu: host1x: Detach driver on unregister (git-fixes).
  • habanalabs: increase timeout during reset (git-fixes).
  • HID: logitech-hidpp: avoid repeated "multiplier = " log messages (git-fixes).
  • HID: magicmouse: do not set up autorepeat (git-fixes).
  • HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes).
  • HID: quirks: Ignore Simply Automated UPB PIM (git-fixes).
  • HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes).
  • hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes).
  • hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes).
  • hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes).
  • i2c: eg20t: Load module automatically if ID matches (git-fixes).
  • i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes).
  • i2c: rcar: always clear ICSAR to avoid side effects (git-fixes).
  • i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes).
  • i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes).
  • i40iw: fix null pointer dereference on a null wqe pointer (git-fixes).
  • i40iw: Report correct firmware version (git-fixes).
  • IB/cma: Fix ports memory leak in cma_configfs (git-fixes).
  • IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes).
  • IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409).
  • IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409).
  • IB/hfi1: Ensure pq is not left on waitlist (git-fixes).
  • IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411).
  • IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes).
  • IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407).
  • IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes).
  • IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes).
  • IB/mad: Fix use after free when destroying MAD agent (git-fixes).
  • IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes).
  • IB/mlx5: Fix 50G per lane indication (git-fixes).
  • IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes).
  • IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes).
  • IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes).
  • IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes).
  • IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes).
  • IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes).
  • ieee802154: fix one possible memleak in adf7242_probe (git-fixes).
  • iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes).
  • iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes).
  • iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes).
  • iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes).
  • iio:humidity:hts221 Fix alignment and data leak issues (git-fixes).
  • iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes).
  • iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes).
  • iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes).
  • iio:pressure:ms5611 Fix buffer element alignment (git-fixes).
  • iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes).
  • Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes).
  • Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes).
  • Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes).
  • Input: mms114 - add extra compatible for mms345l (git-fixes).
  • intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes).
  • intel_th: pci: Add Emmitsburg PCH support (git-fixes).
  • intel_th: pci: Add Jasper Lake CPU support (git-fixes).
  • intel_th: pci: Add Tiger Lake PCH-H support (git-fixes).
  • iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126).
  • iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127).
  • iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128).
  • ionic: centralize queue reset code (bsc#1167773).
  • ionic: fix up filter locks and debug msgs (bsc#1167773).
  • ionic: keep rss hash after fw update (bsc#1167773).
  • ionic: update filter id after replay (bsc#1167773).
  • ionic: update the queue count on open (bsc#1167773).
  • ionic: use mutex to protect queue operations (bsc#1167773).
  • ionic: use offset for ethtool regs data (bsc#1167773).
  • kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
  • keys: asymmetric: fix error return code in software_key_query() (git-fixes).
  • KVM: nVMX: always update CR3 in VMCS (git-fixes).
  • l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07).
  • l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
  • lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331).
  • media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes).
  • mei: bus: do not clean driver pointer (git-fixes).
  • mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602).
  • mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488).
  • mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10).
  • mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes).
  • mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes).
  • mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527).
  • nbd: Fix memory leak in nbd_add_socket (git-fixes).
  • net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07).
  • net: check untrusted gso_size at kernel entry (networking-stable-20_06_07).
  • netdevsim: fix unbalaced locking in nsim_create() (git-fixes).
  • net: dsa: bcm_sf2: Fix node reference count (git-fixes).
  • net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10).
  • netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857).
  • netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857).
  • netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857).
  • netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857).
  • net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398).
  • net: hns3: check reset pending after FLR prepare (bsc#1154353).
  • net: hns3: fix error handling for desc filling (git-fixes).
  • net: hns3: fix for not calculating TX BD send size correctly (git-fixes).
  • net: hns3: fix return value error when query MAC link status fail (git-fixes).
  • net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353).
  • net: macb: call pm_runtime_put_sync on failure path (git-fixes).
  • net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16).
  • net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464).
  • net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16).
  • net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464).
  • net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16).
  • net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398).
  • net/smc: fix restoring of fallback changes (git-fixes).
  • net: stmmac: do not attach interface until resume finishes (bsc#1174072).
  • net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072).
  • net: stmmac: dwc-qos: use generic device api (bsc#1174072).
  • net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07).
  • net: stmmac: platform: fix probe for ACPI devices (bsc#1174072).
  • net/tls: fix encryption error checking (git-fixes).
  • net/tls: free record only on encryption error (git-fixes).
  • net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07).
  • nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes).
  • nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07).
  • NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264).
  • NTB: Fix static check warning in perf_clear_test (git-fixes).
  • NTB: Fix the default port and peer numbers for legacy drivers (git-fixes).
  • ntb: hw: remove the code that sets the DMA mask (git-fixes).
  • NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes).
  • NTB: ntb_test: Fix bug when counting remote files (git-fixes).
  • NTB: ntb_tool: reading the link file should not end in a NULL byte (git-fixes).
  • NTB: perf: Do not require one more memory window than number of peers (git-fixes).
  • NTB: perf: Fix race condition when run with ntb_test (git-fixes).
  • NTB: perf: Fix support for hardware that does not have port numbers (git-fixes).
  • ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes).
  • NTB: Revert the change to use the NTB device dev for DMA allocations (git-fixes).
  • ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes).
  • ovl: inode reference leak in ovl_is_inuse true case (git-fixes).
  • padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes).
  • padata: kABI fixup for struct padata_instance splitting nodes (git-fixes).
  • PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356).
  • PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
  • PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513).
  • PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201).
  • pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
  • percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332).
  • phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes).
  • platform/x86: ISST: Increase timeout (bsc#1174185).
  • powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729).
  • powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010).
  • powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes).
  • powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
  • qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes).
  • qed: suppress false-positives interrupt error messages on HW init (git-fixes).
  • RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes).
  • RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes).
  • RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes).
  • RDMA/cm: Fix checking for allowed duplicate listens (git-fixes).
  • RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes).
  • RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes).
  • RDMA/cm: Remove a race freeing timewait_info (git-fixes).
  • RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes).
  • RDMA/core: Fix double destruction of uobject (git-fixes).
  • RDMA/core: Fix double put of resource (git-fixes).
  • RDMA/core: Fix missing error check on dev_set_name() (git-fixes).
  • RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes).
  • RDMA/core: Fix race between destroy and release FD object (git-fixes).
  • RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes).
  • RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes).
  • RDMA/counter: Query a counter before release (git-fixes).
  • RDMA/efa: Set maximum pkeys device attribute (git-fixes).
  • RDMA/hns: Bugfix for querying qkey (git-fixes).
  • RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes).
  • RDMA/iwcm: Fix iwcm work deallocation (git-fixes).
  • RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes).
  • RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes).
  • RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes).
  • RDMA/mlx4: Initialize ib_spec on the stack (git-fixes).
  • RDMA/mlx5: Add init2init as a modify command (git-fixes).
  • RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes).
  • RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes).
  • RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes).
  • RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446).
  • RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes).
  • RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes).
  • RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes).
  • RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes).
  • RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes).
  • RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes).
  • RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes).
  • RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes).
  • RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes).
  • RDMA/rxe: Set default vendor ID (git-fixes).
  • RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes).
  • RDMA/siw: Fix failure handling during device creation (git-fixes).
  • RDMA/siw: Fix passive connection establishment (git-fixes).
  • RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes).
  • RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes).
  • RDMA/siw: Fix reporting vendor_part_id (git-fixes).
  • RDMA/siw: Fix setting active_mtu attribute (git-fixes).
  • RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes).
  • RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes).
  • RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes).
  • regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes).
  • regmap: fix alignment issue (git-fixes).
  • regmap: Fix memory leak from regmap_register_patch (git-fixes).
  • Revert "i2c: cadence: Fix the hold bit setting" (git-fixes).
  • Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes).
  • Revert "thermal: mediatek: fix register index error" (git-fixes).
  • RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes).
  • rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353).
  • rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
  • s390: fix syscall_get_error for compat processes (git-fixes).
  • s390/ism: fix error return code in ism_probe() (git-fixes).
  • s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes).
  • s390/pci: Fix s390_mmio_read/write with MIO (git-fixes).
  • s390/qdio: consistently restore the IRQ handler (git-fixes).
  • s390/qdio: put thinint indicator after early error (git-fixes).
  • s390/qdio: tear down thinint indicator after early error (git-fixes).
  • s390/qeth: fix error handling for isolation mode cmds (git-fixes).
  • sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)).
  • scsi: libfc: free response frame from GPN_ID (bsc#1173849).
  • scsi: libfc: Handling of extra kref (bsc#1173849).
  • scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849).
  • scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849).
  • scsi: libfc: Skip additional kref updating work event (bsc#1173849).
  • scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes).
  • scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes).
  • selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16).
  • selinux: fall back to ref-walk if audit is required (bsc#1174333).
  • selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" (bsc#1174333).
  • serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941).
  • SMB3: Honor lease disabling for multiuser mounts (git-fixes).
  • soundwire: intel: fix memory leak with devm_kasprintf (git-fixes).
  • spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes).
  • spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes).
  • spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes).
  • staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
  • staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
  • staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
  • staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes).
  • staging: comedi: verify array index is correct before using it (git-fixes).
  • SUNRPC dont update timeout value on connection reset (bsc#1174263).
  • sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116).
  • tcp: md5: allow changing MD5 keys in all socket states (git-fixes).
  • thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes).
  • thermal: int3403_thermal: Downgrade error message (git-fixes).
  • tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362).
  • tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes).
  • tty: hvc_console, fix crashes on parallel open/close (git-fixes).
  • udp: Copy has_conns in reuseport_grow() (git-fixes).
  • udp: Improve load balancing for SO_REUSEPORT (git-fixes).
  • USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes).
  • usb: chipidea: core: add wakeup support for extcon (git-fixes).
  • usb: dwc2: Fix shutdown callback in platform (git-fixes).
  • usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes).
  • usb: gadget: Fix issue with config_ep_by_speed function (git-fixes).
  • usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes).
  • usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes).
  • usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes).
  • usbnet: smsc95xx: Fix use-after-free after removal (git-fixes).
  • USB: serial: ch341: add new Product ID for CH340 (git-fixes).
  • USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes).
  • USB: serial: iuu_phoenix: fix memory corruption (git-fixes).
  • USB: serial: option: add GosunCn GM500 series (git-fixes).
  • USB: serial: option: add Quectel EG95 LTE modem (git-fixes).
  • usb: tegra: Fix allocation for the FPCI context (git-fixes).
  • usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
  • vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129).
  • virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes).
  • virt: vbox: Fix guest capabilities mask check (git-fixes).
  • virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes).
  • vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
  • vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10).
  • watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202).
  • workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes).
  • xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Public Cloud 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1

Package List:

  • SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
    • kernel-azure-5.3.18-18.12.1
    • kernel-azure-debuginfo-5.3.18-18.12.1
    • kernel-azure-debugsource-5.3.18-18.12.1
    • kernel-azure-devel-5.3.18-18.12.1
    • kernel-azure-devel-debuginfo-5.3.18-18.12.1
    • kernel-syms-azure-5.3.18-18.12.1
  • SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
    • kernel-devel-azure-5.3.18-18.12.1
    • kernel-source-azure-5.3.18-18.12.1

References: