The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2019-19462: relayopen in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL allocpercpu result (bnc#1158265).
CVE-2019-20810: Fixed a memory leak in go7007sndinit in drivers/media/usb/go7007/snd-go7007.c because it did not call sndcardfree for a failure path (bnc#1172458).
CVE-2019-20812: An issue was discovered in the prbcalcretireblktmo() function in net/packet/afpacket.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKETV3 (bnc#1172453).
CVE-2020-0305: In cdevget of chardev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth� BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988).
CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191).
CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220).
CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189).
CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781).
CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782).
CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783).
CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmmtimeouthander in file arch/s390/mm/cmm.c (bnc#1172999).
CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074).
CVE-2020-12656: Fixed a memory leak in gssmechfree in the rpcsecgsskrb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219).
CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dwspiirq and dwspitransfer_one (bnc#1171983).
CVE-2020-12771: An issue was discovered in btreegccoalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732).
CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
CVE-2020-13143: gadgetdevdescUDCstore in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982).
CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775).
CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
The following non-security bugs were fixed:
ACPICA: Dispatcher: add status checks (git-fixes).
ACPICA: Fixes for acpiExec namespace init file (git-fixes).
ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes).
ACPI: CPPC: Fix reference count leak in acpicppcprocessor_probe() (git-fixes).
ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes).
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes).
ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes).
ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes).
ACPI: sysfs: Fix pmprofileattr type (git-fixes).
ACPI: sysfs: Fix reference count leak in acpisysfsaddhotplugprofile() (git-fixes).
ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes).
ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes).
afunix: add compatioctl support (git-fixes).
agp/intel: Reinforce the barrier after GTT updates (git-fixes).
aio: fix async fsync creds (bsc#1173828).
ALSA: emu10k1: delete an unnecessary condition (git-fixes).
ALSA: es1688: Add the missed sndcardfree() (git-fixes).
ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes).
ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes).
ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes).
ALSA: hda: add member to store ratio for stripe control (git-fixes).
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).
ALSA: hda: add siennacichlid audio asic id for siennacichlid up (git-fixes).
ALSA: hda: Fix potential race in unsol event handler (git-fixes).
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes).
ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes).
ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261).
ALSA: hda - let hsmic be picked ahead of hpmic (git-fixes).
ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017).
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes).
ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes).
ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes).
ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes).
ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes).
ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes).
ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes).
ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes).
ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes).
ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes).
ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes).
ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes).
ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes).
ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes).
ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes).
ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes).
drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes).
drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes).
drm/qxl: lost qxlbokunmapatomicpage in qxlimageinit_helper() (git-fixes).
drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472)
drm/radeon: fix double free (git-fixes).
drm/radeon: fix fbdiv check in niinitsmcspll_table() (bsc#1152472)
drm: rcar-du: Fix build error (bsc#1152472)
drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes).
drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489)
drm: sun4i: hdmi: Remove extra HPD polling (git-fixes).
drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes).
drm/tegra: hub: Do not enable orphaned window group (git-fixes).
drm/vkms: Hold gem object while still in-use (git-fixes).
Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30)
Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport.
dwc3: Remove check for HWO flag in dwc3gadgetepreclaimtrb_sg() (git-fixes).
e1000: Distribute switch variables for initialization (git-fixes).
e1000e: Disable TSO for buffer overrun workaround (git-fixes).
e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes).
e1000e: Relax condition to trigger reset for ME workaround (git-fixes).
EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975).
EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779).
EDAC/skx: Use the mcmtr register to retrieve closepg/bankxor_enable (bsc#1152489).
EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489).
RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449).
regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes).
regmap: fix alignment issue (git-fixes).
regmap: Fix memory leak from regmapregisterpatch (git-fixes).
regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes).
remoteproc: Add missing '\n' in log messages (git-fixes).
remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes).
remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes).
remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes).
remoteproc: qcomq6v5mss: map/unmap mpss segments before/after use (git-fixes).
Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes).
Revert 'drm/amd/display: disable dcn20 abm feature for bring up' (git-fixes).
Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes).
Revert 'pinctrl: freescale: imx: Use 'devmofiomap()' to avoid a resource leak in case of error in 'imxpinctrlprobe()'' (git-fixes).
Revert 'thermal: mediatek: fix register index error' (git-fixes).
ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes).
rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files.
rpm/modules.fips: add aes-ce-ccm, des3ede-x8664, aesti and aesneon_bs
rtc: mc13xxx: fix a double-unlock issue (git-fixes).
rtc: rv3028: Add missed check for devmregmapinit_i2c() (git-fixes).
rtlwifi: Fix a double free in rtlusbtxurb_setup() (git-fixes).
rtw88: fix an issue about leak system resources (git-fixes).
rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes).
schchoke: avoid potential panic in chokereset() (networking-stable-200512).
sched/cfs: change initial value of runnable_avg (bsc#1158765).
sched/core: Check cpusmask, not cpusptr in _setcpusallowedptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823).
sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)).