The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137).
The following non-security bugs were fixed:
ALSA: asihpi: fix iounmap in error handler (git-fixes).
kABI: Fix kABI after EFIRTPROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111).
kABI: net: dsa: microchip: call phyremovelink_mode during probe (kabi).
kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/
kernel/cpupm: Fix uninitted local in cpupm (git fixes (kernel/pm)).
kernel-syms.spec.in: Also use bz compression (boo#1175882).
libnvdimm: cover up struct nvdimm changes (bsc#1171742).
libnvdimm: cover up nvdimmsecurityops changes (bsc#1171742).
libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518).
libbpf: Fix readelf output parsing for Fedora (bsc#1155518).
libata: implement ATAHORKAGEMAXTRIM128M and apply to Sandisks (jsc#SLE-14459).
lib/mpi: Add mpisubui() (bsc#1175718).
md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).
regulator: remove superfluous lock in regulatorresolvecoupling() (git-fixes).
Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600).
rpadlpario: Add MODULEDESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).
rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package.
rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %susekernelmodulesubpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package.
rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %kernelmodule_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file.
sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/fair: Remove unused 'sd' parameter from scalertcapacity() (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/fair: updatepickidlest() Select group with lowest grouputil when idlecpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)).
sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)).
sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)).
sched/numa: Check numa balancing information only when enabled (bsc#1176588).
sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588).
scsi: fcoe: Memory leak fix in fcoesysfsfcf_del() (bsc#1174899).
scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
scsi: ibmvfc: Use compiler attribute defines instead of attribute() (bsc#1176962 ltc#188304).
scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
scsi: libfc: Fix for double free() (bsc#1174899).
scsi: libfc: Free skb in fcdiscgpnidresp() for valid cases (bsc#1174899).
scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix no message shown for lpfchdwqueue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).