The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).
CVE-2019-25643: Fixed an improper input validation in pppcpparse_cr function which could have led to memory corruption and read overflow (bsc#1177206).
CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121).
The following non-security bugs were fixed:
9p: Fix memory leak in v9fs_mount (git-fixes).
ACPI: EC: Reference count query handlers under lock (git-fixes).
airo: Add missing CAPNETADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).
airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).
powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ).
powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).
powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).
powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).
powerpc/mm: Limit resizehptfor_hotplug() call to hash guests only (bsc#1177030 ltc#187588).
powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208).
powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208).
powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436).
powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122).
powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).
powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).
powerpc/pseries: Machine check use rtascallunlocked() with args on stack (bsc#1094244 ltc#168122).
powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208).
powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).
powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).
powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).
powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122).
powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).
powerpc/xmon: Use dcbf inplace of dcbi instruction for 64bit Book3S (bsc#1065729).
power: supply: max17040: Correct voltage reading (git-fixes).
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)).
regulator: push allocation in setconsumerdevice_supply() out of lock (git-fixes).
rpadlpario: Add MODULEDESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)
rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).
rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %susekernelmodulesubpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package.
rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %kernelmodule_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file.
rtc: ds1374: fix possible race condition (git-fixes).