SUSE-SU-2020:3766-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20203766-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3766-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:3766-1
Related
Published
2020-12-11T14:44:17Z
Modified
2020-12-11T14:44:17Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel RT was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-20669: Fixed an improper check i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gem_execbuffer.c (bsc#1122971).
  • CVE-2019-20934: Fixed a use-after-free in shownumastats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).
  • CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
  • CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
  • CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
  • CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)
  • CVE-2020-27786: Fixed a use after free in kernel midi subsystem sndrawmidikernel_read1() (bsc#1179601).
  • CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
  • CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).
  • CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
  • CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).

The following non-security bugs were fixed:

  • ACPI: GED: fix -Wformat (git-fixes).
  • ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
  • ALSA: firewire: Clean up a locking issue in copyrespto_buf() (git-fixes).
  • ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).
  • ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
  • ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).
  • ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).
  • ALSA: mixart: Fix mutex deadlock (git-fixes).
  • ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
  • arm64: KVM: Fix system register enumeration (bsc#1174726).
  • arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
  • ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
  • ath10k: Acquire tx_lock in tx error paths (git-fixes).
  • Avoid a GCC warning about '/*' within a comment.
  • batman-adv: set .owner to THIS_MODULE (git-fixes).
  • Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).
  • Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
  • bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
  • bnxten: Protect bnxtseteee() and bnxtset_pauseparam() with mutex (bsc#1050242).
  • bpf: Zero-fill re-used per-cpu map element (git-fixes).
  • btrfs: account ticket size at add/delete time (bsc#1178897).
  • btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).
  • btrfs: check rwdevices, not numdevices for balance (bsc#1178897).
  • btrfs: do not delete mismatched root refs (bsc#1178962).
  • btrfs: fix btrfscalcreclaimmetadatasize calculation (bsc#1178897).
  • btrfs: fix force usage in incblockgroup_ro (bsc#1178897).
  • btrfs: fix invalid removal of root ref (bsc#1178962).
  • btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
  • btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).
  • btrfs: kill minallocablebytes in incblockgroup_ro (bsc#1178897).
  • btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).
  • btrfs: rework arguments of btrfsunlinksubvol (bsc#1178962).
  • btrfs: split dev-replace locking helpers for read and write (bsc#1178897).
  • can: afcan: prevent potential access of uninitialized member in canfdrcv() (git-fixes).
  • can: afcan: prevent potential access of uninitialized member in canrcv() (git-fixes).
  • can: dev: can_restart(): post buffer from the right context (git-fixes).
  • can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
  • can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
  • can: mcan: mcanhandlestate_change(): fix state change (git-fixes).
  • can: mcan: mcan_stop(): set device to software init mode before closing (git-fixes).
  • can: mcbausb: mcbausbstartxmit(): first fill skb, then pass to canputecho_skb() (git-fixes).
  • can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).
  • ceph: add checksessionstate() helper and make it global (bsc#1179259).
  • ceph: check session state after bumping session->s_seq (bsc#1179259).
  • ceph: fix race in concurrent _cephremove_cap invocations (bsc#1178635).
  • cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
  • cifs: allow syscalls to be restarted in _smbsend_rqst() (bsc#1176956).
  • cifs: fix check of tcon dfs in smb1 (bsc#1178270).
  • cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
  • cifs: fix potential use-after-free in cifsechorequest() (bsc#1139944).
  • cifs: remove bogus debug code (bsc#1179427).
  • cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
  • Convert trailing spaces and periods in path components (bsc#1179424).
  • coredump: fix core_pattern parse error (git-fixes).
  • cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).
  • docs: ABI: stable: remove a duplicated documentation (git-fixes).
  • docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
  • drbd: code cleanup by using sendpageok() to check page for kernelsendpage() (bsc#1172873).
  • Drivers: hv: vmbus: Remove the unused 'tscpage' from struct hvcontext (git-fixes).
  • drm/i915/gvt: Set ENHANCEDFRAMECAP bit (git-fixes).
  • drm/sun4i: dw-hdmi: fix error return code in sun8idwhdmi_bind() (git-fixes).
  • Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size.
  • efi: cper: Fix possible out-of-bounds access (git-fixes).
  • efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).
  • efi/esrt: Fix reference count leak in esrecreatesysfs_entry (git-fixes).
  • efi: provide empty efientervirtual_mode implementation (git-fixes).
  • efivarfs: fix memory leak in efivarfs_create() (git-fixes).
  • efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
  • efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
  • efi/x86: Free efipgd with freepages() (bsc#1112178).
  • efi/x86: Ignore the memory attributes table on i386 (git-fixes).
  • efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
  • fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549).
  • fuse: fix page dereference after free (bsc#1179213).
  • futex: Do not enable IRQs unconditionally in putpistate() (bsc#1067665).
  • futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665).
  • hv_balloon: disable warning when floor reached (git-fixes).
  • hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820).
  • hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854).
  • hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).
  • i2c: qup: Fix error return code in qupi2cbamscheduledesc() (git-fixes).
  • i40iw: Fix error handling in i40iwmanagearp_cache() (bsc#1111666)
  • i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
  • i40iw: Report correct firmware version (bsc#1111666)
  • IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
  • IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
  • IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
  • IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
  • IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
  • IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
  • IB/hfi1: Call kobjectput() when kobjectinitandadd() fails (bsc#1111666)
  • IB/hfi1: Check for error on call to allocrsmmap_table (bsc#1111666)
  • IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
  • IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)
  • IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
  • IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)
  • IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
  • IB/hfi1: Handle port down properly in pio (bsc#1111666)
  • IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
  • IB/hfi1: Insure freezework workstruct is canceled on shutdown (bsc#1111666)
  • IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
  • IB/{hfi1, qib}: Fix WC.bytelen calculation for UDSENDWITHIMM (bsc#1111666)
  • IB/hfi1: Remove unused define (bsc#1111666)
  • IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
  • IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
  • IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
  • IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
  • IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)
  • IB/ipoib: Fix for use-after-free in ipoibcmtx_start (bsc#1111666)
  • IB/iser: Fix dma_nents type definition (bsc#1111666)
  • IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)
  • IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
  • IB/mlx4: Add and improve logging (bsc#1111666)
  • IB/mlx4: Add support for MRA (bsc#1111666)
  • IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
  • IB/mlx4: Fix leak in idmapfind_del (bsc#1111666)
  • IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
  • IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)
  • IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
  • IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)
  • IB/mlx4: Remove unneeded NULL check (bsc#1111666)
  • IB/mlx4: Test return value of calls to ibgetcached_pkey (bsc#1111666)
  • IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
  • IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
  • IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
  • IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
  • IB/mlx5: Fix implicit MR release flow (bsc#1111666)
  • IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
  • IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)
  • IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
  • IB/mlx5: Improve ODP debugging messages (bsc#1111666)
  • IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)
  • IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
  • IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)
  • IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
  • IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)
  • IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
  • IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
  • IB/mthca: fix return value of error branch in mthcainitcq() (bsc#1111666)
  • IB/qib: Call kobjectput() when kobjectinitandadd() fails (bsc#1111666)
  • IB/qib: Fix an error code in qibsdmaverbs_send() (bsc#1111666)
  • IB/{qib, hfi1, rdmavt}: Correct ibvdevinfo maxmr value (bsc#1111666)
  • IB/qib: Remove a set-but-not-used variable (bsc#1111666)
  • IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
  • IB/rdmavt: Fix allocqpn() WARNON() (bsc#1111666)
  • IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
  • IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
  • IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
  • IB/rxe: Make counters thread safe (bsc#1111666)
  • IB/srpt: Fix memory leak in srptaddone (bsc#1111666)
  • IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)
  • IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
  • IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
  • IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
  • IB/umad: Refactor code to use cdevdeviceadd() (bsc#1111666)
  • IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
  • IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
  • IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
  • igc: Fix returning wrong statistics (bsc#1118657).
  • iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
  • iio: accel: kxcjk1013: Replace issmo8500device with an acpi_type enum (git-fixes).
  • inetdiag: Fix error path to cancel the meseage in inetreqdiagfill() (git-fixes).
  • Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
  • Input: i8042 - fix error return code in i8042setupaux() (git-fixes).
  • iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
  • iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
  • kABI: add back flushdcacherange (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • kABI workaround for usermodehelper changes (bsc#1179406).
  • KVM: arm64: Add missing #include of -<linux/string.h> in guest.c (bsc#1174726).
  • KVM: arm64: Factor out core register ID enumeration (bsc#1174726).
  • KVM: arm64: Filter out invalid core register IDs in KVMGETREG_LIST (bsc#1174726).
  • KVM: arm64: Refactor kvmarmnum_regs() for easier maintenance (bsc#1174726).
  • KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).
  • KVM host: kabi fixes for psci_version (bsc#1174726).
  • libceph: use sendpageok() in cephtcp_sendpage() (bsc#1172873).
  • libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • locking/lockdep: Add debuglocks check in _lock_downgrade() (bsc#1050549).
  • locking/percpu-rwsem: Use thiscpu{inc,dec}() for read_count (bsc#1050549).
  • locktorture: Print ratio of acquisitions, not failures (bsc#1050549).
  • mac80211: always wind down STA state (git-fixes).
  • mac80211: free sta in stainfoinsert_finish() on errors (git-fixes).
  • mac80211: minstrel: fix tx status processing corner case (git-fixes).
  • mac80211: minstrel: remove deferred sampling code (git-fixes).
  • mlxsw: core: Fix memory leak on module removal (bsc#1112374).
  • mm: always have ioremappfnrange() set pgprotdecrypted() (bsc#1112178).
  • mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).
  • mm/userfaultfd: do not access vma->vmmm after calling handleuserfault() (bsc#1179204).
  • net: add WARNONCE in kernelsendpage() for improper zero-copy send (bsc#1172873).
  • net: DCB: Validate DCBATTRDCB_BUFFER argument (bsc#1103990 ).
  • net: ena: Capitalize all log strings and improve code readability (bsc#1177397).
  • net: ena: Change license into format to SPDX in all files (bsc#1177397).
  • net: ena: Change log message to netif/dev function (bsc#1177397).
  • net: ena: Change RSS related macros and variables names (bsc#1177397).
  • net: ena: ethtool: Add new device statistics (bsc#1177397).
  • net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
  • net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).
  • net: ena: Fix all static chekers' warnings (bsc#1177397).
  • net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
  • net: ena: handle bad request id in ena_netdev (git-fixes).
  • net: ena: Remove redundant print of placement policy (bsc#1177397).
  • net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
  • netfilter: nat: can't use dst_hold on noref dst (bsc#1178878).
  • net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).
  • net/mlx4core: Fix inithca fields offset (git-fixes).
  • net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
  • net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
  • net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).
  • net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
  • netsched: fix a memory leak in atmtc_init() (bsc#1056657 bsc#1056653 bsc#1056787).
  • net/smc: fix valid DMBE buffer sizes (git-fixes).
  • net: thunderx: use spinlockbh in nicvfsetrxmodetask() (bsc#1110096).
  • net/tls: Fix kmap usage (bsc#1109837).
  • net/tls: missing received data after fast remote close (bsc#1109837).
  • net/x25: prevent a couple of overflows (bsc#1178590).
  • nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
  • nfp: use correct define to return NONE fec (bsc#1109837).
  • NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
  • NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
  • NFSv4.1: fix handling of backchannel binding in BINDCONNTO_SESSION (bsc#1170630).
  • nvme-tcp: check page by sendpageok() before calling kernelsendpage() (bsc#1172873).
  • PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).
  • pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
  • pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
  • pinctrl: aspeed: Fix GPI only function problem (git-fixes).
  • pinctrl: intel: Set default bias in case no particular value given (git-fixes).
  • platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
  • powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/64: flushinvaldcacherange() becomes flushdcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/64: reuse PPC32 static inline flushdcacherange() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc: Chunk calls to flushdcacherange in arch*memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).
  • powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/perf: Fix crash with issieravailable when pmu is not set (bsc#1179578 ltc#189313).
  • powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/pmem: Fix kernel crash due to wrong range value usage in flushdcacherange (jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
  • qed: fix error return code in qediwarpll2_start() (bsc#1050536 bsc#1050545).
  • qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).
  • qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
  • RDMA/bnxtre: Fix lifetimes in bnxtre_task (bsc#1111666)
  • RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)
  • RDMA/bnxtre: Fix sizeof mismatch for allocation of pbltbl. (bsc#1111666)
  • RDMA/bnxtre: Fix stack-out-of-bounds in bnxtqplibrcfwsend_message (bsc#1111666)
  • RDMA/cma: add missed unregisterpernetsubsys in init failure (bsc#1111666)
  • RDMA/cm: Add missing locking around id.state in cmdupreq_handler (bsc#1111666)
  • RDMA/cma: Fix false error message (bsc#1111666)
  • RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)
  • RDMA/cma: Protect bindlist and listenlist while finding matching cm id (bsc#1111666)
  • RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
  • RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
  • RDMA/cm: Update numpaths in cmaresolveiboeroute error flow (bsc#1111666)
  • RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)
  • RDMA/core: Fix invalid memory access in specfiltersize (bsc#1111666)
  • RDMA/core: Fix locking in ibuverbsevent_read (bsc#1111666)
  • RDMA/core: Fix protection fault in ibmrpool_destroy (bsc#1111666)
  • RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
  • RDMA/core: Fix race when resolving IP address (bsc#1111666)
  • RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
  • RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)
  • RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)
  • RDMA/hns: Correct the value of HNSROCEHEMCHUNKLEN (bsc#1111666)
  • RDMA/hns: Correct typo of hnsrocecreate_cq() (bsc#1111666)
  • RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)
  • RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
  • RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)
  • RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)
  • RDMA/ipoib: Fix ABBA deadlock with ipoibreapah() (bsc#1111666)
  • RDMA/ipoib: Remove check for ETHSSTEST (bsc#1111666)
  • RDMA/ipoib: Return void from ipoibibdev_stop() (bsc#1111666)
  • RDMA/ipoib: Set rtnllinkops for ipoib interfaces (bsc#1111666)
  • RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)
  • RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)
  • RDMA/iwcm: move iwremref() calls out of spinlock (bsc#1111666)
  • RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)
  • RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)
  • RDMA/mad: Fix possible memory leak in ibmadpostreceivemads() (bsc#1111666)
  • RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
  • RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)
  • RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)
  • RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)
  • RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)
  • RDMA/mlx5: Fix a race with mlx5ibupdate_xlt on an implicit MR (bsc#1111666)
  • RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)
  • RDMA/mlx5: Return proper error value (bsc#1111666)
  • RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
  • RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
  • RDMA/nes: Remove second wait queue initialization call (bsc#1111666)
  • RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)
  • RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)
  • RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)
  • RDMA/pvrdma: Fix missing pci disable in pvrdmapciprobe() (bsc#1111666)
  • RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
  • RDMA/qedr: Fix doorbell setting (bsc#1111666)
  • RDMA/qedr: Fix KASAN: use-after-free in ucmaeventhandler+0x532 (bsc#1050545).
  • RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).
  • RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)
  • RDMA/qedr: Fix reported firmware version (bsc#1111666)
  • RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
  • RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)
  • RDMA/qedr: SRQ's bug fixes (bsc#1111666)
  • RDMA/qib: Delete extra line (bsc#1111666)
  • RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)
  • RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)
  • RDMA/rxe: Drop pointless checks in rxeinitports (bsc#1111666)
  • RDMA/rxe: Fill in wc bytelen with IBWCRECVRDMAWITHIMM (bsc#1111666)
  • RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)
  • RDMA/rxe: Fix memleak in rxememinit_user (bsc#1111666)
  • RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)
  • RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)
  • RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)
  • RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)
  • RDMA/rxe: Remove unused rxememmap_pages (bsc#1111666)
  • RDMA/rxe: Remove useless rxeinitdevice_param assignments (bsc#1111666)
  • RDMA/rxe: Return void from rxeinitport_param() (bsc#1111666)
  • RDMA/rxe: Return void from rxememinit_dma() (bsc#1111666)
  • RDMA/rxe: Set default vendor ID (bsc#1111666)
  • RDMA/rxe: Set sysimageguid to be aligned with HW IB devices (bsc#1111666)
  • RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
  • RDMA/rxe: Use foreachsg_page iterator on umem SGL (bsc#1111666)
  • RDMA/srp: Rework SCSI device reset handling (bsc#1111666)
  • RDMA/srpt: Fix typo in srptunregistermad_agent docstring (bsc#1111666)
  • RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)
  • RDMA/ucma: Add missing locking around rdmaleavemulticast() (bsc#1111666)
  • RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)
  • RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)
  • RDMA/vmwpvrdma: Fix memory leak on pvrdmapci_remove (bsc#1111666)
  • RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)
  • reboot: fix overflow parsing reboot cpu number (bsc#1179421).
  • regulator: avoid resolve_supply() infinite recursion (git-fixes).
  • regulator: fix memory leak with repeated setmachineconstraints() (git-fixes).
  • regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).
  • regulator: workaround self-referent regulators (git-fixes).
  • Revert 'cdc-acm: hardening against malicious devices' (git-fixes).
  • Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).
  • RMDA/cm: Fix missing ibcmdestroyid() in ibcminsertlisten() (bsc#1111666)
  • rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)
  • rxe: fix error completion wrid and qpnum (bsc#1111666)
  • s390/bpf: Fix multiple tail calls (git-fixes).
  • s390/cio: add condresched() in the slowevalknownfn() loop (bsc#1177805 LTC#188737).
  • s390/cpuinfo: show processor physical address (git-fixes).
  • s390/cpumcf,perf: change DFLTCCERROR counter name (bsc#1175916 LTC#187937).
  • s390/cpumsf.c: fix file permission for cpumsfb_size (git-fixes).
  • s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809 LTC#188738).
  • s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
  • s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).
  • s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).
  • s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).
  • s390/qeth: fix af_iucv notification race (git-fixes).
  • s390/qeth: fix tear down of async TX buffers (git-fixes).
  • s390/qeth: make af_iucv TX notification call more robust (git-fixes).
  • s390/stp: add locking to sysfs functions (git-fixes).
  • s390/zcrypt: Fix ZCRYPTPERDEVREQCNT ioctl (git-fixes).
  • sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).
  • sched/x86: SaveFLAGS on context switch (bsc#1112178).
  • scripts/gitsort/gitsort.py: add ceph maintainers git tree
  • scsi: libiscsi: use sendpageok() in iscsitcpsegmentmap() (bsc#1172873).
  • scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes).
  • scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)
  • SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
  • SMB3: Honor lease disabling for multiuser mounts (git-fixes).
  • SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
  • splice: only read in as much information as there is pipe buffer space (bsc#1179520).
  • Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).
  • staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
  • SUNRPC: fix copying of multiple pages in gssreadproxy_verf() (bsc#1103992).
  • svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).
  • svcrdma: Fix page leak in svcrdmarecvreadchunk() (bsc#1103992).
  • tcp: Set INETECNxmit configuration in tcpreinitcongestion_control (bsc#1109837).
  • thunderbolt: Add the missed idasimpleremove() in ringrequestmsix() (git-fixes).
  • time: Prevent undefined behaviour in timespec64tons() (git-fixes).
  • tracing: Fix out of bounds write in gettracebuf (bsc#1179403).
  • tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).
  • tty: serial: imx: keep console clocks always on (git-fixes).
  • Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).
  • USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
  • USB: core: driver: fix stray tabs in error messages (git-fixes).
  • USB: core: Fix regression in Hercules audio card (git-fixes).
  • USB: gadget: Fix memleak in gadgetfsfillsuper (git-fixes).
  • USB: gadget: fmidi: Fix memleak in fmidi_alloc (git-fixes).
  • USB: host: ehci-tegra: Fix error handling in tegraehciprobe() (git-fixes).
  • USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
  • USB: serial: cyberjack: fix write-URB completion race (git-fixes).
  • USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).
  • USB: serial: kl5kUSB105: fix memleak on open (git-fixes).
  • USB: serial: option: add Cellient MPL200 card (git-fixes).
  • USB: serial: option: Add Telit FT980-KS composition (git-fixes).
  • USB: serial: option: fix Quectel BG96 matching (git-fixes).
  • USB: serial: pl2303: add device-id for HP GC device (git-fixes).
  • USB: xhci: force all memory allocations to node (git-fixes).
  • usermodehelper: reset umask to default before executing user process (bsc#1179406).
  • video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
  • x86/hyperv: Clarify comment on x2apic mode (git-fixes).
  • x86/hyperv: Make vapic support x2apic mode (git-fixes).
  • x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).
  • x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).
  • x86/PCI: Fix intelmidpci.c build error when ACPI is not enabled (git-fixes).
  • x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).
  • x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178).
  • x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178).
  • x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).
  • x86/speculation: Fix prctl() when spectrev2user={seccomp,prctl},ibpb (bsc#1112178).
  • x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).
  • xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
  • xfs: fix a missing unlock on error in xfsfsmap_blocks (git-fixes).
  • xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).
  • xfs: fix rmap key and record comparison functions (git-fixes).
  • xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).
  • xhci: Fix sizeof() mismatch (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.25.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.25.1",
            "dlm-kmp-rt": "4.12.14-10.25.1",
            "gfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug": "4.12.14-10.25.1",
            "kernel-rt-devel": "4.12.14-10.25.1",
            "cluster-md-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug-devel": "4.12.14-10.25.1",
            "kernel-source-rt": "4.12.14-10.25.1",
            "kernel-rt": "4.12.14-10.25.1",
            "ocfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-syms-rt": "4.12.14-10.25.1",
            "kernel-rt-base": "4.12.14-10.25.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.25.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.25.1",
            "dlm-kmp-rt": "4.12.14-10.25.1",
            "gfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug": "4.12.14-10.25.1",
            "kernel-rt-devel": "4.12.14-10.25.1",
            "cluster-md-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug-devel": "4.12.14-10.25.1",
            "kernel-source-rt": "4.12.14-10.25.1",
            "kernel-rt": "4.12.14-10.25.1",
            "ocfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-syms-rt": "4.12.14-10.25.1",
            "kernel-rt-base": "4.12.14-10.25.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.25.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.25.1",
            "dlm-kmp-rt": "4.12.14-10.25.1",
            "gfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug": "4.12.14-10.25.1",
            "kernel-rt-devel": "4.12.14-10.25.1",
            "cluster-md-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug-devel": "4.12.14-10.25.1",
            "kernel-source-rt": "4.12.14-10.25.1",
            "kernel-rt": "4.12.14-10.25.1",
            "ocfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-syms-rt": "4.12.14-10.25.1",
            "kernel-rt-base": "4.12.14-10.25.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.25.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.25.1",
            "dlm-kmp-rt": "4.12.14-10.25.1",
            "gfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug": "4.12.14-10.25.1",
            "kernel-rt-devel": "4.12.14-10.25.1",
            "cluster-md-kmp-rt": "4.12.14-10.25.1",
            "kernel-rt_debug-devel": "4.12.14-10.25.1",
            "kernel-source-rt": "4.12.14-10.25.1",
            "kernel-rt": "4.12.14-10.25.1",
            "ocfs2-kmp-rt": "4.12.14-10.25.1",
            "kernel-syms-rt": "4.12.14-10.25.1",
            "kernel-rt-base": "4.12.14-10.25.1"
        }
    ]
}