-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2642
Security update for the Linux Kernel
3 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Increased Privileges -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-14331 CVE-2020-10781 CVE-2020-10135
CVE-2020-0305
Original Bulletin:
https://www.suse.com/support/update/announcement/2020/suse-su-20202102-1
- --------------------------BEGIN INCLUDED TEXT--------------------
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2102-1
Rating: important
References: #1065729 #1152472 #1152489 #1153274 #1154353 #1154488
#1155518 #1155798 #1165933 #1167773 #1168959 #1169771
#1171857 #1171988 #1172201 #1173074 #1173849 #1173941
#1174072 #1174116 #1174126 #1174127 #1174128 #1174129
#1174185 #1174205 #1174247 #1174263 #1174264 #1174331
#1174332 #1174333 #1174356 #1174362 #1174396 #1174398
#1174407 #1174409 #1174411 #1174438 #1174462 #1174513
#1174527 #1174627 #1174645
Cross-References: CVE-2020-0305 CVE-2020-10135 CVE-2020-10781 CVE-2020-14331
Affected Products:
SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________
An update that solves four vulnerabilities and has 41 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation
(bnc#1173074).
o CVE-2020-0305: In cdev_get of char_dev.c, there is a possible
use-after-free due to a race condition. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is
not needed for exploitation (bnc#1174462).
o CVE-2020-10135: Legacy pairing and secure-connections pairing
authentication in bluetooth may have allowed an unauthenticated user to
complete authentication without pairing credentials via adjacent access. An
unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR
master or slave to pair with a previously paired remote device to
successfully complete the authentication procedure without knowing the link
key (bnc#1171988).
o CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update()
(bnc#1174205).
The following non-security bugs were fixed:
o ACPICA: Dispatcher: add status checks (git-fixes).
o ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes).
o ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes).
o ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes).
o ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#
SLE-13261).
o ALSA: hda/realtek - change to suitable link model for ASUS platform
(git-fixes).
o ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
ALC256 (git-fixes).
o ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series
with ALC289 (git-fixes).
o ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes).
o ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes).
o ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
Notebook Pen S (git-fixes).
o ALSA: hda/realtek - fixup for yet another Intel reference board
(git-fixes).
o ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
o ALSA: line6: Perform sanity check for each URB creation (git-fixes).
o ALSA: line6: Sync the pending work cancel at disconnection (git-fixes).
o ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
(git-fixes).
o ALSA: usb-audio: Fix race against the error recovery URB submission
(git-fixes).
o apparmor: ensure that dfa state tables have entries (git-fixes).
o apparmor: fix introspection of of task mode for unconfined tasks
(git-fixes).
o apparmor: Fix memory leak of profile proxy (git-fixes).
o apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes).
o apparmor: remove useless aafs_create_symlink (git-fixes).
o arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#
1174398).
o arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#
1174398).
o ASoC: codecs: max98373: Removed superfluous volume control from chip
default (git-fixes).
o ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend
(git-fixes).
o ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes).
o ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes).
o ASoC: rt286: fix unexpected interrupt happens (git-fixes).
o ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo
Miix 2 10 (git-fixes).
o ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
o ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10
(git-fixes).
o ASoC: rt5682: Report the button event in the headset type only (git-fixes).
o ASoC: topology: fix kernel oops on route addition error (git-fixes).
o ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes).
o ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes).
o ASoC: wm8974: remove unsupported clock mode (git-fixes).
o ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes).
o ath9k: Fix regression with Atheros 9271 (git-fixes).
o ax88172a: fix ax88172a_unbind() failures (git-fixes).
o blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
(bsc#1165933).
o bnxt_en: Init ethtool link settings after reading updated PHY configuration
(jsc#SLE-8371 bsc#1153274).
o bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518).
o brcmfmac: Transform compatible string for FW loading (bsc#1169771).
o bridge: Avoid infinite loop when suppressing NS messages with invalid
options (networking-stable-20_06_10).
o bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes).
o btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#
1174438).
o btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#
1174438).
o btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc
#1174438).
o btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438).
o btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438).
o btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO
(bsc#1174438).
o btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
o bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes).
o dccp: Fix possible memleak in dccp_init and dccp_fini
(networking-stable-20_06_16).
o devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
o /dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
o /dev/mem: Revoke mappings when a driver claims the region (git-fixes).
o dmaengine: dmatest: stop completed threads when running without set channel
(git-fixes).
o dmaengine: dw: Initialize channel before each transfer (git-fixes).
o dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes).
o dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
(git-fixes).
o dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes).
o dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler
(git-fixes).
o dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes).
o dm: do not use waitqueue for request-based DM (bsc#1165933).
o dpaa_eth: FMan erratum A050385 workaround (bsc#1174396).
o dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396).
o drm/amd/display: Use kfree() to free rgb_user in
calculate_user_regamma_ramp() (git-fixes).
o drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes).
o drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes).
o drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes).
o drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes).
o drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472)
o drm/exynos: fix ref count leak in mic_pre_enable (git-fixes).
o drm/exynos: Properly propagate return value in drm_iommu_attach_device()
(git-fixes).
o drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489)
o drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes).
o drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489)
o drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#
1152489)
o drm: mcde: Fix display initialization problem (git-fixes).
o drm/mediatek: Check plane visibility in atomic_update (git-fixes).
o drm/msm/dpu: allow initialization of encoder locks during encoder init
(git-fixes).
o drm/msm: fix potential memleak in error branch (git-fixes).
o drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes).
o drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003
(git-fixes).
o drm/radeon: fix double free (git-fixes).
o drm: sun4i: hdmi: Fix inverted HPD result (git-fixes).
o drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes).
o drm/tegra: hub: Do not enable orphaned window group (git-fixes).
o exfat: add missing brelse() calls on error paths (git-fixes).
o exfat: fix incorrect update of stream entry in __exfat_truncate()
(git-fixes).
o exfat: fix memory leak in exfat_parse_param() (git-fixes).
o exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes).
o fpga: dfl: fix bug in port reset handshake (git-fixes).
o fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config
file
o fuse: copy_file_range should truncate cache (git-fixes).
o fuse: fix copy_file_range cache issues (git-fixes).
o geneve: fix an uninitialized value in geneve_changelink() (git-fixes).
o gpio: pca953x: disable regmap locking for automatic address incrementing
(git-fixes).
o gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes).
o gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
(git-fixes).
o gpu: host1x: Detach driver on unregister (git-fixes).
o habanalabs: increase timeout during reset (git-fixes).
o HID: logitech-hidpp: avoid repeated "multiplier = " log messages
(git-fixes).
o HID: magicmouse: do not set up autorepeat (git-fixes).
o HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes).
o HID: quirks: Ignore Simply Automated UPB PIM (git-fixes).
o HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
(git-fixes).
o hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
path (git-fixes).
o hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
(git-fixes).
o hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes).
o i2c: eg20t: Load module automatically if ID matches (git-fixes).
o i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes).
o i2c: rcar: always clear ICSAR to avoid side effects (git-fixes).
o i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes).
o i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes).
o i40iw: fix null pointer dereference on a null wqe pointer (git-fixes).
o i40iw: Report correct firmware version (git-fixes).
o IB/cma: Fix ports memory leak in cma_configfs (git-fixes).
o IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes).
o IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409).
o IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409).
o IB/hfi1: Ensure pq is not left on waitlist (git-fixes).
o IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411).
o IB/hfi1: Fix memory leaks in sysfs registration and unregistration
(git-fixes).
o IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#
1174407).
o IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes).
o IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
(git-fixes).
o IB/mad: Fix use after free when destroying MAD agent (git-fixes).
o IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes).
o IB/mlx5: Fix 50G per lane indication (git-fixes).
o IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes).
o IB/mlx5: Fix missing congestion control debugfs on rep rdma device
(git-fixes).
o IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads
(git-fixes).
o IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes).
o IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes).
o IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes).
o ieee802154: fix one possible memleak in adf7242_probe (git-fixes).
o iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()'
(git-fixes).
o iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes).
o iio:health:afe4404 Fix timestamp alignment and prevent data leak
(git-fixes).
o iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes).
o iio:humidity:hts221 Fix alignment and data leak issues (git-fixes).
o iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes).
o iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes).
o iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
(git-fixes).
o iio:pressure:ms5611 Fix buffer element alignment (git-fixes).
o iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes).
o Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes).
o Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes).
o Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes).
o Input: mms114 - add extra compatible for mms345l (git-fixes).
o intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes).
o intel_th: pci: Add Emmitsburg PCH support (git-fixes).
o intel_th: pci: Add Jasper Lake CPU support (git-fixes).
o intel_th: pci: Add Tiger Lake PCH-H support (git-fixes).
o iommu/arm-smmu-v3: Do not reserve implementation defined register space
(bsc#1174126).
o iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127).
o iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128).
o ionic: centralize queue reset code (bsc#1167773).
o ionic: fix up filter locks and debug msgs (bsc#1167773).
o ionic: keep rss hash after fw update (bsc#1167773).
o ionic: update filter id after replay (bsc#1167773).
o ionic: update the queue count on open (bsc#1167773).
o ionic: use mutex to protect queue operations (bsc#1167773).
o ionic: use offset for ethtool regs data (bsc#1167773).
o kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
o keys: asymmetric: fix error return code in software_key_query()
(git-fixes).
o KVM: nVMX: always update CR3 in VMCS (git-fixes).
o l2tp: add sk_family checks to l2tp_validate_socket
(networking-stable-20_06_07).
o l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
o lib: Reduce user_access_begin() boundaries in strncpy_from_user() and
strnlen_user() (bsc#1174331).
o media: cec: silence shift wrapping warning in __cec_s_log_addrs()
(git-fixes).
o mei: bus: do not clean driver pointer (git-fixes).
o mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602).
o mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#
1154488).
o mlxsw: core: Use different get_trend() callbacks for different thermal
zones (networking-stable-20_06_10).
o mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
(git-fixes).
o mmc: sdhci: do not enable card detect interrupt for gpio cd type
(git-fixes).
o mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
(bsc#1174527).
o nbd: Fix memory leak in nbd_add_socket (git-fixes).
o net: be more gentle about silly gso requests coming from user
(networking-stable-20_06_07).
o net: check untrusted gso_size at kernel entry (networking-stable-20_06_07).
o netdevsim: fix unbalaced locking in nsim_create() (git-fixes).
o net: dsa: bcm_sf2: Fix node reference count (git-fixes).
o net_failover: fixed rollback in net_failover_open()
(networking-stable-20_06_10).
o netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#
1171857).
o netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit
helpers (bsc#1171857).
o netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#
1171857).
o netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit
helpers (bsc#1171857).
o net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398).
o net: hns3: check reset pending after FLR prepare (bsc#1154353).
o net: hns3: fix error handling for desc filling (git-fixes).
o net: hns3: fix for not calculating TX BD send size correctly (git-fixes).
o net: hns3: fix return value error when query MAC link status fail
(git-fixes).
o net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint()
(bsc#1154353).
o net: macb: call pm_runtime_put_sync on failure path (git-fixes).
o net/mlx5: drain health workqueue in case of driver load error
(networking-stable-20_06_16).
o net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash
(jsc#SLE-8464).
o net/mlx5e: Fix repeated XSK usage on one channel
(networking-stable-20_06_16).
o net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#
SLE-8464).
o net/mlx5: Fix fatal error handling during device load
(networking-stable-20_06_16).
o net: phy: realtek: add support for configuring the RX delay on RTL8211F
(bsc#1174398).
o net/smc: fix restoring of fallback changes (git-fixes).
o net: stmmac: do not attach interface until resume finishes (bsc#1174072).
o net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072).
o net: stmmac: dwc-qos: use generic device api (bsc#1174072).
o net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
v5.10a (networking-stable-20_06_07).
o net: stmmac: platform: fix probe for ACPI devices (bsc#1174072).
o net/tls: fix encryption error checking (git-fixes).
o net/tls: free record only on encryption error (git-fixes).
o net: usb: qmi_wwan: add Telit LE910C1-EUX composition
(networking-stable-20_06_07).
o nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes).
o nfp: flower: fix used time of merge flow statistics
(networking-stable-20_06_07).
o NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#
1174264).
o NTB: Fix static check warning in perf_clear_test (git-fixes).
o NTB: Fix the default port and peer numbers for legacy drivers (git-fixes).
o ntb: hw: remove the code that sets the DMA mask (git-fixes).
o NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes).
o NTB: ntb_test: Fix bug when counting remote files (git-fixes).
o NTB: ntb_tool: reading the link file should not end in a NULL byte
(git-fixes).
o NTB: perf: Do not require one more memory window than number of peers
(git-fixes).
o NTB: perf: Fix race condition when run with ntb_test (git-fixes).
o NTB: perf: Fix support for hardware that does not have port numbers
(git-fixes).
o ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes).
o NTB: Revert the change to use the NTB device dev for DMA allocations
(git-fixes).
o ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes).
o ovl: inode reference leak in ovl_is_inuse true case (git-fixes).
o padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes).
o padata: kABI fixup for struct padata_instance splitting nodes (git-fixes).
o PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#
1174356).
o PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
o PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513).
o PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#
1172201).
o pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
o percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc
#1174332).
o phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
(git-fixes).
o platform/x86: ISST: Increase timeout (bsc#1174185).
o powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable
pkey (bsc#1065729).
o powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc
#1168959 ltc#185010).
o powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes).
o powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
o qed: suppress "do not support RoCE & iWARP" flooding on HW init
(git-fixes).
o qed: suppress false-positives interrupt error messages on HW init
(git-fixes).
o RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
(git-fixes).
o RDMA/cma: Protect bind_list and listen_list while finding matching cm id
(git-fixes).
o RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes).
o RDMA/cm: Fix checking for allowed duplicate listens (git-fixes).
o RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id()
(git-fixes).
o RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes).
o RDMA/cm: Remove a race freeing timewait_info (git-fixes).
o RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes).
o RDMA/core: Fix double destruction of uobject (git-fixes).
o RDMA/core: Fix double put of resource (git-fixes).
o RDMA/core: Fix missing error check on dev_set_name() (git-fixes).
o RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes).
o RDMA/core: Fix race between destroy and release FD object (git-fixes).
o RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes).
o RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes).
o RDMA/counter: Query a counter before release (git-fixes).
o RDMA/efa: Set maximum pkeys device attribute (git-fixes).
o RDMA/hns: Bugfix for querying qkey (git-fixes).
o RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes).
o RDMA/iwcm: Fix iwcm work deallocation (git-fixes).
o RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes).
o RDMA/mad: Do not crash if the rdma device does not have a umad interface
(git-fixes).
o RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
(git-fixes).
o RDMA/mlx4: Initialize ib_spec on the stack (git-fixes).
o RDMA/mlx5: Add init2init as a modify command (git-fixes).
o RDMA/mlx5: Fix access to wrong pointer while performing flush due to error
(git-fixes).
o RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes).
o RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes).
o RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#
SLE-8446).
o RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes).
o RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes).
o RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes).
o RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
(git-fixes).
o RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes).
o RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
(git-fixes).
o RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes).
o RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes).
o RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes).
o RDMA/rxe: Set default vendor ID (git-fixes).
o RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes).
o RDMA/siw: Fix failure handling during device creation (git-fixes).
o RDMA/siw: Fix passive connection establishment (git-fixes).
o RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes).
o RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr()
(git-fixes).
o RDMA/siw: Fix reporting vendor_part_id (git-fixes).
o RDMA/siw: Fix setting active_mtu attribute (git-fixes).
o RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes).
o RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes).
o RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes).
o regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes).
o regmap: fix alignment issue (git-fixes).
o regmap: Fix memory leak from regmap_register_patch (git-fixes).
o Revert "i2c: cadence: Fix the hold bit setting" (git-fixes).
o Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes).
o Revert "thermal: mediatek: fix register index error" (git-fixes).
o RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
(git-fixes).
o rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353).
o rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
o s390: fix syscall_get_error for compat processes (git-fixes).
o s390/ism: fix error return code in ism_probe() (git-fixes).
o s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes).
o s390/pci: Fix s390_mmio_read/write with MIO (git-fixes).
o s390/qdio: consistently restore the IRQ handler (git-fixes).
o s390/qdio: put thinint indicator after early error (git-fixes).
o s390/qdio: tear down thinint indicator after early error (git-fixes).
o s390/qeth: fix error handling for isolation mode cmds (git-fixes).
o sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU
scheduler functional and performance backports)).
o scsi: libfc: free response frame from GPN_ID (bsc#1173849).
o scsi: libfc: Handling of extra kref (bsc#1173849).
o scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849).
o scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#
1173849).
o scsi: libfc: Skip additional kref updating work event (bsc#1173849).
o scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes).
o scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
(git-fixes).
o selftests/net: in rxtimestamp getopt_long needs terminating null entry
(networking-stable-20_06_16).
o selinux: fall back to ref-walk if audit is required (bsc#1174333).
o selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
(bsc#1174333).
o serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941).
o SMB3: Honor lease disabling for multiuser mounts (git-fixes).
o soundwire: intel: fix memory leak with devm_kasprintf (git-fixes).
o spi: spidev: fix a potential use-after-free in spidev_release()
(git-fixes).
o spi: spidev: fix a race between spidev_release and spidev_remove
(git-fixes).
o spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
(git-fixes).
o staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
(git-fixes).
o staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
(git-fixes).
o staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
(git-fixes).
o staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes).
o staging: comedi: verify array index is correct before using it (git-fixes).
o SUNRPC dont update timeout value on connection reset (bsc#1174263).
o sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116).
o tcp: md5: allow changing MD5 keys in all socket states (git-fixes).
o thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes).
o thermal: int3403_thermal: Downgrade error message (git-fixes).
o tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362).
o tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
(git-fixes).
o tty: hvc_console, fix crashes on parallel open/close (git-fixes).
o udp: Copy has_conns in reuseport_grow() (git-fixes).
o udp: Improve load balancing for SO_REUSEPORT (git-fixes).
o USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes).
o usb: chipidea: core: add wakeup support for extcon (git-fixes).
o usb: dwc2: Fix shutdown callback in platform (git-fixes).
o usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
(git-fixes).
o usb: gadget: Fix issue with config_ep_by_speed function (git-fixes).
o usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes).
o usb: gadget: udc: atmel: fix uninitialized read in debug printk
(git-fixes).
o usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
(git-fixes).
o usbnet: smsc95xx: Fix use-after-free after removal (git-fixes).
o USB: serial: ch341: add new Product ID for CH340 (git-fixes).
o USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes).
o USB: serial: iuu_phoenix: fix memory corruption (git-fixes).
o USB: serial: option: add GosunCn GM500 series (git-fixes).
o USB: serial: option: add Quectel EG95 LTE modem (git-fixes).
o usb: tegra: Fix allocation for the FPCI context (git-fixes).
o usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
o vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129).
o virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
(git-fixes).
o virt: vbox: Fix guest capabilities mask check (git-fixes).
o virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match
upstream (git-fixes).
o vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
o vxlan: Avoid infinite loop when suppressing NS messages with invalid
options (networking-stable-20_06_10).
o watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202).
o workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes).
o xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Public Cloud 15-SP2:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1
Package List:
o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
kernel-azure-5.3.18-18.12.1
kernel-azure-debuginfo-5.3.18-18.12.1
kernel-azure-debugsource-5.3.18-18.12.1
kernel-azure-devel-5.3.18-18.12.1
kernel-azure-devel-debuginfo-5.3.18-18.12.1
kernel-syms-azure-5.3.18-18.12.1
o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
kernel-devel-azure-5.3.18-18.12.1
kernel-source-azure-5.3.18-18.12.1
References:
o https://www.suse.com/security/cve/CVE-2020-0305.html
o https://www.suse.com/security/cve/CVE-2020-10135.html
o https://www.suse.com/security/cve/CVE-2020-10781.html
o https://www.suse.com/security/cve/CVE-2020-14331.html
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1152472
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1153274
o https://bugzilla.suse.com/1154353
o https://bugzilla.suse.com/1154488
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1155798
o https://bugzilla.suse.com/1165933
o https://bugzilla.suse.com/1167773
o https://bugzilla.suse.com/1168959
o https://bugzilla.suse.com/1169771
o https://bugzilla.suse.com/1171857
o https://bugzilla.suse.com/1171988
o https://bugzilla.suse.com/1172201
o https://bugzilla.suse.com/1173074
o https://bugzilla.suse.com/1173849
o https://bugzilla.suse.com/1173941
o https://bugzilla.suse.com/1174072
o https://bugzilla.suse.com/1174116
o https://bugzilla.suse.com/1174126
o https://bugzilla.suse.com/1174127
o https://bugzilla.suse.com/1174128
o https://bugzilla.suse.com/1174129
o https://bugzilla.suse.com/1174185
o https://bugzilla.suse.com/1174205
o https://bugzilla.suse.com/1174247
o https://bugzilla.suse.com/1174263
o https://bugzilla.suse.com/1174264
o https://bugzilla.suse.com/1174331
o https://bugzilla.suse.com/1174332
o https://bugzilla.suse.com/1174333
o https://bugzilla.suse.com/1174356
o https://bugzilla.suse.com/1174362
o https://bugzilla.suse.com/1174396
o https://bugzilla.suse.com/1174398
o https://bugzilla.suse.com/1174407
o https://bugzilla.suse.com/1174409
o https://bugzilla.suse.com/1174411
o https://bugzilla.suse.com/1174438
o https://bugzilla.suse.com/1174462
o https://bugzilla.suse.com/1174513
o https://bugzilla.suse.com/1174527
o https://bugzilla.suse.com/1174627
o https://bugzilla.suse.com/1174645
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXyeeteNLKJtyKPYoAQh4Ig/+Lk7J1xm9ez1KQM33XYJjWHViuNJXqazq
YBL+wnInUD5T48fo53kjpLFUkKrruR7eoJbFRXTB2BzYTQv0NxlOS0LvT/oXI3HD
IJiuqJhXwwZ7LBT4uxebbxeMVoP0782KygEpDINMxS5XwiK14EFV7yi6m2e/e+r9
ibaUK6C1NvAuLcIn14ITTPERj3laLMojApNdb/BAnCQ9B0SQ4c416Oi84HgNRlRL
iH+tPxvXKoQlehTC0K0FY7xVsoowLmjnPeHm2CFE/p7HZUlhc4sJwZ3SyqrWaO0R
4COPnuM5xy4ufcQbzU8FjyptkKwYbXoZ5h01WvhATvJACscGJSLW1euNuqxDoRra
Jz8MrupllIJ2aZmb6xl7loND2SAczU4225Mi4Jfc/NLQnnkGB8QxczdsBmaNZxzg
La+xTYl6Wg0DnRnlOwBCFiLME/m4D8xKy8D2wGkEMMLQsSN8yC1u04W1FUAPVXLZ
IZ4La3xJiyoGkCeaaHQD2+Kf5/RcD47HbS5M/lIb63EBxVXLHHZVuU6wVXrE67Nx
VJw8qVQH3Qn7f78+330weCouQCgpD2KLYG+gk6MpvBX7VlbBO/u0RKA83Am7nFdX
V7hJ4DpoAhFmYiHKrwpJkJL3iB0Rk3NCbZY1/OO0Vz6B2cDmDM/AbdczoHoLqyfX
3AOoH4jo8R8=
=JNYd
-----END PGP SIGNATURE-----
https://www.malwaredevil.com/2020/08/03/esb-2020-2642-suse-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2642-suse-kernel-multiple-vulnerabilities
How would you like to get your internet signal from outer space? You can! Elon Musk’s SpaceX company has moved another step closer to offering internet connectivity via its Starlink service. However, at the moment, there’s an important catch and caveat.
