Malware Devil

Loading...

Monday, February 15, 2021

ESB-2021.0555 – [Win] McAfee Endpoint Security: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0555
      Endpoint Security for Windows update fixes five vulnerabilities
                             15 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           McAfee Endpoint Security
Publisher:         McAfee
Operating System:  Windows
Impact/Access:     Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23883 CVE-2021-23882 CVE-2021-23881
                   CVE-2021-23880 CVE-2021-23878 

Original Bulletin: 
   https://kc.mcafee.com/corporate/index?page=content&id=SB10345

- --------------------------BEGIN INCLUDED TEXT--------------------

McAfee Security Bulletin - Endpoint Security for Windows update fixes five
vulnerabilities (CVE-2021-23878, CVE-2021-23880, CVE-2021-23881,
CVE-2021-23882, CVE-2021-23883)

Security Bulletins ID   : SB10345

Last Modified           : 2/10/2021

Summary

First Published: February 9, 2021

Recent updates to this article
+-------------------+-------------------------------+
| Date              | Update                        |
+-------------------+-------------------------------+
| February 10, 2021 | Fixed a typo in a CVE number. |
+-------------------+-------------------------------+

To receive email notification when this Security Bulletin is updated, click
Subscribe on the right side of the page. You must be logged on to subscribe.
+----------------+----------+--------------+----------------+--------+--------+
|                |          |              |                |        |CVSS    |
|                |Impacted  |              |Impact of       |Severity|v3.1    |
|Product:        |Versions: |CVE ID:       |Vulnerabilities:|Ratings:|Base/   |
|                |          |              |                |        |Temporal|
|                |          |              |                |        |Scores: |
+----------------+----------+--------------+----------------+--------+--------+
|                |Prior to  |              |CWE-312:        |        |        |
|                |10.7.0 and|              |Cleartext       |        |        |
|Endpoint        |10.6.1    |CVE-2021-23878|storage of      |High    |7.3 /   |
|Security (ENS)  |February  |              |sensitive       |        |6.6     |
|                |2021      |              |information     |        |        |
|                |Update    |              |                |        |        |
+----------------+----------+--------------+----------------+--------+--------+
|                |Prior to  |              |                |        |        |
|                |10.7.0 and|              |CWE-269:        |        |        |
|ENS             |10.6.1    |CVE-2021-23880|Improper        |Medium  |6.7 /   |
|                |February  |              |Privilege       |        |6.0     |
|                |2021      |              |Management      |        |        |
|                |Update    |              |                |        |        |
+----------------+----------+--------------+----------------+--------+--------+
|                |Prior to  |              |                |        |        |
|                |10.7.0 and|              |CWE-79: Stored  |        |        |
|ENS             |10.6.1    |CVE-2021-23881|Cross Site      |Medium  |4.8 /   |
|                |February  |              |Scripting       |        |4.3     |
|                |2021      |              |                |        |        |
|                |Update    |              |                |        |        |
+----------------+----------+--------------+----------------+--------+--------+
|                |Prior to  |              |                |        |        |
|                |10.7.0 and|              |CWE-269:        |        |        |
|ENS             |10.6.1    |CVE-2021-23882|Improper        |High    |8.2 /   |
|                |February  |              |Privilege       |        |7.1     |
|                |2021      |              |Management      |        |        |
|                |Update    |              |                |        |        |
+----------------+----------+--------------+----------------+--------+--------+
|                |Prior to  |              |                |        |        |
|                |10.7.0 and|              |CWE-476: NULL   |        |        |
|ENS             |10.6.1    |CVE-2021-23883|Pointer         |Medium  |4.0 /   |
|                |February  |              |Dereference     |        |3.6     |
|                |2021      |              |                |        |        |
|                |Update    |              |                |        |        |
+----------------+----------+--------------+----------------+--------+--------+
|Recommendations:|Install or update to ENS 10.7.0 and 10.6.1 February 2021    |
|                |Update                                                      |
+----------------+------------------------------------------------------------+
|Security        |                                                            |
|Bulletin        |None                                                        |
|Replacement:    |                                                            |
+----------------+------------------------------------------------------------+
|Location of     |                                                            |
|updated         |http://www.mcafee.com/us/downloads/downloads.aspx           |
|software:       |                                                            |
+----------------+------------------------------------------------------------+

Article contents:

  o Vulnerability Description
  o Remediation
  o Mitigations
  o Acknowledgments
  o Frequently Asked Questions (FAQs)
  o Resources
  o Disclaimer

Vulnerability Description

 1. CVE-2021-23878
    Clear text storage of sensitive Information in memory vulnerability in
    McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021
    Update allows a local user to view ENS settings and credentials via
    accessing process memory after the ENS administrator has performed specific
    actions.
    To exploit this, the local user has to access the relevant memory location
    immediately after an ENS administrator has made a configuration change
    through the console on their machine.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23878
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23878
 2. CVE-2021-23880
    Improper Access Control in attribute in McAfee Endpoint Security (ENS) for
    Windows prior to 10.7.0 February 2021 Update allows authenticated local
    administrator user to perform an uninstallation of the anti-malware engine
    via the running of a specific command with the correct parameters.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23880
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23880
 3. CVE-2021-23881
    A stored cross site scripting vulnerability in ePO extension of McAfee
    Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS
    ePO administrator to add a script to a policy event which will trigger the
    script to be run through a browser block page when a local
    non-administrator user triggers the policy.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23881
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23881
 4. CVE-2021-23882
    Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for
    Windows prior to 10.7.0 February 2021 Update allows local administrators to
    prevent the installation of some ENS files by placing carefully crafted
    files where ENS will be installed.
    This is only applicable to clean installations of ENS as the Access Control
    rules will prevent modification prior to up an upgrade.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23882
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23882
 5. CVE-2021-23883
    A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS)
    for Windows prior to 10.7.0 February 2021 Update allows a local
    administrator to cause Windows to crash via a specific system call which is
    not handled correctly. This varies by machine and had partial protection
    prior to this update.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23883
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23883

Remediation
To remediate this issue:

  o Customers on ENS 10.7.0: Update to ENS 10.7.0 February 2021 Update.
  o Customers on ENS 10.6.1: Upgrade to ENS 10.7.0 February 2021 Update, or
    update to ENS 10.6.1 February 2021 Update.

Go to the Product Downloads site , and download the applicable product update
files:
+---------------+---------------------------+------+----------------+
|Product        |Version                    |Type  |Release Date    |
+---------------+---------------------------+------+----------------+
|ENS for Windows|10.7.0 February 2021 Update|Update|February 9, 2021|
|               |10.6.1 February 2021 Update|      |                |
+---------------+---------------------------+------+----------------+

Download and Installation Instructions
For instructions to download McAfee product updates and hotfixes, see: KB56057
- - How to download Enterprise product updates and documentation . Review the
Release Notes and the Installation Guide for instructions on how to install
these updates. All documentation is available at https://docs.mcafee.com .
Mitigations
McAfee is providing a mitigation solution for CVE-2021-23880. It is as an
alternative for those customers that have ENS 10.7.0/10.6.1 November 2020
Updates or earlier, and can't immediately apply the ENS 10.7.0/10.6.1 February
2021 Updates. The mitigation is to create a custom Expert Rule in ePO that
prevents unauthorized uninstallation of the ENS antimalware engine. For
instructions, see: KB94133 - REGISTERED - Create an Expert Rule that prevents
unauthorized uninstall of the Endpoint Security antimalware engine
(CVE-2021-23880) .

The referenced article is available only to registered ServicePortal users.

To view registered articles:

 1. Log on to the ServicePortal at http://support.mcafee.com .
 2. Type the article ID in the search field on the home page.
 3. Click Search or press Enter.

Acknowledgments
McAfee credits the following for responsibly reporting flaws.
CVE-2021-23878 - Lockheed Martin Red Team
CVE-2021-23883 - Alain Rodel from cirosec GmbH
Frequently Asked Questions (FAQs)
How do I know if my McAfee product is vulnerable or not
For Endpoint Security on Windows:
Use the following instructions for endpoint or client-based products:

 1. Right-click the McAfee tray shield icon on the Windows taskbar.
 2. Select McAfee Endpoint Security .
 3. In the console, select Action Menu .
 4. In the Action Menu, select About . The product version displays.

What is CVSS
CVSS, or Common Vulnerability Scoring System, is the result of the National
Infrastructure Advisory Council's effort to standardize a system of assessing
the criticality of a vulnerability. This system offers an unbiased criticality
score between 0 and 10 that customers can use to judge how critical a
vulnerability is and plan accordingly. For more information, visit the CVSS
website at: https://www.first.org/cvss/ .

When calculating CVSS scores, McAfee has adopted a philosophy that fosters
consistency and repeatability. Our guiding principle for CVSS scoring is to
score the exploit under consideration by itself. We consider only the immediate
and direct impact of the exploit under consideration. We do not factor into a
score any potential follow-on exploits that might be made possible by the
successful exploitation of the issue being scored.

What are the CVSS scoring metrics

 1. CVE-2021-23878: Clear text storage of sensitive Information in ENS
    +------------------------+--------------------+
    |Base Score              |7.3                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Local (L)           |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|Low (L)             |
    +------------------------+--------------------+
    |User Interaction (UI)   |Required (R)        |
    +------------------------+--------------------+
    |Scope (S)               |Unchanged (U)       |
    +------------------------+--------------------+
    |Confidentiality (C)     |High (H)            |
    +------------------------+--------------------+
    |Integrity (I)           |High (H)            |
    +------------------------+--------------------+
    |Availability (A)        |High (H)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|6.6                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof-of-Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:L/
    UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C&version=3.1
 2. CVE-2021-23880: Improper Access Control in the ENS installer
    +------------------------+--------------------+
    |Base Score              |6.7                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Local (L)           |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|High (H)            |
    +------------------------+--------------------+
    |User Interaction (UI)   |None (N)            |
    +------------------------+--------------------+
    |Scope (S)               |Unchanged (U)       |
    +------------------------+--------------------+
    |Confidentiality (C)     |High (H)            |
    +------------------------+--------------------+
    |Integrity (I)           |High (H)            |
    +------------------------+--------------------+
    |Availability (A)        |High (H)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|6.0                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof-of-Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:H/
    UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C&version=3.1
 3. CVE-2021-23881: Stored Cross Site Scripting in ENS
    +------------------------+--------------------+
    |Base Score              |4.8                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Network (N)         |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|High (H)            |
    +------------------------+--------------------+
    |User Interaction (UI)   |Required (R)        |
    +------------------------+--------------------+
    |Scope (S)               |Changed (C)         |
    +------------------------+--------------------+
    |Confidentiality (C)     |Low (L)             |
    +------------------------+--------------------+
    |Integrity (I)           |Low (L)             |
    +------------------------+--------------------+
    |Availability (A)        |None (N)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|4.3                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof-of-Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:N/AC:L/PR:H/
    UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C&version=3.1
 4. CVE-2021-23882: Improper Access Control in the ENS installer
    +------------------------+--------------------+
    |Base Score              |8.2                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Local (L)           |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|High (H)            |
    +------------------------+--------------------+
    |User Interaction (UI)   |None (N)            |
    +------------------------+--------------------+
    |Scope (S)               |Changed (C)         |
    +------------------------+--------------------+
    |Confidentiality (C)     |High (H)            |
    +------------------------+--------------------+
    |Integrity (I)           |High (H)            |
    +------------------------+--------------------+
    |Availability (A)        |High (H)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|7.1                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof-of-Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:H/
    UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C&version=3.1
 5. CVE-2021-23883:
    +------------------------+--------------------+
    |Base Score              |4.0                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Local (L)           |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |High (H)            |
    +------------------------+--------------------+
    |Privileges Required (PR)|High (H)            |
    +------------------------+--------------------+
    |User Interaction (UI)   |Required (R)        |
    +------------------------+--------------------+
    |Scope (S)               |Unchanged (U)       |
    +------------------------+--------------------+
    |Confidentiality (C)     |None (N)            |
    +------------------------+--------------------+
    |Integrity (I)           |None (N)            |
    +------------------------+--------------------+
    |Availability (A)        |High (H)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|3.6                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof-of-Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:H/PR:H/
    UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C&version=3.1

Where can I find a list of all Security Bulletins
All Security Bulletins are published on our external PSIRT website at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see
Security Bulletins for McAfee Enterprise products on this website click
Enterprise Security Bulletins . Security Bulletins are retired (removed) once a
product is both End of Sale and End of Support (End of Life).

How do I report a product vulnerability to McAfee
If you have information about a security issue or vulnerability with a McAfee
product, visit the McAfee PSIRT website for instructions at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an
issue, click Report a Security Vulnerability .

How does McAfee respond to this and any other reported security flaws
Our key priority is the security of our customers. If a vulnerability is found
within any McAfee software or services, we work closely with the relevant
security software development team to ensure the rapid and effective
development of a fix and communication plan.

McAfee only publishes Security Bulletins if they include something actionable
such as a workaround, mitigation, version update, or hotfix. Otherwise, we
would simply be informing the hacker community that our products are a target,
putting our customers at greater risk. For products that are updated
automatically, a non-actionable Security Bulletin might be published to
acknowledge the discoverer.

View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/
threat-center/product-security-bulletins.aspx by clicking About PSIRT .
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create
a Service Request page at https://support.mcafee.com/ServicePortal/faces/
serviceRequests/createSR :

  o If you are a registered user, type your User ID and Password, and then
    click Log In .
  o If you are not a registered user, click Register and complete the required
    fields. Your password and logon instructions will be emailed to you.

Disclaimer
The information provided in this Security Bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the preceding limitation may not apply.

Any future product release dates mentioned in this Security Bulletin are
intended to outline our general product direction, and they should not be
relied on in making a purchasing decision. The product release dates are for
information purposes only, and may not be incorporated into any contract. The
product release dates are not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. The development, release, and
timing of any features or functionality described for our products remains at
our sole discretion and may be changed or canceled at any time

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCnqtuNLKJtyKPYoAQhyehAAmjGeC+fl7CVJlyxd9nc4cXSVbroy+RGy
bvsIEK4M3L7yvQrIyo8msfLMyX1BFf0N6Y4xDmkWCoAphJFmbcvy3YxDr5iohwgT
9Kz7kwVPezsOFNhjJ34NmHu6dDI0hrBYSHtnMhfQHXlW2FtOMR1U7Gl317B7mzAu
UB7HfP8lGgiO0ND5EQwow/94CbeTp1x1Lj25lMZarF/zZ9ssXOK+S5ATttjeL9W4
L9b6TdvNvwqtON3OceNVtpHofY02Gt0FonZSDqrTEIOIJcFIuh6vdFV2iLjFDjd8
hB3Xlg/HCmLWjXYVc05FHtztTGaTQi3fgGUV8H1oz9iZm7Hy0n5k9GWpSNn6l2PN
llh4LmOwFbfK+zKmMWsZHk+jVVbApqeA4Wdbxo8DPKxZpqycjiZZUiWvMHUzpq6c
TMm/zYq9HQLrHecFGaeE7ghmTX+sQ+PSSLn+utVkDdEeBww3Rr/SvdE9uJS3g6/j
lvL5d7BOAkC3FqnKBFSgCIYjnMEs0GUkBgcC4xjE1LnYjRUdke5Xq+8TmawuXtpC
ltfTjoTAWdOyc2p9p5WCzY2tJABMxUDORck4gl939SZesErss+sxV4LXrLp9HDxF
hJXMPuvLWY69yBBPzlUOM7RBeQo6Ec9BTWY8K6yDBt3QXhCL97mnZKmOBw4a8Vw3
Rx9hht9/BX8=
=bJHW
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0555 – [Win] McAfee Endpoint Security: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/02/15/esb-2021-0555-win-mcafee-endpoint-security-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0555-win-mcafee-endpoint-security-multiple-vulnerabilities
at No comments:
Labels:

ESB-2021.0553 – [SUSE] Linux Kernel: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0553
                   Security update for the Linux Kernel
                             15 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Access Privileged Data          -- Existing Account      
                   Denial of Service               -- Existing Account      
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3348 CVE-2021-3347 CVE-2020-36158
                   CVE-2020-29661 CVE-2020-29660 CVE-2020-29569
                   CVE-2020-29568 CVE-2020-29371 CVE-2020-28974
                   CVE-2020-28915 CVE-2020-28374 CVE-2020-27835
                   CVE-2020-27825 CVE-2020-27786 CVE-2020-27777
                   CVE-2020-27068 CVE-2020-25669 CVE-2020-25639
                   CVE-2020-25211 CVE-2020-15437 CVE-2020-15436
                   CVE-2020-4788 CVE-2020-0466 CVE-2020-0465
                   CVE-2020-0444 CVE-2019-20934 

Reference:         ESB-2021.0543
                   ESB-2021.0529
                   ESB-2021.0365

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210434-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0434-1
Rating:            important
References:        #1144912 #1149032 #1158775 #1163727 #1171979 #1176395
                   #1176846 #1176962 #1177304 #1177666 #1178036 #1178182
                   #1178198 #1178372 #1178589 #1178590 #1178684 #1178886
                   #1179107 #1179140 #1179141 #1179419 #1179429 #1179508
                   #1179509 #1179601 #1179616 #1179663 #1179666 #1179745
                   #1179877 #1179878 #1179895 #1179960 #1179961 #1180008
                   #1180027 #1180028 #1180029 #1180030 #1180031 #1180032
                   #1180052 #1180086 #1180559 #1180562 #1180676 #1181001
                   #1181158 #1181349 #1181504 #1181553 #1181645
Cross-References:  CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466
                   CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639
                   CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786
                   CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915
                   CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569
                   CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788
                   CVE-2021-3347 CVE-2021-3348
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud 9
                   SUSE Linux Enterprise Server for SAP 12-SP4
                   SUSE Linux Enterprise Server 12-SP4-LTSS
                   SUSE Linux Enterprise Live Patching 12-SP4
                   SUSE Linux Enterprise High Availability 12-SP4
______________________________________________________________________________

An update that solves 26 vulnerabilities and has 27 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be
    triggered by local attackers (with access to the nbd device) via an I/O
    request (bnc#1181504).
  o CVE-2021-3347: A use-after-free was discovered in the PI futexes during
    fault handling, allowing local users to execute code in the kernel (bnc#
    1181349).
  o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found,
    specifically in the way user calls Ioctl after open dev file and fork. A
    local user could use this flaw to crash the system (bnc#1179878).
  o CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter()
    which could be triggered by a local attackers by injecting conntrack
    netlink configuration (bnc#1176395).
  o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#
    1176846).
  o CVE-2020-29569: Fixed a potential privilege escalation and information
    leaks related to the PV block backend, as used by Xen (bnc#1179509).
  o CVE-2020-29568: Fixed a denial of service issue, related to processing
    watch events (bnc#1179508).
  o CVE-2020-0444: Fixed a bad kfree due to a logic error in
    audit_data_to_entry (bnc#1180027).
  o CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c
    that could have led to local privilege escalation (bnc#1180029).
  o CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl
    and ep_loop_check_proc of eventpoll.c (bnc#1180031).
  o CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed
    a local user to obtain sensitive information from the data in the L1 cache
    under extenuating circumstances (bsc#1177666).
  o CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c
    which could have allowed local users to gain privileges or cause a denial
    of service (bsc#1179141).
  o CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check
    in the nl80211_policy policy of nl80211.c (bnc#1180086).
  o CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction
    Services (RTAS) interface, affecting guests running on top of PowerVM or
    KVM hypervisors (bnc#1179107).
  o CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation
    (bnc#1179601).
  o CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc
    #1179960).
  o CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#
    1179429).
  o CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may
    have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
  o CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a
    use-after-free attack against TIOCSPGRP (bsc#1179745).
  o CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have
    been used by local attackers to read privileged information or potentially
    crash the kernel (bsc#1178589).
  o CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have
    been used by local attackers to read kernel memory (bsc#1178886).
  o CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#
    1178182).
  o CVE-2020-15437: Fixed a null pointer dereference which could have allowed
    local users to cause a denial of service(bsc#1179140).
  o CVE-2020-36158: Fixed a potential remote code execution in the Marvell
    mwifiex driver (bsc#1180559).
  o CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
  o CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA
    fault statistics were inappropriately freed (bsc#1179663).


The following non-security bugs were fixed:

  o blk-mq: improve heavily contended tag case (bsc#1178198).
  o debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
  o epoll: Keep a reference on files added to the check list (bsc#1180031).
  o fix regression in "epoll: Keep a reference on files added to the check
    list" (bsc#1180031, git-fixes).
  o futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
  o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349
    bsc#1149032).
  o futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
  o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
  o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
  o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
  o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
  o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#
    1149032).
  o HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
  o iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#
    1181001, jsc#ECO-3191).
  o iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    (bsc#1181001, jsc#ECO-3191).
  o kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
  o locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#
    1149032).
  o md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
  o md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
  o md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
  o md/cluster: block reshape with remote resync job (bsc#1163727).
  o md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
  o md-cluster: Fix potential error pointer dereference in resize_bitmaps()
    (bsc#1163727).
  o md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#
    1163727).
  o md-cluster: fix safemode_delay value when converting to clustered bitmap
    (bsc#1163727).
  o md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
  o Move upstreamed bt fixes into sorted section
  o nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
  o net/x25: prevent a couple of overflows (bsc#1178590).
  o NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
  o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349
    bsc#1149032).
  o s390/dasd: fix hanging device offline processing (bsc#1144912).
  o scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#
    188304).
  o scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
    (bsc#1176962 ltc#188304).
  o SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
  o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001,
    jsc#ECO-3191).
  o x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#
    1181001, jsc#ECO-3191).
  o x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#
    ECO-3191).
  o x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
  o x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
  o x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#
    ECO-3191).
  o x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
  o x86/traps: Simplify pagefault tracing logic (bsc#1179895).
  o xfrm: Fix memleak on xfrm state destroy (bsc#1158775).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-434=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2021-434=1
  o SUSE Linux Enterprise Server for SAP 12-SP4:
    zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-434=1
  o SUSE Linux Enterprise Server 12-SP4-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-434=1
  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-434=1
  o SUSE Linux Enterprise High Availability 12-SP4:
    zypper in -t patch SUSE-SLE-HA-12-SP4-2021-434=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       kernel-default-4.12.14-95.68.1
       kernel-default-base-4.12.14-95.68.1
       kernel-default-base-debuginfo-4.12.14-95.68.1
       kernel-default-debuginfo-4.12.14-95.68.1
       kernel-default-debugsource-4.12.14-95.68.1
       kernel-default-devel-4.12.14-95.68.1
       kernel-default-devel-debuginfo-4.12.14-95.68.1
       kernel-syms-4.12.14-95.68.1
  o SUSE OpenStack Cloud Crowbar 9 (noarch):
       kernel-devel-4.12.14-95.68.1
       kernel-macros-4.12.14-95.68.1
       kernel-source-4.12.14-95.68.1
  o SUSE OpenStack Cloud 9 (noarch):
       kernel-devel-4.12.14-95.68.1
       kernel-macros-4.12.14-95.68.1
       kernel-source-4.12.14-95.68.1
  o SUSE OpenStack Cloud 9 (x86_64):
       kernel-default-4.12.14-95.68.1
       kernel-default-base-4.12.14-95.68.1
       kernel-default-base-debuginfo-4.12.14-95.68.1
       kernel-default-debuginfo-4.12.14-95.68.1
       kernel-default-debugsource-4.12.14-95.68.1
       kernel-default-devel-4.12.14-95.68.1
       kernel-default-devel-debuginfo-4.12.14-95.68.1
       kernel-syms-4.12.14-95.68.1
  o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
       kernel-default-4.12.14-95.68.1
       kernel-default-base-4.12.14-95.68.1
       kernel-default-base-debuginfo-4.12.14-95.68.1
       kernel-default-debuginfo-4.12.14-95.68.1
       kernel-default-debugsource-4.12.14-95.68.1
       kernel-default-devel-4.12.14-95.68.1
       kernel-syms-4.12.14-95.68.1
  o SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
       kernel-devel-4.12.14-95.68.1
       kernel-macros-4.12.14-95.68.1
       kernel-source-4.12.14-95.68.1
  o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
       kernel-default-devel-debuginfo-4.12.14-95.68.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
       kernel-default-4.12.14-95.68.1
       kernel-default-base-4.12.14-95.68.1
       kernel-default-base-debuginfo-4.12.14-95.68.1
       kernel-default-debuginfo-4.12.14-95.68.1
       kernel-default-debugsource-4.12.14-95.68.1
       kernel-default-devel-4.12.14-95.68.1
       kernel-syms-4.12.14-95.68.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
       kernel-default-devel-debuginfo-4.12.14-95.68.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
       kernel-devel-4.12.14-95.68.1
       kernel-macros-4.12.14-95.68.1
       kernel-source-4.12.14-95.68.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
       kernel-default-man-4.12.14-95.68.1
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kernel-default-kgraft-4.12.14-95.68.1
       kernel-default-kgraft-devel-4.12.14-95.68.1
       kgraft-patch-4_12_14-95_68-default-1-6.3.1
  o SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
       cluster-md-kmp-default-4.12.14-95.68.1
       cluster-md-kmp-default-debuginfo-4.12.14-95.68.1
       dlm-kmp-default-4.12.14-95.68.1
       dlm-kmp-default-debuginfo-4.12.14-95.68.1
       gfs2-kmp-default-4.12.14-95.68.1
       gfs2-kmp-default-debuginfo-4.12.14-95.68.1
       kernel-default-debuginfo-4.12.14-95.68.1
       kernel-default-debugsource-4.12.14-95.68.1
       ocfs2-kmp-default-4.12.14-95.68.1
       ocfs2-kmp-default-debuginfo-4.12.14-95.68.1


References:

  o https://www.suse.com/security/cve/CVE-2019-20934.html
  o https://www.suse.com/security/cve/CVE-2020-0444.html
  o https://www.suse.com/security/cve/CVE-2020-0465.html
  o https://www.suse.com/security/cve/CVE-2020-0466.html
  o https://www.suse.com/security/cve/CVE-2020-15436.html
  o https://www.suse.com/security/cve/CVE-2020-15437.html
  o https://www.suse.com/security/cve/CVE-2020-25211.html
  o https://www.suse.com/security/cve/CVE-2020-25639.html
  o https://www.suse.com/security/cve/CVE-2020-25669.html
  o https://www.suse.com/security/cve/CVE-2020-27068.html
  o https://www.suse.com/security/cve/CVE-2020-27777.html
  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-27825.html
  o https://www.suse.com/security/cve/CVE-2020-27835.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-28915.html
  o https://www.suse.com/security/cve/CVE-2020-28974.html
  o https://www.suse.com/security/cve/CVE-2020-29371.html
  o https://www.suse.com/security/cve/CVE-2020-29568.html
  o https://www.suse.com/security/cve/CVE-2020-29569.html
  o https://www.suse.com/security/cve/CVE-2020-29660.html
  o https://www.suse.com/security/cve/CVE-2020-29661.html
  o https://www.suse.com/security/cve/CVE-2020-36158.html
  o https://www.suse.com/security/cve/CVE-2020-4788.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://www.suse.com/security/cve/CVE-2021-3348.html
  o https://bugzilla.suse.com/1144912
  o https://bugzilla.suse.com/1149032
  o https://bugzilla.suse.com/1158775
  o https://bugzilla.suse.com/1163727
  o https://bugzilla.suse.com/1171979
  o https://bugzilla.suse.com/1176395
  o https://bugzilla.suse.com/1176846
  o https://bugzilla.suse.com/1176962
  o https://bugzilla.suse.com/1177304
  o https://bugzilla.suse.com/1177666
  o https://bugzilla.suse.com/1178036
  o https://bugzilla.suse.com/1178182
  o https://bugzilla.suse.com/1178198
  o https://bugzilla.suse.com/1178372
  o https://bugzilla.suse.com/1178589
  o https://bugzilla.suse.com/1178590
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1178886
  o https://bugzilla.suse.com/1179107
  o https://bugzilla.suse.com/1179140
  o https://bugzilla.suse.com/1179141
  o https://bugzilla.suse.com/1179419
  o https://bugzilla.suse.com/1179429
  o https://bugzilla.suse.com/1179508
  o https://bugzilla.suse.com/1179509
  o https://bugzilla.suse.com/1179601
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179663
  o https://bugzilla.suse.com/1179666
  o https://bugzilla.suse.com/1179745
  o https://bugzilla.suse.com/1179877
  o https://bugzilla.suse.com/1179878
  o https://bugzilla.suse.com/1179895
  o https://bugzilla.suse.com/1179960
  o https://bugzilla.suse.com/1179961
  o https://bugzilla.suse.com/1180008
  o https://bugzilla.suse.com/1180027
  o https://bugzilla.suse.com/1180028
  o https://bugzilla.suse.com/1180029
  o https://bugzilla.suse.com/1180030
  o https://bugzilla.suse.com/1180031
  o https://bugzilla.suse.com/1180032
  o https://bugzilla.suse.com/1180052
  o https://bugzilla.suse.com/1180086
  o https://bugzilla.suse.com/1180559
  o https://bugzilla.suse.com/1180562
  o https://bugzilla.suse.com/1180676
  o https://bugzilla.suse.com/1181001
  o https://bugzilla.suse.com/1181158
  o https://bugzilla.suse.com/1181349
  o https://bugzilla.suse.com/1181504
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1181645

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCnZ6uNLKJtyKPYoAQgdKg/+K4Ivx7gIhXZmE+uwk7kVPrrVGUFFEvAu
7XJEwcqCrg2AS6Mr02RHU5GpFbbtcuyB3LqsUH/8howvf3LkTN8jewwNRD/3mrzB
BULw8jOzp+/BnVcRxPY4CCsTtdQTuvZQogRyonT+W3jMgvO0zXg6NT8zk5LdH88Q
WKuZe3oG3cmG+G6+mWUDbuFvFUMnm4S7bcpYwDhjdDB5EZTYjL8JexK20uZw1kfb
XpKJMhRCXTmCAPm64JSqczFglxUizw0Cb6SorGgYDVs2h1r7IaomNlB7X+Sn+Omk
dOcUf0nuLRszvomin87oFiSXtCHOwLB5DOk4tkZQl2OHxkFYdzEH01SSyYtOHJZo
fiT9wLt9Z2rGXZnZi3VPglsIADt+efCORX/qozh+oROkukNkhxTaq8deBSJYAkwh
8vSufhqItdneLjlfOE75gxzWdwIXvkk/QtfkfRUbMsaDcHwGQUz7OnXr8E9+eok/
K62Yy+FbKSzsy9Oq8jm0l6sn9baQ3ahVP969sq+ahqZtdA7Tz8YPsffP/64X7Fi/
ifGwmJHyvB7al/rHwArzYcoJsK0ZulAR6GnHDSPrTmFPVbFhwB9Exv98GS49xT4/
31wopPUZ0i9J30Tc1jbNnCe4GASjD32wpsFcM+h5ZDUQ0WZKjHY3FBeMYYaxifp0
T/EClN4f0ms=
=Usn/
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0553 – [SUSE] Linux Kernel: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/02/15/esb-2021-0553-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0553-suse-linux-kernel-multiple-vulnerabilities
at No comments:
Labels:

ESB-2021.0554 – [SUSE] Linux Kernel: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0554
                   Security update for the Linux Kernel
                             15 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Access Privileged Data          -- Existing Account      
                   Denial of Service               -- Existing Account      
                   Access Confidential Data        -- Existing Account      
                   Unauthorised Access             -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20177 CVE-2021-3348 CVE-2021-3347
                   CVE-2021-0342 CVE-2020-36158 CVE-2020-29569
                   CVE-2020-29568 CVE-2020-28374 CVE-2020-27835
                   CVE-2020-25639  

Reference:         ESB-2021.0530
                   ESB-2021.0526
                   ESB-2021.0348

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210433-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0433-1
Rating:            important
References:        #1046305 #1046306 #1046540 #1046542 #1046648 #1050242
                   #1050244 #1050536 #1050538 #1050545 #1056653 #1056657
                   #1056787 #1064802 #1066129 #1073513 #1074220 #1075020
                   #1086282 #1086301 #1086313 #1086314 #1098633 #1103990
                   #1103991 #1103992 #1104270 #1104277 #1104279 #1104353
                   #1104427 #1104742 #1104745 #1109837 #1111981 #1112178
                   #1112374 #1113956 #1119113 #1126206 #1126390 #1127354
                   #1127371 #1129770 #1136348 #1144912 #1149032 #1163727
                   #1172145 #1174206 #1176831 #1176846 #1178036 #1178049
                   #1178372 #1178631 #1178684 #1178900 #1179093 #1179508
                   #1179509 #1179563 #1179573 #1179575 #1179878 #1180008
                   #1180130 #1180559 #1180562 #1180676 #1180765 #1180812
                   #1180859 #1180891 #1180912 #1181001 #1181018 #1181170
                   #1181230 #1181231 #1181349 #1181425 #1181504 #1181553
                   #1181645
Cross-References:  CVE-2020-25639 CVE-2020-27835 CVE-2020-28374 CVE-2020-29568
                   CVE-2020-29569 CVE-2020-36158 CVE-2021-0342 CVE-2021-20177
                   CVE-2021-3347 CVE-2021-3348
Affected Products:
                   SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

An update that solves 10 vulnerabilities and has 75 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2021-3347: A use-after-free was discovered in the PI futexes during
    fault handling, allowing local users to execute code in the kernel (bnc#
    1181349).
  o CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be
    triggered by local attackers (with access to the nbd device) via an I/O
    request at a certain point during device setup (bnc#1181504).
  o CVE-2021-20177: Fixed a kernel panic related to iptables string matching
    rules. A privileged user could insert a rule which could lead to denial of
    service (bnc#1180765).
  o CVE-2021-0342: In tun_get_user of tun.c, there is possible memory
    corruption due to a use after free. This could lead to local escalation of
    privilege with System execution privileges required. (bnc#1180812)
  o CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found,
    specifically in the way user calls Ioctl after open dev file and fork. A
    local user could use this flaw to crash the system (bnc#1179878).
  o CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#
    1176846).
  o CVE-2020-29569: Fixed a potential privilege escalation and information
    leaks related to the PV block backend, as used by Xen (bnc#1179509).
  o CVE-2020-29568: Fixed a denial of service issue, related to processing
    watch events (bnc#1179508).
  o CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
  o CVE-2020-36158: Fixed a potential remote code execution in the Marvell
    mwifiex driver (bsc#1180559).


The following non-security bugs were fixed:

  o ACPI: PNP: compare the string length in the matching_id() (git-fixes).
  o ACPI: scan: Harden acpi_device_add() against device ID overflows
    (git-fixes).
  o ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    (git-fixes).
  o ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    (git-fixes).
  o ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
    (git-fixes).
  o ACPICA: Do not increment operation_region reference counts for field units
    (git-fixes).
  o ALSA: ca0106: fix error code handling (git-fixes).
  o ALSA: ctl: allow TLV read operation for callback type of element in locked
    case (git-fixes).
  o ALSA: doc: Fix reference to mixart.rst (git-fixes).
  o ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).
  o ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
    (git-fixes).
  o ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO
    (git-fixes).
  o ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
  o ALSA: hda/hdmi: always check pin power status in i915 pin fixup
    (git-fixes).
  o ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
    (git-fixes).
  o ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
    (git-fixes).
  o ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
    P520 (git-fixes).
  o ALSA: hda/via: Add minimum mute flag (git-fixes).
  o ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
  o ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
    (git-fixes).
  o ALSA: hda: Fix potential race in unsol event handler (git-fixes).
  o ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
  o ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
  o ALSA: line6: Perform sanity check for each URB creation (git-fixes).
  o ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).
  o ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
  o ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
  o ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
    (git-fixes).
  o ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    (git-fixes).
  o ALSA: timer: Limit max amount of slave instances (git-fixes).
  o ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
  o ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
  o ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
    (git-fixes).
  o ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
    (git-fixes).
  o ALSA: usb-audio: Disable sample read check if firmware does not give back
    (git-fixes).
  o ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
  o ALSA: usb-audio: Fix control 'access overflow' errors from chmap
    (git-fixes).
  o ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
  o ALSA: usb-audio: Fix race against the error recovery URB submission
    (git-fixes).
  o ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
  o ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
  o ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
    (git-fixes).
  o ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
  o ASoC: dapm: remove widget from dirty list on free (git-fixes).
  o ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
    (git-fixes).
  o ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).
  o ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).
  o ASoC: sti: fix possible sleep-in-atomic (git-fixes).
  o ASoC: wm8904: fix regcache handling (git-fixes).
  o ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).
  o Bluetooth: Fix advertising duplicated flags (git-fixes).
  o Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).
  o EDAC/amd64: Fix PCI component registration (bsc#1112178).
  o HID: Improve Windows Precision Touchpad detection (git-fixes).
  o HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).
  o HID: core: Correctly handle ReportSize being zero (git-fixes).
  o HID: core: check whether Usage Page item is after Usage ID items
    (git-fixes).
  o HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).
  o HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).
  o HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()
    (git-fixes).
  o HID: logitech-hidpp: Silence intermittent get_battery_capacity errors
    (git-fixes).
  o IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#
    1103991).
  o Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).
  o Input: cm109 - do not stomp on control URB (git-fixes).
  o Input: cros_ec_keyb - send 'scancodes' in addition to key events
    (git-fixes).
  o Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
    (git-fixes).
  o Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).
  o Input: i8042 - allow insmod to succeed on devices without an i8042
    controller (git-fixes).
  o Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).
  o KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
  o NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
  o NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    (git-fixes).
  o NFS: nfs_igrab_and_active must first reference the superblock (git-fixes).
  o NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
  o NFSv4.2: condition READDIR's mask for security label based on LSM state
    (git-fixes).
  o PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).
  o PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    (git-fixes).
  o PCI: Do not disable decoding when mmio_always_on is set (git-fixes).
  o PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
    (git-fixes).
  o PM: ACPI: Output correct message on target power state (git-fixes).
  o PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).
  o PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
    (git-fixes).
  o RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#
    1103992).
  o RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ).
  o RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742).
  o RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#
    1103992).
  o RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ).
  o RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306).
  o RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306).
  o RDMA/core: Fix reported speed and width (bsc#1046306 ).
  o RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#
    1103992).
  o RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ).
  o RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427).
  o RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#
    1104427).
  o RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc
    #1126206).
  o RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ).
  o RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#
    1104427).
  o RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#
    SLE-4684).
  o RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#
    SLE-4684).
  o RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ).
  o RDMA/mlx5: Fix typo in enum name (bsc#1103991).
  o RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991).
  o RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ).
  o SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
  o USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).
  o USB: Skip endpoints with 0 maxpacket length (git-fixes).
  o USB: UAS: introduce a quirk to set no_write_same (git-fixes).
  o USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).
  o USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).
  o USB: ehci: fix an interrupt calltrace error (git-fixes).
  o USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).
  o USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).
  o USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).
  o USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).
  o USB: ldusb: use unsigned size format specifiers (git-fixes).
  o USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
  o USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
    (git-fixes).
  o USB: yurex: fix control-URB timeout handling (git-fixes).
  o __netif_receive_skb_core: pass skb by reference (bsc#1109837).
  o arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#
    1180130).
  o arm64: pgtable: Fix pte_accessible() (bsc#1180130).
  o ata/libata: Fix usage of page address by page_address in
    ata_scsi_mode_select_xlat function (git-fixes).
  o ath10k: fix backtrace on coredump (git-fixes).
  o ath10k: fix get invalid tx rate for Mesh metric (git-fixes).
  o ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq
    (git-fixes).
  o ath9k_htc: Discard undersized packets (git-fixes).
  o ath9k_htc: Modify byte order for an error message (git-fixes).
  o ath9k_htc: Silence undersized packet warnings (git-fixes).
  o ath9k_htc: Use appropriate rs_datalen type (git-fixes).
  o backlight: lp855x: Ensure regulators are disabled on probe failure
    (git-fixes).
  o bnxt_en: Do not query FW when netif_running() is false (bsc#1086282).
  o bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ).
  o bnxt_en: Improve stats context resource accounting with RDMA driver loaded
    (bsc#1104745).
  o bnxt_en: Release PCI regions when DMA mask setup fails during probe
    (git-fixes).
  o bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282).
  o bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745).
  o bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
  o bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ).
  o bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
  o bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745).
  o bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).
  o btrfs: add a flag to iterate_inodes_from_logical to find all
  o btrfs: add a flag to iterate_inodes_from_logical to find all extent refs
    for uncompressed extents (bsc#1174206).
  o btrfs: add a flag to iterate_inodes_from_logical to find all extent refs
    for uncompressed extents (bsc#1174206).
  o btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#
    1174206).
  o btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
  o btrfs: qgroup: do not try to wait flushing if we're already holding a
    transaction (bsc#1179575).
  o caif: no need to check return value of debugfs_create functions
    (git-fixes).
  o can: c_can: c_can_power_up(): fix error handling (git-fixes).
  o can: dev: prevent potential information leak in can_fill_info()
    (git-fixes).
  o can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
  o cfg80211: initialize rekey_data (git-fixes).
  o cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
  o chelsio/chtls: correct function return and return type (bsc#1104270).
  o chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ).
  o chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ).
  o chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ).
  o chelsio/chtls: fix deadlock issue (bsc#1104270).
  o chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ).
  o chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ).
  o chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ).
  o chelsio/chtls: fix socket lock (bsc#1104270).
  o chelsio/chtls: fix tls record info to user (bsc#1104270 ).
  o chtls: Added a check to avoid NULL pointer dereference (bsc#1104270).
  o chtls: Fix chtls resources release sequence (bsc#1104270 ).
  o chtls: Fix hardware tid leak (bsc#1104270).
  o chtls: Remove invalid set_tcb call (bsc#1104270).
  o chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ).
  o clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).
  o clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
  o clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).
  o clk: qcom: msm8916: Fix the address location of pll->config_reg
    (git-fixes).
  o clk: s2mps11: Fix a resource leak in error handling paths in the probe
    function (git-fixes).
  o clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).
  o clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
  o clk: tegra: Fix Tegra PMC clock out parents (git-fixes).
  o clk: tegra: Fix duplicated SE clock entry (git-fixes).
  o clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
  o clk: ti: composite: fix memory leak (git-fixes).
  o clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).
  o clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).
  o cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#
    1109837).
  o cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
  o cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540
    bsc#1046542).
  o cxgb4: fix SGE queue dump destination buffer context (bsc#1073513).
  o cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
  o cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129).
  o cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648).
  o cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129).
  o cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277).
  o cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#
    1127371).
  o cxgb4: move DCB version extern to header file (bsc#1104279 ).
  o cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220).
  o cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129).
  o cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc
    #1066129).
  o cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#
    1046648).
  o dmaengine: xilinx_dma: check dma_async_device_register return value
    (git-fixes).
  o dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).
  o docs: Fix reST markup when linking to sections (git-fixes).
  o drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
    driver developer is foolish (git-fixes).
  o drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs
    ()' (git-fixes).
  o drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
  o drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting
    changes: * context changes
  o drm/atomic: put state on error path (git-fixes).
  o drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#
    1129770)
  o drm/i915: Check for all subplatform bits (git-fixes).
  o drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting
    changes: * context changes
  o drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: *
    context changes
  o drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
    Backporting changes: * context changes * moved num_mixers from struct
    dpu_crtc_state to struct dpu_crtc
  o drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting
    changes: * context changes
  o drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
    Backporting changes: * context changes * removed reference to
    msm_gem_is_locked()
  o drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).
  o drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
    (git-fixes).
  o drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).
  o drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
  o drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#
    1112178) Backporting changes: * context changes
  o drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting
    changes: * context changes
  o drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
  o ehci: fix EHCI host controller initialization sequence (git-fixes).
  o ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).
  o fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178)
    Backporting changes: * updated path drivers/video/fbcon/core to drivers/
    video/console
  o fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: *
    updated path drivers/video/fbcon/core to drivers/video/console * context
    changes
  o firmware: qcom: scm: Ensure 'a0' status code is treated as signed
    (git-fixes).
  o floppy: reintroduce O_NDELAY fix (boo#1181018).
  o futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
  o futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349
    bsc#1149032).
  o futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
  o futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
  o futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
  o futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
  o futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
  o futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#
    1149032).
  o geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).
  o gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).
  o gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in
    grgpio_irq_map/unmap() (git-fixes).
  o gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).
  o gpio: max77620: Fixup debounce delays (git-fixes).
  o gpio: max77620: Use correct unit for debounce times (git-fixes).
  o gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).
  o gpio: mvebu: fix potential user-after-free on probe (git-fixes).
  o gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
    (git-fixes).
  o gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288
    model (git-fixes).
  o gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288
    model (git-fixes).
  o gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).
  o gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
    (git-fixes).
  o gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
    (git-fixes).
  o gpiolib: fix up emulated open drain outputs (git-fixes).
  o hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).
  o hwmon: (jc42) Fix name to have no illegal characters (git-fixes).
  o i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
  o i2c: i801: Fix resume bug (git-fixes).
  o i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).
  o i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
    (git-fixes).
  o i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
    (git-fixes).
  o i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
  o i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).
  o i40e: avoid premature Rx buffer reuse (bsc#1111981).
  o igb: Report speed and duplex as unknown when device is runtime suspended
    (git-fixes).
  o igc: fix link speed advertising (jsc#SLE-4799).
  o iio: ad5504: Fix setting power-down state (git-fixes).
  o iio: adc: max1027: Reset the device at probe time (git-fixes).
  o iio: bmp280: fix compensation of humidity (git-fixes).
  o iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
    (git-fixes).
  o iio: fix center temperature of bmc150-accel-core (git-fixes).
  o iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
    (git-fixes).
  o iio: light: bh1750: Resolve compiler warning and make code more readable
    (git-fixes).
  o iio: srf04: fix wrong limitation in distance measuring (git-fixes).
  o iio:imu:bmi160: Fix too large a buffer (git-fixes).
  o iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#
    1181001, jsc#ECO-3191).
  o iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    (bsc#1181001, jsc#ECO-3191).
  o ipw2x00: Fix -Wcast-function-type (git-fixes).
  o irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
    (git-fixes).
  o iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).
  o iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).
  o iwlwifi: pcie: limit memory read spin time (git-fixes).
  o ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837).
  o ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ).
  o kABI workaround for HD-audio generic parser (git-fixes).
  o kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
  o lockd: do not use interval-based rebinding over TCP (git-fixes).
  o locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#
    1149032).
  o mac80211: Check port authorization in the ieee80211_tx_dequeue() case
    (git-fixes).
  o mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).
  o mac80211: fix authentication with iwlwifi/mvm (git-fixes).
  o mac80211: fix use of skb payload instead of header (git-fixes).
  o md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#
    1163727).
  o md-cluster: fix safemode_delay value when converting to clustered bitmap
    (bsc#1163727).
  o md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
  o md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
  o md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
  o md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
  o md/cluster: block reshape with remote resync job (bsc#1163727).
  o md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
  o md/raid10: initialize r10_bio->read_slot before use (git-fixes).
  o md: fix a warning caused by a race between concurrent md_ioctl()s
    (git-fixes).
  o media: am437x-vpfe: Setting STD to current value is not an error
    (git-fixes).
  o media: cec-funcs.h: add status_req checks (git-fixes).
  o media: cx88: Fix some error handling path in 'cx8800_initdev()'
    (git-fixes).
  o media: gp8psk: initialize stats at power control logic (git-fixes).
  o media: gspca: Fix memory leak in probe (git-fixes).
  o media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).
  o media: i2c: ov2659: Fix missing 720p register config (git-fixes).
  o media: i2c: ov2659: fix s_stream return value (git-fixes).
  o media: msi2500: assign SPI bus number dynamically (git-fixes).
  o media: platform: add missing put_device() call in mtk_jpeg_probe() and
    mtk_jpeg_remove() (git-patches).
  o media: pvrusb2: Fix oops on tear-down when radio support is not present
    (git-fixes).
  o media: si470x-i2c: add missed operations in remove (git-fixes).
  o media: sti: bdisp: fix a possible sleep-in-atomic-context bug in
    bdisp_device_run() (git-fixes).
  o media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).
  o media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).
  o media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases
    (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence
    number (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage
    (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic
    (git-fixes).
  o media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel
    format (git-fixes).
  o media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).
  o media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in
    v4l2_device macros (git-fixes).
  o mei: bus: do not clean driver pointer (git-fixes).
  o mei: protect mei_cl_mtu from null dereference (git-fixes).
  o mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
  o misc: vmw_vmci: fix kernel info-leak by initializing dbells in
    vmci_ctx_get_chkpt_doorbells() (git-fixes).
  o misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
  o mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).
  o mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#
    1112374).
  o mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes).
  o mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case
    reload fails (bsc#1112374).
  o mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes).
  o mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/
    hotplug)).
  o mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git
    fixes (mm/pgalloc)).
  o mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git
    fixes (mm/hmm)).
  o mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)).
  o mm: do not wake kswapd prematurely when watermark boosting is disabled (git
    fixes (mm/vmscan)).
  o mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/
    hwpoison)).
  o mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
  o module: delay kobject uevent until after module init call (bsc#1178631).
  o nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
  o net/af_iucv: always register net_device notifier (git-fixes).
  o net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#
    190108).
  o net/af_iucv: set correct sk_protocol for child sockets (git-fixes).
  o net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc
    #1109837).
  o net/liquidio: Delete driver version assignment (git-fixes).
  o net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes).
  o net/mlx4_en: Avoid scheduling restart task if it is already running
    (git-fixes).
  o net/mlx5: Add handling of port type in rule deletion (bsc#1103991).
  o net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305).
  o net/mlx5e: Fix VLAN cleanup flow (git-fixes).
  o net/mlx5e: Fix VLAN create flow (git-fixes).
  o net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).
  o net/mlx5e: Fix two double free cases (bsc#1046305).
  o net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#
    1075020).
  o net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ).
  o net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#
    1103990).
  o net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
    (bsc#1109837).
  o net/smc: cancel event worker during device removal (git-fixes).
  o net/smc: check for valid ib_client_data (git-fixes).
  o net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).
  o net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
  o net/smc: receive returns without data (git-fixes).
  o net/sonic: Add mutual exclusion for accessing shared state (git-fixes).
  o net: atlantic: fix potential error handling (git-fixes).
  o net: atlantic: fix use after free kasan warn (git-fixes).
  o net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
  o net: bcmgenet: reapply manual settings to the PHY (git-fixes).
  o net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
    (git-fixes).
  o net: cbs: Fix software cbs to consider packet sending time (bsc#1109837).
  o net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
  o net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
  o net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).
  o net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it
    anymore in mlx4_en_xmit() (git-fixes).
  o net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
    (git-fixes).
  o net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
  o net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353).
  o net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE
    (git-fixes).
  o net: hns3: add management table after IMP reset (bsc#1104353 ).
  o net: hns3: check reset interrupt status when reset fails (git-fixes).
  o net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes).
  o net: hns3: fix a TX timeout issue (bsc#1104353).
  o net: hns3: fix a wrong reset interrupt status mask (git-fixes).
  o net: hns3: fix error VF index when setting VLAN offload (bsc#1104353).
  o net: hns3: fix error handling for desc filling (bsc#1104353 ).
  o net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390).
  o net: hns3: fix interrupt clearing error for VF (bsc#1104353 ).
  o net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353).
  o net: hns3: fix shaper parameter algorithm (bsc#1104353 ).
  o net: hns3: fix the number of queues actually used by ARQ (bsc#1104353).
  o net: hns3: fix use-after-free when doing self test (bsc#1104353 ).
  o net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353).
  o net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#
    1098633).
  o net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ).
  o net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633).
  o net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay
    (git-fixes).
  o net: phy: Avoid multiple suspends (git-fixes).
  o net: phy: broadcom: Fix RGMII delays configuration for BCM54210E
    (git-fixes).
  o net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
  o net: phy: micrel: make sure the factory test bit is cleared (git-fixes).
  o net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
  o net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
  o net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
  o net: stmmac: Do not accept invalid MTU values (git-fixes).
  o net: stmmac: Enable 16KB buffer size (git-fixes).
  o net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
  o net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).
  o net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).
  o net: stmmac: fix length of PTP clock's name string (git-fixes).
  o net: stmmac: gmac4+: Not all Unicast addresses may be available
    (git-fixes).
  o net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes).
  o net: team: fix memory leak in __team_options_register (git-fixes).
  o net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
  o net: usb: lan78xx: Fix error message format specifier (git-fixes).
  o net: usb: sr9800: fix uninitialized local variable (git-fixes).
  o net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes).
  o net_failover: fixed rollback in net_failover_open() (bsc#1109837).
  o net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc
    #1056787).
  o nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).
  o nfp: validate the return code from dev_queue_xmit() (git-fixes).
  o nfs_common: need lock during iterate through the list (git-fixes).
  o nfsd4: readdirplus shouldn't return parent of export (git-fixes).
  o nfsd: Fix message level for normal termination (git-fixes).
  o pNFS: Mark layout for return if return-on-close was not sent (git-fixes).
  o page_frag: Recover from memory pressure (git fixes (mm/pgalloc)).
  o parport: load lowlevel driver if ports not found (git-fixes).
  o pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes).
  o pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).
  o pinctrl: amd: remove debounce filter setting in IRQ type setting
    (git-fixes).
  o pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes).
  o pinctrl: baytrail: Avoid clearing debounce value when turning it off
    (git-fixes).
  o pinctrl: merrifield: Set default bias in case no particular value given
    (git-fixes).
  o pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).
  o platform/x86: acer-wmi: add automatic keyboard background light toggle key
    as KEY_LIGHTS_TOGGLE (git-fixes).
  o power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).
  o powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630).
  o powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#
    184630).
  o powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).
  o powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#
    184630).
  o powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284).
  o powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#
    189284 git-fixes).
  o powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).
  o powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#
    184630).
  o qed: Fix race condition between scheduling and destroying the slowpath
    workqueue (bsc#1086314 bsc#1086313 bsc#1086301).
  o qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538).
  o r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
  o radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).
  o regmap: debugfs: check count when read regmap file (git-fixes).
  o regmap: dev_get_regmap_match(): fix string comparison (git-fixes).
  o regulator: max8907: Fix the usage of uninitialized variable in
    max8907_regulator_probe() (git-fixes).
  o regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
    could be uninitialized (git-fixes).
  o regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/
    ti_abb_clear_all_txdone (git-fixes).
  o remoteproc: Fix wrong rvring index computation (git-fixes).
  o rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes).
  o rtc: 88pm860x: fix possible race condition (git-fixes).
  o rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot
    (git-fixes).
  o rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).
  o rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349
    bsc#1149032).
  o s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).
  o s390/dasd: fix hanging device offline processing (bsc#1144912).
  o s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915).
  o s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#
    190915).
  o s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915).
  o s390/qeth: delay draining the TX buffers (git-fixes).
  o s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    (git-fixes).
  o s390/qeth: fix deadlock during recovery (git-fixes).
  o s390/qeth: fix locking for discipline setup / removal (git-fixes).
  o s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).
  o sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
  o sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093).
  o sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093).
  o sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093).
  o sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093).
  o scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes).
  o scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#
    1181425 ltc#188252).
  o scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#
    1180891).
  o scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).
  o scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).
  o scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
  o scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#
    1180891).
  o scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#
    1180891).
  o scsi: lpfc: Fix error log messages being logged following SCSI task mgnt
    (bsc#1180891).
  o scsi: lpfc: Fix target reset failing (bsc#1180891).
  o scsi: lpfc: Fix vport create logging (bsc#1180891).
  o scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).
  o scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework
    (bsc#1180891).
  o scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue
    state (bsc#1180891).
  o scsi: lpfc: Simplify bool comparison (bsc#1180891).
  o scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
  o scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc
    #1180891).
  o serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
  o serial: amba-pl011: Make sure we initialize the port.lock spinlock
    (git-fixes).
  o serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes).
  o serial: mvebu-uart: fix tx lost characters at power off (git-fixes).
  o serial: txx9: add missing platform_driver_unregister() on error in
    serial_txx9_init (git-fixes).
  o serial_core: Check for port state when tty is in error state (git-fixes).
  o soc: imx: gpc: fix power up sequencing (git-fixes).
  o spi: Add call to spi_slave_abort() function when spidev driver is released
    (git-fixes).
  o spi: Fix memory leak on splited transfers (git-fixes).
  o spi: cadence: cache reference clock rate during probe (git-fixes).
  o spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).
  o spi: dw: Fix Rx-only DMA transfers (git-fixes).
  o spi: dw: Return any value retrieved from the dma_transfer callback
    (git-fixes).
  o spi: img-spfi: fix potential double release (git-fixes).
  o spi: pxa2xx: Add missed security checks (git-fixes).
  o spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).
  o spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
  o spi: spidev: fix a potential use-after-free in spidev_release()
    (git-fixes).
  o spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
    (git-fixes).
  o spi: st-ssc4: add missed pm_runtime_disable (git-fixes).
  o spi: tegra20-slink: add missed clk_unprepare (git-fixes).
  o staging: comedi: check validity of wMaxPacketSize of usb endpoints found
    (git-fixes).
  o staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
    (git-fixes).
  o staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    (git-fixes).
  o staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).
  o staging: rtl8188eu: fix possible null dereference (git-fixes).
  o staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).
  o staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).
  o staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
    (git-fixes).
  o staging: wlan-ng: properly check endpoint types (git-fixes).
  o team: set dev->needed_headroom in team_setup_by_port() (git-fixes).
  o thunderbolt: Use 32-bit writes when writing ring producer/consumer
    (git-fixes).
  o tty: always relink the port (git-fixes).
  o tty: link tty and port before configuring it as console (git-fixes).
  o tty: synclink_gt: Adjust indentation in several functions (git-fixes).
  o tty: synclinkmp: Adjust indentation in several functions (git-fixes).
  o tty:serial:mvebu-uart:fix a wrong return (git-fixes).
  o tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#
    1109837).
  o usb: chipidea: ci_hdrc_imx: add missing put_device() call in
    usbmisc_get_init_data() (git-fixes).
  o usb: dwc2: Fix IN FIFO allocation (git-fixes).
  o usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).
  o usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
    (git-fixes).
  o usb: fsl: Check memory resource before releasing it (git-fixes).
  o usb: gadget: composite: Fix possible double free memory bug (git-fixes).
  o usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).
  o usb: gadget: configfs: Preserve function ordering after bind failure
    (git-fixes).
  o usb: gadget: configfs: fix concurrent issue between composite APIs
    (git-fixes).
  o usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
  o usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).
  o usb: gadget: fix wrong endpoint desc (git-fixes).
  o usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).
  o usb: gadget: net2280: fix memory leak on probe error handling paths
    (git-fixes).
  o usb: gadget: select CONFIG_CRC32 (git-fixes).
  o usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).
  o usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
    (git-fixes).
  o usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init
    () (git-fixes).
  o usb: hso: Fix debug compile warning on sparc32 (git-fixes).
  o usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
    (git-fixes).
  o usb: udc: core: Use lock when write to soft_connect (git-fixes).
  o usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).
  o usblp: poison URBs upon disconnect (git-fixes).
  o veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837).
  o vfio iommu: Add dma available capability (bsc#1179573 LTC#190106).
  o vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231).
  o vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes).
  o video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).
  o virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer
    (git-fixes).
  o vt: Reject zero-sized screen buffer size (git-fixes).
  o vt: do not hardcode the mem allocation upper bound (git-fixes).
  o wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
  o watchdog: coh901327: add COMMON_CLK dependency (git-fixes).
  o watchdog: da9062: No need to ping manually before setting timeout
    (git-fixes).
  o watchdog: da9062: do not ping the hw during stop() (git-fixes).
  o watchdog: qcom: Avoid context switch in restart handler (git-fixes).
  o watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).
  o wil6210: select CONFIG_CRC32 (git-fixes).
  o wireless: Use linux/stddef.h instead of stddef.h (git-fixes).
  o wireless: Use offsetof instead of custom macro (git-fixes).
  o x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001,
    jsc#ECO-3191).
  o x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#
    1181001, jsc#ECO-3191).
  o x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
  o x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).
  o x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#
    ECO-3191).
  o x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
  o x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
  o x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
  o x86/mm: Fix leak of pmd ptlock (bsc#1112178).
  o x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#
    ECO-3191).
  o x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#
    1112178).
  o x86/resctrl: Do not move a task to the same resource group (bsc#1112178).
  o x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    (bsc#1112178).
  o xdp: Fix xsk_generic_xmit errno (bsc#1109837).
  o xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).
  o xhci: make sure TRB is fully written before giving it to the controller
    (git-fixes).
  o xhci: tegra: Delay for disabling LFPS detector (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Real Time Extension 12-SP5:
    zypper in -t patch SUSE-SLE-RT-12-SP5-2021-433=1

Package List:

  o SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
       kernel-devel-rt-4.12.14-10.31.1
       kernel-source-rt-4.12.14-10.31.1
  o SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
       cluster-md-kmp-rt-4.12.14-10.31.1
       cluster-md-kmp-rt-debuginfo-4.12.14-10.31.1
       dlm-kmp-rt-4.12.14-10.31.1
       dlm-kmp-rt-debuginfo-4.12.14-10.31.1
       gfs2-kmp-rt-4.12.14-10.31.1
       gfs2-kmp-rt-debuginfo-4.12.14-10.31.1
       kernel-rt-4.12.14-10.31.1
       kernel-rt-base-4.12.14-10.31.1
       kernel-rt-base-debuginfo-4.12.14-10.31.1
       kernel-rt-debuginfo-4.12.14-10.31.1
       kernel-rt-debugsource-4.12.14-10.31.1
       kernel-rt-devel-4.12.14-10.31.1
       kernel-rt-devel-debuginfo-4.12.14-10.31.1
       kernel-rt_debug-4.12.14-10.31.1
       kernel-rt_debug-debuginfo-4.12.14-10.31.1
       kernel-rt_debug-debugsource-4.12.14-10.31.1
       kernel-rt_debug-devel-4.12.14-10.31.1
       kernel-rt_debug-devel-debuginfo-4.12.14-10.31.1
       kernel-syms-rt-4.12.14-10.31.1
       ocfs2-kmp-rt-4.12.14-10.31.1
       ocfs2-kmp-rt-debuginfo-4.12.14-10.31.1


References:

  o https://www.suse.com/security/cve/CVE-2020-25639.html
  o https://www.suse.com/security/cve/CVE-2020-27835.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29568.html
  o https://www.suse.com/security/cve/CVE-2020-29569.html
  o https://www.suse.com/security/cve/CVE-2020-36158.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-20177.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://www.suse.com/security/cve/CVE-2021-3348.html
  o https://bugzilla.suse.com/1046305
  o https://bugzilla.suse.com/1046306
  o https://bugzilla.suse.com/1046540
  o https://bugzilla.suse.com/1046542
  o https://bugzilla.suse.com/1046648
  o https://bugzilla.suse.com/1050242
  o https://bugzilla.suse.com/1050244
  o https://bugzilla.suse.com/1050536
  o https://bugzilla.suse.com/1050538
  o https://bugzilla.suse.com/1050545
  o https://bugzilla.suse.com/1056653
  o https://bugzilla.suse.com/1056657
  o https://bugzilla.suse.com/1056787
  o https://bugzilla.suse.com/1064802
  o https://bugzilla.suse.com/1066129
  o https://bugzilla.suse.com/1073513
  o https://bugzilla.suse.com/1074220
  o https://bugzilla.suse.com/1075020
  o https://bugzilla.suse.com/1086282
  o https://bugzilla.suse.com/1086301
  o https://bugzilla.suse.com/1086313
  o https://bugzilla.suse.com/1086314
  o https://bugzilla.suse.com/1098633
  o https://bugzilla.suse.com/1103990
  o https://bugzilla.suse.com/1103991
  o https://bugzilla.suse.com/1103992
  o https://bugzilla.suse.com/1104270
  o https://bugzilla.suse.com/1104277
  o https://bugzilla.suse.com/1104279
  o https://bugzilla.suse.com/1104353
  o https://bugzilla.suse.com/1104427
  o https://bugzilla.suse.com/1104742
  o https://bugzilla.suse.com/1104745
  o https://bugzilla.suse.com/1109837
  o https://bugzilla.suse.com/1111981
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1112374
  o https://bugzilla.suse.com/1113956
  o https://bugzilla.suse.com/1119113
  o https://bugzilla.suse.com/1126206
  o https://bugzilla.suse.com/1126390
  o https://bugzilla.suse.com/1127354
  o https://bugzilla.suse.com/1127371
  o https://bugzilla.suse.com/1129770
  o https://bugzilla.suse.com/1136348
  o https://bugzilla.suse.com/1144912
  o https://bugzilla.suse.com/1149032
  o https://bugzilla.suse.com/1163727
  o https://bugzilla.suse.com/1172145
  o https://bugzilla.suse.com/1174206
  o https://bugzilla.suse.com/1176831
  o https://bugzilla.suse.com/1176846
  o https://bugzilla.suse.com/1178036
  o https://bugzilla.suse.com/1178049
  o https://bugzilla.suse.com/1178372
  o https://bugzilla.suse.com/1178631
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1178900
  o https://bugzilla.suse.com/1179093
  o https://bugzilla.suse.com/1179508
  o https://bugzilla.suse.com/1179509
  o https://bugzilla.suse.com/1179563
  o https://bugzilla.suse.com/1179573
  o https://bugzilla.suse.com/1179575
  o https://bugzilla.suse.com/1179878
  o https://bugzilla.suse.com/1180008
  o https://bugzilla.suse.com/1180130
  o https://bugzilla.suse.com/1180559
  o https://bugzilla.suse.com/1180562
  o https://bugzilla.suse.com/1180676
  o https://bugzilla.suse.com/1180765
  o https://bugzilla.suse.com/1180812
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1180891
  o https://bugzilla.suse.com/1180912
  o https://bugzilla.suse.com/1181001
  o https://bugzilla.suse.com/1181018
  o https://bugzilla.suse.com/1181170
  o https://bugzilla.suse.com/1181230
  o https://bugzilla.suse.com/1181231
  o https://bugzilla.suse.com/1181349
  o https://bugzilla.suse.com/1181425
  o https://bugzilla.suse.com/1181504
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1181645

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCnaPeNLKJtyKPYoAQiCvw//avA56xnZAHQ4/rgOjstv8CUMxx5AMVbI
8WzjSOm+SMguug2mnDiWHebfhHXcTfTK9CDdxbeocnk/fKG/6o1L4udHDJ5Y0ANb
MuPqMm+L8LfKYwb65pvnAd8QFJ9ZPGcoA3XawIY8q5qWsxaAhh1S86scVaygz2xE
KIlZpLxhxKU1r9Vi6YWhh7hTcedQRAA17uKyogdQtwcqHwaubcgNtzg2BqK1qBnl
Xdzv7K6+hDb1ijsGQSf6LVogewRlQp2eJP+qco2D2OpRiTF6MjALl3Hv2/EHD8Jz
P4zPePMrj/sKC3rOVcZPnOkAFBOw292Lj683cyCHcV8G2vz0AThuxojSUmIdUjBZ
fYFdvGWO+AgnUyQKtvC4VgSEluW3yzOJxKoFGNZbHcvO4ZH3RFMqxhVIPWJmYnSs
9Lg5ylMM182jotCXCg8hsACAphBvi3MCqJFO9JZVWTlxBne+MYpo/TvwVwoWjEFs
Uwthd/8uPuczZfXBo31RPpHXLxvaAwPCP91UaVJLK8uz4Pp6++VvDNG+0drzr9k9
ow6IX01XKP9LPPxl8QQC4X8H1YHEBk1x8/UWGpNP4/j0hrCXyV4fwtYOQQ+2C5DK
CJlIAltlDbOmpZwOroiN0JXml6D5ZmydFRPHvdzSYfPaxaNnpjS7/anAi3i2c3ZR
hs7tNtac4Jw=
=XSIm
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0554 – [SUSE] Linux Kernel: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/02/15/esb-2021-0554-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0554-suse-linux-kernel-multiple-vulnerabilities
at No comments:
Labels:
Subscribe to: Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...