Security update for the Linux Kernel

Announcement ID: SUSE-SU-2021:0117-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2020-0444 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0444 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0465 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0465 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0466 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0466 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-11668 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2020-11668 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2020-27068 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2020-27068 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27777 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27777 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27786 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-27825 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2020-27825 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2020-27830 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-27830 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-28374 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-28374 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-29370 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29370 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29373 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-29373 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2020-29660 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29660 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-29661 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-29661 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-36158 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-36158 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Basesystem Module 15-SP2
  • Development Tools Module 15-SP2
  • Legacy Module 15-SP2
  • SUSE Linux Enterprise Desktop 15 SP2
  • SUSE Linux Enterprise High Availability Extension 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise Live Patching 15-SP2
  • SUSE Linux Enterprise Real Time 15 SP2
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Linux Enterprise Workstation Extension 15 SP2
  • SUSE Manager Proxy 4.1
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1

An update that solves 15 vulnerabilities and has 98 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
  • CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
  • CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
  • CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
  • CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
  • CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
  • CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
  • CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
  • CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
  • CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
  • CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).
  • CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).
  • CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656).
  • CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).
  • CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).

The following non-security bugs were fixed:

  • ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610).
  • ACPI: PNP: compare the string length in the matching_id() (git-fixes).
  • ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes).
  • ALSA: core: memalloc: add page alignment for iram (git-fixes).
  • ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).
  • ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).
  • ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
  • ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes).
  • ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes).
  • ALSA: hda/proc - print DP-MST connections (git-fixes).
  • ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
  • ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes).
  • ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).
  • ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes).
  • ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes).
  • ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).
  • ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes).
  • ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes).
  • ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).
  • ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes).
  • ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes).
  • ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).
  • ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
  • ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
  • ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes).
  • ALSA: seq: remove useless function (git-fixes).
  • ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203).
  • ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203).
  • ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes).
  • ALSA: usb-audio: Add implicit_fb module option (bsc#1178203).
  • ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes).
  • ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203).
  • ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203).
  • ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes).
  • ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes).
  • ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203).
  • ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203).
  • ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203).
  • ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203).
  • ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203).
  • ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203).
  • ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203).
  • ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203).
  • ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).
  • ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203).
  • ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203).
  • ALSA: usb-audio: Drop debug.h (bsc#1178203).
  • ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203).
  • ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203).
  • ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203).
  • ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).
  • ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203).
  • ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203).
  • ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203).
  • ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
  • ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203).
  • ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203).
  • ALSA: usb-audio: Improve some debug prints (bsc#1178203).
  • ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203).
  • ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203).
  • ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203).
  • ALSA: usb-audio: Properly match with audio interface class (bsc#1178203).
  • ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203).
  • ALSA: usb-audio: Refactor endpoint management (bsc#1178203).
  • ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203).
  • ALSA: usb-audio: Replace slave/master terms (bsc#1178203).
  • ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203).
  • ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203).
  • ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203).
  • ALSA: usb-audio: Simplify hw_params rules (bsc#1178203).
  • ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203).
  • ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203).
  • ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203).
  • ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203).
  • ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203).
  • ALSA: usb-audio: Support PCM sync_stop (bsc#1178203).
  • ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203).
  • ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203).
  • ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
  • ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203).
  • ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203).
  • ALSA: usb-audio: Use managed buffer allocation (bsc#1178203).
  • ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203).
  • ALSA: usb-audio: workaround for iface reset issue (bsc#1178203).
  • arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610).
  • ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes).
  • ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).
  • ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes).
  • ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).
  • ASoC: meson: fix COMPILE_TEST error (git-fixes).
  • ASoC: pcm: DRAIN support reactivation (git-fixes).
  • ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes).
  • ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes).
  • ASoC: tegra20-spdif: remove "default m" (git-fixes).
  • ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes).
  • ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).
  • ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes).
  • ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes).
  • ath10k: Fix an error handling path (git-fixes).
  • ath10k: Release some resources in an error handling path (git-fixes).
  • ath6kl: fix enum-conversion warning (git-fixes).
  • batman-adv: Consider fragmentation for needed_headroom (git-fixes).
  • batman-adv: Do not always reallocate the fragmentation skb head (git-fixes).
  • batman-adv: Reserve needed_*room for fragments (git-fixes).
  • blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486).
  • block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933).
  • Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes).
  • Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes).
  • Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes).
  • Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).
  • Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes).
  • bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes).
  • btrfs: add missing check for nocow and compression inode flags (bsc#1178780).
  • btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099).
  • btrfs: delete duplicated words + other fixes in comments (bsc#1180566).
  • btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566).
  • btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566).
  • btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963).
  • btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).
  • btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).
  • btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).
  • bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).
  • can: c_can: c_can_power_up(): fix error handling (git-fixes).
  • can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes).
  • can: softing: softing_netdev_open(): fix error handling (git-fixes).
  • can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes).
  • cfg80211: initialize rekey_data (git-fixes).
  • cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
  • cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
  • cifs: do not share tcons with DFS (bsc#1178270).
  • cifs: document and cleanup dfs mount (bsc#1178270).
  • cifs: ensure correct super block for DFS reconnect (bsc#1178270).
  • cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
  • cifs: fix check of tcon dfs in smb1 (bsc#1178270).
  • cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
  • cifs: fix double free error on share and prefix (bsc#1178270).
  • cifs: fix leaked reference on requeued write (bsc#1178270).
  • cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
  • cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
  • cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
  • cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
  • cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
  • cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
  • cifs: merge __{cifs,smb2}_reconnect_tcon into cifs_tree_connect() (bsc#1178270).
  • cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
  • cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
  • cifs: rename reconn_inval_dfs_target() (bsc#1178270).
  • cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
  • clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes).
  • clk: ingenic: Fix divider calculation with div tables (git-fixes).
  • clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes).
  • clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
  • clk: renesas: r9a06g032: Drop __packed for portability (git-fixes).
  • clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).
  • clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
  • clk: tegra: Do not return 0 on failure (git-fixes).
  • clk: tegra: Fix duplicated SE clock entry (git-fixes).
  • clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
  • clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes).
  • clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes).
  • clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes).
  • clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes).
  • compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203