Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2020:2610-1
Rating:	important
References:	bsc#1058115 bsc#1071995 bsc#1154366 bsc#1165629 bsc#1165631 bsc#1171988 bsc#1172428 bsc#1173798 bsc#1174205 bsc#1174757 bsc#1175112 bsc#1175122 bsc#1175128 bsc#1175204 bsc#1175213 bsc#1175515 bsc#1175518 bsc#1175691 bsc#1175992 bsc#1176069
Cross-References:	CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394
CVSS scores:	CVE-2020-10135 ( SUSE ): 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-10135 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-14314 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-14314 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14331 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14331 ( NVD ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14356 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14356 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14386 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-14386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14386 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-16166 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-16166 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-1749 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-1749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-24394 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-24394 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves eight vulnerabilities and has 12 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
• CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
• CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
• CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
• CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
• CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
• CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
• CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

The following non-security bugs were fixed:

• cifs: add support for fallocate mode 0 for non-sparse files (bsc#1175122).
• cifs: allow unlock flock and OFD lock across fork (bsc#1175122).
• cifs_atomic_open(): fix double-put on late allocation failure (bsc#1175122).
• cifs: Avoid doing network I/O while holding cache lock (bsc#1175122).
• cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1175122).
• cifs: Clean up DFS referral cache (bsc#1175122).
• cifs: document and cleanup dfs mount (bsc#1172428 bsc#1175122).
• cifs: do not ignore the SYNC flags in getattr (bsc#1175122).
• cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1175122).
• cifs: do not share tcons with DFS (bsc#1175122).
• cifs: ensure correct super block for DFS reconnect (bsc#1175122).
• cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1175122).
• cifs: fiemap: do not return EINVAL if get nothing (bsc#1175122).
• cifs: Fix an error pointer dereference in cifs_mount() (bsc#1172428 bsc#1175122).
• cifs: fix double free error on share and prefix (bsc#1172428 bsc#1175122).
• cifs: fix leaked reference on requeued write (bsc#1175122).
• cifs: fix NULL dereference in match_prepath (bsc#1175122).
• cifs: Fix null pointer check in cifs_read (bsc#1175122).
• cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1175122).
• cifs: fix potential mismatch of UNC paths (bsc#1175122).
• cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1175122).
• cifs: Fix return value in __update_cache_entry (bsc#1175122).
• cifs: fix soft mounts hanging in the reconnect code (bsc#1175122).
• cifs: Fix task struct use-after-free on reconnect (bsc#1175122).
• cifs: fix uninitialised lease_key in open_shroot() (bsc#1175122).
• cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1175122).
• cifs: Get rid of kstrdup_const()'d paths (bsc#1175122).
• cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1175122).
• cifs: handle empty list of targets in cifs_reconnect() (bsc#1172428 bsc#1175122).
• cifs: handle hostnames that resolve to same ip in failover (bsc#1175122).
• cifs: handle prefix paths in reconnect (bsc#1175122).
• cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1172428 bsc#1175122).
• cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1175122).
• cifs: Introduce helpers for finding TCP connection (bsc#1175122).
• cifs: make sure we do not overflow the max EA buffer size (bsc#1175122).
• cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1175122).
• cifs: merge __{cifs,smb2}_reconnect_tcon into cifs_tree_connect() (bsc#1172428 bsc#1175122).
• cifs: Merge is_path_valid() into get_normalized_path() (bsc#1175122).
• cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1175122).
• cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1172428 bsc#1175122).
• cifs: Optimize readdir on reparse points (bsc#1175122).
• cifs: potential unintitliazed error code in cifs_getattr() (bsc#1175122).
• cifs: protect updating server->dstaddr with a spinlock (bsc#1175122).
• cifs: reduce number of referral requests in DFS link lookups (bsc#1172428 bsc#1175122).
• cifs: rename reconn_inval_dfs_target() (bsc#1172428 bsc#1175122).
• cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1175122).
• cifs: set up next DFS target before generic_ip_connect() (bsc#1175122).
• cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1175122).
• cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1175122).
• Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128).
• ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
• ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
• ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
• kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
• kabi: mask changes to struct ipv6_stub (bsc#1165629).
• mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
• mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
• scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository
• selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
• selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
• selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
• selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
• smb3: fix performance regression with setting mtime (bsc#1175122).
• smb3: query attributes on file close (bsc#1175122).
• smb3: remove unused flag passed into close functions (bsc#1175122).
• Update patch reference for a tipc fix patch (bsc#1175515)
• x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2610=1
• SUSE Linux Enterprise High Availability Extension 15
  zypper in -t patch SUSE-SLE-Product-HA-15-2020-2610=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2610=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2610=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2610=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2610=1

Package List:

• SUSE Linux Enterprise Live Patching 15 (nosrc)
  • kernel-default-4.12.14-150.58.1
• SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
  • kernel-livepatch-4_12_14-150_58-default-1-1.3.1
  • kernel-default-livepatch-4.12.14-150.58.1
  • kernel-default-debugsource-4.12.14-150.58.1
  • kernel-default-debuginfo-4.12.14-150.58.1
  • kernel-livepatch-4_12_14-150_58-default-debuginfo-1-1.3.1
• SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
  • gfs2-kmp-default-debuginfo-4.12.14-150.58.1
  • dlm-kmp-default-debuginfo-4.12.14-150.58.1
  • dlm-kmp-default-4.12.14-150.58.1
  • cluster-md-kmp-default-debuginfo-4.12.14-150.58.1
  • gfs2-kmp-default-4.12.14-150.58.1
  • kernel-default-debugsource-4.12.14-150.58.1
  • ocfs2-kmp-default-4.12.14-150.58.1
  • kernel-default-debuginfo-4.12.14-150.58.1
  • ocfs2-kmp-default-debuginfo-4.12.14-150.58.1
  • cluster-md-kmp-default-4.12.14-150.58.1
• SUSE Linux Enterprise High Availability Extension 15 (nosrc)
  • kernel-default-4.12.14-150.58.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150.58.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • kernel-vanilla-base-debuginfo-4.12.14-150.58.1
  • kernel-default-devel-4.12.14-150.58.1
  • kernel-default-base-4.12.14-150.58.1
  • kernel-default-devel-debuginfo-4.12.14-150.58.1
  • kernel-vanilla-debuginfo-4.12.14-150.58.1
  • kernel-default-debugsource-4.12.14-150.58.1
  • kernel-vanilla-debugsource-4.12.14-150.58.1
  • kernel-syms-4.12.14-150.58.1
  • kernel-default-debuginfo-4.12.14-150.58.1
  • kernel-obs-build-4.12.14-150.58.1
  • kernel-vanilla-base-4.12.14-150.58.1
  • kernel-obs-build-debugsource-4.12.14-150.58.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • kernel-macros-4.12.14-150.58.1
  • kernel-devel-4.12.14-150.58.1
  • kernel-source-4.12.14-150.58.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.58.1
• SUSE Linux Enterprise Server ESPOS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.58.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-150.58.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • kernel-vanilla-base-debuginfo-4.12.14-150.58.1
  • kernel-default-devel-4.12.14-150.58.1
  • kernel-default-base-4.12.14-150.58.1
  • kernel-default-devel-debuginfo-4.12.14-150.58.1
  • kernel-vanilla-debuginfo-4.12.14-150.58.1
  • kernel-default-debugsource-4.12.14-150.58.1
  • kernel-vanilla-debugsource-4.12.14-150.58.1
  • kernel-syms-4.12.14-150.58.1
  • kernel-default-debuginfo-4.12.14-150.58.1
  • kernel-obs-build-4.12.14-150.58.1
  • kernel-vanilla-base-4.12.14-150.58.1
  • kernel-obs-build-debugsource-4.12.14-150.58.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • kernel-macros-4.12.14-150.58.1
  • kernel-devel-4.12.14-150.58.1
  • kernel-source-4.12.14-150.58.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.58.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (nosrc)
  • kernel-vanilla-4.12.14-150.58.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-150.58.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • kernel-vanilla-base-debuginfo-4.12.14-150.58.1
  • kernel-default-devel-4.12.14-150.58.1
  • kernel-default-base-4.12.14-150.58.1
  • kernel-default-devel-debuginfo-4.12.14-150.58.1
  • kernel-vanilla-debuginfo-4.12.14-150.58.1
  • kernel-default-debugsource-4.12.14-150.58.1
  • kernel-vanilla-debugsource-4.12.14-150.58.1
  • kernel-syms-4.12.14-150.58.1
  • kernel-default-debuginfo-4.12.14-150.58.1
  • kernel-obs-build-4.12.14-150.58.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150.58.1
  • kernel-vanilla-base-4.12.14-150.58.1
  • kernel-obs-build-debugsource-4.12.14-150.58.1
  • reiserfs-kmp-default-4.12.14-150.58.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • kernel-macros-4.12.14-150.58.1
  • kernel-devel-4.12.14-150.58.1
  • kernel-source-4.12.14-150.58.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.58.1
• SUSE Linux Enterprise Server 15 LTSS 15 (nosrc)
  • kernel-zfcpdump-4.12.14-150.58.1
  • kernel-vanilla-4.12.14-150.58.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
  • kernel-zfcpdump-debugsource-4.12.14-150.58.1
  • kernel-zfcpdump-debuginfo-4.12.14-150.58.1
  • kernel-default-man-4.12.14-150.58.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-150.58.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • kernel-vanilla-base-debuginfo-4.12.14-150.58.1
  • kernel-default-devel-4.12.14-150.58.1
  • kernel-default-base-4.12.14-150.58.1
  • kernel-default-devel-debuginfo-4.12.14-150.58.1
  • kernel-vanilla-debuginfo-4.12.14-150.58.1
  • kernel-default-debugsource-4.12.14-150.58.1
  • kernel-vanilla-debugsource-4.12.14-150.58.1
  • kernel-syms-4.12.14-150.58.1
  • kernel-default-debuginfo-4.12.14-150.58.1
  • kernel-obs-build-4.12.14-150.58.1
  • reiserfs-kmp-default-debuginfo-4.12.14-150.58.1
  • kernel-vanilla-base-4.12.14-150.58.1
  • kernel-obs-build-debugsource-4.12.14-150.58.1
  • reiserfs-kmp-default-4.12.14-150.58.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • kernel-macros-4.12.14-150.58.1
  • kernel-devel-4.12.14-150.58.1
  • kernel-source-4.12.14-150.58.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch nosrc)
  • kernel-docs-4.12.14-150.58.1
• SUSE Linux Enterprise Server for SAP Applications 15 (nosrc)
  • kernel-vanilla-4.12.14-150.58.1

References:

• https://www.suse.com/security/cve/CVE-2020-10135.html
• https://www.suse.com/security/cve/CVE-2020-14314.html
• https://www.suse.com/security/cve/CVE-2020-14331.html
• https://www.suse.com/security/cve/CVE-2020-14356.html
• https://www.suse.com/security/cve/CVE-2020-14386.html
• https://www.suse.com/security/cve/CVE-2020-16166.html
• https://www.suse.com/security/cve/CVE-2020-1749.html
• https://www.suse.com/security/cve/CVE-2020-24394.html
• https://bugzilla.suse.com/show_bug.cgi?id=1058115
• https://bugzilla.suse.com/show_bug.cgi?id=1071995
• https://bugzilla.suse.com/show_bug.cgi?id=1154366
• https://bugzilla.suse.com/show_bug.cgi?id=1165629
• https://bugzilla.suse.com/show_bug.cgi?id=1165631
• https://bugzilla.suse.com/show_bug.cgi?id=1171988
• https://bugzilla.suse.com/show_bug.cgi?id=1172428
• https://bugzilla.suse.com/show_bug.cgi?id=1173798
• https://bugzilla.suse.com/show_bug.cgi?id=1174205
• https://bugzilla.suse.com/show_bug.cgi?id=1174757
• https://bugzilla.suse.com/show_bug.cgi?id=1175112
• https://bugzilla.suse.com/show_bug.cgi?id=1175122
• https://bugzilla.suse.com/show_bug.cgi?id=1175128
• https://bugzilla.suse.com/show_bug.cgi?id=1175204
• https://bugzilla.suse.com/show_bug.cgi?id=1175213
• https://bugzilla.suse.com/show_bug.cgi?id=1175515
• https://bugzilla.suse.com/show_bug.cgi?id=1175518
• https://bugzilla.suse.com/show_bug.cgi?id=1175691
• https://bugzilla.suse.com/show_bug.cgi?id=1175992
• https://bugzilla.suse.com/show_bug.cgi?id=1176069