drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
SUSE-SU-2021:2325-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Workstation Extension 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise High Availability 15-SP2, SUSE Linux Enterprise Module for Live Patching 15-SP2, SUSE MicroOS 5.0 |
|
Datum: |
Mi, 14. Juli 2021, 23:00 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573 |
|
Applikationen: |
Linux |
|
Originalnachricht |
SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2325-1 Rating: important References: #1152489 #1153274 #1154353 #1155518 #1164648 #1174978 #1176771 #1179610 #1182470 #1183712 #1184212 #1184685 #1185195 #1185486 #1185589 #1185675 #1185677 #1185701 #1186206 #1186463 #1186666 #1186672 #1186752 #1186949 #1186950 #1186951 #1186952 #1186953 #1186954 #1186955 #1186956 #1186957 #1186958 #1186959 #1186960 #1186961 #1186962 #1186963 #1186964 #1186965 #1186966 #1186967 #1186968 #1186969 #1186970 #1186971 #1186972 #1186973 #1186974 #1186976 #1186977 #1186978 #1186979 #1186980 #1186981 #1186982 #1186983 #1186984 #1186985 #1186986 #1186987 #1186988 #1186989 #1186990 #1186991 #1186992 #1186993 #1186994 #1186995 #1186996 #1186997 #1186998 #1186999 #1187000 #1187001 #1187002 #1187003 #1187038 #1187050 #1187067 #1187068 #1187069 #1187072 #1187143 #1187144 #1187171 #1187263 #1187356 #1187402 #1187403 #1187404 #1187407 #1187408 #1187409 #1187410 #1187411 #1187412 #1187413 #1187452 #1187554 #1187595 #1187601 #1187795 #1187867 #1187883 #1187886 #1187927 #1187972 #1187980 ECO-3691 SLE-11493 SLE-11796 SLE-17882 SLE-7926 SLE-8371 SLE-8389 SLE-8464 Cross-References: CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693 CVE-2021-3573 CVSS scores: CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3573 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________
An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2021-0129: Fixed improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36385: Fixed a use-after-free via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050). - CVE-2020-26558: Fixed Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 (bnc#1179610, bnc#1186463). - CVE-2020-36386: Fixed an out-of-bounds read issue in hci_extended_inquiry_result_evt (bnc#1187038).
The following non-security bugs were fixed:
- acpica: Clean up context mutex during object deletion (git-fixes). - alsa: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - alsa: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - alsa: timer: Fix master timer notification (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - arch: Add arch-dependent support markers in supported.conf (bsc#1186672) - arch: Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - blk-settings: align max_sectors on "logical_block_size" boundary (bsc#1185195). - block: Discard page cache of zone reset target range (bsc#1187402). - block: return the correct bvec when checking for gaps (bsc#1187143). - block: return the correct bvec when checking for gaps (bsc#1187144). - bluetooth: fix the erroneous flush_work() order (git-fixes). - bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - brcmfmac: properly check for bus register errors (git-fixes). - btrfs: open device without device_list_mutex (bsc#1176771). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - char: hpet: add checks after calling ioremap (git-fixes). - CPU: Startup failed when SNC (sub-numa cluster) is enabled with 3 NIC add-on cards installed (bsc#1187263). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - cxgb4: fix wrong shift (git-fixes). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - gpu: Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Correct SKB queue index validation (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - kABI workaround for struct lis3lv02d change (git-fixes). - kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does. - kernel-binary.spec.in: build-id check requires elfutils. - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - libertas: register sysfs groups properly (git-fixes). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not discard pNFS layout segments that are marked for return (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI/LINK: Remove bandwidth notification (bsc#1183712). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - pid: take a reference when initializing `cad_pid` (bsc#1152489). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" (git-fixes). - Revert "brcmfmac: add a check for the status of usb_register" (git-fixes). - Revert "char: hpet: fix a missing check of ioremap" (git-fixes). - Revert "char: hpet: fix a missing check of ioremap" (git-fixes). - Revert "dmaengine: qcom_hidma: Check for driver register failure" (git-fixes). - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413). - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#191041). - Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" (git-fixes). - Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" (git-fixes). - Revert "libertas: add checks for the return value of sysfs_create_group" (git-fixes). - Revert "media: dvb: Add check on sp8870_readreg" (git-fixes). - Revert "media: dvb: Add check on sp8870_readreg" (git-fixes). - Revert "media: gspca: Check the return value of write_bridge for timeout" (git-fixes). - Revert "media: gspca: Check the return value of write_bridge for timeout" (git-fixes). - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes). - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes). - Revert "media: usb: gspca: add a missed check for goto_low_power" (git-fixes). - Revert "net: liquidio: fix a NULL pointer dereference" (git-fixes). - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" (git-fixes). - Revert "qlcnic: Avoid potential NULL pointer dereference" (git-fixes). - Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" (bsc#1186949). - Revert "serial: max310x: pass return value of spi_register_driver" (git-fixes). - Revert "video: hgafb: fix potential NULL pointer dereference" (git-fixes). - Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#1152489) - rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796) - rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672) - rpm/split-modules: Avoid errors even if Module.* are not present - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" (bsc#1187067). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186955). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - usb: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - vrf: fix maximum MTU (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - x86: fix seq_file iteration for pat.c (git-fixes). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2325=1
- SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2325=1
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2325=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2325=1
- SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2325=1
- SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2325=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2325=1
Package List:
- SUSE MicroOS 5.0 (aarch64 x86_64):
kernel-default-5.3.18-24.70.1 kernel-default-base-5.3.18-24.70.1.9.32.1 kernel-default-debuginfo-5.3.18-24.70.1 kernel-default-debugsource-5.3.18-24.70.1
- SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.70.1 kernel-default-debugsource-5.3.18-24.70.1 kernel-default-extra-5.3.18-24.70.1 kernel-default-extra-debuginfo-5.3.18-24.70.1 kernel-preempt-extra-5.3.18-24.70.1 kernel-preempt-extra-debuginfo-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-24.70.1 kernel-default-debugsource-5.3.18-24.70.1 kernel-default-livepatch-5.3.18-24.70.1 kernel-default-livepatch-devel-5.3.18-24.70.1 kernel-livepatch-5_3_18-24_70-default-1-5.3.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-1-5.3.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-24.70.1 kernel-default-debugsource-5.3.18-24.70.1 reiserfs-kmp-default-5.3.18-24.70.1 reiserfs-kmp-default-debuginfo-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-24.70.1 kernel-obs-build-debugsource-5.3.18-24.70.1 kernel-syms-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.70.1 kernel-preempt-debugsource-5.3.18-24.70.1 kernel-preempt-devel-5.3.18-24.70.1 kernel-preempt-devel-debuginfo-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.70.1 kernel-source-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-24.70.1 kernel-default-base-5.3.18-24.70.1.9.32.1 kernel-default-debuginfo-5.3.18-24.70.1 kernel-default-debugsource-5.3.18-24.70.1 kernel-default-devel-5.3.18-24.70.1 kernel-default-devel-debuginfo-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.70.1 kernel-preempt-debuginfo-5.3.18-24.70.1 kernel-preempt-debugsource-5.3.18-24.70.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.70.1 kernel-macros-5.3.18-24.70.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-24.70.1 cluster-md-kmp-default-debuginfo-5.3.18-24.70.1 dlm-kmp-default-5.3.18-24.70.1 dlm-kmp-default-debuginfo-5.3.18-24.70.1 gfs2-kmp-default-5.3.18-24.70.1 gfs2-kmp-default-debuginfo-5.3.18-24.70.1 kernel-default-debuginfo-5.3.18-24.70.1 kernel-default-debugsource-5.3.18-24.70.1 ocfs2-kmp-default-5.3.18-24.70.1 ocfs2-kmp-default-debuginfo-5.3.18-24.70.1
References:
https://www.suse.com/security/cve/CVE-2020-26558.html https://www.suse.com/security/cve/CVE-2020-36385.html https://www.suse.com/security/cve/CVE-2020-36386.html https://www.suse.com/security/cve/CVE-2021-0129.html https://www.suse.com/security/cve/CVE-2021-0512.html https://www.suse.com/security/cve/CVE-2021-0605.html https://www.suse.com/security/cve/CVE-2021-33624.html https://www.suse.com/security/cve/CVE-2021-34693.html https://www.suse.com/security/cve/CVE-2021-3573.html https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1174978 https://bugzilla.suse.com/1176771 https://bugzilla.suse.com/1179610 https://bugzilla.suse.com/1182470 https://bugzilla.suse.com/1183712 https://bugzilla.suse.com/1184212 https://bugzilla.suse.com/1184685 https://bugzilla.suse.com/1185195 https://bugzilla.suse.com/1185486 https://bugzilla.suse.com/1185589 https://bugzilla.suse.com/1185675 https://bugzilla.suse.com/1185677 https://bugzilla.suse.com/1185701 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186463 https://bugzilla.suse.com/1186666 https://bugzilla.suse.com/1186672 https://bugzilla.suse.com/1186752 https://bugzilla.suse.com/1186949 https://bugzilla.suse.com/1186950 https://bugzilla.suse.com/1186951 https://bugzilla.suse.com/1186952 https://bugzilla.suse.com/1186953 https://bugzilla.suse.com/1186954 https://bugzilla.suse.com/1186955 https://bugzilla.suse.com/1186956 https://bugzilla.suse.com/1186957 https://bugzilla.suse.com/1186958 https://bugzilla.suse.com/1186959 https://bugzilla.suse.com/1186960 https://bugzilla.suse.com/1186961 https://bugzilla.suse.com/1186962 https://bugzilla.suse.com/1186963 https://bugzilla.suse.com/1186964 https://bugzilla.suse.com/1186965 https://bugzilla.suse.com/1186966 https://bugzilla.suse.com/1186967 https://bugzilla.suse.com/1186968 https://bugzilla.suse.com/1186969 https://bugzilla.suse.com/1186970 https://bugzilla.suse.com/1186971 https://bugzilla.suse.com/1186972 https://bugzilla.suse.com/1186973 https://bugzilla.suse.com/1186974 https://bugzilla.suse.com/1186976 https://bugzilla.suse.com/1186977 https://bugzilla.suse.com/1186978 https://bugzilla.suse.com/1186979 https://bugzilla.suse.com/1186980 https://bugzilla.suse.com/1186981 https://bugzilla.suse.com/1186982 https://bugzilla.suse.com/1186983 https://bugzilla.suse.com/1186984 https://bugzilla.suse.com/1186985 https://bugzilla.suse.com/1186986 https://bugzilla.suse.com/1186987 https://bugzilla.suse.com/1186988 https://bugzilla.suse.com/1186989 https://bugzilla.suse.com/1186990 https://bugzilla.suse.com/1186991 https://bugzilla.suse.com/1186992 https://bugzilla.suse.com/1186993 https://bugzilla.suse.com/1186994 https://bugzilla.suse.com/1186995 https://bugzilla.suse.com/1186996 https://bugzilla.suse.com/1186997 https://bugzilla.suse.com/1186998 https://bugzilla.suse.com/1186999 https://bugzilla.suse.com/1187000 https://bugzilla.suse.com/1187001 https://bugzilla.suse.com/1187002 https://bugzilla.suse.com/1187003 https://bugzilla.suse.com/1187038 https://bugzilla.suse.com/1187050 https://bugzilla.suse.com/1187067 https://bugzilla.suse.com/1187068 https://bugzilla.suse.com/1187069 https://bugzilla.suse.com/1187072 https://bugzilla.suse.com/1187143 https://bugzilla.suse.com/1187144 https://bugzilla.suse.com/1187171 https://bugzilla.suse.com/1187263 https://bugzilla.suse.com/1187356 https://bugzilla.suse.com/1187402 https://bugzilla.suse.com/1187403 https://bugzilla.suse.com/1187404 https://bugzilla.suse.com/1187407 https://bugzilla.suse.com/1187408 https://bugzilla.suse.com/1187409 https://bugzilla.suse.com/1187410 https://bugzilla.suse.com/1187411 https://bugzilla.suse.com/1187412 https://bugzilla.suse.com/1187413 https://bugzilla.suse.com/1187452 https://bugzilla.suse.com/1187554 https://bugzilla.suse.com/1187595 https://bugzilla.suse.com/1187601 https://bugzilla.suse.com/1187795 https://bugzilla.suse.com/1187867 https://bugzilla.suse.com/1187883 https://bugzilla.suse.com/1187886 https://bugzilla.suse.com/1187927 https://bugzilla.suse.com/1187972 https://bugzilla.suse.com/1187980
|
|
|
|