openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1062-1
Rating: important
References: #1152472 #1152489 #1153274 #1154353 #1155518
#1155798 #1156395 #1158983 #1162702 #1167773
#1169094 #1170284 #1170617 #1171150 #1171529
#1171530 #1171732 #1172344 #1172543 #1172687
#1172871 #1173284 #1173514 #1173552 #1173573
#1173625 #1173746 #1173776 #1173817 #1173818
#1173820 #1173822 #1173823 #1173824 #1173825
#1173826 #1173827 #1173828 #1173830 #1173831
#1173832 #1173833 #1173834 #1173836 #1173837
#1173838 #1173839 #1173841 #1173843 #1173844
#1173845 #1173847 #1173860 #1173894 #1174018
#1174244 #1174345
Cross-References: CVE-2020-12771 CVE-2020-15393
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that solves two vulnerabilities and has 55 fixes
is now available.

Description:

The openSUSE Leap 15.2 was updated to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a
memory leak, aka CID-28ebeb8db770 (bnc#1173514).
– CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a
deadlock if a coalescing operation fails (bnc#1171732).

The following non-security bugs were fixed:

– ACPI: configfs: Disallow loading ACPI tables when locked down
(git-fixes).
– ACPI: sysfs: Fix pm_profile_attr type (git-fixes).
– aio: fix async fsync creds (bsc#1173828).
– ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
(git-fixes).
– ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
(git-fixes).
– ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes).
– ALSA: hda – let hs_mic be picked ahead of hp_mic (git-fixes).
– ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems
(git-fixes).
– ALSA: hda/realtek – Add quirk for MSI GE63 laptop (git-fixes).
– ALSA: hda/realtek – Enable audio jacks of Acer vCopperbox with ALC269VC
(git-fixes).
– ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC
(git-fixes).
– ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with
ALC269VC (git-fixes).
– ALSA: hda/realtek – Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id
(git-fixes).
– ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
– ALSA: opl3: fix infoleak in opl3 (git-fixes).
– ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes).
– ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes).
– ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
– ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes).
– ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
– ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
– ALSA: usb-audio: Fix packet size calculation (bsc#1173847).
– ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes).
– ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes).
– amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).
– ASoC: core: only convert non DPCM link to DPCM link (git-fixes).
– ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
(git-fixes).
– ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
(git-fixes).
– ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes).
– ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet
(git-fixes).
– ASoC: max98373: reorder max98373_reset() in resume (git-fixes).
– ASoc: q6afe: add support to get port direction (git-fixes).
– ASoC: q6asm: handle EOS correctly (git-fixes).
– ASoC: qcom: q6asm-dai: kCFI fix (git-fixes).
– ASoC: rockchip: Fix a reference count leak (git-fixes).
– ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes).
– ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags
(git-fixes).
– ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes).
– ASoC: ti: omap-mcbsp: Fix an error handling path in ‘asoc_mcbsp_probe()’
(git-fixes).
– ata/libata: Fix usage of page address by page_address in
ata_scsi_mode_select_xlat function (git-fixes).
– ath10k: fix kernel null pointer dereference (git-fixes).
– ath10k: Fix the race condition in firmware dump work queue (git-fixes).
– b43: Fix connection problem with WPA3 (git-fixes).
– b43_legacy: Fix connection problem with WPA3 (git-fixes).
– backlight: lp855x: Ensure regulators are disabled on probe failure
(git-fixes).
– batman-adv: Revert “disable ethtool link speed detection when auto
negotiation off” (git-fixes).
– bdev: fix bdev inode reference count disbalance regression (bsc#1174244)
– block/bio-integrity: do not free ‘buf’ if bio_integrity_add_page()
failed (bsc#1173817).
– block: Fix use-after-free in blkdev_get() (bsc#1173834).
– block: nr_sects_write(): Disable preemption on seqcount write
(bsc#1173818).
– Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes).
– Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes).
– bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150).
– bnxt_en: fix firmware message length endianness (bsc#1173894).
– bnxt_en: Fix return code to “flash_device” (bsc#1173894).
– bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274).
– bnxt_en: Return from timer if interface is not in open state
(jsc#SLE-8371 bsc#1153274).
– bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274).
– bpf: Document optval > PAGE_SIZE behavior for sockopt hooks
(bsc#1155518).
– bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE
(bsc#1155518).
– bpf: Fix an error code in check_btf_func() (bsc#1154353).
– bpf: Restrict bpf_trace_printk()’s %s usage and add %pks, %pus specifier
(bsc#1172344).
– bpf, xdp, samples: Fix null pointer dereference in *_user code
(bsc#1155518).
– brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094).
– bus: ti-sysc: Ignore clockactivity unless specified as a quirk
(git-fixes).
– carl9170: remove P2P_GO support (git-fixes).
– cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
– clk: qcom: msm8916: Fix the address location of pll->config_reg
(git-fixes).
– clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
(git-fixes).
– clk: sifive: allocate sufficient memory for struct __prci_data
(git-fixes).
– clk: ti: composite: fix memory leak (git-fixes).
– clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes).
– clocksource: dw_apb_timer: Make CPU-affiliation being optional
(git-fixes).
– cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes).
– cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
(git-fixes).
– cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
(git-fixes).
– cpuidle: Fix three reference count leaks (git-fixes).
– crypto: algif_skcipher – Cap recv SG list at ctx->used (git-fixes).
– crypto – Avoid free() namespace collision (git-fixes).
– Crypto/chcr: fix for ccm(aes) failed test (git-fixes).
– crypto: omap-sham – add proper load balancing support for multicore
(git-fixes).
– debugfs: Check module state before warning in {full/open}_proxy_open()
(bsc#1173746).
– devlink: fix return value after hitting end in region read
(networking-stable-20_05_12).
– devmap: Use bpf_map_area_alloc() for allocating hash buckets
(bsc#1154353).
– dm writecache: reject asynchronous pmem devices (bsc#1156395).
– dpaa2-eth: prevent array underflow in update_cls_rule()
(networking-stable-20_05_16).
– dpaa2-eth: properly handle buffer size restrictions
(networking-stable-20_05_16).
– dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).
– drivers: base: Fix NULL pointer exception in __platform_driver_probe()
if a driver developer is foolish (git-fixes).
– Drivers: hv: Change flag to write log level in panic msg to false
(bsc#1170617).
– drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes
– drm/amd/display: Revalidate bandwidth before commiting DC updates
(git-fixes).
– drm/amd: fix potential memleak in err branch (git-fixes).
– drm/amdgpu: add fw release for sdma v5_0 (git-fixes).
– drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes).
– drm/amdgpu: fix gfx hang during suspend with video playback (v2)
(git-fixes).
– drm/amdgpu: fix the hw hang during perform system reboot and reset
(git-fixes).
– drm/amdgpu: Init data to avoid oops while reading pp_num_states
(git-fixes).
– drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes).
– drm/amdgpu: Replace invalid device ID with a valid device ID
(bsc#1152472)
– drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and
raven (git-fixes).
– drm: bridge: adv7511: Extend list of audio sample rates (git-fixes).
– drm/connector: notify userspace on hotplug after register complete
(bsc#1152489) * context changes
– drm/i915/gt: Do not schedule normal requests immediately along
(bsc#1152489)
– drm/i915/gvt: Fix two CFL MMIO handling caused by regression.
(bsc#1152489)
– drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes).
– drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
(bsc#1152489)
– drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489)
– drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489)
– drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes).
– drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
(git-fixes).
– drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection
(git-fixes).
– drm/qxl: Use correct notify port address when creating cursor ring
(bsc#1152472)
– drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
– drm: rcar-du: Fix build error (bsc#1152472)
– drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489)
– drm: sun4i: hdmi: Remove extra HPD polling (git-fixes).
– e1000: Distribute switch variables for initialization (git-fixes).
– e1000e: Relax condition to trigger reset for ME workaround (git-fixes).
– ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843).
– ext4: fix error pointer dereference (bsc#1173837).
– ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836).
– ext4: fix partial cluster initialization when splitting extent
(bsc#1173839).
– ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).
– ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error
handlers (bsc#1173833).
– ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841).
– fat: do not allow to mount if the FAT length == 0 (bsc#1173831).
– Fix boot crash with MD (bsc#1173860)
– fix multiplication overflow in copy_fdtable() (bsc#1173825).
– fork: prevent accidental access to clone3 features (bsc#1174018).
– fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
(networking-stable-20_05_12).
– geneve: allow changing DF behavior after creation (git-fixes).
– geneve: change from tx_error to tx_dropped on missing metadata
(git-fixes).
– gfs2: fix glock reference problem in gfs2_trans_remove_revoke
(bsc#1173823).
– gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822).
– gpio: pca953x: fix handling of automatic address incrementing
(git-fixes).
– HID: Add quirks for Trust Panora Graphic Tablet (git-fixes).
– hinic: fix a bug of ndo_stop (networking-stable-20_05_16).
– hinic: fix wrong para of wait_for_completion_timeout
(networking-stable-20_05_16).
– hv_netvsc: Fix netvsc_start_xmit’s return type (git-fixes).
– hwmon: (acpi_power_meter) Fix potential memory leak in
acpi_power_meter_add() (git-fixes).
– hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes).
– hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes).
– hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes).
– i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes).
– i2c: core: check returned size of emulated smbus block read (git-fixes).
– i2c: fsi: Fix the port number field in status register (git-fixes).
– i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes).
– i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
(git-fixes).
– i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
(git-fixes).
– i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
– IB/rdmavt: Free kernel completion queue when done (bsc#1173625).
– iio: bmp280: fix compensation of humidity (git-fixes).
– input: i8042 – Remove special PowerPC handling (git-fixes).
– ionic: add pcie_print_link_status (bsc#1167773).
– ionic: export features for vlans to use (bsc#1167773).
– ionic: no link check while resetting queues (bsc#1167773).
– ionic: remove support for mgmt device (bsc#1167773).
– ionic: tame the watchdog timer on reconfig (bsc#1167773).
– ionic: wait on queue start until after IFF_UP (bsc#1167773).
– io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832).
– ipmi: use vzalloc instead of kmalloc for user creation (git-fixes).
– iwlwifi: mvm: fix aux station leak (git-fixes).
– ixgbe: do not check firmware errors (bsc#1170284).
– jbd2: avoid leaking transaction credits when unreserving handle
(bsc#1173845).
– jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).
– kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes).
– kabi: hv: prevent struct device_node to become defined (bsc#1172871).
– kABI: protect struct fib_dump_filter (kabi).
– kABI: protect struct mlx5_cmd_work_ent (kabi).
– libceph: do not omit recovery_deletes in target_copy() (git-fixes).
– loop: replace kill_bdev with invalidate_bdev (bsc#1173820).
– media: dvbdev: Fix tuner->demod media controller link (git-fixes).
– media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776).
– media: dvbsky: add support for Mygica T230C v2 (bsc#1173776).
– media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling
(git-fixes).
– media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes).
– media: ov5640: fix use of destroyed mutex (git-fixes).
– media: si2157: Better check for running tuner in init (git-fixes).
– media: si2168: add support for Mygica T230C v2 (bsc#1173776).
– media: staging: imgu: do not hold spinlock during freeing mmu page table
(git-fixes).
– media: staging/intel-ipu3: Implement lock for stream on/off operations
(git-fixes).
– media: vicodec: Fix error codes in probe function (git-fixes).
– mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
– mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
(networking-stable-20_05_12).
– mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes).
– mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
(git-fixes).
– mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844).
– mm/memory_hotplug: refrain from adding memory into an impossible node
(bsc#1173552).
– mvpp2: remove module bugfix (bsc#1154353).
– namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824).
– neigh: send protocol value in neighbor create notification
(networking-stable-20_05_12).
– net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702).
– net: do not return invalid table id error when we fall back to PF_UNSPEC
(networking-stable-20_05_27).
– net: dsa: Do not leave DSA master with NULL netdev_ops
(networking-stable-20_05_12).
– net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).
– net: dsa: mt7530: fix roaming from DSA user ports
(networking-stable-20_05_27).
– net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
(networking-stable-20_05_27).
– net: fix a potential recursive NETDEV_FEAT_CHANGE
(networking-stable-20_05_16).
– __netif_receive_skb_core: pass skb by reference
(networking-stable-20_05_27).
– net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
(networking-stable-20_05_27).
– net: ipip: fix wrong address family in init error path
(networking-stable-20_05_27).
– net: macb: fix an issue about leak related system resources
(networking-stable-20_05_12).
– net: macsec: preserve ingress frame ordering
(networking-stable-20_05_12).
– net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
(networking-stable-20_05_12).
– net/mlx5: Add command entry handling completion
(networking-stable-20_05_27).
– net/mlx5: Disable reload while removing the device (jsc#SLE-8464).
– net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464).
– net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27).
– net/mlx5e: kTLS, Destroy key object after destroying the TIS
(networking-stable-20_05_27).
– net/mlx5e: Update netdev txq on completions during closure
(networking-stable-20_05_27).
– net/mlx5: Fix command entry leak in Internal Error State
(networking-stable-20_05_12).
– net/mlx5: Fix error flow in case of function_setup failure
(networking-stable-20_05_27).
– net/mlx5: Fix forced completion access non initialized command entry
(networking-stable-20_05_12).
– net/mlx5: Fix memory leak in mlx5_events_init
(networking-stable-20_05_27).
– net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del()
(networking-stable-20_05_12).
– net: mvpp2: fix RX hashing for non-10G ports
(networking-stable-20_05_27).
– net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx()
(networking-stable-20_05_12).
– net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27).
– net: phy: fix aneg restart in phy_ethtool_set_eee
(networking-stable-20_05_16).
– netprio_cgroup: Fix unlimited memory leak of v2 cgroups
(networking-stable-20_05_16).
– net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
(networking-stable-20_05_27).
– net sched: fix reporting the first-time use timestamp
(networking-stable-20_05_27).
– net_sched: sch_skbprio: add message validation to skbprio_change()
(networking-stable-20_05_12).
– net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069).
– net: stmmac: fix num_por initialization (networking-stable-20_05_16).
– net: stricter validation of untrusted gso packets
(networking-stable-20_05_12).
– net: tc35815: Fix phydev supported/advertising mask
(networking-stable-20_05_12).
– net: tcp: fix rx timestamp behavior for tcp_recvmsg
(networking-stable-20_05_16).
– net/tls: fix race condition causing kernel panic
(networking-stable-20_05_27).
– net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
(networking-stable-20_05_12).
– net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
(networking-stable-20_05_12).
– net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).
– nexthop: Fix attribute checking for groups (networking-stable-20_05_27).
– nfp: abm: fix a memory leak bug (networking-stable-20_05_12).
– nfp: abm: fix error return code in nfp_abm_vnic_alloc()
(networking-stable-20_05_16).
– nfsd4: fix nfsdfs reference count loop (git-fixes).
– nfsd: apply umask on fs without ACL support (git-fixes).
– nfsd: fix nfsdfs inode reference count leak (git-fixes).
– NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes).
– PCI: aardvark: Do not blindly enable ASPM L0s and do not write to
read-only register (git-fixes).
– PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
(git-fixes).
– PCI: Add Loongson vendor ID (git-fixes).
– PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).
– PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
– PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
– PCI: Do not disable decoding when mmio_always_on is set (git-fixes).
– PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes).
– PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871).
– PCI: hv: Decouple the func definition in hv_dr_state from VSP message
(bsc#1172871).
– PCI: hv: Fix the PCI HyperV probe failure path to release resource
properly (bsc#1172871).
– PCI: hv: Introduce hv_msi_entry (bsc#1172871).
– PCI: hv: Move hypercall related definitions into tlfs header
(bsc#1172871).
– PCI: hv: Move retarget related structures into tlfs header (bsc#1172871).
– PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871).
– PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871).
– PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes).
– PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes).
– pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes).
– pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes).
– platform/x86: asus_wmi: Reserve more space for struct bias_args
(git-fixes).
– platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
(git-fixes).
– platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
(git-fixes).
– pNFS/flexfiles: Fix list corruption if the mirror count changes
(git-fixes).
– pppoe: only process PADT targeted at local interfaces
(networking-stable-20_05_16).
– proc: Use new_inode not new_inode_pseudo (bsc#1173830).
– pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
(git-fixes).
– RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449).
– regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes).
– remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use
(git-fixes).
– Revert commit e918e570415c (“tpm_tis: Remove the HID IFX0102”)
(git-fixes).
– Revert “i2c: tegra: Fix suspending in active runtime PM state”
(git-fixes).
– Revert “ipv6: add mtu lock check in __ip6_rt_update_pmtu”
(networking-stable-20_05_16).
– ring-buffer: Zero out time extend if it is nested and not absolute
(git-fixes).
– sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes).
– sch_choke: avoid potential panic in choke_reset()
(networking-stable-20_05_12).
– sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler
functional and performance backports)).
– sched: Fix race against ptrace_freeze_trace() (bsc#1174345).
– sch_sfq: validate silly quantum values (networking-stable-20_05_12).
– scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).
– scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687
bsc#1171530).
– scsi: lpfc: Add support to display if adapter dumps are available
(bsc#1172687 bsc#1171530).
– scsi: lpfc: Allow applications to issue Common Set Features mailbox
command (bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix interrupt assignments when multiple vectors are
supported on same CPU (bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix language in 0373 message to reflect non-error message
(bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687
bsc#1171530).
– scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix NVMe rport deregister and registration during ADISC
(bsc#1172687 bsc#1171530).
– scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687
bsc#1171530).
– scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687
bsc#1171530).
– scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687
bsc#1171530).
– scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test
(bsc#1172687 bsc#1171530).
– scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530).
– scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request
(bsc#1158983).
– sctp: Do not add the shutdown timer if its already been added
(networking-stable-20_05_27).
– sctp: Start shutdown on association restart if in SHUTDOWN-SENT state
and socket is closed (networking-stable-20_05_27).
– selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518).
– signal: Avoid corrupting si_pid and si_uid in do_notify_parent
(bsc#1171529).
– slimbus: ngd: get drvdata from correct device (git-fixes).
– socionext: account for napi_gro_receive never returning GRO_DROP
(bsc#1154353).
– spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).
– spi: dw: Fix Rx-only DMA transfers (git-fixes).
– spi: dw: Return any value retrieved from the dma_transfer callback
(git-fixes).
– spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes).
– spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH
(git-fixes).
– Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
(git-fixes).
– sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).
– SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
(git-fixes).
– tcp: fix error recovery in tcp_zerocopy_receive()
(networking-stable-20_05_16).
– tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16).
– tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
(bsc#1173284).
– thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes).
– thermal/drivers/rcar_gen3: Fix undefined temperature if negative
(git-fixes).
– thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes).
– tipc: block BH before using dst_cache (networking-stable-20_05_27).
– tipc: fix partial topology connection closure
(networking-stable-20_05_12).
– tpm: Fix TIS locality timeout problems (git-fixes).
– tpm_tis: Remove the HID IFX0102 (git-fixes).
– tracing: Fix event trigger to accept redundant spaces (git-fixes).
– tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
(networking-stable-20_05_12).
– ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827).
– ubifs: remove broken lazytime support (bsc#1173826).
– Update patch reference tag for ACPI lockdown fix (bsc#1173573)
– usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).
– usb/ehci-platform: Set PM runtime as active on resume (git-fixes).
– USB: ehci: reopen solution for Synopsys HC bug (git-fixes).
– usb: gadget: udc: Potential Oops in error handling code (git-fixes).
– usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
(git-fixes).
– usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes).
– usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
– usblp: poison URBs upon disconnect (git-fixes).
– usb/ohci-platform: Fix a warning when hibernating (git-fixes).
– USB: ohci-sm501: Add missed iounmap() in remove (git-fixes).
– usb: renesas_usbhs: getting residue from callback_result (git-fixes).
– USB: serial: ch341: add basis for quirk detection (git-fixes).
– usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs
(git-fixes).
– usb/xhci-plat: Set PM runtime as active on resume (git-fixes).
– video: vt8500lcdfb: fix fallthrough warning (bsc#1152489)
– virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16).
– watchdog: da9062: No need to ping manually before setting timeout
(git-fixes).
– wil6210: account for napi_gro_receive never returning GRO_DROP
(bsc#1154353).
– wil6210: add wil_netif_rx() helper function (bsc#1154353).
– wil6210: use after free in wil_netif_rx_any() (bsc#1154353).
– x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes).
– xhci: Fix enumeration issue when setting max packet size for FS devices
(git-fixes).
– xhci: Fix incorrect EP_STATE_MASK (git-fixes).
– xhci: Poll for U0 after disabling USB2 LPM (git-fixes).
– xhci: Return if xHCI does not support LPM (git-fixes).
– xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1062=1

Package List:

– openSUSE Leap 15.2 (x86_64):

kernel-debug-5.3.18-lp152.33.1
kernel-debug-debuginfo-5.3.18-lp152.33.1
kernel-debug-debugsource-5.3.18-lp152.33.1
kernel-debug-devel-5.3.18-lp152.33.1
kernel-debug-devel-debuginfo-5.3.18-lp152.33.1
kernel-default-5.3.18-lp152.33.1
kernel-default-base-5.3.18-lp152.33.1.lp152.8.4.4
kernel-default-base-rebuild-5.3.18-lp152.33.1.lp152.8.4.4
kernel-default-debuginfo-5.3.18-lp152.33.1
kernel-default-debugsource-5.3.18-lp152.33.1
kernel-default-devel-5.3.18-lp152.33.1
kernel-default-devel-debuginfo-5.3.18-lp152.33.1
kernel-kvmsmall-5.3.18-lp152.33.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.33.1
kernel-kvmsmall-debugsource-5.3.18-lp152.33.1
kernel-kvmsmall-devel-5.3.18-lp152.33.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.33.1
kernel-obs-build-5.3.18-lp152.33.1
kernel-obs-build-debugsource-5.3.18-lp152.33.1
kernel-obs-qa-5.3.18-lp152.33.1
kernel-preempt-5.3.18-lp152.33.1
kernel-preempt-debuginfo-5.3.18-lp152.33.1
kernel-preempt-debugsource-5.3.18-lp152.33.1
kernel-preempt-devel-5.3.18-lp152.33.1
kernel-preempt-devel-debuginfo-5.3.18-lp152.33.1
kernel-syms-5.3.18-lp152.33.1

– openSUSE Leap 15.2 (noarch):

kernel-devel-5.3.18-lp152.33.1
kernel-docs-5.3.18-lp152.33.1
kernel-docs-html-5.3.18-lp152.33.1
kernel-macros-5.3.18-lp152.33.1
kernel-source-5.3.18-lp152.33.1
kernel-source-vanilla-5.3.18-lp152.33.1

References:

https://www.suse.com/security/cve/CVE-2020-12771.html
https://www.suse.com/security/cve/CVE-2020-15393.html
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1155518
https://bugzilla.suse.com/1155798
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1158983
https://bugzilla.suse.com/1162702
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1169094
https://bugzilla.suse.com/1170284
https://bugzilla.suse.com/1170617
https://bugzilla.suse.com/1171150
https://bugzilla.suse.com/1171529
https://bugzilla.suse.com/1171530
https://bugzilla.suse.com/1171732
https://bugzilla.suse.com/1172344
https://bugzilla.suse.com/1172543
https://bugzilla.suse.com/1172687
https://bugzilla.suse.com/1172871
https://bugzilla.suse.com/1173284
https://bugzilla.suse.com/1173514
https://bugzilla.suse.com/1173552
https://bugzilla.suse.com/1173573
https://bugzilla.suse.com/1173625
https://bugzilla.suse.com/1173746
https://bugzilla.suse.com/1173776
https://bugzilla.suse.com/1173817
https://bugzilla.suse.com/1173818
https://bugzilla.suse.com/1173820
https://bugzilla.suse.com/1173822
https://bugzilla.suse.com/1173823
https://bugzilla.suse.com/1173824
https://bugzilla.suse.com/1173825
https://bugzilla.suse.com/1173826
https://bugzilla.suse.com/1173827
https://bugzilla.suse.com/1173828
https://bugzilla.suse.com/1173830
https://bugzilla.suse.com/1173831
https://bugzilla.suse.com/1173832
https://bugzilla.suse.com/1173833
https://bugzilla.suse.com/1173834
https://bugzilla.suse.com/1173836
https://bugzilla.suse.com/1173837
https://bugzilla.suse.com/1173838
https://bugzilla.suse.com/1173839
https://bugzilla.suse.com/1173841
https://bugzilla.suse.com/1173843
https://bugzilla.suse.com/1173844
https://bugzilla.suse.com/1173845
https://bugzilla.suse.com/1173847
https://bugzilla.suse.com/1173860
https://bugzilla.suse.com/1173894
https://bugzilla.suse.com/1174018
https://bugzilla.suse.com/1174244
https://bugzilla.suse.com/1174345

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org