SUSE-SU-2020:2981-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20202981-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:2981-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:2981-1
Related
Published
2020-10-21T11:29:25Z
Modified
2020-10-21T11:29:25Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).
  • CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).
  • CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511).
  • CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bsc#1176381).

The following non-security bugs were fixed:

  • btrfs: check the right error variable in btrfsdeldirentriesin_log (bsc#1177687).
  • btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).
  • btrfs: fix incorrect updating of log root tree (bsc#1177687).
  • btrfs: fix race between page release and a fast fsync (bsc#1177687).
  • btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).
  • btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
  • btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
  • btrfs: release old extent maps during page release (bsc#1177687).
  • btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).
  • btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).
  • drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
  • drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
  • drm/sun4i: mixer: Extend regmap max_register (git-fixes).
  • ext4: fix dir_nlink behaviour (bsc#1177359).
  • i2c: meson: fix clock setting overwrite (git-fixes).
  • include/linux/swapops.h: correct guards for nonswapentry() (git-fixes (mm/swap)).
  • iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
  • leds: mt6323: move period calculation (git-fixes).
  • mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).
  • macsec: avoid use-after-free in macsechandleframe() (git-fixes).
  • mfd: sm501: Fix leaks in probe() (git-fixes).
  • mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
  • mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
  • mm: hugetlb: switch to csstryget() in hugetlbcgroupchargecgroup() (git-fixes (mm/hugetlb)).
  • mm/ksm.c: do not WARN if page is still mapped in removestablenode() (git-fixes (mm/hugetlb)).
  • mm: memcg: switch to csstryget() in getmemcgroupfrom_mm() (bsc#1177685).
  • mm/mempolicy.c: fix out of bounds write in mpolparsestr() (git-fixes (mm/mempolicy)).
  • mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)).
  • mm, numa: fix bad pmd by atomically check for pmdtranshuge when marking page tables prot_numa (git-fixes (mm/numa)).
  • mm/pageowner.c: remove drainallpages from initearlyallocatedpages (git-fixes (mm/debug)).
  • mm/page-writeback.c: avoid potential division by zero in wbminmax_ratio() (git-fixes (mm/writeback)).
  • mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).
  • mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)).
  • mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
  • mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)).
  • mm/zsmalloc.c: fix race condition in zsdestroypool (git-fixes (mm/zsmalloc)).
  • mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).
  • mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)).
  • Move the upstreamed bluetooth fix into sorted section
  • net: wireless: nl80211: fix out-of-bounds access in nl80211delkey() (git-fixes).
  • NFS: On fatal writeback errors, we need to call nfsinoderemove_request() (bsc#1177340).
  • NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
  • NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
  • nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf
  • nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).
  • nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).
  • nvme: fix possible io failures when removing multipathed ns (bsc#1174748).
  • nvme: make nvmeidentifyns propagate errors back (bsc#1174748).
  • nvme: make nvmereportns_ids propagate error back (bsc#1174748).
  • nvme-multipath: do not reset on unknown status (bsc#1174748).
  • nvme: Namepace identification descriptor list is optional (bsc#1174748).
  • nvme: pass status to nvmeerrorstatus (bsc#1174748).
  • nvme-rdma: Avoid double freeing of async event data (bsc#1174748).
  • nvme: return error from nvmeallocns() (bsc#1174748).
  • platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
  • powerpc/dma: Fix dmamapops::getrequiredmask (bsc#1065729).
  • pty: do ttyflipbufferpush without port->lock in ptywrite (git-fixes).
  • scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683).
  • scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).
  • scsi: hisisas: Add missing seqprintf() call in hisisasshowrow32() (bsc#1140683).
  • scsi: hisisas: Change return variable type in phyupv3hw() (bsc#1140683).
  • scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683).
  • scsi: hisi_sas: Do some more tidy-up (bsc#1140683).
  • scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683).
  • scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh:
  • scsi: hisisas: No need to check return value of debugfscreate functions (bsc#1140683). Update:
  • scsi: hisi_sas: Some misc tidy-up (bsc#1140683).
  • scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Allow devlosstmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Make tgtportdatabase available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538).
  • scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538).
  • spi: fsl-espi: Only process interrupts for expected events (git-fixes).
  • tty: serial: earlycon dependency (git-fixes).
  • x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)).
  • x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.46.1",
            "gfs2-kmp-default": "4.12.14-122.46.1",
            "ocfs2-kmp-default": "4.12.14-122.46.1",
            "cluster-md-kmp-default": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_46-default": "1-8.5.1",
            "kernel-default-kgraft": "4.12.14-122.46.1",
            "kernel-default-kgraft-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_11

Package

Name
kgraft-patch-SLE12-SP5_Update_11
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP5_Update_11&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_46-default": "1-8.5.1",
            "kernel-default-kgraft": "4.12.14-122.46.1",
            "kernel-default-kgraft-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-docs

Package

Name
kernel-docs
Purl
purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.46.1",
            "kernel-obs-build": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.46.1",
            "kernel-obs-build": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.46.1",
            "kernel-devel": "4.12.14-122.46.1",
            "kernel-default-base": "4.12.14-122.46.1",
            "kernel-default-man": "4.12.14-122.46.1",
            "kernel-default": "4.12.14-122.46.1",
            "kernel-source": "4.12.14-122.46.1",
            "kernel-syms": "4.12.14-122.46.1",
            "kernel-default-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.46.1",
            "kernel-devel": "4.12.14-122.46.1",
            "kernel-default-base": "4.12.14-122.46.1",
            "kernel-default-man": "4.12.14-122.46.1",
            "kernel-default": "4.12.14-122.46.1",
            "kernel-source": "4.12.14-122.46.1",
            "kernel-syms": "4.12.14-122.46.1",
            "kernel-default-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.46.1",
            "kernel-devel": "4.12.14-122.46.1",
            "kernel-default-base": "4.12.14-122.46.1",
            "kernel-default-man": "4.12.14-122.46.1",
            "kernel-default": "4.12.14-122.46.1",
            "kernel-source": "4.12.14-122.46.1",
            "kernel-syms": "4.12.14-122.46.1",
            "kernel-default-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.46.1",
            "kernel-devel": "4.12.14-122.46.1",
            "kernel-default-base": "4.12.14-122.46.1",
            "kernel-default-man": "4.12.14-122.46.1",
            "kernel-default": "4.12.14-122.46.1",
            "kernel-source": "4.12.14-122.46.1",
            "kernel-syms": "4.12.14-122.46.1",
            "kernel-default-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.46.1",
            "kernel-devel": "4.12.14-122.46.1",
            "kernel-default-base": "4.12.14-122.46.1",
            "kernel-default-man": "4.12.14-122.46.1",
            "kernel-default": "4.12.14-122.46.1",
            "kernel-source": "4.12.14-122.46.1",
            "kernel-syms": "4.12.14-122.46.1",
            "kernel-default-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.46.1",
            "kernel-devel": "4.12.14-122.46.1",
            "kernel-default-base": "4.12.14-122.46.1",
            "kernel-default-man": "4.12.14-122.46.1",
            "kernel-default": "4.12.14-122.46.1",
            "kernel-source": "4.12.14-122.46.1",
            "kernel-syms": "4.12.14-122.46.1",
            "kernel-default-devel": "4.12.14-122.46.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.46.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "4.12.14-122.46.1"
        }
    ]
}