SUSE-SU-2020:3273-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3273-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:3273-1
- Related
- Published
- 2020-11-14T07:22:03Z
- Modified
- 2020-11-14T07:22:03Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bug fixes.
The following security bugs were fixed:
- CVE-2020-25656: Fixed a concurrency use-after-free in vtdokdgkb_ioctl (bnc#1177766).
- CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
- CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)
The following non-security bugs were fixed:
- actife: load meta modules before tcfidrcheckalloc() (networking-stable-200924).
- ath10k: check idx validity in _ath10khttrxringfilln() (git-fixes).
- ath9k: hifusb: fix race condition between usbgeturb() and usbkillanchoredurbs() (git-fixes).
- block: Set samepage to false in _biotrymerge_page if ret is false (git-fixes).
- Bluetooth: btusb: Fix memleak in btusbmtksubmitwmtrecv_urb (git-fixes).
- Bluetooth: Only mark socket zapped after unlocking (git-fixes).
- bnxten: Protect bnxtseteee() and bnxtset_pauseparam() with mutex (git-fixes).
- bonding: show saner speed for broadcast mode (networking-stable-200824).
- brcm80211: fix possible memleak in brcmfprotomsgbuf_attach (git-fixes).
- brcmsmac: fix memory leak in wlcphyattach_lcnphy (git-fixes).
- btrfs: allocate scrub workqueues outside of locks (bsc#1178183).
- btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
- btrfs: drop path before adding new uuid tree entry (bsc#1178176).
- btrfs: fix filesystem corruption after a device replace (bsc#1178395).
- btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).
- btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).
- btrfs: fix space cache memory leak after transaction abort (bsc#1178173).
- btrfs: move btrfsrmdevreplacefree_srcdev outside of all locks (bsc#1178395).
- btrfs: move btrfsscratchsuperblocks into btrfsdevreplace_finishing (bsc#1178395).
- btrfs: set the correct lockdep class for new nodes (bsc#1178184).
- btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).
- can: flexcan: flexcanchipstop(): add error handling and propagate error value (git-fixes).
- ceph: promote to unsigned long long before shifting (bsc#1178175).
- crypto: ccp - fix error handling (git-fixes).
- cxgb4: fix memory leak during module unload (networking-stable-200924).
- cxgb4: Fix offset when clearing filter byte counters (networking-stable-200924).
- Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes
- Disable module compression on SLE15 SP2 (bsc#1178307)
- dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).
- eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
- futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).
- futex: Consistently use fshared as boolean (bsc#1149032).
- futex: Fix incorrect shouldfailfutex() handling (bsc#1149032).
- futex: Remove putfutexkey() (bsc#1149032).
- futex: Remove unused or redundant includes (bsc#1149032).
- gre6: Fix reception with IP6TNLFRCVDSCPCOPY (networking-stable-2008_24).
- gtp: add GTPALINK info to msg sent to userspace (networking-stable-2009_11).
- HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).
- ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
- ibmvnic: fix ibmvnicsetmac (bsc#1066382 ltc#160943 git-fixes).
- icmp: randomize the global rate limiter (git-fixes).
- ip: fix tos reflection in ack and reset packets (networking-stable-200924).
- ipv4: Initialize flowi4multipathhash in data path (networking-stable-200924).
- ipv4: Restore flowi4oif update before call to xfrmlookup_route (git-fixes).
- ipv4: Update exception handling for multipath routes via same device (networking-stable-200924).
- ipv6: avoid lockdep issue in fib6del() (networking-stable-2009_24).
- ipv6: Fix sysctl max for fibmultipathhashpolicy (networking-stable-2009_11).
- ipvlan: fix device features (networking-stable-200824).
- kallsyms: Refactor kallsymsshowvalue() to take cred (git-fixes).
- kbuild: enforce -Werror=return-type (bsc#1177281).
- KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes).
- libceph: clear con->outmsg on Policy::statefulserver faults (bsc#1178177).
- mac80211: handle lack of sband->bitrates in rates (git-fixes).
- mailbox: avoid timer start from callback (git-fixes).
- media: ati_remote: sanity check for both endpoints (git-fixes).
- media: bdisp: Fix runtime PM imbalance on error (git-fixes).
- media: exynos4-is: Fix a reference count leak (git-fixes).
- media: exynos4-is: Fix a reference count leak due to pmruntimeget_sync (git-fixes).
- media: exynos4-is: Fix several reference count leaks due to pmruntimeget_sync (git-fixes).
- media: firewire: fix memory leak (git-fixes).
- media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).
- media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes).
- media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes).
- media: media/pci: prevent memory leak in bttv_probe (git-fixes).
- media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).
- media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
- media: rcardrif: Allocate v4l2async_subdev dynamically (git-fixes).
- media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).
- media: saa7134: avoid a shift overflow (git-fixes).
- media: st-delta: Fix reference count leak in deltarunwork (git-fixes).
- media: sti: Fix reference count leaks (git-fixes).
- media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
- media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).
- media: vsp1: Fix runtime PM imbalance on error (git-fixes).
- mic: vop: copy data to kernel space then write to io memory (git-fixes).
- misc: rtsx: Fix memory leak in rtsxpciprobe (git-fixes).
- misc: vop: add roundup(x,4) for vringsize to avoid kernel panic (git-fixes).
- mm: fix a race during THP splitting (bsc#1178255).
- mm: madvise: fix vma user-after-free (git-fixes).
- mmc: sdio: Check for CISTPLVERS1 buffer size (git-fixes).
- module: Correctly truncate sysfs sections output (git-fixes).
- module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).
- module: Refactor section attr into bin attribute (git-fixes).
- module: statically initialize init section freeing data (git-fixes).
- mwifiex: do not call deltimersync() on uninitialized timer (git-fixes).
- net/core: check length before updating Ethertype in skbmpls{push,pop} (git-fixes).
- net/mlx5: Fix FTE cleanup (networking-stable-200924).
- net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-200924).
- net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-200924).
- net/sched: actct: Fix skb double-free in tcfcthandlefragments() error flow (networking-stable-200824).
- net/smc: Prevent kernel-infoleak in _smcdiagdump() (networking-stable-2008_24).
- net: bridge: brvlangetpvidrcu() should dereference the VLAN group under RCU (networking-stable-200924).
- net: DCB: Validate DCBATTRDCBBUFFER argument (networking-stable-2009_24).
- net: disable netpoll on fresh napis (networking-stable-200911).
- net: dsa: b53: check for timeout (networking-stable-200824).
- net: dsa: rtl8366: Properly clear member config (networking-stable-200924).
- net: fec: correct the error path for regulator disable in probe (networking-stable-200824).
- net: Fix bridge enslavement failure (networking-stable-200924).
- net: Fix potential wrong skb->protocol in skbvlanuntag() (networking-stable-200824).
- net: hns: Fix memleak in hnsnicdevprobe (networking-stable-2009_11).
- net: ipv6: fix kconfig dependency warning for IPV6SEG6HMAC (networking-stable-200924).
- net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-200924).
- net: lantiq: Use napicompletedone() (networking-stable-200924).
- net: lantiq: use netiftxnapiadd() for TX NAPI (networking-stable-2009_24).
- net: lantiq: Wake TX queue again (networking-stable-200924).
- net: phy: Avoid NPD upon phydetach() when driver is unbound (networking-stable-2009_24).
- net: phy: Do not warn in phystop() on PHYDOWN (networking-stable-200924).
- net: qrtr: fix usage of idr in port assignment to socket (networking-stable-200824).
- net: sctp: Fix IPv6 ancestorsize calc in sctpcopydescendant (networking-stable-2009_24).
- net: sctp: Fix negotiation of the number of data streams (networking-stable-200824).
- net: systemport: Fix memleak in bcmsysportprobe (networking-stable-200911).
- net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-200911).
- net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
- net: usb: rtl8150: set random MAC address when setethernetaddr() fails (git-fixes).
- netlabel: fix problems with mapping removal (networking-stable-200911).
- nfp: use correct define to return NONE fec (networking-stable-200924).
- PM: hibernate: remove the bogus call to getgendisk() in softwareresume() (git-fixes).
- r8169: fix issue with forced threading in combination with shared interrupts (git-fixes).
- rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files.
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- rtl8xxxu: prevent potential memory leak (git-fixes).
- rtw88: increse the size of rx buffer size (git-fixes).
- s390/cio: add condresched() in the slowevalknownfn() loop (bsc#1177799 LTC#188733).
- s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).
- scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).
- sctp: not disable bh in the whole sctpgetportlocal() (networking-stable-2009_11).
- selftests/timers: Turn off timeout setting (git-fixes).
- spi: spi-s3c64xx: Check return values (git-fixes).
- spi: spi-s3c64xx: swap s3c64xxspisetcs() and s3c64xxenable_datapath() (git-fixes).
- taprio: Fix allowing too small intervals (networking-stable-200924).
- time: Prevent undefined behaviour in timespec64tons() (bsc#1164648).
- tipc: fix memory leak caused by tipcbufappend() (git-fixes).
- tipc: Fix memory leak in tipcgroupcreatemember() (networking-stable-2009_24).
- tipc: fix shutdown() of connection oriented socket (networking-stable-200924).
- tipc: fix shutdown() of connectionless socket (networking-stable-200911).
- tipc: fix the skbunshare() in tipcbuf_append() (git-fixes).
- tipc: fix uninit skb->data in tipcnlcompatdumpit() (networking-stable-2008_24).
- tipc: use skbunshare() instead in tipcbufappend() (networking-stable-2009_24).
- tty: ipwireless: fix error handling (git-fixes).
- tty: serial: fsllpuart: fix lpuart32pollgetchar (git-fixes).
- usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
- usb: cdc-acm: handle broken union descriptors (git-fixes).
- usb: cdc-wdm: Make wdmflush() interruptible and add wdmfsync() (git-fixes).
- usb: core: Solve race condition in anchor cleanup functions (git-fixes).
- usb: dwc3: simple: add support for Hikey 970 (git-fixes).
- usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).
- usb: gadget: function: printer: fix use-after-free in _lockacquire (git-fixes).
- usb: ohci: Default to per-port over-current protection (git-fixes).
- x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).
- xen/gntdev.c: Mark pages as dirty (bsc#1065600).
- xfs: fix high key handling in the rt allocator's query_range function (git-fixes).
- xfs: fix xfsbmapvalidateextentraw when checking attr fork of rt files (git-fixes).
- xfs: limit entries returned when counting fsmap records (git-fixes).
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20203273-1/
- https://bugzilla.suse.com/1065600
- https://bugzilla.suse.com/1066382
- https://bugzilla.suse.com/1149032
- https://bugzilla.suse.com/1163592
- https://bugzilla.suse.com/1164648
- https://bugzilla.suse.com/1170415
- https://bugzilla.suse.com/1175721
- https://bugzilla.suse.com/1175749
- https://bugzilla.suse.com/1176354
- https://bugzilla.suse.com/1177281
- https://bugzilla.suse.com/1177766
- https://bugzilla.suse.com/1177799
- https://bugzilla.suse.com/1177801
- https://bugzilla.suse.com/1178166
- https://bugzilla.suse.com/1178173
- https://bugzilla.suse.com/1178175
- https://bugzilla.suse.com/1178176
- https://bugzilla.suse.com/1178177
- https://bugzilla.suse.com/1178183
- https://bugzilla.suse.com/1178184
- https://bugzilla.suse.com/1178185
- https://bugzilla.suse.com/1178186
- https://bugzilla.suse.com/1178190
- https://bugzilla.suse.com/1178191
- https://bugzilla.suse.com/1178255
- https://bugzilla.suse.com/1178307
- https://bugzilla.suse.com/1178330
- https://bugzilla.suse.com/1178395
- https://www.suse.com/security/cve/CVE-2020-25656
- https://www.suse.com/security/cve/CVE-2020-25705
- https://www.suse.com/security/cve/CVE-2020-8694
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP2 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
SUSE:Linux Enterprise Module for Basesystem 15 SP2 / kernel-default-base
Package
- Name
- kernel-default-base
- Purl
- purl:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
SUSE:Linux Enterprise Module for Basesystem 15 SP2 / kernel-preempt
Package
- Name
- kernel-preempt
- Purl
- purl:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
SUSE:Linux Enterprise Module for Basesystem 15 SP2 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
SUSE:Linux Enterprise Module for Development Tools 15 SP2 / kernel-docs
Package
- Name
- kernel-docs
- Purl
- purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
SUSE:Linux Enterprise Module for Development Tools 15 SP2 / kernel-obs-build
Package
- Name
- kernel-obs-build
- Purl
- purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
SUSE:Linux Enterprise Module for Development Tools 15 SP2 / kernel-preempt
Package
- Name
- kernel-preempt
- Purl
- purl:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
SUSE:Linux Enterprise Module for Development Tools 15 SP2 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
SUSE:Linux Enterprise Module for Development Tools 15 SP2 / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
SUSE:Linux Enterprise Module for Legacy 15 SP2 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP2
SUSE:Linux Enterprise Live Patching 15 SP2 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
SUSE:Linux Enterprise Live Patching 15 SP2 / kernel-livepatch-SLE15-SP2_Update_7
Package
- Name
- kernel-livepatch-SLE15-SP2_Update_7
- Purl
- purl:rpm/suse/kernel-livepatch-SLE15-SP2_Update_7&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
SUSE:Linux Enterprise High Availability Extension 15 SP2 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2