[SUSE-SU-2021:1301-1] Security update for the Linux Kernel

Severity Important

CVEs 11

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).
CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).
CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).

The following non-security bugs were fixed:

ALSA: aloop: Fix initialization of controls (git-fixes).
ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
appletalk: Fix skb allocation size in loopback case (git-fixes).
ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).
ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).
atl1c: fix error return code in atl1c_probe() (git-fixes).
atl1e: fix error return code in atl1e_probe() (git-fixes).
batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).
bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).
bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).
cifs: change noisy error message to FYI (bsc#1181507).
cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
cifs: do not send close in compound create+close requests (bsc#1181507).
cifs: New optype for session operations (bsc#1181507).
cifs: print MIDs in decimal notation (bsc#1181507).
cifs: return proper error code in statfs(2) (bsc#1181507).
cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
clk: fix invalid usage of list cursor in register (git-fixes).
clk: fix invalid usage of list cursor in unregister (git-fixes).
clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).
drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).
drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).
drm/msm: Ratelimit invalid-fence message (git-fixes).
drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
enetc: Fix reporting of h/w packet counters (git-fixes).
fuse: fix bad inode (bsc#1184211).
fuse: fix live lock in fuse_iget() (bsc#1184211).
i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
libbpf: Fix INSTALL flag order (bsc#1155518).
locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
mac80211: choose first enabled channel for monitor (git-fixes).
mac80211: fix TXQ AC confusion (git-fixes).
mISDN: fix crash in fritzpci (git-fixes).
net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
net: b44: fix error return code in b44_init_one() (git-fixes).
net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).
net: hns3: Remove the left over redundant check & assignment (bsc#1154353).
net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).
net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
net: wan/lmc: unregister device when no matching device is found (git-fixes).
platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).
platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).
PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).
powerpc/sstep: Fix darn emulation (bsc#1156395).
powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)
scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).
smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).
USB: cdc-acm: downgrade message to debug (git-fixes).
USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).
USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).
USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).
x86/ioapic: Ignore IRQ2 again (bsc#1152489).
x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489).
xen/events: fix setting irq affinity (bsc#1184583).

ID

SUSE-SU-2021:1301-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2021/suse-su-20211301-1/

Published

2021-04-21T12:30:05
(3 years ago)

Modified

2021-04-21T12:30:05
(3 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1301-1.json
Suse	URL for SUSE-SU-2021:1301-1	https://www.suse.com/support/update/announcement/2021/suse-su-20211301-1/
Suse	E-Mail link for SUSE-SU-2021:1301-1	https://lists.suse.com/pipermail/sle-security-updates/2021-April/008670.html
Bugzilla	SUSE Bug 1047233	https://bugzilla.suse.com/1047233
Bugzilla	SUSE Bug 1065729	https://bugzilla.suse.com/1065729
Bugzilla	SUSE Bug 1113295	https://bugzilla.suse.com/1113295
Bugzilla	SUSE Bug 1152489	https://bugzilla.suse.com/1152489
Bugzilla	SUSE Bug 1154353	https://bugzilla.suse.com/1154353
Bugzilla	SUSE Bug 1155518	https://bugzilla.suse.com/1155518
Bugzilla	SUSE Bug 1156395	https://bugzilla.suse.com/1156395
Bugzilla	SUSE Bug 1178181	https://bugzilla.suse.com/1178181
Bugzilla	SUSE Bug 1181507	https://bugzilla.suse.com/1181507
Bugzilla	SUSE Bug 1183405	https://bugzilla.suse.com/1183405
Bugzilla	SUSE Bug 1184074	https://bugzilla.suse.com/1184074
Bugzilla	SUSE Bug 1184120	https://bugzilla.suse.com/1184120
Bugzilla	SUSE Bug 1184194	https://bugzilla.suse.com/1184194
Bugzilla	SUSE Bug 1184211	https://bugzilla.suse.com/1184211
Bugzilla	SUSE Bug 1184388	https://bugzilla.suse.com/1184388
Bugzilla	SUSE Bug 1184391	https://bugzilla.suse.com/1184391
Bugzilla	SUSE Bug 1184393	https://bugzilla.suse.com/1184393
Bugzilla	SUSE Bug 1184509	https://bugzilla.suse.com/1184509
Bugzilla	SUSE Bug 1184511	https://bugzilla.suse.com/1184511
Bugzilla	SUSE Bug 1184512	https://bugzilla.suse.com/1184512
Bugzilla	SUSE Bug 1184514	https://bugzilla.suse.com/1184514
Bugzilla	SUSE Bug 1184583	https://bugzilla.suse.com/1184583
Bugzilla	SUSE Bug 1184647	https://bugzilla.suse.com/1184647
CVE	SUSE CVE CVE-2020-25670 page	https://www.suse.com/security/cve/CVE-2020-25670/
CVE	SUSE CVE CVE-2020-25671 page	https://www.suse.com/security/cve/CVE-2020-25671/
CVE	SUSE CVE CVE-2020-25672 page	https://www.suse.com/security/cve/CVE-2020-25672/
CVE	SUSE CVE CVE-2020-25673 page	https://www.suse.com/security/cve/CVE-2020-25673/
CVE	SUSE CVE CVE-2020-36310 page	https://www.suse.com/security/cve/CVE-2020-36310/
CVE	SUSE CVE CVE-2020-36311 page	https://www.suse.com/security/cve/CVE-2020-36311/
CVE	SUSE CVE CVE-2020-36312 page	https://www.suse.com/security/cve/CVE-2020-36312/
CVE	SUSE CVE CVE-2021-28950 page	https://www.suse.com/security/cve/CVE-2021-28950/
CVE	SUSE CVE CVE-2021-29154 page	https://www.suse.com/security/cve/CVE-2021-29154/
CVE	SUSE CVE CVE-2021-30002 page	https://www.suse.com/security/cve/CVE-2021-30002/
CVE	SUSE CVE CVE-2021-3483 page	https://www.suse.com/security/cve/CVE-2021-3483/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date