openSUSE-SU-2021:1357-1: important: Security update for the Linux Kernel

15 Oct 2021

      openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:1357-1
Rating:             important
References:         #1065729 #1148868 #1152489 #1154353 #1159886 
                    #1167773 #1170774 #1173746 #1176940 #1184439 
                    #1184804 #1185302 #1185677 #1185726 #1185762 
                    #1187167 #1188067 #1188651 #1188986 #1189297 
                    #1189841 #1189884 #1190023 #1190062 #1190115 
                    #1190159 #1190358 #1190406 #1190467 #1190523 
                    #1190534 #1190543 #1190576 #1190595 #1190596 
                    #1190598 #1190620 #1190626 #1190679 #1190705 
                    #1190717 #1190746 #1190758 #1190784 #1190785 
                    #1191172 #1191193 #1191240 #1191292 
Cross-References:   CVE-2020-3702 CVE-2021-3669 CVE-2021-3744
                    CVE-2021-3752 CVE-2021-3764 CVE-2021-40490

CVSS scores:
                    CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3669 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3744 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3764 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 43 fixes is
   now available.

Description:

   The openSUSE Leap 15.2 kernel was updated to receive various security and
   bugfixes.

   The following security bugs were fixed:

   - CVE-2020-3702: Specifically timed and handcrafted traffic can cause
     internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
     encryption with a consequent possibility of information disclosure over
     the air for a discrete set of traffic (bnc#1191193).
   - CVE-2021-3669: Fixed a denial of service to replace costly bailout check
     in sysvipc_find_ipc() (bsc#1159886 bsc#1188986).
   - CVE-2021-3752: Fixed a use-after-free  uaf bug in bluetooth
     (bsc#1190023).
   - CVE-2021-40490: A race condition was discovered in
     ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in
     the Linux kernel (bnc#1190159)
   - CVE-2021-3744, CVE-2021-3764: Fixed some resource leaks in the ccp
     driver ccp_run_aes_gcm_cmd() (bsc#1189884 bsc#1190534).

   The following non-security bugs were fixed:

   - ALSA: firewire-motu: fix truncated bytes in message tracepoints
     (git-fixes).
   - apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
   - ASoC: fsl_micfil: register platform component before registering cpu dai
     (git-fixes).
   - ASoC: mediatek: common: handle NULL case in suspend/resume function
     (git-fixes).
   - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
   - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
   - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
   - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
   - ath9k: fix sleeping in atomic context (git-fixes).
   - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
   - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
   - blk-mq: mark if one queue map uses managed irq (bsc#1185762).
   - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
   - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
   - bnxt: count Tx drops (git-fixes).
   - bnxt: disable napi before canceling DIM (git-fixes).
   - bnxt: do not lock the tx queue from napi poll (git-fixes).
   - bnxt_en: Add missing DMA memory barriers (git-fixes).
   - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
   - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
   - bnxt_en: Store the running firmware version code (git-fixes).
   - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
   - btrfs: prevent rename2 from exchanging a subvol with a directory from
     different parents (bsc#1190626).
   - clk: at91: clk-generated: Limit the requested rate to our range
     (git-fixes).
   - clk: at91: clk-generated: pass the id of changeable parent at
     registration (git-fixes).
   - console: consume APC, DM, DCS (git-fixes).
   - cuse: fix broken release (bsc#1190596).
   - cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
   - debugfs: Return error during {full/open}_proxy_open() on rmmod
     (bsc#1173746).
   - devlink: Break parameter notification sequence to be before/after
     unload/load driver (bsc#1154353).
   - dmaengine: ioat: depends on !UML (git-fixes).
   - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
   - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
   - docs: Fix infiniband uverbs minor number (git-fixes).
   - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in
     amdgpu_dm_update_backlight_caps (git-fixes).
   - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in
     hex (git-fixes).
   - drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
   - drm/amdgpu: Fix BUG_ON assert (git-fixes).
   - drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
   - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
   - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
   - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
   - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
   - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
   - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
   - EDAC/synopsys: Fix wrong value type assignment for edac_mode
     (bsc#1152489).
   - erofs: fix up erofs_lookup tracepoint (git-fixes).
   - fbmem: do not allow too huge resolutions (git-fixes).
   - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
     (git-fixes).
   - fpga: machxo2-spi: Return an error on failure (git-fixes).
   - fuse: flush extending writes (bsc#1190595).
   - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
   - genirq: add device_has_managed_msi_irq (bsc#1185762).
   - gpio: uniphier: Fix void functions to remove return value (git-fixes).
   - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
     access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
   - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
   - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779,
     bsc#1185726).
   - hv_netvsc: Make netvsc/VF binding check both MAC and serial number
     (jsc#SLE-18779, bsc#1185726).
   - hwmon: (mlxreg-fan) Return non-zero value when fan current state is
     enforced from sysfs (git-fixes).
   - hwmon: (tmp421) fix rounding for negative values (git-fixes).
   - hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
   - i40e: Add additional info to PHY type error (git-fixes).
   - i40e: Fix firmware LLDP agent related warning (git-fixes).
   - i40e: Fix logic of disabling queues (git-fixes).
   - i40e: Fix log TC creation failure when max num of queues is exceeded
     (git-fixes).
   - i40e: Fix queue-to-TC mapping on Tx (git-fixes).
   - iavf: Fix ping is lost after untrusted VF had tried to change MAC
     (jsc#SLE-7940).
   - iavf: Set RSS LUT and key in reset handle path (git-fixes).
   - ibmvnic: check failover_pending in login response (bsc#1190523
     ltc#194510).
   - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
     ltc#191943).
   - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
   - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
   - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
   - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
   - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
   - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
   - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
   - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
   - ice: Prevent probing virtual functions (git-fixes).
   - iio: dac: ad5624r: Fix incorrect handling of an optional regulator
     (git-fixes).
   - include/linux/list.h: add a macro to test if entry is pointing to the
     head (git-fixes).
   - iomap: Fix negative assignment to unsigned sis->pages in
     iomap_swapfile_activate (bsc#1190784).
   - ionic: cleanly release devlink instance (bsc#1167773).
   - ionic: count csum_none when offload enabled (bsc#1167773).
   - ipc: remove memcg accounting for sops objects in do_semtimedop()
     (bsc#1190115).
   - ipc/util.c: use binary search for max_idx (bsc#1159886).
   - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
   - ipvs: avoid expiring many connections from timer (bsc#1190467).
   - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
   - ipvs: queue delayed work to expire no destination connections if
     expire_nodest_conn=1 (bsc#1190467).
   - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
     (git-fixes).
   - kernel-binary.spec: Check for no kernel signing certificates. Also
     remove unused variable.
   - kernel-binary.spec: Do not fail silently when KMP is empty
     (bsc#1190358). Copy the code from kernel-module-subpackage that deals
     with empty KMPs.
   - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
     bsc#1191240 ltc#194716).
   - kernel-binary.spec.in Stop templating the scriptlets for subpackages
     (bsc#1190358).
   - libata: fix ata_host_start() (git-fixes).
   - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
   - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
   - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
   - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
     (git-fixes).
   - mac80211: mesh: fix potentially unaligned access (git-fixes).
   - media: cedrus: Fix SUNXI tile size calculation (git-fixes).
   - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
     (git-fixes).
   - media: dib8000: rewrite the init prbs logic (git-fixes).
   - media: imx258: Limit the max analogue gain to 480 (git-fixes).
   - media: imx258: Rectify mismatch of VTS value (git-fixes).
   - media: rc-loopback: return number of emitters rather than error
     (git-fixes).
   - media: TDA1997x: fix tda1997x_query_dv_timings() return value
     (git-fixes).
   - media: uvc: do not do DMA on stack (git-fixes).
   - media: v4l2-dv-timings.c: fix wrong condition in two for-loops
     (git-fixes).
   - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
   - mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
   - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
   - mmc: core: Return correct emmc response in case of ioctl error
     (git-fixes).
   - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
   - mmc: sdhci-of-arasan: Check return value of non-void funtions
     (git-fixes).
   - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
   - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
     (bsc#1190062).
   - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)
     (jsc#SLE-18779, bsc#1185726).
   - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
   - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779,
     bsc#1185726).
   - net: mana: Fix a memory leak in an error handling path in
     (jsc#SLE-18779, bsc#1185726).
   - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
   - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
   - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779,
     bsc#1185726).
   - net: mana: remove redundant initialization of variable err
     (jsc#SLE-18779, bsc#1185726).
   - net: mana: Use int to check the return value of mana_gd_poll_cq()
     (jsc#SLE-18779, bsc#1185726).
   - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
   - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
   - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
   - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
   - net/mlx5: E-Switch, handle devcom events only for ports on the same
     device (git-fixes).
   - net/mlx5: Fix flow table chaining (git-fixes).
   - net/mlx5: Fix return value from tracer initialization (git-fixes).
   - net/mlx5: Unload device upon firmware fatal error (git-fixes).
   - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
   - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
   - nfp: update ethtool reporting of pauseframe control (git-fixes).
   - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
   - NFS: do not store 'struct cred *' in struct nfs_access_entry
     (bsc#1190746).
   - NFS: pass cred explicitly for access tests (bsc#1190746).
   - nvme: avoid race in shutdown namespace removal (bsc#1188067).
   - nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
   - parport: remove non-zero check on count (git-fixes).
   - PCI: aardvark: Fix checking for PIO status (git-fixes).
   - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
     (git-fixes).
   - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO
     response (git-fixes).
   - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
   - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
   - PCI: Add AMD GPU multi-function power dependencies (git-fixes).
   - PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
   - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
   - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
   - PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
   - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
     (git-fixes).
   - PCI: Use pci_update_current_state() in pci_enable_device_flags()
     (git-fixes).
   - PM: base: power: do not try to use non-existing RTC for storing data
     (git-fixes).
   - PM: EM: Increase energy calculation precision (git-fixes).
   - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
   - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
     ltc#194523).
   - powerpc: fix function annotations to avoid section mismatch warnings
     with gcc-10 (bsc#1148868).
   - powerpc/perf: Drop the case of returning 0 as instruction pointer
     (bsc#1065729).
   - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not
     set (bsc#1065729).
   - powerpc/perf: Fix the check for SIAR value (bsc#1065729).
   - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
   - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
   - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
   - powerpc/perf: Use the address from SIAR register to set cpumode flags
     (bsc#1065729).
   - powerpc/powernv: Fix machine check reporting of async store errors
     (bsc#1065729).
   - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
   - powerpc/pseries: Prevent free CPU ids being reused on another node
     (bsc#1190620 ltc#194498).
   - power: supply: axp288_fuel_gauge: Report register-address on readb /
     writeb errors (git-fixes).
   - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
   - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
   - pwm: img: Do not modify HW state in .remove() callback (git-fixes).
   - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
   - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
   - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
   - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
     (bsc#1170774).
   - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
   - regmap: fix page selection for noinc reads (git-fixes).
   - regmap: fix page selection for noinc writes (git-fixes).
   - regmap: fix the offset of register error log (git-fixes).
   - Restore kabi after NFS: pass cred explicitly for access tests
     (bsc#1190746).
   - rpm: Abolish scritplet templating (bsc#1189841).
   - rtc: rx8010: select REGMAP_I2C (git-fixes).
   - rtc: tps65910: Correct driver module alias (git-fixes).
   - s390/unwind: use current_frame_address() to unwind current task
     (bsc#1185677).
   - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
   - scsi: core: Add helper to return number of logical blocks in a request
     (bsc#1190576).
   - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
   - scsi: fc: Add EDC ELS definition (bsc#1190576).
   - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
   - scsi: lpfc: Add bsg support for retrieving adapter cmf data
     (bsc#1190576).
   - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
   - scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
   - scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
   - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
   - scsi: lpfc: Add EDC ELS support (bsc#1190576).
   - scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
   - scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
   - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to
     firmware (bsc#1190576).
   - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
   - scsi: lpfc: Add support for maintaining the cm statistics buffer
     (bsc#1190576).
   - scsi: lpfc: Add support for the CM framework (bsc#1190576).
   - scsi: lpfc: Adjust bytes received vales during cmf timer interval
     (bsc#1190576).
   - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
   - scsi: lpfc: Do not release final kref on Fport node while ABTS
     outstanding (bsc#1190576).
   - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
   - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
   - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS
     (bsc#1190576).
   - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing
     (bsc#1190576).
   - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
   - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
     (bsc#1190576).
   - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
   - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
   - scsi: lpfc: Fix I/O block after enabling managed congestion mode
     (bsc#1190576).
   - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
   - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
   - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT
     (bsc#1190576).
   - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
   - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
     (bsc#1190576).
   - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
   - scsi: lpfc: Remove unneeded variable (bsc#1190576).
   - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
   - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
   - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
   - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190576).
   - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
   - scsi: lpfc: Zero CGN stats only during initial driver load and stat
     reset (bsc#1190576).
   - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
   - serial: 8250: Define RX trigger levels for OxSemi 950 devices
     (git-fixes).
   - serial: 8250_pci: make setup_port() parameters explicitly unsigned
     (git-fixes).
   - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
   - serial: sh-sci: fix break handling for sysrq (git-fixes).
   - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
   - staging: board: Fix uninitialized spinlock when attaching genpd
     (git-fixes).
   - staging: ks7010: Fix the initialization of the 'sleep_status' structure
     (git-fixes).
   - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
   - thermal/core: Potential buffer overflow in
     thermal_build_list_of_policies() (git-fixes).
   - time: Handle negative seconds correctly in timespec64_to_ns()
     (git-fixes).
   - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
   - tty: serial: jsm: hold port lock when reporting modem line changes
     (git-fixes).
   - tty: synclink_gt, drop unneeded forward declarations (git-fixes).
   - usb: core: hcd: Add support for deferring roothub registration
     (git-fixes).
   - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails
     (git-fixes).
   - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
   - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
   - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
     (git-fixes).
   - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
     (git-fixes).
   - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
   - usb: gadget: u_ether: fix a potential null pointer dereference
     (git-fixes).
   - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
   - usb: host: fotg210: fix the endpoint's transactional opportunities
     calculation (git-fixes).
   - usbip: give back URBs for unsent unlink requests during cleanup
     (git-fixes).
   - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
   - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
   - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
     (git-fixes).
   - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
     (git-fixes).
   - USB: serial: option: add device id for Foxconn T99W265 (git-fixes).
   - USB: serial: option: add Telit LN920 compositions (git-fixes).
   - USB: serial: option: remove duplicate USB device ID (git-fixes).
   - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
     (git-fixes).
   - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
     (git-fixes).
   - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
   - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
   - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
   - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
   - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
   - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
   - vmxnet3: prepare for version 6 changes (bsc#1190406).
   - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
   - vmxnet3: set correct hash type based on rss information (bsc#1190406).
   - vmxnet3: update to version 6 (bsc#1190406).
   - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
     (git-fixes).
   - x86/alternatives: Teach text_poke_bp() to emulate instructions
     (bsc#1185302).
   - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
   - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
   - x86/mm: Fix kern_addr_valid() to cope with existing but not present
     entries (bsc#1152489).
   - x86/resctrl: Fix a maybe-uninitialized build warning treated as error
     (bsc#1152489).
   - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
   - xfs: allow mount/remount when stripe width alignment is zero
     (bsc#1188651).
   - xfs: sync lazy sb accounting on quiesce of read-only mounts
     (bsc#1190679).
   - xgene-v2: Fix a resource leak in the error handling path of
     'xge_probe()' (git-fixes).
   - xhci: Set HCD flag to defer primary roothub registration (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-1357=1

Package List:

   - openSUSE Leap 15.2 (noarch):

      kernel-devel-5.3.18-lp152.95.1
      kernel-docs-5.3.18-lp152.95.1
      kernel-docs-html-5.3.18-lp152.95.1
      kernel-macros-5.3.18-lp152.95.1
      kernel-source-5.3.18-lp152.95.1
      kernel-source-vanilla-5.3.18-lp152.95.1

   - openSUSE Leap 15.2 (x86_64):

      kernel-debug-5.3.18-lp152.95.1
      kernel-debug-debuginfo-5.3.18-lp152.95.1
      kernel-debug-debugsource-5.3.18-lp152.95.1
      kernel-debug-devel-5.3.18-lp152.95.1
      kernel-debug-devel-debuginfo-5.3.18-lp152.95.1
      kernel-default-5.3.18-lp152.95.1
      kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1
      kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1
      kernel-default-debuginfo-5.3.18-lp152.95.1
      kernel-default-debugsource-5.3.18-lp152.95.1
      kernel-default-devel-5.3.18-lp152.95.1
      kernel-default-devel-debuginfo-5.3.18-lp152.95.1
      kernel-kvmsmall-5.3.18-lp152.95.1
      kernel-kvmsmall-debuginfo-5.3.18-lp152.95.1
      kernel-kvmsmall-debugsource-5.3.18-lp152.95.1
      kernel-kvmsmall-devel-5.3.18-lp152.95.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.95.1
      kernel-obs-build-5.3.18-lp152.95.1
      kernel-obs-build-debugsource-5.3.18-lp152.95.1
      kernel-obs-qa-5.3.18-lp152.95.1
      kernel-preempt-5.3.18-lp152.95.1
      kernel-preempt-debuginfo-5.3.18-lp152.95.1
      kernel-preempt-debugsource-5.3.18-lp152.95.1
      kernel-preempt-devel-5.3.18-lp152.95.1
      kernel-preempt-devel-debuginfo-5.3.18-lp152.95.1
      kernel-syms-5.3.18-lp152.95.1

References:

   https://www.suse.com/security/cve/CVE-2020-3702.html
   https://www.suse.com/security/cve/CVE-2021-3669.html
   https://www.suse.com/security/cve/CVE-2021-3744.html
   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-3764.html
   https://www.suse.com/security/cve/CVE-2021-40490.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1148868
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1159886
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1170774
   https://bugzilla.suse.com/1173746
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1184439
   https://bugzilla.suse.com/1184804
   https://bugzilla.suse.com/1185302
   https://bugzilla.suse.com/1185677
   https://bugzilla.suse.com/1185726
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188067
   https://bugzilla.suse.com/1188651
   https://bugzilla.suse.com/1188986
   https://bugzilla.suse.com/1189297
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1189884
   https://bugzilla.suse.com/1190023
   https://bugzilla.suse.com/1190062
   https://bugzilla.suse.com/1190115
   https://bugzilla.suse.com/1190159
   https://bugzilla.suse.com/1190358
   https://bugzilla.suse.com/1190406
   https://bugzilla.suse.com/1190467
   https://bugzilla.suse.com/1190523
   https://bugzilla.suse.com/1190534
   https://bugzilla.suse.com/1190543
   https://bugzilla.suse.com/1190576
   https://bugzilla.suse.com/1190595
   https://bugzilla.suse.com/1190596
   https://bugzilla.suse.com/1190598
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190626
   https://bugzilla.suse.com/1190679
   https://bugzilla.suse.com/1190705
   https://bugzilla.suse.com/1190717
   https://bugzilla.suse.com/1190746
   https://bugzilla.suse.com/1190758
   https://bugzilla.suse.com/1190784
   https://bugzilla.suse.com/1190785
   https://bugzilla.suse.com/1191172
   https://bugzilla.suse.com/1191193
   https://bugzilla.suse.com/1191240
   https://bugzilla.suse.com/1191292

opensuse-security＠opensuse.org

tags

participants (1)