The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl . - CVE-2020-8694: Restricted energy meter to root access . The following non-security bugs were fixed: - act_ife: load meta modules before tcf_idr_check_alloc . - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n . - ath9k: hif_usb: fix race condition between usb_get_urb and usb_kill_anchored_urbs . - block: Set same_page to false in __bio_try_merge_page if ret is false . - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb . - Bluetooth: Only mark socket zapped after unlocking . - bnxt_en: Protect bnxt_set_eee and bnxt_set_pauseparam with mutex . - bonding: show saner speed for broadcast mode . - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach . - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy . - btrfs: allocate scrub workqueues outside of locks . - btrfs: do not force read-only after error in drop snapshot . - btrfs: drop path before adding new uuid tree entry . - btrfs: fix filesystem corruption after a device replace . - btrfs: fix NULL pointer dereference after failure to create snapshot . - btrfs: fix overflow when copying corrupt csums for a message . - btrfs: fix space cache memory leak after transaction abort . - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks . - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing . - btrfs: set the correct lockdep class for new nodes . - btrfs: set the lockdep class for log tree extent buffers . - can: flexcan: flexcan_chip_stop: add error handling and propagate error value . - ceph: promote to unsigned long long before shifting . - crypto: ccp - fix error handling . - cxgb4: fix memory leak during module unload . - cxgb4: Fix offset when clearing filter byte counters . - Disable ipa-clones dump for KMP builds The feature is not really useful for KMP, and rather confusing, so let"s disable it at building out-of-tree codes - Disable module compression on SLE15 SP2 - dmaengine: dw: Activate FIFO-mode for memory peripherals only . - eeprom: at25: set minimum read/write access stride to 1 . - futex: Adjust absolute futex timeouts with per time namespace offset . - futex: Consistently use fshared as boolean . - futex: Fix incorrect should_fail_futex handling . - futex: Remove put_futex_key . - futex: Remove unused or redundant includes . - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY . - gtp: add GTPA_LINK info to msg sent to userspace . - HID: ite: Add USB id match for Acer One S1003 keyboard dock . - ibmveth: Identify ingress large send packets . - ibmvnic: fix ibmvnic_set_mac . - icmp: randomize the global rate limiter . - ip: fix tos reflection in ack and reset packets . - ipv4: Initialize flowi4_multipath_hash in data path . - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route . - ipv4: Update exception handling for multipath routes via same device . - ipv6: avoid lockdep issue in fib6_del . - ipv6: Fix sysctl max for fib_multipath_hash_policy . - ipvlan: fix device features . - kallsyms: Refactor kallsyms_show_value to take cred . - kbuild: enforce -Werror=return-type . - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages . - libceph: clear con- greater than out_msg on Policy::stateful_server faults . - mac80211: handle lack of sband- greater than bitrates in rates . - mailbox: avoid timer start from callback . - media: ati_remote: sanity check for both endpoints . - media: bdisp: Fix runtime PM imbalance on error . - media: exynos4-is: Fix a reference count leak . - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync . - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync . - media: firewire: fix memory leak . - media: i2c: ov5640: Enable data pins on poweron for DVP mode . - media: i2c: ov5640: Remain in power down for DVP mode unless streaming . - media: i2c: ov5640: Separate out mipi configuration from s_power . - media: media/pci: prevent memory leak in bttv_probe . - media: platform: s3c-camif: Fix runtime PM imbalance on error . - media: platform: sti: hva: Fix runtime PM imbalance on error . - media: rcar_drif: Allocate v4l2_async_subdev dynamically . - media: rcar_drif: Fix fwnode reference leak when parsing DT . - media: saa7134: avoid a shift overflow . - media: st-delta: Fix reference count leak in delta_run_work . - media: sti: Fix reference count leaks . - media: uvcvideo: Ensure all probed info is returned to v4l2 . - media: venus: core: Fix runtime PM imbalance in venus_probe . - media: vsp1: Fix runtime PM imbalance on error . - mic: vop: copy data to kernel space then write to io memory . - misc: rtsx: Fix memory leak in rtsx_pci_probe . - misc: vop: add round_up for vring_size to avoid kernel panic . - mm: fix a race during THP splitting . - mm: madvise: fix vma user-after-free . - mmc: sdio: Check for CISTPL_VERS_1 buffer size . - module: Correctly truncate sysfs sections output . - module: Do not expose section addresses to non-CAP_SYSLOG . - module: Refactor section attr into bin attribute . - module: statically initialize init section freeing data . - mwifiex: do not call del_timer_sync on uninitialized timer . - net/core: check length before updating Ethertype in skb_mpls_{push,pop} . - net/mlx5: Fix FTE cleanup . - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported . - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported . - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments error flow . - net/smc: Prevent kernel-infoleak in __smc_diag_dump . - net: bridge: br_vlan_get_pvid_rcu should dereference the VLAN group under RCU . - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument . - net: disable netpoll on fresh napis . - net: dsa: b53: check for timeout . - net: dsa: rtl8366: Properly clear member config . - net: fec: correct the error path for regulator disable in probe . - net: Fix bridge enslavement failure . - net: Fix potential wrong skb- greater than protocol in skb_vlan_untag . - net: hns: Fix memleak in hns_nic_dev_probe . - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC . - net: lantiq: Disable IRQs only if NAPI gets scheduled . - net: lantiq: Use napi_complete_done . - net: lantiq: use netif_tx_napi_add for TX NAPI . - net: lantiq: Wake TX queue again . - net: phy: Avoid NPD upon phy_detach when driver is unbound . - net: phy: Do not warn in phy_stop on PHY_DOWN . - net: qrtr: fix usage of idr in port assignment to socket . - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant . - net: sctp: Fix negotiation of the number of data streams . - net: systemport: Fix memleak in bcm_sysport_probe . - net: usb: dm9601: Add USB ID of Keenetic Plus DSL . - net: usb: qmi_wwan: add Cellient MPL200 card . - net: usb: rtl8150: set random MAC address when set_ethernet_addr fails . - netlabel: fix problems with mapping removal . - nfp: use correct define to return NONE fec . - PM: hibernate: remove the bogus call to get_gendisk in software_resume . - r8169: fix issue with forced threading in combination with shared interrupts . - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files. - rpm/kernel-module-subpackage: make Group tag optional - rtl8xxxu: prevent potential memory leak . - rtw88: increse the size of rx buffer size . - s390/cio: add cond_resched in the slow_eval_known_fn loop . - s390/dasd: Fix zero write for FBA devices . - scsi: ibmvscsi: Fix potential race after loss of transport . - sctp: not disable bh in the whole sctp_get_port_local . - selftests/timers: Turn off timeout setting . - spi: spi-s3c64xx: Check return values . - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs and s3c64xx_enable_datapath . - taprio: Fix allowing too small intervals . - time: Prevent undefined behaviour in timespec64_to_ns . - tipc: fix memory leak caused by tipc_buf_append . - tipc: Fix memory leak in tipc_group_create_member . - tipc: fix shutdown of connection oriented socket . - tipc: fix shutdown of connectionless socket . - tipc: fix the skb_unshare in tipc_buf_append . - tipc: fix uninit skb- greater than data in tipc_nl_compat_dumpit . - tipc: use skb_unshare instead in tipc_buf_append . - tty: ipwireless: fix error handling . - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char . - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices . - usb: cdc-acm: handle broken union descriptors . - usb: cdc-wdm: Make wdm_flush interruptible and add wdm_fsync . - usb: core: Solve race condition in anchor cleanup functions . - usb: dwc3: simple: add support for Hikey 970 . - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets . - usb: gadget: function: printer: fix use-after-free in __lock_acquire . - usb: ohci: Default to per-port over-current protection . - x86/alternative: Do not call text_poke in lazy TLB mode . - xen/gntdev.c: Mark pages as dirty . - xfs: fix high key handling in the rt allocator"s query_range function . - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files . - xfs: limit entries returned when counting fsmap records . Special Instructions and Notes: Please reboot the system after installing this update.