The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact . - CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file. - CVE-2020-14351: Fixed a race condition in the perf_mmap_close function . The following non-security bugs were fixed: - ACPI: Always build evged in . - ACPI: button: fix handling lid state changes when input device closed . - ACPI: configfs: Add missing config_item_put to fix refcount leak . - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs . - ACPI: debug: do not allow debugging when ACPI is disabled . - Add CONFIG_CHECK_CODESIGN_EKU - ALSA: ac97: align argument names . - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK macro . - ALSA: asihpi: fix spellint typo in comments . - ALSA: atmel: ac97: clarify operator precedence . - ALSA: bebob: potential info leak in hwdep_read . - ALSA: compress_offload: remove redundant initialization . - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK macro . - ALSA: core: pcm: simplify locking for timers . - ALSA: core: timer: clarify operator precedence . - ALSA: core: timer: remove redundant assignment . - ALSA: ctl: Workaround for lockdep warning wrt card- greater than ctl_files_rwlock . - ALSA: fireworks: use semicolons rather than commas to separate statements . - ALSA: hda: auto_parser: remove shadowed variable declaration . - ALSA: hda: align function parameters . - ALSA: hda - Do not register a cb func if it is registered already . - ALSA: hda - Fix the return value if cb func is already registered . - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close . - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 . - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 . - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine . - ALSA: hda/realtek - The front Mic on a HP machine does not work . - ALSA: hda: use semicolons rather than commas to separate statements . - ALSA: hdspm: Fix typo arbitary . - ALSA: mixart: Correct comment wrt obsoleted tasklet usage . - ALSA: portman2x4: fix repeated word "if" . - ALSA: rawmidi: align function parameters . - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl . - ALSA: sparc: dbri: fix repeated word "the" . - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 . - ALSA: usb-audio: endpoint.c: fix repeated word "there" . - ALSA: usb-audio: fix spelling mistake "Frequence" - greater than "Frequency" . - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk . - ALSA: usb: scarless_gen2: fix endianness issue . - ALSA: vx: vx_core: clarify operator precedence . - ALSA: vx: vx_pcm: remove redundant assignment . - ASoC: fsl: imx-es8328: add missing put_device call in imx_es8328_probe . - ASoC: fsl_sai: Instantiate snd_soc_dai_driver . - ASoC: qcom: lpass-cpu: fix concurrency issue . - ASoC: qcom: lpass-platform: fix memory leak . - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits . - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation . - ata: sata_rcar: Fix DMA boundary mask . - ath10k: Fix the size used in a "dma_free_coherent" call in an error handling path . - ath10k: provide survey info as accumulated data . - ath6kl: prevent potential array overflow in ath6kl_add_new_sta . - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd . - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb . - ath9k_htc: Use appropriate rs_datalen type . - backlight: sky81452-backlight: Fix refcount imbalance on error . - blk-mq: order adding requests to hctx- greater than dispatch and checking SCHED_RESTART . - block: ensure bdi- greater than io_pages is always initialized . - block: Fix page_is_mergeable for compound pages . - Bluetooth: hci_uart: Cancel init work before unregistering . - Bluetooth: MGMT: Fix not checking if BT_HS is enabled . - brcmfmac: check ndev pointer . - btrfs: add owner and fs_info to alloc_state io_tree . - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations . - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode . - btrfs: tree-checker: fix false alert caused by legacy btrfs root item . - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused . - can: flexcan: remove ack_grp and ack_bit handling from driver . - can: softing: softing_card_shutdown: add braces around empty body in an "if" statement . - clk: at91: clk-main: update key before writing AT91_CKGR_MOR . - clk: at91: remove the checking of parent_name . - clk: bcm2835: add missing release if devm_clk_hw_register fails . - clk: imx8mq: Fix usdhc parents order . - clk: keystone: sci-clk: fix parsing assigned-clock data during probe . - clk: meson: g12a: mark fclk_div2 as critical . - clk: qcom: gcc-sdm660: Fix wrong parent_map . - cxl: Rework error message for incompatible slots . - dax: Fix compilation for CONFIG_DAX !CONFIG_FS_DAX . - dma-direct: add missing set_memory_decrypted for coherent mapping . - dma-direct: always align allocation size in dma_direct_alloc_pages . - dma-direct: atomic allocations must come from atomic coherent pools . - dma-direct: check return value when encrypting or decrypting memory . - dma-direct: consolidate the error handling in dma_direct_alloc_pages . - dma-direct: make uncached_kernel_address more general . - dma-direct: provide function to check physical memory area validity . - dma-direct: provide mmap and get_sgtable method overrides . - dma-direct: re-encrypt memory if dma_direct_alloc_pages fails . - dma-direct: remove __dma_direct_free_pages . - dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages . - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status . - dmaengine: dmatest: Check list for emptiness before access its last entry . - dma-mapping: add a dma_can_mmap helper . - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap . - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR . - dma-mapping: make dma_atomic_pool_init self-contained . - dma-mapping: merge the generic remapping helpers into dma-direct . - dma-mapping: remove arch_dma_mmap_pgprot . - dma-mapping: warn when coherent pool is depleted . - dma-pool: add additional coherent pools to map to gfp mask . - dma-pool: add pool sizes to debugfs . - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL . - dma-pool: do not allocate pool memory from CMA . - dma-pool: dynamically expanding atomic pools . - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand . - dma-pool: fix coherent pool allocations for IOMMU mappings . - dma-pool: fix too large DMA pools on medium memory size systems . - dma-pool: get rid of dma_in_atomic_pool . - dma-pool: introduce dma_guess_pool . - dma-pool: make sure atomic pool suits device . - dma-pool: Only allocate from CMA when in same memory zone . - dma-pool: scale the default DMA coherent pool size with memory capacity . - dma-remap: separate DMA atomic pools from direct remap code . - dm: Call proper helper to determine dax support . - dm/dax: Fix table reference counts . - docs: driver-api: remove a duplicated index entry . - EDAC/i5100: Fix error handling order in i5100_init_one . - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips . - HID: hid-input: fix stylus battery reporting . - HID: roccat: add bounds checking in kone_sysfs_write_settings . - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery . - i2c: core: Restore acpi_walk_dep_device_list getting called after registering the ACPI i2c devs . - i2c: imx: Fix external abort on interrupt in exit paths . - i2c: rcar: Auto select RESET_CONTROLLER . - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo . - i3c: master: Fix error return in cdns_i3c_master_probe . - ibmveth: Switch order of ibmveth_helper calls . - ibmvnic: save changed mac address to adapter- greater than mac_addr . - ibmvnic: set up 200GBPS speed . - ida: Free allocated bitmap in error path . - iio:accel:bma180: Fix use of true when should be iio_shared_by enum . - iio: adc: gyroadc: fix leak of device node iterator . - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling . - iio:adc:ti-adc0832 Fix alignment issue with timestamp . - iio:adc:ti-adc12138 Fix alignment issue with timestamp . - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE . - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak . - iio:light:si1145: Fix timestamp alignment and prevent data leak . - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required . - ima: Do not ignore errors from crypto_shash_update . - ima: Remove semicolon at the end of ima_get_binary_runtime_size . - Input: ati_remote2 - add missing newlines when printing module parameters . - Input: ep93xx_keypad - fix handling of platform_get_irq error . - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume . - Input: omap4-keypad - fix handling of platform_get_irq error . - Input: stmfts - fix a vs typo . - Input: sun4i-ps2 - fix handling of platform_get_irq error . - Input: twl4030_keypad - fix handling of platform_get_irq error . - iomap: Make sure iomap_end is called after iomap_begin . - iommu/vt-d: Gracefully handle DMAR units with no supported address widths . - ipmi_si: Fix wrong return value in try_smi_init . - iwlwifi: mvm: split a print to avoid a WARNING in ROC . - kABI: Fix kABI after add CodeSigning extended key usage . - leds: mt6323: move period calculation . - lib/crc32.c: fix trivial typo in preprocessor condition . - memory: fsl-corenet-cf: Fix handling of platform_get_irq error . - memory: omap-gpmc: Fix a couple off by ones . - memory: omap-gpmc: Fix build error without CONFIG_OF . - mfd: sm501: Fix leaks in probe . - misc: mic: scif: Fix error handling path . - mm: do not panic when links can"t be created in sysfs . - mm: do not rely on system state to detect hot-plug operations . - mm/huge_memory.c: use head to check huge zero page . - mm/mempolicy.c: fix out of bounds write in mpol_parse_str . - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio . - mm/page-writeback.c: improve arithmetic divisions . - mm: replace memmap_context by meminit_context . - mm/rmap: fixup copying of soft dirty and uffd ptes . - mm/zsmalloc.c: fix the migrated zspage statistics . - mtd: lpddr: Fix bad logic in print_drs_error . - mtd: lpddr: fix excessive stack usage with clang . - mtd: mtdoops: Do not write panic data twice . - mtd: rawnand: stm32_fmc2: fix a buffer overflow . - mtd: rawnand: vf610: disable clk on error handling path in probe . - mtd: spinand: gigadevice: Add QE Bit . - mtd: spinand: gigadevice: Only one dummy byte in QUADIO . - mwifiex: Do not use GFP_KERNEL in atomic context . - mwifiex: fix double free . - mwifiex: remove function pointer check . - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO . - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key . - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download . - nl80211: fix non-split wiphy information . - NTB: hw: amd: fix an issue about leak system resources . - ntb: intel: Fix memleak in intel_ntb_pci_probe . - nvme-rdma: fix crash due to incorrect cqe . - nvme-rdma: fix crash when connect rejected . - overflow: Include header file with SIZE_MAX declaration . - PCI: aardvark: Check for errors from pci_bridge_emul_init call . - percpu: fix first chunk size calculation for populated bitmap . - perf/x86/amd: Fix sampling Large Increment per Cycle events . - perf/x86: Fix n_pair for cancelled txn . - pinctrl: mcp23s08: Fix mcp23x17 precious range . - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser . - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification . - platform/x86: mlx-platform: Remove PSU EEPROM configuration . - PM: hibernate: Batch hibernate and resume IO requests . - powerpc/book3s64/radix: Make radix_mem_block_size 64bit . - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation . - powerpc/hwirq: Remove stale forward irq_chip declaration . - powerpc/icp-hv: Fix missing of_node_put in success path . - powerpc/irq: Drop forward declaration of struct irqaction . - powerpc/papr_scm: Fix warning triggered by perf_stats_show . - powerpc/perf/hv-gpci: Fix starting index value . - powerpc/powernv/dump: Fix race while processing OPAL dump . - powerpc/powernv/elog: Fix race while processing OPAL error log event . - powerpc/pseries: Avoid using addr_to_pfn in real mode . - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal . - powerpc/pseries: Fix missing of_node_put in rng_init . - pwm: img: Fix null pointer access in probe . - pwm: lpss: Add range limit check for the base_unit register value . - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare . - qtnfmac: fix resource leaks on unsupported iftype error return path . - r8169: fix operation under forced interrupt threading . - rapidio: fix the missed put_device for rio_mport_add_riodev . - reset: sti: reset-syscfg: fix struct description warnings . - ring-buffer: Return 0 on success from ring_buffer_resize . - rtc: rx8010: do not modify the global rtc ops . - scsi: ibmvfc: Fix error return in ibmvfc_probe . - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations . - slimbus: core: check get_addr before removing laddr ida . - slimbus: core: do not enter to clock pause mode in core . - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback . - soc: fsl: qbman: Fix return value on success . - staging: comedi: check validity of wMaxPacketSize of usb endpoints found . - staging: rtl8192u: Do not use GFP_KERNEL in atomic context . - tracing: Check return value of __create_val_fields before using its result . - tracing: Save normal string variables . - USB: dwc2: Fix INTR OUT transfers in DDMA mode . - USB: dwc2: Fix parameter type in function pointer prototype . - USB: dwc3: core: add phy cleanup for probe error handling . - USB: dwc3: core: do not trigger runtime pm when remove driver . - USB: dwc3: ep0: Fix ZLP for OUT ep0 requests . - USB: dwc3: gadget: Resume pending requests after CLEAR_STALL . - USB: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality . - USB: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above . - USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well . - usblp: fix race between disconnect and read . - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters . - USB: serial: option: add Cellient MPL200 card . - USB: serial: option: Add Telit FT980-KS composition . - USB: serial: pl2303: add device-id for HP GC device . - USB: serial: qcserial: fix altsetting probing . - usb: xhci-mtk: Fix typo . - VMCI: check return value of get_user_pages_fast for errors . - w1: mxc_w1: Fix timeout resolution problem leading to bus error . - watchdog: Fix memleak in watchdog_cdev_register . - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 . - watchdog: Use put_device on error . - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 . - writeback: Avoid skipping inode writeback . - writeback: Fix sync livelock due to b_dirty_time processing . - writeback: Protect inode- greater than i_io_list with inode- greater than i_lock . - X.509: Add CodeSigning extended key usage parsing . - x86/fpu: Allow multiple bits in clearcpuid= parameter . - x86/ioapic: Unbreak check_timer . - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned . - x86/mm: unencrypted non-blocking DMA allocations use coherent pools . - x86/xen: disable Firmware First mode for correctable memory errors . - xen/blkback: use lateeoi irq binding . - xen/events: add a new "late EOI" evtchn framework . - xen/events: add a proper barrier to 2-level uevent unmasking . - xen/events: avoid removing an event channel while handling it . - xen/events: block rogue events for some time . - xen/events: defer eoi in case of excessive number of events . - xen/events: fix race in evtchn_fifo_unmask . - xen/events: switch user event channels to lateeoi model . - xen/events: use a common cpu hotplug hook for event channels . - xen/netback: use lateeoi irq binding . - xen/pciback: use lateeoi irq binding . - xen/pvcallsback: use lateeoi irq binding . - xen/scsiback: use lateeoi irq binding . - xfs: force the log after remapping a synchronous-writes file . - xhci: do not create endpoint debugfs entry before ring buffer is set . Special Instructions and Notes: Please reboot the system after installing this update.