The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect . - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails . - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space . - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c . - CVE-2020-14416: Fixed a race condition in tty- greater than disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c . - CVE-2020-10768: Fixed an issue with the prctl function, where indirect branch speculation could be enabled even though it was diabled before . - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection . - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack . - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row . - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation . - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm"s module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service . - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation . - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions . - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path . - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head . The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods . - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling . - ACPI: NFIT: Fix unlock on error in scrub_show . - ACPI: PM: Avoid using power resources if there are none for D0 . - ACPI: sysfs: Fix pm_profile_attr type . - ACPI: video: Use native backlight on Acer Aspire 5783z . - ACPI: video: Use native backlight on Acer TravelMate 5735Z . - ALSA: es1688: Add the missed snd_card_free . - ALSA: hda: Add ElkhartLake HDMI codec vid . - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up . - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio . - ALSA: hda - let hs_mic be picked ahead of hp_mic . - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines . - ALSA: hda/realtek - Add LED class support for micmute LED . - ALSA: hda/realtek - Enable micmute LED on and HP system . - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 . - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO . - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO . - ALSA: lx6464es - add support for LX6464ESe pci express variant . - ALSA: opl3: fix infoleak in opl3 . - ALSA: pcm: disallow linking stream to itself . - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback . - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support . - ALSA: usb-audio: add quirk for MacroSilicon MS2109 . - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock . - ALSA: usb-audio: Clean up quirk entries with macros . - ALSA: usb-audio: Fix inconsistent card PM state after resume . - ALSA: usb-audio: Fix packet size calculation . - ALSA: usb-audio: Fix racy list management in output queue . - ALSA: usb-audio: Improve frames size computation . - ALSA: usb-audio: Manage auto-pm of all bundled interfaces . - ALSA: usb-audio: Use the new macro for HP Dock rename quirks . - amdgpu: a NULL - greater than mm does not mean a thread is a kthread . - arm64: map FDT as RW for early_init_dt_scan . - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb . - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx . - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg . - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb . - ax25: fix setsockopt . - b43: Fix connection problem with WPA3 . - b43_legacy: Fix connection problem with WPA3 . - bcache: Fix an error code in bch_dump_read . - be2net: fix link failure after ethtool offline test . - block: nr_sects_write: Disable preemption on seqcount write . - block: remove QUEUE_FLAG_STACKABLE . - block: sed-opal: fix sparse warning: convert __be64 data . - Bluetooth: Add SCO fallback for invalid LMP parameters error . - bnxt_en: Fix AER reset logic on 57500 chips . - bnxt_en: Fix ethtool selftest crash under error conditions . - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails . - bnxt_en: Fix ipv6 RFS filter matching logic . - bnxt_en: fix NULL dereference in case SR-IOV configuration fails . - bnxt_en: Fix VF anti-spoof filter setup . - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features . - bnxt_en: Improve AER slot reset . - brcmfmac: fix wrong location to get firmware feature . - brcmfmac: Transform compatible string for FW loading . - btrfs: add assertions for tree == inode- greater than io_tree to extent IO helpers . - btrfs: add new helper btrfs_lock_and_flush_ordered_range . - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range . - btrfs: do not zero f_bavail if we have available space . - btrfs: do not zero f_bavail if we have available space . - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range . - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range . - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof . - btrfs: fix hang on snapshot creation after RWF_NOWAIT write . - btrfs: fix RWF_NOWAIT write not failling when we need to cow . - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO . - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable . - btrfs: Return EAGAIN if we can"t start no snpashot write in check_can_nocow . - btrfs: use correct count in btrfs_file_write_iter . - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range . - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate . - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads . - carl9170: remove P2P_GO support . - CDC-ACM: heed quirk also in error handling . - ceph: convert mdsc- greater than cap_dirty to a per-session list . - ceph: request expedited service on session"s last cap flush . - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages . - char/random: Add a newline at the end of the file . - cifs: get rid of unused parameter in reconn_setup_dfs_targets . - cifs: handle hostnames that resolve to same ip in failover . - cifs: set up next DFS target before generic_ip_connect . - clk: bcm2835: Fix return type of bcm2835_register_gate . - clk: clk-flexgen: fix clock-critical handling . - clk: sunxi: Fix incorrect usage of round_down . - clocksource: dw_apb_timer: Make CPU-affiliation being optional . - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE . - compat_ioctl: block: handle Persistent Reservations . - copy_{to,from}_user: consolidate object size checks . - crypto: algboss - do not wait during notifier callback . - crypto: algif_skcipher - Cap recv SG list at ctx- greater than used . - crypto: caam - update xts sector size for large input length . - crypto: cavium/nitrox - Fix "nitrox_get_first_device" when ndevlist is fully iterated . - crypto: cavium/nitrox - Fix "nitrox_get_first_device" when ndevlist is fully iterated . - Crypto/chcr: fix for ccm failed test . - crypto: chelsio/chtls: properly set tp- greater than lsndtime . - crypto: talitos - fix IPsec cipher in length . - crypto: talitos - reorder code in talitos_edesc_alloc . - debugfs: Check module state before warning in {full/open}_proxy_open . - devinet: fix memleak in inetdev_init . - dmaengine: tegra210-adma: Fix an error handling path in "tegra_adma_probe" . - dm btree: increase rebalance threshold in __rebalance2 . - dm cache: fix a crash due to incorrect work item cancelling . - dm crypt: fix benbi IV constructor crash if used in authenticated mode . - dm: fix potential for q- greater than make_request_fn NULL pointer . - dm space map common: fix to ensure new block isn"t already in use . - dm: various cleanups to md- greater than queue initialization code . - dm verity fec: fix hash block number in verity_fec_decode . - dm verity fec: fix memory leak in verity_fec_dtr . - dpaa_eth: fix usage as DSA master, try 3 . - driver-core, libnvdimm: Let device subsystems add local lockdep coverage . - Drivers: hv: Change flag to write log level in panic msg to false . - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static . - drm: amd/display: fix Kconfig help text * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates . - drm/dp_mst: Increase ACT retry timeout to 3s * context changes - drm: encoder_slave: fix refcouting error for modules . - drm: encoder_slave: fix refcouting error for modules - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser . - drm/mediatek: Check plane visibility in atomic_update * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init . - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel . - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 . - drm/qxl: Use correct notify port address when creating cursor ring - drm/radeon: fix double free - drm/radeon: fix fb_div check in ni_init_smc_spll_table - drm/sun4i: hdmi ddc clk: Fix size of m divider . - drm/tegra: hub: Do not enable orphaned window group . - drm/vkms: Hold gem object while still in-use * context changes - e1000: Distribute switch variables for initialization . - e1000e: Disable TSO for buffer overrun workaround . - e1000e: Do not wake up the system via WOL if device wakeup is disabled . - e1000e: Relax condition to trigger reset for ME workaround . - EDAC/amd64: Read back the scrub rate PCI register on F15h . - efi/random: Increase size of firmware supplied randomness . - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness . - efi: READ_ONCE rng seed size before munmap . - efi: Reorder pr_notice with add_device_randomness call . - evm: Check also if *tfm is an error pointer in init_desc . - evm: Fix a small race in init_desc . - ext4: fix a data race at inode- greater than i_blocks . - ext4: fix partial cluster initialization when splitting extent . - ext4: fix race between ext4_sync_parent and rename . - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers . - extcon: adc-jack: Fix an error handling path in "adc_jack_probe" . - fanotify: fix ignore mask logic for events on child and on dir . - fdt: add support for rng-seed . - fdt: Update CRC check for rng-seed . - firmware: imx: scu: Fix corruption of header . - firmware: imx: scu: Fix possible memory leak in imx_scu_probe . - Fix boot crash with MD - fix multiplication overflow in copy_fdtable . - fpga: dfl: afu: Corrected error handling levels . - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks . - gpiolib: Document that GPIO line names are not globally unique . - gpu: host1x: Detach driver on unregister . - gpu: ipu-v3: pre: do not trigger update if buffer address does not change . - HID: magicmouse: do not set up autorepeat . - HID: sony: Fix for broken buttons on DS3 USB dongles . - hv_netvsc: Fix netvsc_start_xmit"s return type . - hwmon: Fix potential memory leak in acpi_power_meter_add . - hwmon: fix unable to change fan pwm1_enable attribute . - hwmon: Make sure the OVERT mask is set correctly . - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 . - i2c: eg20t: Load module automatically if ID matches . - i2c: mlxcpld: check correct size of maximum RECV_LEN packet . - i40e: reduce stack usage in i40e_set_fc . - IB/hfi1: Do not destroy hfi1_wq when the device is shut down . - IB/hfi1: Do not destroy link_wq when the device is shut down . - ibmveth: Fix max MTU limit . - ibmvnic: continue to init in CRQ reset returns H_CLOSED . - ibmvnic: Flush existing work items before device removal . - ibmvnic: Harden device login requests . - iio: buffer: Do not allow buffers without any channels enabled to be activated . - iio:health:afe4404 Fix timestamp alignment and prevent data leak . - iio:humidity:hdc100x Fix alignment and data leak issues . - iio:magnetometer:ak8974: Fix alignment and data leak issues . - iio: mma8452: Add missed iio_device_unregister call in mma8452_probe . - iio: pressure: bmp280: Tolerate IRQ before registering . - iio:pressure:ms5611 Fix buffer element alignment . - iio: pressure: zpa2326: handle pm_runtime_get_sync failure . - ima: Directly assign the ima_default_policy pointer to ima_rules . - ima: Fix ima digest hash table key calculation . - include/asm-generic/topology.h: guard cpumask_of_node macro argument . - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list . - input: i8042 - Remove special PowerPC handling . - Input: synaptics - add a second working PNP_ID for Lenovo T470s . - intel_idle: Graceful probe failure when MWAIT is disabled . - intel_th: Fix a NULL dereference when hub driver is not loaded . - ipvlan: call dev_change_flags when ipvlan mode is reset . - ixgbevf: Remove limit of 10 entries for unicast filter list . - jbd2: avoid leaking transaction credits when unreserving handle . - jbd2: Preserve kABI when adding j_abort_mutex . - kabi: hv: prevent struct device_node to become defined . - kabi: ppc64le: prevent struct dma_map_ops to become defined . - kABI: protect struct mlx5_cmd_work_ent . - kABI: reintroduce inet_hashtables.h include to l2tp_ip . - kernfs: fix barrier usage in __kernfs_new_node . - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS . - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 . - KVM: x86: Fix APIC page invalidation race . - kvm: x86: Fix L1TF mitigation for shadow MMU . - KVM: x86/mmu: Set mmio_value to "0" if reserved #PF can"t be generated . - KVM: x86: only do L1TF workaround on affected processors . - l2tp: add sk_family checks to l2tp_validate_socket . - l2tp: do not use inet_hash/inet_unhash . - libceph: do not omit recovery_deletes in target_copy . - libceph: ignore pool overlay and cache logic on redirects . - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle ABBA deadlock . - libnvdimm/bus: Prepare the nd_ioctl path to be re-entrant . - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl . - libnvdimm: cover up changes in struct nvdimm_bus . - libnvdimm: cover up nd_pfn_sb changes . - libnvdimm/dax: Pick the right alignment default when creating dax devices . - libnvdimm/label: Remove the dpa align check . - libnvdimm/of_pmem: Provide a unique name for bus provider . - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change . - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock . - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid . - libnvdimm/pmem: Advance namespace seed for specific probe errors . - libnvdimm/region: Initialize bad block for volatile namespaces . - libnvdimm/region: Rewrite _probe_success to _advance_seeds . - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check . - livepatch: Apply vmlinux-specific KLP relocations early . - livepatch: Disallow vmlinux.ko . - livepatch: Make klp_apply_object_relocs static . - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols . - livepatch: Remove .klp.arch . - loop: replace kill_bdev with invalidate_bdev . - lpfc_debugfs: get rid of pointless access_ok . - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo . - mac80211: add option for setting control flags . - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX . - mailbox: imx: Disable the clock on devm_mbox_controller_register failure . - md: Avoid namespace collision with bitmap API . - mdraid: fix read/write bytes accounting . - md: use memalloc scope APIs in mddev_suspend/mddev_resume (git-fixes(bsc#1111666git-fixes(git-fixes(git-fixesnetworking-stable-20_05_12git-fixes(git-fixes(git-fixesgit-fixes(git-fixes(git-fixesgit-fixes(bsc#1111666(bsc#1111666(bsc#1051510bsc#1111666bsc#1111666(git-fixesnetworking-stable-20_06_07networking-stable-20_06_07(git-fixes(networking-stable-20_05_16networking-stable-20_05_27git-fixes(git-fixesgit-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixesgit-fixes(git-fixesgit-fixes((git-fixes(git-fixes((git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(bsc#1169795(git-fixesnetworking-stable-20_05_16networking-stable-20_05_27networking-stable-20_05_27git-fixesnetworking-stable-20_05_12(git-fixes(git-fixes(networking-stable-20_05_12networking-stable-20_05_27(git-fixesgit-fixes(git-fixes(git-fixes((git-fixesnetworking-stable-20_05_27networking-stable-20_05_12(networking-stable-20_06_07networking-stable-20_05_12git-fixesgit-fixesnetworking-stable-20_05_16networking-stable-20_05_16git-fixes(git-fixes(git-fixes(networking-stable-20_05_27((networking-stable-20_05_27networking-stable-20_05_27networking-stable-20_05_12(networking-stable-20_05_12(networking-stable-20_05_12(networking-stable-20_05_12networking-stable-20_06_07networking-stable-20_06_07((bsc#1172484(git-fixes(bsc#1170592(bsc#1170592(bsc#1173857(bsc#1111666bsc#1170442((bcs#1171558 bsc#1159058bcs#1171558 bsc#1159058(bsc#1158983 bsc#1172538(bsc#1158983 bsc#1172538bsc#1158983 bsc#1172538bsc#1169514(bsc#1169514(bsc#1171841(git fixes(git fixes(bsc#1051510git-fixes(git-fixesbsc#1174356(bsc#1174356((bsc#1051510((bsc#1051510bsc#1111666(bsc#1172871, bsc#1172872(bsc#1172871, bsc#1172872(bsc#1172871, bsc#1172872bsc#1172871, bsc#1172872(bsc#1172871, bsc#1172872(bsc#1172871, bsc#1172872(bsc#1172871, bsc#1172872(git-fixes(git-fixes((git-fixes(bsc#1051510bsc#1051510(bsc#1174356((bsc#1111666(git-fixes(git-fixes(git-fixesgit-fixesgit-fixes(git-fixes((git-fixes((git-fixes((git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixes ((git-fixes((git-fixes((git-fixes ((git-fixes(git-fixes(((git-fixes(git-fixes((git-fixes(git-fixes(git-fixes(git-fixes(git-fixesgit-fixes(git-fixes(git-fixes(git-fixes(git-fixes10h(git-fixesgit-fixes(git-fixes stable(git-fixes(git-fixes stable(git-fixes(git-fixes(git-fixesgit-fixes((git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git-fixes(git fixes(block drivers(block drivers(block drivers