suse-su-2020:2580-1
Vulnerability from csaf_suse
Published
2020-09-09 06:34
Modified
2020-09-09 06:34
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.
The following security bug was fixed:
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- bcache: allocate meta data pages as compound pages (bsc#1172873).
- block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148).
- block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148).
- char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
- dax: do not print error message for non-persistent memory block device (bsc#1171073).
- dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073).
- device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).
- dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).
- drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).
- drm/msm/a6xx: fix crashdec section name typo (git-fixes).
- drm/msm/adreno: fix updating ring fence (git-fixes).
- drm/msm/gpu: make ringbuffer readonly (git-fixes).
- drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
- efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: avoid error message when booting under Xen (bsc#1172419).
- efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267).
- efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111).
- ext4: handle read only external journal device (bsc#1176063).
- felix: Fix initialization of ioremap resources (bsc#1175997).
- Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600).
- infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111).
- kabi: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111).
- kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/
- mei: fix CNL itouch device number to match the spec (bsc#1175952).
- mei: me: disable mei interface on LBG servers (bsc#1175952).
- mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).
- mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes).
- mmc: mediatek: add optional module reset property (git-fixes).
- mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).
- net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).
- net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).
- net: enetc: fix an issue about leak system resources (bsc#1176000).
- net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- PCI: Add device even if driver attach failed (git-fixes).
- PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).
- PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).
- PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes).
- powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).
- powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395).
- regulator: fix memory leak on error path of regulator_register() (git-fixes).
- Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600).
- sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)).
- scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). Replace patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-driver-devloss_tmo.patch with upstream version of the fix.
- scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- sdhci: tegra: Add missing TMCLK for data timeout (git-fixes).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).
- Set VIRTIO_CONSOLE=y (bsc#1175667).
- USB: cdc-acm: rework notification_buffer resizing (git-fixes).
- USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes).
- USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes).
- USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes).
- USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).
- USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).
- USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).
- USB: serial: ftdi_sio: clean up receive processing (git-fixes).
- USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).
- USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).
- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).
- x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600).
- xen/balloon: make the balloon wait interruptible (bsc#1065600).
- xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600).
- xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes).
Patchnames
SUSE-2020-2580,SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2580
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bug was fixed:\n\n- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).\n\nThe following non-security bugs were fixed:\n\n- bcache: allocate meta data pages as compound pages (bsc#1172873).\n- block: check queue\u0027s limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148).\n- block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148).\n- char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).\n- dax: do not print error message for non-persistent memory block device (bsc#1171073).\n- dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073).\n- device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).\n- dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).\n- drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).\n- drm/msm/a6xx: fix crashdec section name typo (git-fixes).\n- drm/msm/adreno: fix updating ring fence (git-fixes).\n- drm/msm/gpu: make ringbuffer readonly (git-fixes).\n- drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).\n- efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111).\n- efi: avoid error message when booting under Xen (bsc#1172419).\n- efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111).\n- efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267).\n- efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111).\n- efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n- efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111).\n- efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n- efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111).\n- ext4: handle read only external journal device (bsc#1176063).\n- felix: Fix initialization of ioremap resources (bsc#1175997).\n- Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600).\n- infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n- integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111).\n- kabi: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111).\n- kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/\n- mei: fix CNL itouch device number to match the spec (bsc#1175952).\n- mei: me: disable mei interface on LBG servers (bsc#1175952).\n- mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).\n- mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes).\n- mmc: mediatek: add optional module reset property (git-fixes).\n- mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).\n- net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).\n- net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).\n- net: enetc: fix an issue about leak system resources (bsc#1176000).\n- net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001).\n- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).\n- PCI: Add device even if driver attach failed (git-fixes).\n- PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).\n- PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).\n- PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes).\n- powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).\n- powerpc/perf: Fix crashes with generic_compat_pmu \u0026 BHRB (bsc#1156395).\n- regulator: fix memory leak on error path of regulator_register() (git-fixes).\n- Revert \u0027xen/balloon: Fix crash when ballooning on x86 32 bit PAE\u0027 (bsc#1065600).\n- sched: Add a tracepoint to track rq-\u003enr_running (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/fair: Remove unused \u0027sd\u0027 parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched: nohz: stop passing around unused \u0027ticks\u0027 parameter (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)).\n- scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n- scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Add description for lpfc_release_rpi()\u0027s \u0027ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). Replace patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-driver-devloss_tmo.patch with upstream version of the fix.\n- scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Provide description for lpfc_mem_alloc()\u0027s \u0027align\u0027 param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Remove unused variable \u0027pg_addr\u0027 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n- sdhci: tegra: Add missing TMCLK for data timeout (git-fixes).\n- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).\n- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).\n- Set VIRTIO_CONSOLE=y (bsc#1175667).\n- USB: cdc-acm: rework notification_buffer resizing (git-fixes).\n- USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes).\n- USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes).\n- USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes).\n- USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).\n- USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).\n- USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).\n- USB: serial: ftdi_sio: clean up receive processing (git-fixes).\n- USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).\n- USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).\n- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).\n- x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n- xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600).\n- xen/balloon: make the balloon wait interruptible (bsc#1065600).\n- xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600).\n- xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2580,SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2580",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2580-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2580-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202580-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2580-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007387.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1136666",
"url": "https://bugzilla.suse.com/1136666"
},
{
"category": "self",
"summary": "SUSE Bug 1152148",
"url": "https://bugzilla.suse.com/1152148"
},
{
"category": "self",
"summary": "SUSE Bug 1155798",
"url": "https://bugzilla.suse.com/1155798"
},
{
"category": "self",
"summary": "SUSE Bug 1156395",
"url": "https://bugzilla.suse.com/1156395"
},
{
"category": "self",
"summary": "SUSE Bug 1170232",
"url": "https://bugzilla.suse.com/1170232"
},
{
"category": "self",
"summary": "SUSE Bug 1171000",
"url": "https://bugzilla.suse.com/1171000"
},
{
"category": "self",
"summary": "SUSE Bug 1171073",
"url": "https://bugzilla.suse.com/1171073"
},
{
"category": "self",
"summary": "SUSE Bug 1171558",
"url": "https://bugzilla.suse.com/1171558"
},
{
"category": "self",
"summary": "SUSE Bug 1172419",
"url": "https://bugzilla.suse.com/1172419"
},
{
"category": "self",
"summary": "SUSE Bug 1172873",
"url": "https://bugzilla.suse.com/1172873"
},
{
"category": "self",
"summary": "SUSE Bug 1173060",
"url": "https://bugzilla.suse.com/1173060"
},
{
"category": "self",
"summary": "SUSE Bug 1173267",
"url": "https://bugzilla.suse.com/1173267"
},
{
"category": "self",
"summary": "SUSE Bug 1174029",
"url": "https://bugzilla.suse.com/1174029"
},
{
"category": "self",
"summary": "SUSE Bug 1174110",
"url": "https://bugzilla.suse.com/1174110"
},
{
"category": "self",
"summary": "SUSE Bug 1174111",
"url": "https://bugzilla.suse.com/1174111"
},
{
"category": "self",
"summary": "SUSE Bug 1174484",
"url": "https://bugzilla.suse.com/1174484"
},
{
"category": "self",
"summary": "SUSE Bug 1174486",
"url": "https://bugzilla.suse.com/1174486"
},
{
"category": "self",
"summary": "SUSE Bug 1175263",
"url": "https://bugzilla.suse.com/1175263"
},
{
"category": "self",
"summary": "SUSE Bug 1175667",
"url": "https://bugzilla.suse.com/1175667"
},
{
"category": "self",
"summary": "SUSE Bug 1175787",
"url": "https://bugzilla.suse.com/1175787"
},
{
"category": "self",
"summary": "SUSE Bug 1175952",
"url": "https://bugzilla.suse.com/1175952"
},
{
"category": "self",
"summary": "SUSE Bug 1175996",
"url": "https://bugzilla.suse.com/1175996"
},
{
"category": "self",
"summary": "SUSE Bug 1175997",
"url": "https://bugzilla.suse.com/1175997"
},
{
"category": "self",
"summary": "SUSE Bug 1175998",
"url": "https://bugzilla.suse.com/1175998"
},
{
"category": "self",
"summary": "SUSE Bug 1175999",
"url": "https://bugzilla.suse.com/1175999"
},
{
"category": "self",
"summary": "SUSE Bug 1176000",
"url": "https://bugzilla.suse.com/1176000"
},
{
"category": "self",
"summary": "SUSE Bug 1176001",
"url": "https://bugzilla.suse.com/1176001"
},
{
"category": "self",
"summary": "SUSE Bug 1176022",
"url": "https://bugzilla.suse.com/1176022"
},
{
"category": "self",
"summary": "SUSE Bug 1176063",
"url": "https://bugzilla.suse.com/1176063"
},
{
"category": "self",
"summary": "SUSE Bug 1176069",
"url": "https://bugzilla.suse.com/1176069"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14386 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14386/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-09-09T06:34:31Z",
"generator": {
"date": "2020-09-09T06:34:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2580-1",
"initial_release_date": "2020-09-09T06:34:31Z",
"revision_history": [
{
"date": "2020-09-09T06:34:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-5.3.18-18.18.1.noarch",
"product": {
"name": "kernel-devel-azure-5.3.18-18.18.1.noarch",
"product_id": "kernel-devel-azure-5.3.18-18.18.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-5.3.18-18.18.1.noarch",
"product": {
"name": "kernel-source-azure-5.3.18-18.18.1.noarch",
"product_id": "kernel-source-azure-5.3.18-18.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-5.3.18-18.18.1.x86_64",
"product_id": "cluster-md-kmp-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "dlm-kmp-azure-5.3.18-18.18.1.x86_64",
"product_id": "dlm-kmp-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-5.3.18-18.18.1.x86_64",
"product_id": "gfs2-kmp-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "kernel-azure-5.3.18-18.18.1.x86_64",
"product_id": "kernel-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.3.18-18.18.1.x86_64",
"product": {
"name": "kernel-azure-devel-5.3.18-18.18.1.x86_64",
"product_id": "kernel-azure-devel-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.3.18-18.18.1.x86_64",
"product": {
"name": "kernel-azure-extra-5.3.18-18.18.1.x86_64",
"product_id": "kernel-azure-extra-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.3.18-18.18.1.x86_64",
"product": {
"name": "kernel-azure-livepatch-devel-5.3.18-18.18.1.x86_64",
"product_id": "kernel-azure-livepatch-devel-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "kernel-syms-azure-5.3.18-18.18.1.x86_64",
"product_id": "kernel-syms-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-5.3.18-18.18.1.x86_64",
"product_id": "kselftests-kmp-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-5.3.18-18.18.1.x86_64",
"product_id": "ocfs2-kmp-azure-5.3.18-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.3.18-18.18.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-5.3.18-18.18.1.x86_64",
"product_id": "reiserfs-kmp-azure-5.3.18-18.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.3.18-18.18.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.18.1.x86_64"
},
"product_reference": "kernel-azure-5.3.18-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.3.18-18.18.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.18.1.x86_64"
},
"product_reference": "kernel-azure-devel-5.3.18-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.3.18-18.18.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.18.1.noarch"
},
"product_reference": "kernel-devel-azure-5.3.18-18.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.3.18-18.18.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.18.1.noarch"
},
"product_reference": "kernel-source-azure-5.3.18-18.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.3.18-18.18.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.18.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.3.18-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14386"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.18.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.18.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.18.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.18.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14386",
"url": "https://www.suse.com/security/cve/CVE-2020-14386"
},
{
"category": "external",
"summary": "SUSE Bug 1176069 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176069"
},
{
"category": "external",
"summary": "SUSE Bug 1176072 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.18.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.18.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.18.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.18.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.18.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.18.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.18.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.18.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-09T06:34:31Z",
"details": "important"
}
],
"title": "CVE-2020-14386"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…