File _patchinfo of Package patchinfo.17047

<patchinfo incident="17047">
  <issue id="1051510" tracker="bnc"></issue>
  <issue id="1058115" tracker="bnc">ORC tracker</issue>
  <issue id="1065600" tracker="bnc">Backports of upstream Xen-related kernel patches</issue>
  <issue id="1161360" tracker="bnc">kernel-kvmsmall should not recommend kernel-firmware</issue>
  <issue id="1163524" tracker="bnc">Signature file for secure boot for the file /lib/s390-tools/stage3.bin is missing.</issue>
  <issue id="1166965" tracker="bnc">kernel-docs fail to build occasionally with python-Sphinx 2.4</issue>
  <issue id="1170232" tracker="bnc">Kernel spec self obsoletes</issue>
  <issue id="1170415" tracker="bnc">VUL-0: EMBARGOED: CVE-2020-8694: kernel-source: Intel RAPL sidechannel</issue>
  <issue id="1172073" tracker="bnc">kernel-devel and kernel-source need Obsolete for previous package rebuilds of the same version</issue>
  <issue id="1173115" tracker="bnc">kernel updates lead to showing mok screen on reboot</issue>
  <issue id="1175749" tracker="bnc">L3: Sles15sp2 xen VM crashed with oops Need core analyzed</issue>
  <issue id="1175882" tracker="bnc">pesign-obs-integration doesn't respect _binary_payload from the original .spec</issue>
  <issue id="1176011" tracker="bnc">VUL-0: CVE-2020-14381: kernel-source, kernel: referencing inode of removed superblock in get_futex_key() causes UAF</issue>
  <issue id="1176235" tracker="bnc">VUL-0: CVE-2020-14390: kernel-source: slab-out-of-bounds in fbcon_redraw_softback for latest linux</issue>
  <issue id="1176278" tracker="bnc">VUL-0: kernel-source: out-of-bounds BUG in function "vgacon_scrolldelta"</issue>
  <issue id="1176381" tracker="bnc">VUL-0: CVE-2020-25212: kernel-source: TOCTOU mismatch in the NFS client code</issue>
  <issue id="1176423" tracker="bnc">VUL-1: CVE-2020-0404: kernel-source: media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors</issue>
  <issue id="1176482" tracker="bnc">VUL-1: CVE-2020-25284: kernel-source: The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or</issue>
  <issue id="1176485" tracker="bnc">VUL-0: CVE-2020-25285: kernel-source: A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have u</issue>
  <issue id="1176698" tracker="bnc">%kernel_module_package didn't process -c option</issue>
  <issue id="1176721" tracker="bnc">VUL-1: CVE-2020-0432: kernel-source: possible out of bounds write in skb_to_mamac of networking.c</issue>
  <issue id="1176722" tracker="bnc">VUL-1: CVE-2020-0431: kernel-source: possible out of bounds write in kbd_keycode of keyboard.c</issue>
  <issue id="1176723" tracker="bnc">VUL-1: CVE-2020-0430: kernel-source: possible out of bounds read in skb_headlen of /include/linux/skbuff.h</issue>
  <issue id="1176725" tracker="bnc">VUL-1: CVE-2020-0427: kernel-source: possible out of bounds read in create_pinctrl of core.c</issue>
  <issue id="1176732" tracker="bnc">kernel-source-azure failed to build for x86_64 (No space left on device)</issue>
  <issue id="1176877" tracker="bnc">Use Azure host for time keeping in all SLES images</issue>
  <issue id="1176907" tracker="bnc">klp tests fail: btrfs related problems</issue>
  <issue id="1176990" tracker="bnc">VUL-0: CVE-2020-26088: kernel-source: missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c allows local attackers to create raw sockets</issue>
  <issue id="1177027" tracker="bnc">[HUAWEI - NOT FOR THE USA]When will the CVE of nfs CVE-2020-25212 be release in SLES12 SP2 ref:_00D1igLOd._5001iStttG:ref</issue>
  <issue id="1177086" tracker="bnc">VUL-1: CVE-2020-14351: kernel-source: race in perf_mmap_close function</issue>
  <issue id="1177121" tracker="bnc">VUL-0: CVE-2020-25641: kernel-source: kernel: zero length bvec causing softlockups</issue>
  <issue id="1177165" tracker="bnc">VUL-1: CVE-2020-0432: kernel live patch: possible out of bounds write in skb_to_mamac of networking.c</issue>
  <issue id="1177206" tracker="bnc">VUL-0: CVE-2020-25643: kernel-source: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow</issue>
  <issue id="1177226" tracker="bnc">VUL-0: CVE-2020-25643: kernel live patch: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow</issue>
  <issue id="1177410" tracker="bnc">VUL-0: CVE-2020-27675: kernel-source: Race condition in Linux event handler may crash dom0 (XSA-331 v2)</issue>
  <issue id="1177411" tracker="bnc">VUL-0:  CVE-2020-27673: kernel-source: Rogue guests can cause DoS of Dom0 via high frequency events (XSA-332 v2)</issue>
  <issue id="1177470" tracker="bnc">VUL-0: CVE-2020-16120: kernel-source: incorrect unprivileged overlayfs permission checking</issue>
  <issue id="1177511" tracker="bnc">VUL-0: CVE-2020-25645: kernel-source: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints</issue>
  <issue id="1177513" tracker="bnc">VUL-0: CVE-2020-25645: kernel live patch: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints</issue>
  <issue id="1177724" tracker="bnc">VUL-0: CVE-2020-12351: kernel-source:  net: bluetooth: type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma"</issue>
  <issue id="1177725" tracker="bnc">VUL-0: CVE-2020-12352: kernel-source: net: bluetooth: information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice"</issue>
  <issue id="1177766" tracker="bnc">VUL-1: CVE-2020-25656: kernel-source: concurrency use-after-free in vt_do_kdgkb_ioctl</issue>
  <issue id="1178003" tracker="bnc">VUL-1: CVE-2020-0430: kernel live patch: possible out of bounds read in skb_headlen of /include/linux/skbuff.h</issue>
  <issue id="1178330" tracker="bnc">Customer kernel module build leaves null.000i.ipa-clones after "make clean"</issue>
  <issue id="1131277" tracker="bnc">L3: System panic in btrfs_async_reclaim_metadata_space()-&gt;can_overcommit()</issue>
  <issue id="1160947" tracker="bnc">btrfs balance cancel takes eternity</issue>
  <issue id="1171417" tracker="bnc">Dead loop of balance which can't be canceled</issue>
  <issue id="1172366" tracker="bnc">btrfs balance in endless loop and couldn't be canceled</issue>
  <issue id="1173233" tracker="bnc">L3: Unable to handle kernel paging request for data at address 0x08850100</issue>
  <issue id="1175306" tracker="bnc">Partner-L3: Soft lockup call trace</issue>
  <issue id="1175721" tracker="bnc">VUL-0: CVE-2020-25705: kernel-source: New vulnerabilities in ICMP rate limiting (paper: DNS Cache Poisoning Attack Reloaded: Revolutions with SideChannels)</issue>
  <issue id="1176922" tracker="bnc">L3: System hang due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root()</issue>
  <issue id="1178123" tracker="bnc">VUL-1: CVE-2020-25668: kernel-source: concurrency use-after-free in con_font_op</issue>
  <issue id="1178393" tracker="bnc">VUL-1: CVE-2020-25704: kernel-source: perf/core: Fix a leak in perf_event_parse_addr_filter()</issue>
  <issue id="1178622" tracker="bnc">VUL-: CVE-2020-25668: kernel live patch: concurrency use-after-free in con_font_op</issue>
  <issue id="1178765" tracker="bnc">SLES 12 SP4 - increased cpu time consumption observed on shared LPAR compared to same workload on dedicated LPAR (performance) (found in SAP HANA on POWER testing)</issue>
  <issue id="1178782" tracker="bnc">VUL-0: CVE-2020-25705: SADDNS attack</issue>
  <issue id="1178838" tracker="bnc">Defaults for kernel.shmmax and kernel.shmall changed</issue>
  <issue id="2020-25705" tracker="cve" />
  <issue id="2020-25704" tracker="cve" />
  <issue id="2020-25668" tracker="cve" />
  <issue id="2020-25656" tracker="cve" />
  <issue id="2020-25285" tracker="cve" />
  <issue id="2020-0430" tracker="cve" />
  <issue id="2020-14351" tracker="cve" />
  <issue id="2020-16120" tracker="cve" />
  <issue id="2020-8694" tracker="cve" />
  <issue id="2020-12351" tracker="cve" />
  <issue id="2020-12352" tracker="cve" />
  <issue id="2020-25212" tracker="cve" />
  <issue id="2020-25645" tracker="cve" />
  <issue id="2020-2521" tracker="cve" />
  <issue id="2020-14381" tracker="cve" />
  <issue id="2020-25643" tracker="cve" />
  <issue id="2020-25641" tracker="cve" />
  <issue id="2020-26088" tracker="cve" />
  <issue id="2020-14390" tracker="cve" />
  <issue id="2020-0432" tracker="cve" />
  <issue id="2020-0427" tracker="cve" />
  <issue id="2020-0431" tracker="cve" />
  <issue id="2020-0404" tracker="cve" />
  <issue id="2020-25284" tracker="cve" />
  <issue id="2020-27673" tracker="cve" />
  <issue id="2020-27675" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>ematsumiya</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bug fixes.


The following security bugs were fixed:

- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470).
- CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
- CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" (bsc#1177725).
- CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).
- CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).
- CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206).
- CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
- CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
- CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
- CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
- CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
- CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
- CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).

The following non-security bugs were fixed:

- btrfs: cleanup root usage by btrfs_get_alloc_profile  (bsc#1131277).
- btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366 bsc#1176922).
- btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366 bsc#1176922).
- btrfs: remove root usage from can_overcommit (bsc#1131277).
- hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306).
- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.
- livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability.
- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
- scsi: qla2xxx: Do not consume srb greedily (bsc#1173233).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- x86/hyperv: Create and use Hyper-V page definitions (bsc#1176877).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen: do not reschedule in preemption off sections (bsc#1175749).
- xen/events: add a new "late EOI" evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by