openSUSE-SU-2021:0532-1: important: Security update for the Linux Kernel
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0532-1
Rating: important
References: #1152472 #1152489 #1153274 #1154353 #1155518
#1156256 #1159280 #1160634 #1167773 #1168777
#1169514 #1169709 #1171295 #1173485 #1177326
#1178163 #1178330 #1179454 #1180197 #1180980
#1181383 #1181674 #1181862 #1182011 #1182077
#1182485 #1182552 #1182574 #1182591 #1182595
#1182715 #1182716 #1182717 #1182770 #1182989
#1183015 #1183018 #1183022 #1183023 #1183048
#1183252 #1183277 #1183278 #1183279 #1183280
#1183281 #1183282 #1183283 #1183284 #1183285
#1183286 #1183287 #1183288 #1183366 #1183369
#1183386 #1183412 #1183416 #1183427 #1183428
#1183445 #1183447 #1183501 #1183509 #1183530
#1183534 #1183540 #1183593 #1183596 #1183598
#1183637 #1183646 #1183662 #1183686 #1183692
#1183696 #1183750 #1183757 #1183775 #1183843
#1183859 #1183871 #1184167 #1184168 #1184170
#1184176 #1184192 #1184193 #1184196 #1184198
#1184217 #1184218 #1184219 #1184220 #1184224
Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-27170
CVE-2020-27171 CVE-2020-27815 CVE-2020-35519
CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
CVE-2021-28038 CVE-2021-28375 CVE-2021-28660
CVE-2021-28688 CVE-2021-28964 CVE-2021-28971
CVE-2021-28972 CVE-2021-29264 CVE-2021-29265
CVE-2021-29647 CVE-2021-3428 CVE-2021-3444
CVSS scores:
CVE-2019-18814 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-18814 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2019-19769 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2019-19769 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H
CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28375 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 21 vulnerabilities and has 74 fixes
is now available.
Description:
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not
properly handle mod32 destination register truncation when the source
register was known to be 0 leading to out of bounds read (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent
(bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed
attackers to obtain sensitive information from kernel memory because of
a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have
allowed attackers to cause a denial of service due to race conditions
during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver
which could have allowed attackers to cause a system crash due to a
calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a
new device name to the driver from userspace, allowing userspace to
write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could
have caused a system crash because the PEBS status in a PEBS record was
mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have
allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan
(bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not
prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking
necessary treatment of errors such as failed memory allocations
(bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a
Netlink message that is associated with iSCSI, and has a length up to
the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink
messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used
to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in
x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem where could have
allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds
speculation on pointer arithmetic, leading to side-channel attacks that
defeat Spectre mitigations and obtain sensitive information from kernel
memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre
mitigations and obtain sensitive information from kernel memory
(bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire
function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in
aa_audit_rule_init() (bsc#1156256).
The following non-security bugs were fixed:
- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch:
(bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch:
(bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes
(block drivers)).
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node()
(git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region
parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
(git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
(git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256
(git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
(git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params
calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets
(bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in
setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs
(bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
(bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe
(bsc#1182552).
- ALSA: usb-audio: Fix "RANGE setting not yet supported" errors
(git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect
(bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections
(git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R
tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current
threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet
(git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of
10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of
10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer
settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on
probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch:
(bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch:
(bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch:
(bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch:
(bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
(git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl
(git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash
(jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into
__bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs
(bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf_lru_list: Read double-checked variable once without lock
(bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686
bsc#1183775).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet
(git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet
(git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
(bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log
users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent
allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root
(bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES
enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount
(bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
(git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
(git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
(git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
(git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed
before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- certs: Fix blacklist flag type confusion (git-fixes).
- cifs: check pointer before freeing (bsc#1183534).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References:
bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private
(git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager
(git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch
(bsc#1183530)
- drivers/misc/vmw_vmci: restrict too big queue size in
qp_host_alloc_queue (git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info
fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie
(git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting
notes: * context changes
- drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" ->
(bsc#1152489) Backporting notes: * rename amd/pm to
amd/powerplay * context changes
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: *
replaced mtk_ddp_write() with writel()
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
(git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489)
Backporting notes: * context changes
- drm/msm: fix shutdown hook in case GPU components failed to bind
(git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489)
Backporting notes: * context changes
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting
notes: * context changes
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: *
taken for 9b73bde39cf2 ("drm/msm: Fix use-after-free in msm_gem with
carveout") * context changes
- drm/nouveau: bail out of nouveau_channel_new if channel init fails
(bsc#1152489)
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472)
- drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes:
- drm/panfrost: Remove unused variables in panfrost_job_close()
(bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489)
Backporting notes: * context changes
- drm/sched: Cancel and flush all outstanding jobs before finish
(git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting
notes: * context changes
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472)
Backporting notes: * context changes * change vc4_hdmi to
vc4->hdmi * removed references to encoder->hdmi_monitor
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- epoll: check for events when removing a timed out thread from the wait
queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with
staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions
(git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
(git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of
emac_clks_phase1_init (git-fixes).
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call
(git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues
(git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call
(git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info
(git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT
(bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association
(bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure
(bsc#1183501).
- objtool: Fix ".cold" section suffix check for newer versions of GCC
(bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle
(bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
(git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved
(git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak
(git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire
Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
(git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
(git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling
(git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter
(bsc#1183366).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692
ltc#191963).
- powerpc/pseries/mobility: handle premature return from H_JOIN
(bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674
ltc#189159 git-fixes bsc#1183662 ltc#191922).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
(git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes
(bsc#1169709)
- Revert "net: bonding: fix error return code of bond_neigh_init()"
(bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions
(bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by
3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: comment on the list To explain what it
actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we
can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array
which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for
whole words, so make wildcards explicit * use ' for quoting * prepend
CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: ignore more configs Specifially, these: *
CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* *
CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler
specific too. This will allow us to use super configs using kernel's
dummy-tools.
- rpm/check-for-config-changes: sort the ignores They are growing so to
make them searchable by humans.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
(git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- scsi: lpfc: Change wording of invalid pci reset log message
(bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference
counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery
(bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node
(bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
(bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference
(bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
(bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO
(bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path
(bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf
(bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes
(bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
(bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in
test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt
(bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed
(bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry()
(git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
(git-fixes).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- staging: bcm2835-audio: Replace unsafe strcpy() with strscpy()
(git-fixes).
- staging: comedi: addi_apci_1032: Fix endian problem for COS sample
(git-fixes).
- staging: comedi: addi_apci_1500: Fix endian problem for command sample
(git-fixes).
- staging: comedi: adv_pci1710: Fix endian problem for AI command data
(git-fixes).
- staging: comedi: das6402: Fix endian problem for AI command data
(git-fixes).
- staging: comedi: das800: Fix endian problem for AI command data
(git-fixes).
- staging: comedi: dmm32at: Fix endian problem for AI command data
(git-fixes).
- staging: comedi: me4000: Fix endian problem for AI command data
(git-fixes).
- staging: comedi: pcl711: Fix endian problem for AI command data
(git-fixes).
- staging: comedi: pcl818: Fix endian problem for AI command data
(git-fixes).
- staging: fwserial: Fix error handling in fwserial_create (git-fixes).
- staging: gdm724x: Fix DMA from stack (git-fixes).
- staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
(git-fixes).
- staging: most: sound: add sanity check for function argument (git-fixes).
- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes).
- staging: rtl8188eu: fix potential memory corruption in
rtw_check_beacon_data() (git-fixes).
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
(git-fixes).
- staging: rtl8192e: Change state information from u16 to u8 (git-fixes).
- staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes).
- staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
(git-fixes).
- staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
(git-fixes).
- staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
(git-fixes).
- staging: rtl8712: unterminated string leads to read overflow (git-fixes).
- stop_machine: mark helpers __always_inline (git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0
(git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one
audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev USBip_sockfd_store() races leading to gpf
(git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
(git-fixes).
- USB: replace hardcode maximum usb string length by definition
(git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
(git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy-
(git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory
(git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time
(git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending
(git-fixes).
- xen/events: reset affinity of 2-level event when tearing it down
(git-fixes).
- xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022
XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022
XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled
(bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal
wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-532=1
Package List:
- openSUSE Leap 15.2 (noarch):
kernel-devel-5.3.18-lp152.69.1
kernel-docs-5.3.18-lp152.69.1
kernel-docs-html-5.3.18-lp152.69.1
kernel-macros-5.3.18-lp152.69.1
kernel-source-5.3.18-lp152.69.1
kernel-source-vanilla-5.3.18-lp152.69.1
- openSUSE Leap 15.2 (x86_64):
kernel-debug-5.3.18-lp152.69.1
kernel-debug-debuginfo-5.3.18-lp152.69.1
kernel-debug-debugsource-5.3.18-lp152.69.1
kernel-debug-devel-5.3.18-lp152.69.1
kernel-debug-devel-debuginfo-5.3.18-lp152.69.1
kernel-default-5.3.18-lp152.69.1
kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1
kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1
kernel-default-debuginfo-5.3.18-lp152.69.1
kernel-default-debugsource-5.3.18-lp152.69.1
kernel-default-devel-5.3.18-lp152.69.1
kernel-default-devel-debuginfo-5.3.18-lp152.69.1
kernel-kvmsmall-5.3.18-lp152.69.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.69.1
kernel-kvmsmall-debugsource-5.3.18-lp152.69.1
kernel-kvmsmall-devel-5.3.18-lp152.69.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.69.1
kernel-obs-build-5.3.18-lp152.69.1
kernel-obs-build-debugsource-5.3.18-lp152.69.1
kernel-obs-qa-5.3.18-lp152.69.1
kernel-preempt-5.3.18-lp152.69.1
kernel-preempt-debuginfo-5.3.18-lp152.69.1
kernel-preempt-debugsource-5.3.18-lp152.69.1
kernel-preempt-devel-5.3.18-lp152.69.1
kernel-preempt-devel-debuginfo-5.3.18-lp152.69.1
kernel-syms-5.3.18-lp152.69.1
References:
https://www.suse.com/security/cve/CVE-2019-18814.html
https://www.suse.com/security/cve/CVE-2019-19769.html
https://www.suse.com/security/cve/CVE-2020-27170.html
https://www.suse.com/security/cve/CVE-2020-27171.html
https://www.suse.com/security/cve/CVE-2020-27815.html
https://www.suse.com/security/cve/CVE-2020-35519.html
https://www.suse.com/security/cve/CVE-2021-27363.html
https://www.suse.com/security/cve/CVE-2021-27364.html
https://www.suse.com/security/cve/CVE-2021-27365.html
https://www.suse.com/security/cve/CVE-2021-28038.html
https://www.suse.com/security/cve/CVE-2021-28375.html
https://www.suse.com/security/cve/CVE-2021-28660.html
https://www.suse.com/security/cve/CVE-2021-28688.html
https://www.suse.com/security/cve/CVE-2021-28964.html
https://www.suse.com/security/cve/CVE-2021-28971.html
https://www.suse.com/security/cve/CVE-2021-28972.html
https://www.suse.com/security/cve/CVE-2021-29264.html
https://www.suse.com/security/cve/CVE-2021-29265.html
https://www.suse.com/security/cve/CVE-2021-29647.html
https://www.suse.com/security/cve/CVE-2021-3428.html
https://www.suse.com/security/cve/CVE-2021-3444.html
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1155518
https://bugzilla.suse.com/1156256
https://bugzilla.suse.com/1159280
https://bugzilla.suse.com/1160634
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1168777
https://bugzilla.suse.com/1169514
https://bugzilla.suse.com/1169709
https://bugzilla.suse.com/1171295
https://bugzilla.suse.com/1173485
https://bugzilla.suse.com/1177326
https://bugzilla.suse.com/1178163
https://bugzilla.suse.com/1178330
https://bugzilla.suse.com/1179454
https://bugzilla.suse.com/1180197
https://bugzilla.suse.com/1180980
https://bugzilla.suse.com/1181383
https://bugzilla.suse.com/1181674
https://bugzilla.suse.com/1181862
https://bugzilla.suse.com/1182011
https://bugzilla.suse.com/1182077
https://bugzilla.suse.com/1182485
https://bugzilla.suse.com/1182552
https://bugzilla.suse.com/1182574
https://bugzilla.suse.com/1182591
https://bugzilla.suse.com/1182595
https://bugzilla.suse.com/1182715
https://bugzilla.suse.com/1182716
https://bugzilla.suse.com/1182717
https://bugzilla.suse.com/1182770
https://bugzilla.suse.com/1182989
https://bugzilla.suse.com/1183015
https://bugzilla.suse.com/1183018
https://bugzilla.suse.com/1183022
https://bugzilla.suse.com/1183023
https://bugzilla.suse.com/1183048
https://bugzilla.suse.com/1183252
https://bugzilla.suse.com/1183277
https://bugzilla.suse.com/1183278
https://bugzilla.suse.com/1183279
https://bugzilla.suse.com/1183280
https://bugzilla.suse.com/1183281
https://bugzilla.suse.com/1183282
https://bugzilla.suse.com/1183283
https://bugzilla.suse.com/1183284
https://bugzilla.suse.com/1183285
https://bugzilla.suse.com/1183286
https://bugzilla.suse.com/1183287
https://bugzilla.suse.com/1183288
https://bugzilla.suse.com/1183366
https://bugzilla.suse.com/1183369
https://bugzilla.suse.com/1183386
https://bugzilla.suse.com/1183412
https://bugzilla.suse.com/1183416
https://bugzilla.suse.com/1183427
https://bugzilla.suse.com/1183428
https://bugzilla.suse.com/1183445
https://bugzilla.suse.com/1183447
https://bugzilla.suse.com/1183501
https://bugzilla.suse.com/1183509
https://bugzilla.suse.com/1183530
https://bugzilla.suse.com/1183534
https://bugzilla.suse.com/1183540
https://bugzilla.suse.com/1183593
https://bugzilla.suse.com/1183596
https://bugzilla.suse.com/1183598
https://bugzilla.suse.com/1183637
https://bugzilla.suse.com/1183646
https://bugzilla.suse.com/1183662
https://bugzilla.suse.com/1183686
https://bugzilla.suse.com/1183692
https://bugzilla.suse.com/1183696
https://bugzilla.suse.com/1183750
https://bugzilla.suse.com/1183757
https://bugzilla.suse.com/1183775
https://bugzilla.suse.com/1183843
https://bugzilla.suse.com/1183859
https://bugzilla.suse.com/1183871
https://bugzilla.suse.com/1184167
https://bugzilla.suse.com/1184168
https://bugzilla.suse.com/1184170
https://bugzilla.suse.com/1184176
https://bugzilla.suse.com/1184192
https://bugzilla.suse.com/1184193
https://bugzilla.suse.com/1184196
https://bugzilla.suse.com/1184198
https://bugzilla.suse.com/1184217
https://bugzilla.suse.com/1184218
https://bugzilla.suse.com/1184219
https://bugzilla.suse.com/1184220
https://bugzilla.suse.com/1184224
A Linux Kernel security update has been released for openSUSE 15.2.