ESB-2018.1459 - [SUSE] kernel: Multiple vulnerabilities 2018-05-14

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1459
    Kernel updated for SUSE Linux Enterprise Real Time Extension 12-SP3
                                14 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-10124 CVE-2018-10087 CVE-2018-8822
                   CVE-2018-8043 CVE-2018-7740 CVE-2018-1091
                   CVE-2017-18257  

Reference:         ESB-2018.1412
                   ESB-2018.1410
                   ESB-2018.1301
                   ESB-2018.1266

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20181217-1

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1217-1
Rating:             important
References:         #1005778 #1005780 #1005781 #1012382 #1015336 
                    #1015337 #1015340 #1015342 #1015343 #1019695 
                    #1019699 #1022604 #1022743 #1024296 #1031717 
                    #1046610 #1060799 #1064206 #1068032 #1073059 
                    #1073069 #1075091 #1075428 #1075994 #1076033 
                    #1077560 #1083125 #1083574 #1083745 #1083836 
                    #1084223 #1084310 #1084328 #1084353 #1084452 
                    #1084610 #1084699 #1084721 #1084829 #1084889 
                    #1084898 #1084914 #1084918 #1084967 #1085042 
                    #1085058 #1085185 #1085224 #1085383 #1085402 
                    #1085404 #1085487 #1085507 #1085511 #1085679 
                    #1085958 #1085981 #1086015 #1086162 #1086194 
                    #1086357 #1086499 #1086518 #1086607 #1087088 
                    #1087211 #1087231 #1087260 #1087274 #1087659 
                    #1087845 #1087906 #1087999 #1088050 #1088087 
                    #1088242 #1088267 #1088313 #1088324 #1088600 
                    #1088684 #1088865 #1088871 #1089198 #1089608 
                    #1089644 #1089752 #1089925 #802154 #810912 
                    #812592 #813453 #880131 #966170 #966172 #966186 
                    #966191 #969476 #969477 #981348 
Cross-References:   CVE-2017-18257 CVE-2018-10087 CVE-2018-10124
                    CVE-2018-1091 CVE-2018-7740 CVE-2018-8043
                    CVE-2018-8822
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP3
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 93 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.128 to
   receive various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-10124: The kill_something_info function in kernel/signal.c
     might have allowed local users to cause a denial of service via an
     INT_MIN argument (bnc#1089752).
   - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have
     allowed local users to cause a denial of service by triggering an
     attempted use of the
     -INT_MIN value (bnc#1089608).
   - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed
     local users to cause a denial of service (integer overflow and loop) via
     crafted use
     of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl
      (bnc#1088241)
   - CVE-2018-1091: In the flush_tmregs_to_thread function in
     arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from
     unprivileged userspace during a core dump on a POWER host due to a
     missing processor feature check and an erroneous use of transactional
     memory (TM) instructions in the core dump path, leading to a denial of
     service (bnc#1087231).
   - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
     function could have been exploited by malicious NCPFS servers to crash
     the kernel or execute code (bnc#1086162).
   - CVE-2018-8043: The unimac_mdio_probe function in
     drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource
     availability, which allowed local users to cause a denial of service
     (NULL pointer dereference) (bnc#1084829).
   - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed
     local users to cause a denial of service (BUG) via a crafted application
     that made mmap system calls and has a large pgoff argument to the
     remap_file_pages system call (bnc#1084353).

   The following non-security bugs were fixed:

   - Fix ltp might_sleep() splat BUG
   - ACPI / PMIC: xpower: Fix power_table addresses (bnc#1012382).
   - ACPI, PCI, irq: remove redundant check for null string pointer
     (bnc#1012382).
   - ACPI/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981).
   - ACPI/processor: Fix error handling in __acpi_processor_start()
     (bnc#1012382).
   - ACPI/processor: Replace racy task affinity logic (bnc#1012382).
   - ACPICA: Add header support for TPM2 table changes (bsc#1084452).
   - ACPICA: Add support for new SRAT subtable (bsc#1085981).
   - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
     (bnc#1012382).
   - ACPICA: Events: Add runtime stub support for event APIs (bnc#1012382).
   - ACPICA: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981).
   - ALSA: aloop: Fix access to not-yet-ready substream via cable
     (bnc#1012382).
   - ALSA: aloop: Sync stale timer before release (bnc#1012382).
   - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
     (bnc#1012382).
   - ALSA: hda - Revert power_save option default value (git-fixes).
   - ALSA: hda/realtek - Always immediately update mute LED with pin VREF
     (bnc#1012382).
   - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
     (bnc#1012382).
   - ALSA: hda/realtek - Fix speaker no sound after system resume
     (bsc#1031717).
   - ALSA: hda: Add a power_save blacklist (bnc#1012382).
   - ALSA: hda: add dock and led support for HP EliteBook 820 G3
     (bnc#1012382).
   - ALSA: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382).
   - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382).
   - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
     (bnc#1012382).
   - ALSA: pcm: potential uninitialized return values (bnc#1012382).
   - ALSA: usb-audio: Add a quirck for BW PX headphones (bnc#1012382).
   - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
     (bnc#1012382).
   - ARM64 / cpuidle: Use new cpuidle macro for entering retention state
     (bsc#1084328).
   - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and
     !FRAME_POINTER (bnc#1012382).
   - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to
     SW_WKUP (bnc#1012382).
   - ARM: davinci: da8xx: Create DSP device only when assigned memory
     (bnc#1012382).
   - ARM: dts: Adjust moxart IRQ controller and flags (bnc#1012382).
   - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382).
   - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382).
   - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382).
   - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
     (bnc#1012382).
   - ARM: dts: dra7: Add power hold and power controller properties to palmas
     (bnc#1012382).
   - ARM: dts: exynos: Correct Trats2 panel reset line (bnc#1012382).
   - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382).
   - ARM: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382).
   - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
     (bnc#1012382).
   - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc
     node (bnc#1012382).
   - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382).
   - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382).
   - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382).
   - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382).
   - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382).
   - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382).
   - ASoC: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT
     (bnc#1012382).
   - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).
   - Bluetooth: Fix missing encryption refresh on Security Request
     (bnc#1012382).
   - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
     (bnc#1012382).
   - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382).
   - Bluetooth: hci_qca: Avoid setup failure on missing rampatch
     (bnc#1012382).
   - Btrfs: incremental send, fix invalid memory access (git-fixes).
   - Btrfs: send, fix file hole not being preserved due to inline extent
     (bnc#1012382).
   - CIFS: silence lockdep splat in cifs_relock_file() (bnc#1012382).
   - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override
     property definition (bnc#1012382).
   - EDAC, mv64x60: Fix an error handling path (bnc#1012382).
   - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL
     (git-fixes 3286d3eb906c).
   - HID: clamp input to logical range if no null state (bnc#1012382).
   - HID: reject input outside logical range only if null state is set
     (bnc#1012382).
   - IB/core: Fix possible crash to access NULL netdev (bsc#966191
     bsc#966186).
   - IB/core: Generate GID change event regardless of RoCE GID table property
     (bsc#966191 bsc#966186).
   - IB/ipoib: Avoid memory leak if the SA returns a different DGID
     (bnc#1012382).
   - IB/ipoib: Update broadcast object if PKey value was changed in index 0
     (bnc#1012382).
   - IB/mlx4: Change vma from shared to private (bnc#1012382).
   - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 bsc#966186).
   - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
     (bsc#966191 bsc#966186).
   - IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382).
   - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342
     bsc#1015343).
   - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170
     bsc#966172).
   - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170
     bsc#966172).
   - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170
     bsc#966172).
   - IB/mlx5: Set the default active rate and width to QDR and 4X
     (bsc#1015342 bsc#1015343).
   - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 bsc#1015343).
   - IB/srpt: Fix abort handling (bnc#1012382).
   - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
     (bnc#1024296).
   - IB/umem: Fix use of npages/nmap fields (bnc#1012382).
   - Input: elan_i2c - check if device is there before really probing
     (bnc#1012382).
   - Input: elan_i2c - clear INT before resetting controller (bnc#1012382).
   - Input: elantech - force relative mode on a certain module (bnc#1012382).
   - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
     (bnc#1012382).
   - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
     (bnc#1012382).
   - Input: matrix_keypad - fix race when disabling interrupts (bnc#1012382).
   - Input: mousedev - fix implicit conversion warning (bnc#1012382).
   - Input: qt1070 - add OF device ID table (bnc#1012382).
   - Input: tsc2007 - check for presence and power down tsc2007 during probe
     (bnc#1012382).
   - KVM: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382).
   - KVM: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382).
   - KVM: SVM: do not zero out segment attributes if segment is unusable or
     not present (bnc#1012382).
   - KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499).
   - KVM: arm/arm64: vgic-its: Check result of allocation before use (bsc#).
   - KVM: arm/arm64: vgic-its: Preserve the revious read from the pending
     table (bsc#1086499).
   - KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending
     (bsc#1086499).
   - KVM: arm/arm64: vgic: Do not populate multiple LRs with the same vintid
     (bsc#1086499).
   - KVM: mmu: Fix overlap between public and private memslots (bnc#1012382).
   - KVM: nVMX: Fix handling of lmsw instruction (bnc#1012382).
   - Kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).
   - MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012382).
   - MIPS: BPF: Fix multiple problems in JIT skb access helpers (bnc#1012382).
   - MIPS: BPF: Quit clobbering callee saved registers in JIT code
     (bnc#1012382).
   - MIPS: OCTEON: irq: Check for null return on kzalloc allocation
     (bnc#1012382).
   - MIPS: ath25: Check for kzalloc allocation failure (bnc#1012382).
   - MIPS: kprobes: flush_insn_slot should flush only if probe initialised
     (bnc#1012382).
   - MIPS: mm: adjust PKMAP location (bnc#1012382).
   - MIPS: mm: fixed mappings: correct initialisation (bnc#1012382).
   - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
     (bnc#1012382).
   - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification (bnc#1012382).
   - MIPS: ralink: Remove ralink_halt() (bnc#1012382).
   - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382).
   - NFC: nfcmrvl: double free on error path (bnc#1012382).
   - NFS: Fix an incorrect type in struct nfs_direct_req (bnc#1012382).
   - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
     (bnc#1012382).
   - NFSv4.1: Work around a Linux server bug.. (bnc#1012382).
   - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699).
   - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382).
   - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348).
   - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
     (bnc#1012382).
   - PCI: Add pci_reset_function_locked() (bsc#1084889).
   - PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices
     (bsc#1084914).
   - PCI: Avoid FLR for Intel 82579 NICs (bsc#1084889).
   - PCI: Avoid slot reset if bridge itself is broken (bsc#1084918).
   - PCI: Export pcie_flr() (bsc#1084889).
   - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382).
   - PCI: Mark Haswell Power Control Unit as having non-compliant BARs
     (bsc#1086015).
   - PCI: Probe for device reset support during enumeration (bsc#1084889).
   - PCI: Protect pci_error_handlers->reset_notify() usage with device_lock()
     (bsc#1084889).
   - PCI: Protect restore with device lock to be consistent (bsc#1084889).
   - PCI: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889).
   - PCI: Remove redundant probes for device reset support (bsc#1084889).
   - PCI: Wait for up to 1000ms after FLR reset (bsc#1084889).
   - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659,
     bsc#1087906).
   - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659).
   - PCI: hv: Only queue new work items in hv_pci_devices_present() if
     necessary (bsc#1087659).
   - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659).
   - PCI: hv: Serialize the present and eject work items (bsc#1087659).
   - Partial revert "e1000e: Avoid receiver overrun interrupt bursts"
     (bsc#1075428).
   - RDMA/cma: Use correct size when writing netlink stats (bnc#1012382).
   - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack
     access
   - RDMA/core: Do not use invalid destination in determining port reuse
   - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
     (bnc#1012382).
   - RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012382).
   - RDMA/mlx5: Protect from NULL pointer derefence (bsc#1015342 bsc#1015343).
   - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382).
   - RDMA/qedr: Fix QP state initialization race (bsc#1022604).
   - RDMA/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604).
   - RDMA/qedr: fix QP's ack timeout configuration (bsc#1022604).
   - RDMA/rxe: Fix an out-of-bounds read
   - RDMA/ucma: Check AF family prior resolving address (bnc#1012382).
   - RDMA/ucma: Check that device exists prior to accessing it (bnc#1012382).
   - RDMA/ucma: Check that device is connected prior to access it
     (bnc#1012382).
   - RDMA/ucma: Check that user does not overflow QP state (bnc#1012382).
   - RDMA/ucma: Do not allow join attempts for unsupported AF family
     (bnc#1012382).
   - RDMA/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382).
   - RDMA/ucma: Fix access to non-initialized CM_ID object (bnc#1012382).
   - RDMA/ucma: Fix use-after-free access in ucma_close (bnc#1012382).
   - RDMA/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382).
   - RDMA/ucma: Limit possible option size (bnc#1012382).
   - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux" (bnc#1012382).
   - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
     (bnc#1012382).
   - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
     (bnc#1012382).
   - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"
     (bnc#1012382).
   - Revert "cpufreq: Fix governor module removal race" (bnc#1012382).
   - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428).
   - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type
     for shared IRQs" (bnc#1012382).
   - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
     (bnc#1012382).
   - Revert "ipvlan: add L2 check for packets arriving via virtual devices"
     (reverted in upstream).
   - Revert "led: core: Fix brightness setting when setting delay_off=0"
     (bnc#1012382).
   - Revert "mtip32xx: use runtime tag to initialize command header"
     (bnc#1012382).
   - Revert "xhci: plat: Register shutdown for xhci_plat" (bnc#1012382).
   - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN
     (bnc#1085507, LTC#165135).
   - USB: ene_usb6250: fix SCSI residue overwriting (bnc#1012382).
   - USB: ene_usb6250: fix first command execution (bnc#1012382).
   - USB: gadget: udc: Add missing platform_device_put() on error in
     bdc_pci_probe() (bnc#1012382).
   - USB: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382).
   - USB: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382).
   - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
     (bnc#1012382).
   - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
     (bnc#1012382).
   - USB: usbmon: remove assignment from IS_ERR argument (bnc#1012382).
   - Update
   patches.arch/s390-sles12sp3-08-03-KVM-s390-instruction-execution-protection
     -support.patch (LTC#162428, bsc#1073069).
   - Update
   patches.arch/s390-sles12sp3-08-06-01-s390-mem_detect-use-unsigned-longs.pat
     ch (LTC#158956, bsc#1073059).
   - Update
   patches.arch/s390-sles12sp3-08-06-02-kvm-s390-enable-all-facility-bits-that
     -are-known-goo.patch (LTC#158956, bsc#1073059).
   - Update
     patches.arch/s390-sles12sp3-08-06-03-s390-sclp-add-hmfai-field.patch
     (LTC#158956, bsc#1073059).
   - Update
   patches.arch/s390-sles12sp3-08-06-04-kvm-s390-populate-mask-of-non-hypervis
     or-managed-fac.patch (LTC#158956, bsc#1073059).
   - Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994
     bsc#1075091 bnc#1085958).
   - acpi, numa: fix pxm to online numa node associations (bnc#1012382).
   - agp/intel: Flush all chipset writes after updating the GGTT
     (bnc#1012382).
   - ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bnc#1012382).
   - apparmor: Make path_max parameter readonly (bnc#1012382).
   - arm/arm64: KVM: Add PSCI_VERSION helper (bsc#1068032).
   - arm/arm64: KVM: Add smccc accessors to PSCI code (bsc#1068032).
   - arm/arm64: KVM: Advertise SMCCC v1.1 (bsc#1068032).
   - arm/arm64: KVM: Consolidate the PSCI include files (bsc#1068032).
   - arm/arm64: KVM: Implement PSCI 1.0 support (bsc#1068032).
   - arm/arm64: KVM: Turn kvm_psci_version into a static inline (bsc#1068032).
   - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032).
   - arm/arm64: smccc: Make function identifiers an unsigned quantity
     (bsc#1068032).
   - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
     (bsc#1068032).
   - arm64: Add missing Falkor part number for branch predictor hardening
     (bsc#1068032).
   - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313).
   - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032).
   - arm64: KVM: Increment PC after handling an SMC trap (bsc#1068032).
   - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
     (bsc#1068032).
   - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032).
   - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032).
   - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382).
   - arm64: capabilities: Handle duplicate entries for a capability
     (bsc#1068032).
   - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
     (bsc#1068032).
   - arm64: fix smccc compilation (bsc#1068032).
   - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
     (bnc#1012382).
   - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487).
   - arm64: mm: fix thinko in non-global page table attribute check
     (bsc#1088050).
   - arp: fix arp_filter on l3slave devices (bnc#1012382).
   - arp: honour gratuitous ARP _replies_ (bnc#1012382).
   - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
     (bnc#1012382).
   - ata: libahci: properly propagate return value of platform_get_irq()
     (bnc#1012382).
   - ath10k: disallow DFS simulation if DFS channel is not enabled
     (bnc#1012382).
   - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382).
   - ath10k: update tdls teardown state to target (bnc#1012382).
   - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382).
   - ath: Fix updating radar flags for coutry code India (bnc#1012382).
   - audit: add tty field to LOGIN event (bnc#1012382).
   - batman-adv: handle race condition for claims between gateways
     (bnc#1012382).
   - bcache: do not attach backing with duplicate UUID (bnc#1012382).
   - bcache: segregate flash only volume write streams (bnc#1012382).
   - bcache: stop writeback thread after detaching (bnc#1012382).
   - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init()
     (bsc#1085058).
   - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382).
   - blk-throttle: make sure expire time isn't too big (bnc#1012382).
   - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382).
   - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967).
   - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058).
   - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087).
   - bna: Avoid reading past end of buffer (bnc#1012382).
   - bnx2x: Align RX buffers (bnc#1012382).
   - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382).
   - bonding: Do not update slave->link until ready to commit (bnc#1012382).
   - bonding: fix the err path for dev hwaddr sync in bond_enslave
     (bnc#1012382).
   - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
     (bnc#1012382).
   - bonding: process the err returned by dev_set_allmulti properly in
     bond_enslave (bnc#1012382).
   - bonding: refine bond_fold_stats() wrap detection (bnc#1012382).
   - bpf, x64: implement retpoline for tail call (bnc#1012382).
   - bpf, x64: increase number of passes (bnc#1012382).
   - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382).
   - bpf: skip unnecessary capability check (bnc#1012382).
   - braille-console: Fix value returned by _braille_console_setup
     (bnc#1012382).
   - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382).
   - bridge: check brport attr show in brport_show (bnc#1012382).
   - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
     device (bnc#1012382).
   - btrfs: Only check first key for committed tree blocks (bsc#1084721).
   - btrfs: Validate child tree block's level and first key (bsc#1084721).
   - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382).
   - btrfs: fix incorrect error return ret being passed to mapping_set_error
     (bnc#1012382).
   - btrfs: improve delayed refs iterations (bsc#1076033).
   - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382).
   - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382).
   - bus: brcmstb_gisb: correct support for 64-bit address output
     (bnc#1012382).
   - can: cc770: Fix queue stall and dropped RTR reply (bnc#1012382).
   - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
     (bnc#1012382).
   - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382).
   - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898).
   - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382).
   - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684).
   - clk: Fix __set_clk_rates error print-string (bnc#1012382).
   - clk: bcm2835: Protect sections updating shared registers (bnc#1012382).
   - clk: ns2: Correct SDIO bits (bnc#1012382).
   - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382).
   - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382).
   - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382).
   - coresight: Fix disabling of CoreSight TPIU (bnc#1012382).
   - coresight: Fixes coresight DT parse to get correct output port ID
     (bnc#1012382).
   - cpufreq/sh: Replace racy task affinity logic (bnc#1012382).
   - cpufreq: Fix governor module removal race (bnc#1012382).
   - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382).
   - cpuidle: Add new macro to enter a retention idle state (bsc#1084328).
   - cpumask: Add helper cpumask_available() (bnc#1012382).
   - cros_ec: fix nul-termination for firmware build info (bnc#1012382).
   - crypto: ahash - Fix early termination in hash walk (bnc#1012382).
   - crypto: cavium - fix memory leak on info (bsc#1086518).
   - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short
     one (bnc#1012382).
   - cx25840: fix unchecked return values (bnc#1012382).
   - cxgb4: FW upgrade fixes (bnc#1012382).
   - cxgb4: Fix queue free path of ULD drivers (bsc#1022743).
   - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).
   - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
     (bnc#1012382).
   - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194).
   - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382).
   - dm ioctl: remove double parentheses (bnc#1012382).
   - dm: Always copy cmd_flags when cloning a request (bsc#1088087).
   - dmaengine: imx-sdma: Handle return value of clk_prepare_enable
     (bnc#1012382).
   - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
     (bnc#1012382).
   - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
     (bnc#1012382).
   - driver: (adm1275) set the m,b and R coefficients correctly for power
     (bnc#1012382).
   - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
   - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
     (bnc#1024296).
   - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow
     tests (bnc#1012382).
   - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382).
   - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382).
   - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382).
   - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382).
   - drm/amdgpu: fix KV harvesting (bnc#1012382).
   - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382).
   - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382).
   - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717).
   - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit
     (bsc#1031717).
   - drm/msm: fix leak in failed get_pages (bnc#1012382).
   - drm/nouveau/kms: Increase max retries in scanout position queries
     (bnc#1012382).
   - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382).
   - drm/omap: DMM: Check for DMM readiness after successful transaction
     commit (bnc#1012382).
   - drm/omap: fix tiled buffer stride calculations (bnc#1012382).
   - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382).
   - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382).
   - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382).
   - drm/radeon: fix KV harvesting (bnc#1012382).
   - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382).
   - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382).
   - drm: Allow determining if current task is output poll worker
     (bnc#1012382).
   - drm: Defer disabling the vblank IRQ until the next interrupt (for
     instant-off) (bnc#1012382).
   - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382).
   - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382).
   - e1000e: Avoid missed interrupts following ICR read (bsc#1075428).
   - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428).
   - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428).
   - e1000e: Fix link check race condition (bsc#1075428).
   - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428).
   - e1000e: Remove Other from EIAC (bsc#1075428).
   - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382).
   - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382).
   - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382).
   - esp: Fix memleaks on error paths (git-fixes).
   - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
     (bnc#1012382).
   - ext4: inplace xattr block update fails to deduplicate blocks
     (bnc#1012382).
   - f2fs: relax node version check for victim data in gc (bnc#1012382).
   - fib_semantics: Do not match route with mismatching tclassid
     (bnc#1012382).
   - firmware/psci: Expose PSCI conduit (bsc#1068032).
   - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032).
   - fix race in drivers/char/random.c:get_reg() (bnc#1012382).
   - fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
     (bnc#1012382).
   - frv: declare jiffies to be located in the .data section (bnc#1012382).
   - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382).
   - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382).
   - fs/hugetlbfs/inode.c: change put_page/unlock_page order in
     hugetlbfs_fallocate() (git-fixes, bsc#1083745).
   - fs/proc: Stop trying to report thread stacks (bnc#1012382).
   - fs: Teach path_connected to handle nfs filesystems with multiple roots
     (bnc#1012382).
   - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382).
   - genirq: Track whether the trigger type has been set (git-fixes).
   - genirq: Use cpumask_available() for check of cpumask variable
     (bnc#1012382).
   - genirq: Use irqd_get_trigger_type to compare the trigger type for shared
     IRQs (bnc#1012382).
   - gpio: label descriptors using the device name (bnc#1012382).
   - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382).
   - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382).
   - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353).
   - hv_balloon: fix bugs in num_pages_onlined accounting
   - hv_balloon: fix printk loglevel
   - hv_balloon: simplify hv_online_page()/hv_page_online_one()
   - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes).
   - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382).
   - i2c: i2c-scmi: add a MS HID (bnc#1012382).
   - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310).
   - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310).
   - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
     (bsc#1060799).
   - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799).
   - i40e: Acquire NVM lock before reads on all devices (bnc#1012382).
   - i40iw: Free IEQ resources (bsc#969476 bsc#969477).
   - ia64: fix module loading for gcc-5.4 (bnc#1012382).
   - ibmvfc: Avoid unnecessary port relogin (bsc#1085404).
   - ibmvnic: Clear pending interrupt after device reset (bsc#1089644).
   - ibmvnic: Define vnic_login_client_data name field as unsized array
     (bsc#1089198).
   - ibmvnic: Disable irqs before exiting reset from closed state
     (bsc#1084610).
   - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).
   - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600).
   - ibmvnic: Fix DMA mapping mistakes (bsc#1088600).
   - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600).
   - ibmvnic: Fix reset return from closed state (bsc#1084610).
   - ibmvnic: Fix reset scheduler error handling (bsc#1088600).
   - ibmvnic: Handle all login error conditions (bsc#1089198).
   - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224,
     git-fixes).
   - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224).
   - ibmvnic: Update TX pool cleaning routine (bsc#1085224).
   - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600).
   - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
     (bnc#1012382).
   - iio: hi8435: avoid garbage event at first enable (bnc#1012382).
   - iio: hi8435: cleanup reset gpio (bnc#1012382).
   - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382).
   - iio: st_pressure: st_accel: Initialise sensor platform data properly
     (bnc#1012382).
   - iio: st_pressure: st_accel: pass correct platform data to init
     (git-fixes).
   - ima: relax requiring a file signature for new files with zero length
     (bnc#1012382).
   - infiniband/uverbs: Fix integer overflows (bnc#1012382).
   - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382).
   - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382).
   - ip6_gre: better validate user provided tunnel names (bnc#1012382).
   - ip6_tunnel: better validate user provided tunnel names (bnc#1012382).
   - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382).
   - ip_tunnel: better validate user provided tunnel names (bnc#1012382).
   - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
     (bnc#1012382).
   - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799).
   - ipmi: Use the proper default value for register size in ACPI
     (bsc#1060799).
   - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799).
   - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799).
   - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871).
   - ipmi_ssif: Fix logic around alert handling (bsc#1060799).
   - ipmi_ssif: remove redundant null check on array client->adapter->name
     (bsc#1060799).
   - ipmi_ssif: unlock on allocation failure (bsc#1060799).
   - ipsec: check return value of skb_to_sgvec always (bnc#1012382).
   - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382).
   - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382).
   - ipv6: fix access to non-linear packet in
     ndisc_fill_redirect_hdr_option() (bnc#1012382).
   - ipv6: sit: better validate user provided tunnel names (bnc#1012382).
   - ipv6: the entire IPv6 header chain must fit the first fragment
     (bnc#1012382).
   - ipvlan: add L2 check for packets arriving via virtual devices
     (bnc#1012382).
   - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981).
   - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES
     (bsc#1085981).
   - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382).
   - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA
     (bsc#1085981).
   - iw_cxgb4: print mapped ports correctly (bsc#321658 bsc#321660
     bsc#321661).
   - jiffies.h: declare jiffies and jiffies_64 with
     ____cacheline_aligned_in_smp (bnc#1012382).
   - kABI: add tty include to audit.c (kabi).
   - kABI: protect jiffies types (kabi).
   - kABI: protect skb_to_sgvec* (kabi).
   - kABI: protect tty include in audit.h (kabi).
   - kGraft: fix small race in reversion code (bsc#1083125).
   - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382).
   - kbuild: disable clang's default use of -fmerge-all-constants
     (bnc#1012382).
   - kprobes/x86: Fix kprobe-booster not to boost far call instructions
     (bnc#1012382).
   - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
     (git-fixes).
   - kprobes/x86: Set kprobes pages read-only (bnc#1012382).
   - kvm/x86: fix icebp instruction handling (bnc#1012382).
   - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on
     v3 (bsc#1086499).
   - kvm: nVMX: fix nested tsc scaling (bsc1087999).
   - l2tp: do not accept arbitrary sockets (bnc#1012382).
   - l2tp: fix missing print session offset info (bnc#1012382).
   - leds: pca955x: Correct I2C Functionality (bnc#1012382).
   - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
     (bnc#1012382).
   - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382).
   - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382).
   - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware
     versions (bnc#1012382).
   - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
     (bnc#1012382).
   - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382).
   - libata: fix length validation of ATAPI-relayed SCSI commands
     (bnc#1012382).
   - libata: remove WARN() for DMA or PIO command without data (bnc#1012382).
   - llist: clang: introduce member_address_is_nonnull() (bnc#1012382).
   - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
     (bnc#1012382).
   - lockd: fix lockd shutdown race (bnc#1012382).
   - lockd: lost rollback of set_grace_period() in lockd_down_net()
     (git-fixes).
   - loop: Fix lost writes caused by missing flag (bnc#1012382).
   - lpfc: update version to 11.4.0.7-1 (bsc#1085383).
   - mISDN: Fix a sleep-in-atomic bug (bnc#1012382).
   - mac80211: bail out from prep_connection() if a reconfig is ongoing
     (bnc#1012382).
   - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717).
   - mac80211: do not parse encrypted management frames in
     ieee80211_frame_acked (bnc#1012382).
   - mac80211: remove BUG() when interface type is invalid (bnc#1012382).
   - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
     (bnc#1012382).
   - mceusb: sporadic RX truncation corruption fix (bnc#1012382).
   - md raid10: fix NULL deference in handle_write_completed() (git-fixes).
   - md-cluster: fix wrong condition check in raid1_write_request
     (bsc#1085402).
   - md/raid10: reset the 'first' at the end of loop (bnc#1012382).
   - md/raid10: skip spare disk as 'first' disk (bnc#1012382).
   - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382).
   - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
     (bnc#1012382).
   - md/raid6: Fix anomily when recovering a single device in RAID6
     (bnc#1012382).
   - media/dvb-core: Race condition when writing to CAM (bnc#1012382).
   - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
     (bnc#1012382).
   - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717).
   - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382).
   - media: c8sectpfe: fix potential NULL pointer dereference in
     c8sectpfe_timer_interrupt (bnc#1012382).
   - media: cpia2: Fix a couple off by one bugs (bnc#1012382).
   - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717).
   - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
     (bnc#1012382).
   - media: m88ds3103: do not call a non-initalized function (bnc#1012382).
   - media: s3c-camif: fix out-of-bounds array access (bsc#1031717).
   - media: videobuf2-core: do not go out of the buffer range (bnc#1012382).
   - mei: remove dev_err message on an unsupported ioctl (bnc#1012382).
   - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382).
   - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382).
   - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353).
   - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382).
   - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
     (bnc#1012382).
   - mmc: avoid removing non-removable hosts during suspend (bnc#1012382).
   - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit
     systems (bsc#1088267).
   - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
     (bnc#1012382).
   - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382).
   - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382).
   - mt7601u: check return value of alloc_skb (bnc#1012382).
   - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382).
   - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
     (bnc#1012382).
   - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382).
   - mtip32xx: use runtime tag to initialize command header (bnc#1012382).
   - neighbour: update neigh timestamps iff update is effective (bnc#1012382).
   - net sched actions: fix dumping which requires several messages to user
     space (bnc#1012382).
   - net/8021q: create device with all possible features in wanted_features
     (bnc#1012382).
   - net/faraday: Add missing include of of.h (bnc#1012382).
   - net/ipv6: Fix route leaking between VRFs (bnc#1012382).
   - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382).
   - net/iucv: Free memory obtained by kzalloc (bnc#1012382).
   - net/mlx4: Check if Granular QoS per VF has been enabled before updating
     QP qos_vport (bnc#1012382).
   - net/mlx4: Fix the check in attaching steering rules (bnc#1012382).
   - net/mlx4_core: Fix memory leak while delete slave's resources
     (bsc#966191 bsc#966186).
   - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382).
   - net/mlx4_en: Fix mixed PFC and Global pause user control requests
     (bsc#1015336 bsc#1015337 bsc#1015340).
   - net/mlx5: Fix error handling in load one (bsc#1015342 bsc#1015343).
   - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 bsc#1015343).
   - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382).
   - net/mlx5: avoid build warning for uniprocessor (bnc#1012382).
   - net/mlx5e: Add error print in ETS init (bsc#966170 bsc#966172).
   - net/mlx5e: Check support before TC swap in ETS init (bsc#966170
     bsc#966172).
   - net/mlx5e: E-Switch, Use the name of static array instead of its address
     (bsc#1015342 bsc#1015343).
   - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342
     bsc#1015343).
   - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
     (bnc#1012382).
   - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382).
   - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382).
   - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized
     ndata" (bnc#1012382).
   - net: cdc_ncm: Fix TX zero padding (bnc#1012382).
   - net: emac: fix reset timeout with AR8035 phy (bnc#1012382).
   - net: ethernet: arc: Fix a potential memory leak if an optional regulator
     is deferred (bnc#1012382).
   - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII
     PHY interface (bnc#1012382).
   - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow
     control (bnc#1012382).
   - net: fec: Fix unbalanced PM runtime calls (bnc#1012382).
   - net: fix possible out-of-bound read in skb_network_protocol()
     (bnc#1012382).
   - net: fix race on decreasing number of TX queues (bnc#1012382).
   - net: fool proof dev_valid_name() (bnc#1012382).
   - net: freescale: fix potential null pointer dereference (bnc#1012382).
   - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511).
   - net: hns: Fix ethtool private flags (bsc#1085511).
   - net: ieee802154: fix net_device reference release too early
     (bnc#1012382).
   - net: ipv4: avoid unused variable warning for sysctl (git-fixes).
   - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68
     (bnc#1012382).
   - net: ipv6: send unsolicited NA after DAD (git-fixes).
   - net: ipv6: send unsolicited NA on admin up (bnc#1012382).
   - net: llc: add lock_sock in llc_ui_bind to avoid a race condition
     (bnc#1012382).
   - net: move somaxconn init from sysctl code (bnc#1012382).
   - net: mpls: Pull common label check into helper (bnc#1012382).
   - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
     (bnc#1012382).
   - net: qca_spi: Fix alignment issues in rx path (bnc#1012382).
   - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382).
   - net: x25: fix one potential use-after-free issue (bnc#1012382).
   - net: xfrm: allow clearing socket xfrm policies (bnc#1012382).
   - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
     (bnc#1012382).
   - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382).
   - netfilter: add back stackpointer size checks (bnc#1012382).
   - netfilter: bridge: ebt_among: add missing match size checks
     (bnc#1012382).
   - netfilter: bridge: ebt_among: add more missing match size checks
     (bnc#1012382).
   - netfilter: ctnetlink: Make some parameters integer to avoid enum
     mismatch (bnc#1012382).
   - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
     (bnc#1012382).
   - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
     (bnc#1012382).
   - netfilter: nat: cope with negative port range (bnc#1012382).
   - netfilter: nf_nat_h323: fix logical-not-parentheses warning
     (bnc#1012382).
   - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382).
   - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382).
   - netfilter: x_tables: fix missing timer initialization in xt_LED
     (bnc#1012382).
   - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382).
   - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382).
   - netlink: ensure to loop over all netns in genlmsg_multicast_allns()
     (bnc#1012382).
   - netlink: make sure nladdr has correct size in netlink_connect()
     (bnc#1012382).
   - nfsd4: permit layoutget of executable-only files (bnc#1012382).
   - nospec: Allow index argument to have const-qualified type (bnc#1012382).
   - nospec: Include asm/barrier.h dependency (bnc#1012382).
   - nospec: Kill array_index_nospec_mask_check() (bnc#1012382).
   - nospec: Move array_index_nospec() parameter checking into separate macro
     (bnc#1012382).
   - nvme/rdma: do no start error recovery twice (bsc#1084967).
   - nvme: do not send keep-alive frames during reset (bsc#1084223).
   - nvme: do not send keep-alives to the discovery controller (bsc#1086607).
   - nvme: expand nvmf_check_if_ready checks (bsc#1085058).
   - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574).
   - of: fix of_device_get_modalias returned length when truncating buffers
     (bnc#1012382).
   - openvswitch: Delete conntrack entry clashing with an expectation
     (bnc#1012382).
   - ovl: filter trusted xattr for non-admin (bnc#1012382).
   - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
     (bnc#1012382).
   - parport_pc: Add support for WCH CH382L PCI-E single parallel port card
     (bnc#1012382).
   - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382).
   - perf header: Set proper module name when build-id event found
     (bnc#1012382).
   - perf inject: Copy events when reordering events in pipe mode
     (bnc#1012382).
   - perf probe: Add warning message if there is unexpected event name
     (bnc#1012382).
   - perf probe: Return errno when not hitting any event (bnc#1012382).
   - perf report: Ensure the perf DSO mapping matches what libdw sees
     (bnc#1012382).
   - perf session: Do not rely on evlist in pipe mode (bnc#1012382).
   - perf sort: Fix segfault with basic block 'cycles' sort dimension
     (bnc#1012382).
   - perf tests kmod-path: Do not fail if compressed modules are not
     supported (bnc#1012382).
   - perf tests: Decompress kernel module before objdump (bnc#1012382).
   - perf tools: Fix copyfile_offset update of output offset (bnc#1012382).
   - perf tools: Make perf_event__synthesize_mmap_events() scale
     (bnc#1012382).
   - perf trace: Add mmap alias for s390 (bnc#1012382).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382).
   - perf/core: Fix locking for children siblings group read (git-fixes).
   - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382).
   - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on
     Skylake servers (bsc#1086357).
   - perf/x86/intel: Do not accidentally clear high bits in
     bdw_limit_period() (bnc#1012382).
   - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
     alloc_pid() (bnc#1012382).
   - pinctrl: Really force states during suspend/resume (bnc#1012382).
   - platform/chrome: Use proper protocol transfer function (bnc#1012382).
   - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382).
   - power: supply: pda_power: move from timer to delayed_work (bnc#1012382).
   - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE]
     (bnc#1012382).
   - powerpc/crash: Remove the test for cpu_online in the IPI callback
     (bsc#1088242).
   - powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382).
   - powerpc: Do not send system reset request through the oops path
     (bsc#1088242).
   - powerpc: System reset avoid interleaving oops using die synchronisation
     (bsc#1088242).
   - ppp: prevent unregistered channels from connecting to PPP units
     (bnc#1012382).
   - pptp: remove a buggy dst release in pptp_connect() (bnc#1012382).
   - pty: cancel pty slave port buf's work in tty_release (bnc#1012382).
   - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382).
   - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 bsc#1019699
     bsc#1022604).
   - qed: Use after free in qed_rdma_free() (bsc#1019695 bsc#1019699
     bsc#1022604).
   - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484).
   - qlcnic: fix unchecked return value (bnc#1012382).
   - qlge: Avoid reading past end of buffer (bnc#1012382).
   - r8169: fix setting driver_data after register_netdev (bnc#1012382).
   - random: use lockless method of accessing and updating f->eg_idx
     (bnc#1012382).
   - ray_cs: Avoid reading past end of buffer (bnc#1012382).
   - rcutorture/configinit: Fix build directory error message (bnc#1012382).
   - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
     (bnc#1012382).
   - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write()
     (bsc#1031717).
   - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717).
   - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717).
   - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717).
   - regulator: anatop: set default voltage selector for pcie (bnc#1012382).
   - reiserfs: Make cancel_old_flush() reliable (bnc#1012382).
   - rndis_wlan: add return value validation (bnc#1012382).
   - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
     (bnc#1012382).
   - rtc: interface: Validate alarm-time before handling rollover
     (bnc#1012382).
   - rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382).
   - rtc: snvs: fix an incorrect check of return value (bnc#1012382).
   - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382).
   - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382).
   - rxrpc: check return value of skb_to_sgvec always (bnc#1012382).
   - s390/dasd: fix hanging safe offline (bnc#1012382).
   - s390/mm: fix local TLB flushing vs. detach of an mm address space
     (bnc#1088324, LTC#166470).
   - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470).
   - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324,
     LTC#166470).
   - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507,
     LTC#165490).
   - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507,
     LTC#165490).
   - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507,
     LTC#165491).
   - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491).
   - s390/qeth: fix IPA command submission race (bnc#1012382).
   - s390/qeth: fix SETIP command handling (bnc#1012382).
   - s390/qeth: fix double-free on IP add/remove race (bnc#1085507,
     LTC#165491).
   - s390/qeth: free netdevice when removing a card (bnc#1012382).
   - s390/qeth: improve error reporting on IP add/removal (bnc#1085507,
     LTC#165491).
   - s390/qeth: lock IP table while applying takeover changes (bnc#1085507,
     LTC#165490).
   - s390/qeth: lock read device while queueing next buffer (bnc#1012382).
   - s390/qeth: on channel error, reject further cmd requests (bnc#1012382).
   - s390/qeth: update takeover IPs after configuration change (bnc#1085507,
     LTC#165490).
   - s390/qeth: when thread completes, wake up all waiters (bnc#1012382).
   - s390: move _text symbol to address higher than zero (bnc#1012382).
   - sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382).
   - sched: Stop resched_cpu() from sending IPIs to offline CPUs
     (bnc#1012382).
   - sched: Stop switched_to_rt() from sending IPIs to offline CPUs
     (bnc#1012382).
   - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382).
   - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
     (bnc#1012382).
   - scsi: core: scsi_get_device_flags_keyed(): Always return device flags
     (bnc#1012382).
   - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
     (bnc#1012382).
   - scsi: dh: add new rdac devices (bnc#1012382).
   - scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382).
   - scsi: libsas: initialize sas_phy status according to response of
     DISCOVER (bnc#1012382).
   - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383).
   - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865).
   - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383).
   - scsi: lpfc: Correct missing remoteport registration during link bounces
     (bsc#1088865).
   - scsi: lpfc: Correct target queue depth application changes (bsc#1088865).
   - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts
     (bsc#1088865).
   - scsi: lpfc: Fix Abort request WQ selection (bsc#1088865).
   - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865).
   - scsi: lpfc: Fix NULL pointer reference when resetting adapter
     (bsc#1088865).
   - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383).
   - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI
     and NVME (bsc#1085383).
   - scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865).
   - scsi: lpfc: Fix driver not recovering NVME rports during target link
     faults (bsc#1088865).
   - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload
     (bsc#1088865).
   - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383).
   - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865).
   - scsi: lpfc: Fix nvme remoteport registration race conditions
     (bsc#1088865).
   - scsi: lpfc: Memory allocation error during driver start-up on power8
     (bsc#1085383).
   - scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865).
   - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382).
   - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending"
     flag (bnc#1012382).
   - scsi: sg: check for valid direction before starting the request
     (bnc#1012382).
   - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382).
   - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382).
   - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382
     bsc#1064206).
   - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382).
   - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes).
   - sctp: do not leak kernel memory to user space (bnc#1012382).
   - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382).
   - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382).
   - sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382).
   - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
     (bnc#1012382).
   - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382).
   - selftests/powerpc: Fix TM resched DSCR test with some compilers
     (bnc#1012382).
   - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382).
   - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382).
   - selftests/x86: Add tests for User-Mode Instruction Prevention
     (bnc#1012382).
   - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382).
   - selinux: Remove redundant check for unknown labeling behavior
     (bnc#1012382).
   - selinux: Remove unnecessary check of array base in selinux_set_mapping()
     (bnc#1012382).
   - selinux: check for address length in selinux_socket_bind() (bnc#1012382).
   - selinux: do not check open permission on sockets (bnc#1012382).
   - serial: 8250: omap: Disable DMA for console UART (bnc#1012382).
   - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
     (bnc#1012382).
   - serial: sh-sci: Fix race condition causing garbage during shutdown
     (bnc#1012382).
   - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382).
   - sh_eth: Use platform device for printing before register_netdev()
     (bnc#1012382).
   - sit: reload iphdr in ipip6_rcv (bnc#1012382).
   - skbuff: Fix not waking applications when errors are enqueued
     (bnc#1012382).
   - skbuff: only inherit relevant tx_flags (bnc#1012382).
   - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
     (bnc#1012382).
   - sky2: Increase D3 delay to sky2 stops working after suspend
     (bnc#1012382).
   - sm501fb: do not return zero on failure path in sm501fb_start()
     (bnc#1012382).
   - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382).
   - sparc64: ldc abort during vds iso boot (bnc#1012382).
   - spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382).
   - spi: dw: Disable clock after unregistering the host (bnc#1012382).
   - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
     (bnc#1012382).
   - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382).
   - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382).
   - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
     (bnc#1012382).
   - staging: comedi: fix comedi_nsamples_left (bnc#1012382).
   - staging: comedi: ni_mio_common: ack ai fifo error interrupts
     (bnc#1012382).
   - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382).
   - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382).
   - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382).
   - staging: unisys: visorhba: fix s-Par to boot with option
     CONFIG_VMAP_STACK set to y (bnc#1012382).
   - staging: wilc1000: add check for kmalloc allocation failure
     (bnc#1012382).
   - staging: wilc1000: fix unchecked return value (bnc#1012382).
   - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
     calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
     (bnc#1012382).
   - sysrq: Reset the watchdog timers while displaying high-resolution timers
     (bnc#1012382).
   - tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382).
   - target: prefer dbroot of /etc/target over /var/target (bsc#1087274).
   - tcm_fileio: Prevent information leak for short reads (bnc#1012382).
   - tcp: better validation of received ack sequences (bnc#1012382).
   - tcp: remove poll() flakes with FastOpen (bnc#1012382).
   - tcp: sysctl: Fix a race to avoid unexpected 0 window from space
     (bnc#1012382).
   - team: Fix double free in error path (bnc#1012382).
   - test_firmware: fix setting old custom fw path back on exit (bnc#1012382).
   - thermal: power_allocator: fix one race condition issue for
     thermal_instances list (bnc#1012382).
   - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382).
   - timers, sched_clock: Update timeout for clock wrap (bnc#1012382).
   - tools/usbip: fixes build with musl libc toolchain (bnc#1012382).
   - tpm/tpm_crb: Use start method value from ACPI table directly
     (bsc#1084452).
   - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on
     the bus (bnc#1012382).
   - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches
     on the bus (bnc#1012382).
   - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on
     the bus (bnc#1012382).
   - tracing: probeevent: Fix to support minus offset from symbol
     (bnc#1012382).
   - tty/serial: atmel: add new version check for usart (bnc#1012382).
   - tty: n_gsm: Allow ADM response in addition to UA for control dlci
     (bnc#1012382).
   - tty: provide tty_name() even without CONFIG_TTY (bnc#1012382).
   - tty: vt: fix up tabstops properly (bnc#1012382).
   - uas: fix comparison for error code (bnc#1012382).
   - ubi: Fix race condition between ubi volume creation and udev
     (bnc#1012382).
   - udplite: fix partial checksum initialization (bnc#1012382).
   - usb: Do not print a warning if interface driver rebind is deferred at
     resume (bsc#1087211).
   - usb: chipidea: properly handle host or gadget initialization failure
     (bnc#1012382).
   - usb: dwc2: Improve gadget state disconnection handling (bnc#1012382).
   - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382).
   - usb: dwc3: keystone: check return value (bnc#1012382).
   - usb: gadget: align buffer size when allocating for OUT endpoint
     (bnc#1012382).
   - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382).
   - usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382).
   - usb: gadget: define free_ep_req as universal function (bnc#1012382).
   - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in
     dummy_hub_control() (bnc#1012382).
   - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382).
   - usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382).
   - usb: gadget: fix request length error for isoc transfer (git-fixes).
   - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align
     (bnc#1012382).
   - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382).
   - usb: usbmon: Read text within supplied buffer size (bnc#1012382).
   - veth: set peer GSO values (bnc#1012382).
   - vfb: fix video mode and line_length being set when loaded (bnc#1012382).
   - vgacon: Set VGA struct resource types (bnc#1012382).
   - vhost: correctly remove wait queue during poll failure (bnc#1012382).
   - video/hdmi: Allow "empty" HDMI infoframes (bnc#1012382).
   - video: ARM CLCD: fix dma allocation size (bnc#1012382).
   - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382).
   - virtio_net: check return value of skb_to_sgvec always (bnc#1012382).
   - virtio_net: check return value of skb_to_sgvec in one more location
     (bnc#1012382).
   - vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382).
   - vmxnet3: ensure that adapter is in proper state during force_close
     (bnc#1012382).
   - vrf: Fix use after free and double free in vrf_finish_output
     (bnc#1012382).
   - vt: change SGR 21 to follow the standards (bnc#1012382).
   - vti6: better validate user provided tunnel names (bnc#1012382).
   - vxlan: dont migrate permanent fdb entries during learn (bnc#1012382).
   - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382).
   - wan: pc300too: abort path on failure (bnc#1012382).
   - watchdog: hpwdt: Check source of NMI (bnc#1012382).
   - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
   - watchdog: hpwdt: SMBIOS check (bnc#1012382).
   - watchdog: hpwdt: fix unused variable warning (bnc#1012382).
   - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679).
   - wil6210: fix memory access violation in wil_memcpy_from/toio_32
     (bnc#1012382).
   - wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382).
   - workqueue: Allow retrieval of current task's work struct (bnc#1012382).
   - writeback: fix the wrong congested state variable definition
     (bnc#1012382).
   - x86/MCE: Serialize sysfs changes (bnc#1012382).
   - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382).
   - x86/asm: Do not use RBP as a temporary register in
     csum_partial_copy_generic() (bnc#1012382).
   - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382).
   - x86/build/64: Force the linker to use 2MB page size (bnc#1012382).
   - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
   - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560
     bsc#1083836).
   - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560
     bsc#1083836).
   - x86/kaiser: Use a per-CPU trampoline stack for kernel entry
     (bsc#1077560).
   - x86/kaiser: enforce trampoline stack alignment (bsc#1087260).
   - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382).
   - x86/mm: implement free pmd/pte page interfaces (bnc#1012382).
   - x86/module: Detect and skip invalid relocations (bnc#1012382).
   - x86/platform/uv: Skip UV runtime services mapping in the
     efi_runtime_disabled case (bsc#1089925).
   - x86/speculation: Remove Skylake C2 from Speculation Control microcode
     blacklist (bsc#1087845).
   - x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382).
   - x86/vm86/32: Fix POPF emulation (bnc#1012382).
   - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382).
   - x86: i8259: export legacy_pic symbol (bnc#1012382).
   - xen-blkfront: fix mq start/stop race (bsc#1085042).
   - xen-netback: use skb to determine number of required guest Rx requests
     (bsc#1046610).
   - xen: avoid type warning in xchg_xen_ulong (bnc#1012382).
   - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit
     systems (bnc#1012382).
   - xfrm: fix state migration copy replay sequence numbers (bnc#1012382).
   - xfrm_user: uncoditionally validate esn replay attribute struct
     (bnc#1012382).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP3:

      zypper in -t patch SUSE-SLE-RT-12-SP3-2018-842=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64):

      cluster-md-kmp-rt-4.4.128-3.11.1
      cluster-md-kmp-rt-debuginfo-4.4.128-3.11.1
      dlm-kmp-rt-4.4.128-3.11.1
      dlm-kmp-rt-debuginfo-4.4.128-3.11.1
      gfs2-kmp-rt-4.4.128-3.11.1
      gfs2-kmp-rt-debuginfo-4.4.128-3.11.1
      kernel-rt-4.4.128-3.11.1
      kernel-rt-base-4.4.128-3.11.1
      kernel-rt-base-debuginfo-4.4.128-3.11.1
      kernel-rt-debuginfo-4.4.128-3.11.1
      kernel-rt-debugsource-4.4.128-3.11.1
      kernel-rt-devel-4.4.128-3.11.1
      kernel-rt_debug-debuginfo-4.4.128-3.11.1
      kernel-rt_debug-debugsource-4.4.128-3.11.1
      kernel-rt_debug-devel-4.4.128-3.11.1
      kernel-rt_debug-devel-debuginfo-4.4.128-3.11.1
      kernel-syms-rt-4.4.128-3.11.1
      ocfs2-kmp-rt-4.4.128-3.11.1
      ocfs2-kmp-rt-debuginfo-4.4.128-3.11.1

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch):

      kernel-devel-rt-4.4.128-3.11.1
      kernel-source-rt-4.4.128-3.11.1


References:

   https://www.suse.com/security/cve/CVE-2017-18257.html
   https://www.suse.com/security/cve/CVE-2018-10087.html
   https://www.suse.com/security/cve/CVE-2018-10124.html
   https://www.suse.com/security/cve/CVE-2018-1091.html
   https://www.suse.com/security/cve/CVE-2018-7740.html
   https://www.suse.com/security/cve/CVE-2018-8043.html
   https://www.suse.com/security/cve/CVE-2018-8822.html
   https://bugzilla.suse.com/1005778
   https://bugzilla.suse.com/1005780
   https://bugzilla.suse.com/1005781
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1015336
   https://bugzilla.suse.com/1015337
   https://bugzilla.suse.com/1015340
   https://bugzilla.suse.com/1015342
   https://bugzilla.suse.com/1015343
   https://bugzilla.suse.com/1019695
   https://bugzilla.suse.com/1019699
   https://bugzilla.suse.com/1022604
   https://bugzilla.suse.com/1022743
   https://bugzilla.suse.com/1024296
   https://bugzilla.suse.com/1031717
   https://bugzilla.suse.com/1046610
   https://bugzilla.suse.com/1060799
   https://bugzilla.suse.com/1064206
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1073059
   https://bugzilla.suse.com/1073069
   https://bugzilla.suse.com/1075091
   https://bugzilla.suse.com/1075428
   https://bugzilla.suse.com/1075994
   https://bugzilla.suse.com/1076033
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1083125
   https://bugzilla.suse.com/1083574
   https://bugzilla.suse.com/1083745
   https://bugzilla.suse.com/1083836
   https://bugzilla.suse.com/1084223
   https://bugzilla.suse.com/1084310
   https://bugzilla.suse.com/1084328
   https://bugzilla.suse.com/1084353
   https://bugzilla.suse.com/1084452
   https://bugzilla.suse.com/1084610
   https://bugzilla.suse.com/1084699
   https://bugzilla.suse.com/1084721
   https://bugzilla.suse.com/1084829
   https://bugzilla.suse.com/1084889
   https://bugzilla.suse.com/1084898
   https://bugzilla.suse.com/1084914
   https://bugzilla.suse.com/1084918
   https://bugzilla.suse.com/1084967
   https://bugzilla.suse.com/1085042
   https://bugzilla.suse.com/1085058
   https://bugzilla.suse.com/1085185
   https://bugzilla.suse.com/1085224
   https://bugzilla.suse.com/1085383
   https://bugzilla.suse.com/1085402
   https://bugzilla.suse.com/1085404
   https://bugzilla.suse.com/1085487
   https://bugzilla.suse.com/1085507
   https://bugzilla.suse.com/1085511
   https://bugzilla.suse.com/1085679
   https://bugzilla.suse.com/1085958
   https://bugzilla.suse.com/1085981
   https://bugzilla.suse.com/1086015
   https://bugzilla.suse.com/1086162
   https://bugzilla.suse.com/1086194
   https://bugzilla.suse.com/1086357
   https://bugzilla.suse.com/1086499
   https://bugzilla.suse.com/1086518
   https://bugzilla.suse.com/1086607
   https://bugzilla.suse.com/1087088
   https://bugzilla.suse.com/1087211
   https://bugzilla.suse.com/1087231
   https://bugzilla.suse.com/1087260
   https://bugzilla.suse.com/1087274
   https://bugzilla.suse.com/1087659
   https://bugzilla.suse.com/1087845
   https://bugzilla.suse.com/1087906
   https://bugzilla.suse.com/1087999
   https://bugzilla.suse.com/1088050
   https://bugzilla.suse.com/1088087
   https://bugzilla.suse.com/1088242
   https://bugzilla.suse.com/1088267
   https://bugzilla.suse.com/1088313
   https://bugzilla.suse.com/1088324
   https://bugzilla.suse.com/1088600
   https://bugzilla.suse.com/1088684
   https://bugzilla.suse.com/1088865
   https://bugzilla.suse.com/1088871
   https://bugzilla.suse.com/1089198
   https://bugzilla.suse.com/1089608
   https://bugzilla.suse.com/1089644
   https://bugzilla.suse.com/1089752
   https://bugzilla.suse.com/1089925
   https://bugzilla.suse.com/802154
   https://bugzilla.suse.com/810912
   https://bugzilla.suse.com/812592
   https://bugzilla.suse.com/813453
   https://bugzilla.suse.com/880131
   https://bugzilla.suse.com/966170
   https://bugzilla.suse.com/966172
   https://bugzilla.suse.com/966186
   https://bugzilla.suse.com/966191
   https://bugzilla.suse.com/969476
   https://bugzilla.suse.com/969477
   https://bugzilla.suse.com/981348

- -- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWvjxUYx+lLeg9Ub1AQjSyRAAgA9XpRZd/aOCyIGZ41gdDcrU3DyLFSMC
iJ+L6a9hWGboo3ZfssjbyjCiHJS0/cyCkbvEo+m1SmfXlzJ97ENu0+4p6Jrcz1Sn
EBeLnEMiVO8LsPdRSVdaQ89zEOOOWHUpkmnBA7XrybS0O8JWvgyFmUZ6xYsN4Nbi
cGBiKIbHuICFjZoNy4+NQ0PyRjGO9lFQlCLDth/VDcJzv9y8OE27vbnWpLSiKczd
qriKaiDcvamkrlAhTO/urXvGwyQkkSoXEi8Qbs+D21YAf9WkXSYSrilLoaEH5sWC
RGCMZVoCJQNgkZbexpwiquqc+sHrbM78H+u9a34SOcDdKxME7jV0l6mDrSTRbdxK
mxn8HYgTERBa1eSbojpZH6R9B9b6cpct2RLWa4pGqmvqMqMUUaVk98cmUv2DscCU
9wVb3CBrJe4/cZ1K/F8BK5Tg9QtcoX5ejG6inrhweZEihDPGGlqqaqXLaQY44tpN
5Z2JBmkCOc3nlIIqJefgSjVJ7afWDAFoDrsVI4ogGy4eZrEcZ3bqIHmriWDugljm
ixejgHs7TkxfnKJQBxIdLy9AhsiH0mkjgQiui6T63MI6uSZKopotbRHNQh7l7L+m
ToZLCl4WIPfeyxCq0E/IB8T11LYq/TGT4cmGiZK9gNYsZLoH0qVs2uJ2lFWeN39J
UQgnb8Kzg+4=
=WNot
-----END PGP SIGNATURE-----

« Back to bulletins