ESB-2018.3416 - [SUSE] Linux Kernel: Multiple vulnerabilities 2018-11-01

Printable version
PGP/GPG verifiable version

Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

        SUSE Security Update: Security update for the Linux Kernel
                              1 November 2018


        AusCERT Security Bulletin Summary

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-18445 CVE-2018-18386 CVE-2017-18224

Reference:         ESB-2018.1335

Original Bulletin:

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2018:3589-1
Rating:             important
References:         #1046540 #1050319 #1050536 #1050540 #1051510 
                    #1055120 #1065600 #1066674 #1067126 #1067906 
                    #1076830 #1079524 #1083647 #1084760 #1084831 
                    #1086283 #1086288 #1094825 #1095805 #1099125 
                    #1100132 #1102881 #1103308 #1103543 #1104731 
                    #1105025 #1105536 #1106105 #1106110 #1106237 
                    #1106240 #1106838 #1107685 #1108241 #1108377 
                    #1108468 #1108828 #1108841 #1108870 #1109151 
                    #1109158 #1109217 #1109330 #1109739 #1109784 
                    #1109806 #1109818 #1109907 #1109911 #1109915 
                    #1109919 #1109951 #1110006 #1110096 #1110538 
                    #1110561 #1110921 #1111028 #1111076 #1111506 
                    #1111806 #1111819 #1111830 #1111834 #1111841 
                    #1111870 #1111901 #1111904 #1111928 #1111983 
                    #1112170 #1112173 #1112208 #1112219 #1112221 
                    #1112246 #1112372 #1112514 #1112554 #1112708 
                    #1112710 #1112711 #1112712 #1112713 #1112731 
                    #1112732 #1112733 #1112734 #1112735 #1112736 
                    #1112738 #1112739 #1112740 #1112741 #1112743 
                    #1112745 #1112746 #1112894 #1112899 #1112902 
                    #1112903 #1112905 #1112906 #1112907 #1113257 
Cross-References:   CVE-2017-16533 CVE-2017-18224 CVE-2018-18386
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
                    SUSE Linux Enterprise Module for Legacy Software 15
                    SUSE Linux Enterprise Module for Development Tools 15
                    SUSE Linux Enterprise Module for Basesystem 15
                    SUSE Linux Enterprise High Availability 15

   An update that solves four vulnerabilities and has 102
   fixes is now available.


   The SUSE Linux Enterprise 15 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-18445: A faulty computation of numeric bounds in the BPF
     verifier permits out-of-bounds memory accesses because
     adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit
     right shifts (bnc#1112372).
   - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
     able to access pseudo terminals) to hang/block further usage of any
     pseudo terminal devices due to an EXTPROC versus ICANON confusion in
     TIOCINQ (bnc#1094825).
   - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and
     consequently has a race condition for access to the extent tree during
     read operations in DIRECT mode, which allowed local users to cause a
     denial of service (BUG) by modifying a certain e_cpos field
   - CVE-2017-16533: The usbhid_parse function in
     drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
     service (out-of-bounds read and system crash) or possibly have
     unspecified other impact via a crafted USB device (bnc#1066674).

   The following non-security bugs were fixed:

   - acpi / processor: Fix the return value of acpi_processor_ids_walk()
   - acpica: Reference Counts: increase max to 0x4000 for large servers
   - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
   - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510).
   - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468).
   - arm: exynos: Clear global variable on init error path (bsc#1051510).
   - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510).
   - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq
     enabled (bsc#1051510).
   - arm: mvebu: declare asm symbols as character arrays in pmsu.c
   - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
   - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
   - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
   - ASoC: rt5514: Fix the issue of the delay volume applied again
   - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510).
   - ASoC: wm8804: Add ACPI support (bsc#1051510).
   - Btrfs: fix file data corruption after cloning a range and fsync
   - Btrfs: fix mount failure after fsync due to hard link recreation
   - Btrfs: send, fix invalid access to commit roots due to concurrent
     snapshotting (bsc#1111904).
   - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
   - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch.
   - Disable DRM patches that broke vbox video driver KMP (bsc#1111076)
   - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125).
   - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125).
   - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125).
   - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125).
   - HID: add support for Apple Magic Keyboards (bsc#1051510).
   - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510).
   - HID: hid-sensor-hub: Force logical minimum to 1 for power and report
     state (bsc#1051510).
   - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510).
   - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub
     report (bsc#1051510).
   - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510).
   - input: atakbd - fix Atari keymap (bsc#1051510).
   - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
     path as unlikely() (bsc#1110006).
   - kvm: svm: Add MSR-based feature support for serializing LFENCE
   - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry
   - kvm: vmx: raise internal error for exception during invalid protected
     mode state (bsc#1110006).
   - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
   - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006).
   - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240).
   - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update
   - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in
     use (bsc#1110006).
   - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled
   - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2
   - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer
   - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST
   - kvm: x86: Add a framework for supporting MSR-based features
   - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240).
   - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
   - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506).
   - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006).
   - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006).
   - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006).
   - nfc: trf7970a: fix check of clock frequencies, use && instead of ||
   - nfs: Avoid quadratic search when freeing delegations (bsc#1084760).
   - pci: Reprogram bridge prefetch registers on resume (bsc#1051510).
   - pci: dwc: Fix scheduling while atomic issues (git-fixes).
   - pci: hv: Do not wait forever on a device that has disappeared
   - pm / Domains: Fix genpd to deal with drivers returning 1 from
     ->prepare() (bsc#1051510).
   - pm / core: Clear the direct_complete flag on errors (bsc#1051510).
   - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006).
   - rdma/bnxt_re: Fix system crash during RDMA resource initialization
   - Revert "Limit kernel-source build to architectures for which we build
     binaries" This reverts commit d6435125446d740016904abe30a60611549ae812.
   - Revert "cdc-acm: implement put_char() and flush_chars()" (bsc#1051510).
   - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510).
   - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510).
   - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510).
   - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237).
   - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510).
   - Revert "mwifiex: handle race during mwifiex_usb_disconnect"
   - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)"
   - Revert "slab: __GFP_ZERO is incompatible with a constructor"
     (bnc#1108828) This reverts commit
     de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have
     false possitives in the tree.
   - Revert "ubifs: xattr: Do not operate on deleted inodes" (bsc#1051510).
   - Squashfs: Compute expected length from inode size rather than block
     length (bsc#1051510).
   - usb: Add quirk to support DJI CineSSD (bsc#1051510).
   - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB
     controller (bsc#1051510).
   - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510).
   - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510).
   - usb: remove LPM management from usb_driver_claim_interface()
   - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510).
   - usb: yurex: Check for truncation in yurex_read() (bsc#1051510).
   - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510).
   - Use upstream version of pci-hyperv patch (35a88a1)
   - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS
     handle (bsc#1099125).
   - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes).
   - apparmor: Check buffer bounds when mapping permissions mask (git-fixes).
   - apparmor: Fix failure to audit context info in build_change_hat
   - apparmor: Fully initialize aa_perms struct when answering userspace
     query (bsc#1051510).
   - apparmor: fix mediation of prlimit (bsc#1051510).
   - apparmor: fix memory leak when deduping profile load (bsc#1051510).
   - apparmor: fix ptrace read check (bsc#1051510).
   - asix: Check for supported Wake-on-LAN modes (bsc#1051510).
   - ath10k: fix kernel panic issue during pci probe (bsc#1051510).
   - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510).
   - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510).
   - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510).
   - audit: fix use-after-free in audit_add_watch (bsc#1051510).
   - batman-adv: Avoid probe ELP information leak (bsc#1051510).
   - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510).
   - batman-adv: Fix segfault when writing to sysfs elp_interval
   - batman-adv: Fix segfault when writing to throughput_override
   - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510).
   - batman-adv: Prevent duplicated global TT entry (bsc#1051510).
   - batman-adv: Prevent duplicated nc_node entry (bsc#1051510).
   - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510).
   - batman-adv: Prevent duplicated tvlv handler (bsc#1051510).
   - batman-adv: fix backbone_gw refcount on queue_work() failure
   - batman-adv: fix hardif_neigh refcount on queue_work() failure
   - bdi: Fix another oops in wb_workfn() (bsc#1112746).
   - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746).
   - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288).
   - be2net: remove unused old AIC info (bsc#1086288).
   - be2net: remove unused old custom busy-poll fields (bsc#1086288 ).
   - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713).
   - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
   - block, bfq: fix wrong init of saved start time for weight raising
   - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712).
   - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834).
   - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319).
   - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319).
   - bpf/verifier: disallow pointer subtraction (bsc#1083647).
   - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096).
   - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes
   - btrfs: handle errors while updating refcounts in update_ref_for_cow
     (Git-fixes bsc#1109915).
   - cdc-acm: fix race between reset and control messaging (bsc#1051510).
   - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983).
   - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
   - cifs: Fix use after free of a mid_q_entry (bsc#1112903).
   - cifs: fix memory leak in SMB2_open() (bsc#1112894).
   - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510).
   - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
   - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
   - clk: tegra: bpmp: Do not crash when a clock fails to register
   - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510).
   - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
   - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for
     non-am43 SoCs (bsc#1051510).
   - clocksource/drivers/timer-atmel-pit: Properly handle error cases
   - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510).
   - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006).
   - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC
   - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510).
   - crypto: cavium/nitrox - fix for command corruption in queue full case
     with backlog submissions (bsc#1051510).
   - crypto: ccp - add timeout support in the SEV command (bsc#1106838).
   - crypto: chelsio - Fix memory corruption in DMA Mapped buffers
   - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510).
   - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
   - cxgb4: fix abort_req_rss6 struct (bsc#1046540).
   - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ).
   - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951).
   - debugobjects: Make stack check warning more informative (bsc#1051510).
   - declance: Fix continuation with the adapter identification message
   - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510).
   - drivers/base: stop new probing during shutdown (bsc#1051510).
   - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510).
   - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510).
   - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510).
   - drm/amdgpu: Fix vce work queue was not cancelled when suspend
   - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510).
   - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510).
   - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510).
   - drm/amdgpu: add new polaris pci id (bsc#1051510).
   - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
   - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset
     v2" (bsc#1051510).
   - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510).
   - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510).
   - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510).
   - drm/i915: Handle incomplete Z_FINISH for compressed error states
   - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from
     VBIOS (bsc#1051510).
   - drm/nouveau/debugfs: Wake up GPU before doing any reclocking
   - drm/nouveau/disp: fix DP disable race (bsc#1051510).
   - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on
     suspend/unload (bsc#1051510).
   - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
   - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in
     connector_detect() (bsc#1051510).
   - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510).
   - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510).
   - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510).
   - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110)
   - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510).
   - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510).
   - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510).
   - e1000: check on netif_running() before calling e1000_up() (bsc#1051510).
   - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510).
   - eeprom: at24: change nvmem stride to 1 (bsc#1051510).
   - eeprom: at24: check at24_read/write arguments (bsc#1051510).
   - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510).
   - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
     definition for mixed mode (bsc#1110006).
   - enic: do not call enic_change_mtu in enic_probe (bsc#1051510).
   - enic: handle mtu change for vf properly (bsc#1051510).
   - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510).
   - ethtool: Remove trailing semicolon for static inline (bsc#1051510).
   - ethtool: fix a privilege escalation bug (bsc#1076830).
   - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510).
   - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554).
   - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736).
   - ext4: avoid divide by zero fault when deleting corrupted inline
     directories (bsc#1112735).
   - ext4: check for NUL characters in extended attribute's name
   - ext4: check to make sure the rename(2)'s destination is not freed
   - ext4: do not mark mmp buffer head dirty (bsc#1112743).
   - ext4: fix online resize's handling of a too-small final block group
   - ext4: fix online resizing for bigalloc file systems with a 1k block size
   - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733).
   - ext4: recalucate superblock checksum after updating free blocks/inodes
   - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731).
   - ext4: show test_dummy_encryption mount option in /proc/mounts
   - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510).
   - firmware, DMI: Add function to look up a handle and return DIMM size
   - firmware: raspberrypi: Register hwmon driver (bsc#1108468).
   - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
   - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745).
   - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510).
   - gpio: Fix crash due to registration race (bsc#1051510).
   - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510).
   - gpio: mb86s70: Revert "Return error if requesting an already assigned
     gpio" (bsc#1051510).
   - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
   - gpiolib: Free the last requested descriptor (bsc#1051510).
   - hfs: prevent crash on exit from failed search (bsc#1051510).
   - hfsplus: do not return 0 when fill_super() failed (bsc#1051510).
   - hfsplus: stop workqueue when fill_super() failed (bsc#1051510).
   - hv: avoid crash in vmbus sysfs files (bnc#1108377).
   - hv_netvsc: fix schedule in RCU context ().
   - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510).
   - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510).
   - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510).
   - hwmon: Add support for RPi voltage sensor (bsc#1108468).
   - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468).
   - hypfs_kill_super(): deal with failed allocations (bsc#1051510).
   - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510).
   - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510).
   - intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
   - iommu/amd: Clear memory encryption mask from physical address
   - iommu/arm-smmu: Error out only if not enough context interrupts
   - iommu/vt-d: Add definitions for PFSID (bsc#1106237).
   - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
   - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237).
   - ipmi:ssif: Add support for multi-part transmit messages > 2 parts
   - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes).
   - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed
     on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510).
   - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a
     debug dump (bsc#1051510).
   - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
   - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510).
   - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
   - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510).
   - iwlwifi: mvm: send BCAST management frames to the right station
   - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value
   - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510).
   - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257).
   - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240).
   - kabi protect enum mem_type (bsc#1099125).
   - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006).
   - kprobes/x86: Fix %p uses in error messages (bsc#1110006).
   - kprobes/x86: Prohibit probing on exception masking instructions
   - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM
     Functionality bsc#1111806).
   - kvm, mm: account shadow page tables to kmemcg (bsc#1110006).
   - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506).
   - kvm: Make VM ioctl do valloc for some archs (bsc#1111506).
   - kvm: x86: Set highest physical address bits in non-present/reserved
     SPTEs (bsc#1106240).
   - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006).
   - kvmclock: fix TSC calibration for nested guests (bsc#1110006).
   - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
   - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
   - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510).
   - libertas: call into generic suspend code before turning off power
   - liquidio: fix hang when re-binding VF host drv after running DPDK VF
     driver (bsc#1067126).
   - liquidio: fix kernel panic in VF driver (bsc#1067126).
   - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711).
   - loop: do not call into filesystem while holding lo_ctl_mutex
   - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284).
   - mac80211: Fix station bandwidth setting after channel switch
   - mac80211: Run TXQ teardown code before de-registering interfaces
   - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510).
   - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510).
   - mac80211: do not convert to A-MSDU if frag/subframe limited
   - mac80211: fix a race between restart and CSA flows (bsc#1051510).
   - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
   - mac80211: mesh: fix HWMP sequence numbering to follow standard
   - mac80211: minstrel: fix using short preamble CCK rates on HT clients
   - mac80211: shorten the IBSS debug messages (bsc#1051510).
   - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510).
   - mac80211_hwsim: require at least one channel (bsc#1051510).
   - mach64: detect the dot clock divider correctly on sparc (bsc#1051510).
   - media: af9035: prevent buffer overflow on write (bsc#1051510).
   - media: davinci: vpif_display: Mix memory leak on probe error path
   - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510).
   - media: helene: fix xtal frequency setting at power on (bsc#1051510).
   - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
   - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new,
     copy_time} functions (bsc#1051510).
   - media: soc_camera: ov772x: correct setting of banding filter
   - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510).
   - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510).
   - media: videobuf2-core: check for q->error in vb2_core_qbuf()
   - mm/migrate: Use spin_trylock() while resetting rate limit ().
   - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
     (Git-fixes bsc#1109907).
   - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028).
   - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal
   - mmc: block: avoid multiblock reads for the last sector in SPI mode
   - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510).
   - net: add support for Cavium PTP coprocessor (bsc#1110096).
   - net: cavium: fix NULL pointer dereference in cavium_ptp_put
   - net: cavium: use module_pci_driver to simplify the code (bsc#1110096).
   - net: thunder: change q_len's type to handle max ring size (bsc#1110096).
   - net: thunderx: Set max queue count taking XDP_TX into account
   - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096).
   - net: thunderx: add XCAST messages handlers for PF (bsc#1110096).
   - net: thunderx: add multicast filter management support (bsc#1110096).
   - net: thunderx: add ndo_set_rx_mode callback implementation for VF
   - net: thunderx: add new messages for handle ndo_set_rx_mode callback
   - net: thunderx: add timestamping support (bsc#1110096).
   - net: thunderx: add workqueue control structures for handle
     ndo_set_rx_mode request (bsc#1110096).
   - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096).
   - net: thunderx: fix double free error (bsc#1110096).
   - net: thunderx: move filter register related macro into proper place
   - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode
   - net: thunderx: remove a couple of redundant assignments (bsc#1110096).
   - net: thunderx: rework mac addresses list to u64 array (bsc#1110096).
   - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O
   - objtool, kprobes/x86: Sync the latest <asm/insn.h> header with
     tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006).
   - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510).
   - orangefs: initialize op on loop restart in orangefs_devreq_read
   - orangefs: use list_for_each_entry_safe in purge_waiting_ops
   - orangefs_kill_sb(): deal with allocation failures (bsc#1051510).
   - ovl: Sync upper dirty data when syncing overlayfs (git-fixes).
   - ovl: fix format of setxattr debug (git-fixes).
   - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006).
   - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
   - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006).
   - perf/x86/intel/uncore: Correct fixed counter index check for NHM
   - perf/x86/intel/uncore: Correct fixed counter index check in generic code
   - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006).
   - perf/x86/intel: Do not accidentally clear high bits in
     bdw_limit_period() (bsc#1110006).
   - perf/x86/intel: Fix event update for auto-reload (bsc#1110006).
   - perf/x86/intel: Fix large period handling on Broadwell CPUs
   - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
   - perf/x86/intel: Properly save/restore the PMU state in the NMI handler
   - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
   - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
   - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
   - powerpc/firmware: Add definitions for new drc-info firmware feature
   - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784).
   - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
   - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158).
   - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158).
   - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158).
   - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).
   - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug
     (bsc#1079524, git-fixes).
   - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO
   - powerpc/rtas: Fix a potential race between CPU-Offline & Migration
   - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208).
   - printk: drop in_nmi check from printk_safe_flush_on_panic()
   - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf:
   - ptrace,x86: Make user_64bit_mode() available to 32-bit builds
   - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217).
   - qed: Avoid sending mailbox commands when MFW is not responsive
   - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode
   - qed: Fix populating the invalid stag value in multi function mode
   - qed: Fix shmem structure inconsistency between driver and the mfw
   - qed: Prevent a possible deadlock during driver load and unload
   - qed: Wait for MCP halt and resume commands to take place (bsc#1050536).
   - qed: Wait for ready indication before rereading the shmem (bsc#1050536).
   - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540).
   - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
   - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510).
   - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
   - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
   - rculist: Improve documentation for list_for_each_entry_from_rcu()
   - rculist: add list_for_each_entry_from_rcu() (bsc#1084760).
   - reiserfs: add check to detect corrupted directory entry (bsc#1109818).
   - reiserfs: do not panic on bad directory entries (bsc#1109818).
   - rename a hv patch to reduce conflicts in -AZURE
   - reorder a qedi patch to allow further work in this branch
   - rpc_pipefs: fix double-dput() (bsc#1051510).
   - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510).
   - sched/numa: Limit the conditions where scan period is reset ().
   - scsi: core: Allow state transitions from OFFLINE to BLOCKED
   - scsi: ipr: Eliminate duplicate barriers ().
   - scsi: ipr: Use dma_pool_zalloc() ().
   - scsi: ipr: fix incorrect indentation of assignment statement ().
   - scsi: libfc: check fc_frame_payload_get() return value for null
   - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
   - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538).
   - scsi: qedi: Initialize the stats mutex lock (bsc#1110538).
   - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870).
   - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870).
   - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured
   - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870).
   - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870).
   - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830).
   - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870).
   - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870).
   - scsi: qla2xxx: Move log messages before issuing command to firmware
   - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870).
   - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870).
   - scsi: target: prefer dbroot of /etc/target over /var/target
   - selftests/x86: Add tests for User-Mode Instruction Prevention
   - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006).
   - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510).
   - serial: cpm_uart: return immediately from console poll (bsc#1051510).
   - serial: imx: restore handshaking irq for imx1 (bsc#1051510).
   - series.conf: moved some Xen patches to the sorted region xen/blkfront:
     correct purging of persistent grants (bnc#1112514).
   - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).
   - smb2: fix missing files in root share directory listing (bsc#1112907).
   - smb3: fill in statfs fsid and correct namelen (bsc#1112905).
   - smb3: fix reset of bytes read and written stats (bsc#1112906).
   - smb3: on reconnect set PreviousSessionId field (bsc#1112899).
   - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
   - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510).
   - sock_diag: fix use-after-free read in __sk_free (bsc#1051510).
   - soreuseport: initialise timewait reuseport field (bsc#1051510).
   - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510).
   - sound: enable interrupt after dma buffer initialization (bsc#1051510).
   - spi: rspi: Fix interrupted DMA transfers (bsc#1051510).
   - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510).
   - spi: sh-msiof: Fix handling of write value for SISTR register
   - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510).
   - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510).
   - squashfs metadata 2: electric boogaloo (bsc#1051510).
   - squashfs: be more careful about metadata corruption (bsc#1051510).
   - squashfs: more metadata hardening (bsc#1051510).
   - squashfs: more metadata hardening (bsc#1051510).
   - stm: Potential read overflow in stm_char_policy_set_ioctl()
   - supported.conf: added cavium_ptp
   - supported.conf: mark raspberrypi-hwmon as supported
   - switchtec: Fix Spectre v1 vulnerability (bsc#1051510).
   - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes).
   - target: log Data-Out timeouts as errors (bsc#1095805).
   - target: log NOP ping timeouts as errors (bsc#1095805).
   - target: split out helper for cxn timeout error stashing (bsc#1095805).
   - target: stash sess_err_stats on Data-Out timeout (bsc#1095805).
   - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).
   - team: Forbid enslaving team device to itself (bsc#1051510).
   - thermal: of-thermal: disable passive polling when thermal zone is
     disabled (bsc#1051510).
   - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510).
   - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510).
   - tracing/x86/xen: Remove zero data size trace events
     trace_xen_mmu_flush_tlb{_all} (bsc#1110006).
   - tracing: Add barrier to trace_printk() buffer nesting modification
   - tsl2550: fix lux1_input error in low light (bsc#1051510).
   - tty: Drop tty->count on tty_reopen() failure (bsc#1051510).
   - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510).
   - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510).
   - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510).
   - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510).
   - ubifs: Check for name being NULL while mounting (bsc#1051510).
   - udp: Unbreak modules that rely on external __skb_recv_udp() availability
   - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006).
   - usb: Avoid use-after-free by flushing endpoints early in
     usb_set_interface() (bsc#1051510).
   - usb: cdc_acm: Do not leak URB buffers (bsc#1051510).
   - usb: dwc2: Turn on uframe_sched on "amlogic" platforms (bsc#1102881).
   - usb: dwc2: Turn on uframe_sched on "bcm" platforms (bsc#1102881).
   - usb: dwc2: Turn on uframe_sched on "his" platforms (bsc#1102881).
   - usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms
   - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
   - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in
     u132_get_frame() (bsc#1051510).
   - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510).
   - usb: musb: dsps: do not disable CPPI41 irq in driver teardown
   - usb: uas: add support for more quirk flags (bsc#1051510).
   - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510).
   - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510).
   - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
   - uwb: hwa-rc: fix memory leak at probe (bsc#1051510).
   - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user
     page (bsc#1110006).
   - virtio: pci-legacy: Validate queue pfn (bsc#1051510).
   - vmbus: do not return values for uninitalized channels (bsc#1051510).
   - vti4: Do not count header length twice on tunnel setup (bsc#1051510).
   - vti6: fix PMTU caching and reporting on xmit (bsc#1051510).
   - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510).
   - x86-64/realmode: Add instruction suffix (bsc#1110006).
   - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup
     to avoid even warning about statement without effect.
   - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
   - x86/CPU: Add a microcode loader callback (bsc#1110006).
   - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006).
   - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006).
   - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr()
   - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush()
   - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
   - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
   - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006).
   - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006).
   - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006).
   - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
   - x86/MCE: Remove min interval polling limitation (bsc#1110006).
   - x86/MCE: Report only DRAM ECC as memory errors on AMD systems
   - x86/MCE: Serialize sysfs changes (bsc#1110006).
   - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
   - x86/alternatives: Fixup alternative_call_2 (bsc#1110006).
   - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
     specified (bsc#1110006).
   - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
   - x86/asm: Allow again using asm.h when building for the 'bpf' clang
     target (bsc#1110006).
   - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006).
   - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006).
   - x86/boot/compressed/64: Print error if 5-level paging is not supported
   - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006).
   - x86/boot: Move EISA setup to a separate file (bsc#1110006).
   - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006).
   - x86/build: Beautify build log of syscall headers (bsc#1110006).
   - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not
   - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006).
   - x86/cpufeature: Add User-Mode Instruction Prevention definitions
   - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006).
   - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature
   - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash
   - x86/decoder: Add new TEST instruction pattern (bsc#1110006).
   - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y
   - x86/eisa: Add missing include (bsc#1110006).
   - x86/entry/64: Add two more instruction suffixes (bsc#1110006).
   - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006).
   - x86/entry: Reduce the code footprint of the 'idtentry' macro
   - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
   - x86/fpu/debug: Remove unused 'x86_fpu_state' and
     'x86_fpu_deactivate_state' tracepoints (bsc#1110006).
   - x86/fpu: Make XSAVE check the base CPUID features before enabling
   - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006).
   - x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
   - x86/fpu: Remove the explicit clearing of XSAVE dependent features
   - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006).
   - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006).
   - x86/intel_rdt: Fix incorrect returned value when creating rdgroup
     sub-directory in resctrl file system (bsc#1110006).
   - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006).
   - x86/intel_rdt: Fix potential deadlock during resctrl unmount
   - x86/irq: Remove an old outdated comment about context tracking races
   - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006).
   - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006).
   - x86/kprobes: Fix kernel crash when probing .entry_trampoline code
   - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006).
   - x86/mce/AMD: Get address from already initialized block (bsc#1110006).
   - x86/mce: Add notifier_block forward declaration (bsc#1110006).
   - x86/mce: Check for alternate indication of machine check recovery on
     Skylake (bsc#1110006).
   - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006).
   - x86/mce: Fix incorrect "Machine check from unknown source" message
   - x86/microcode/intel: Check microcode revision before updating sibling
     threads (bsc#1110006).
   - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006).
   - x86/microcode/intel: Look into the patch cache first (bsc#1110006).
   - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006).
   - x86/microcode/intel: Writeback and invalidate caches before updating
     microcode (bsc#1110006).
   - x86/microcode: Allow late microcode loading with SMT disabled
   - x86/microcode: Attempt late loading only when new microcode is present
   - x86/microcode: Do not exit early from __reload_late() (bsc#1110006).
   - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006).
   - x86/microcode: Fix CPU synchronization routine (bsc#1110006).
   - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006).
   - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
   - x86/microcode: Make the late update update_lock a raw lock for RT
   - x86/microcode: Propagate return value from updating functions
   - x86/microcode: Request microcode on the BSP (bsc#1110006).
   - x86/microcode: Synchronize late microcode loading (bsc#1110006).
   - x86/microcode: Update the new microcode revision unconditionally
   - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all()
   - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to
     'nr_pages' (bsc#1110006).
   - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006).
   - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006).
   - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006).
   - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006).
   - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006).
   - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006).
   - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
   - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead
     of this_cpu_has() in build_cr3_noflush() (bsc#1110006).
   - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006).
   - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006).
   - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006).
   - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006).
   - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006).
   - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
   - x86/paravirt: Fix some warning messages (bnc#1065600).
   - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006).
   - x86/percpu: Fix this_cpu_read() (bsc#1110006).
   - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006).
   - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006).
   - x86/pti: Check the return value of pti_user_pagetable_walk_p4d()
   - x86/pti: Check the return value of pti_user_pagetable_walk_pmd()
   - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006).
   - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006).
   - x86/smp: fix non-SMP broken build due to redefinition of
     apic_id_is_primary_thread (bsc#1110006).
   - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006).
   - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
   - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on
     32-bit kernels (bsc#1110006).
   - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006).
   - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006).
   - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
   - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006).
   - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006).
   - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006).
   - x86/speculation/l1tf: Protect PAE swap entries against L1TF
   - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
   - x86/time: Correct the attribute on jiffies' definition (bsc#1110006).
   - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly
     across CPU hotplug operations (bsc#1110006).
   - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006).
   - x86/tsc: Allow TSC calibration without PIT (bsc#1110006).
   - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006).
   - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006).
   - x86/vdso: Fix vDSO syscall fallback asm constraint regression
   - x86/xen: Delay get_cpu_cap until stack canary is established
   - x86/xen: Drop 5-level paging support code from the XEN_PV code
   - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006).
   - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006).
   - x86: Add check for APIC access address for vmentry of L2 guests
   - x86: Call fixup_exception() before notify_die() in math_error()
   - x86: Delay skip of emulated hypercall instruction (bsc#1110006).
   - x86: PM: Make APM idle driver initialize polling state (bsc#1110006).
   - x86: i8259: Add missing include file (bsc#1110006).
   - x86: kvm: avoid unused variable warning (bsc#1110006).
   - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
   - xen/PVH: Set up GS segment for stack canary (bsc#1110006).
   - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
   - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling
     code (bsc#1110006).
   - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
   - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600).
   - xfrm: use complete IPv6 addresses for hash (bsc#1109330).
   - xfs: do not fail when converting shortform attr to long form during
     ATTR_REPLACE (bsc#1105025).
   - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
   - xhci: Do not print a warning when setting link state for disabled ports

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15:

      zypper in -t patch SUSE-SLE-Product-WE-15-2018-2547=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2547=1

   - SUSE Linux Enterprise Module for Legacy Software 15:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2547=1

   - SUSE Linux Enterprise Module for Development Tools 15:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2547=1

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2547=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2018-2547=1

Package List:

   - SUSE Linux Enterprise Workstation Extension 15 (x86_64):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):


   - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15 (noarch):


   - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Basesystem 15 (noarch):


   - SUSE Linux Enterprise Module for Basesystem 15 (s390x):


   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):



- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.


« Back to bulletins