ESB-2018.3706 - [SUSE] Linux kernel: Multiple vulnerabilities 2018-11-29

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3706
         SUSE-SU-2018:3934-1: Security update for the Linux Kernel
                             29 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-18710 CVE-2018-18445 CVE-2018-18386
                   CVE-2017-18224 CVE-2017-16533 

Reference:         ESB-2018.3552
                   ESB-2018.3425
                   ESB-2017.2980
                   ESB-2017.2979

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20183934-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3934-1
Rating:             important
References:         #1051510 #1055120 #1061840 #1065600 #1066674 
                    #1067906 #1076830 #1079524 #1083647 #1084760 
                    #1084831 #1086196 #1091800 #1094825 #1095805 
                    #1100132 #1101138 #1103356 #1103543 #1103925 
                    #1104124 #1104731 #1105025 #1105428 #1105536 
                    #1106110 #1106237 #1106240 #1106287 #1106359 
                    #1106838 #1108377 #1108468 #1108870 #1109330 
                    #1109739 #1109772 #1109784 #1109806 #1109818 
                    #1109907 #1109911 #1109915 #1109919 #1109951 
                    #1110006 #1111040 #1111076 #1111506 #1111806 
                    #1111811 #1111819 #1111830 #1111834 #1111841 
                    #1111870 #1111901 #1111904 #1111921 #1111928 
                    #1111983 #1112170 #1112173 #1112208 #1112219 
                    #1112221 #1112246 #1112372 #1112514 #1112554 
                    #1112708 #1112710 #1112711 #1112712 #1112713 
                    #1112731 #1112732 #1112733 #1112734 #1112735 
                    #1112736 #1112738 #1112739 #1112740 #1112741 
                    #1112743 #1112745 #1112746 #1112878 #1112894 
                    #1112899 #1112902 #1112903 #1112905 #1112906 
                    #1112907 #1113257 #1113284 #1113295 #1113408 
                    #1113667 #1113722 #1113751 #1113780 #1113972 
                    #1114279 
Cross-References:   CVE-2017-16533 CVE-2017-18224 CVE-2018-18386
                    CVE-2018-18445 CVE-2018-18710
Affected Products:
                    SUSE Linux Enterprise Server 12-SP4
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 101 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
     drivers/cdrom/cdrom.c could be used by local attackers to read kernel
     memory because a cast from unsigned long to int interferes with bounds
     checking. This is similar to CVE-2018-10940 and CVE-2018-16658
     (bnc#1113751).
   - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier
     permits out-of-bounds memory accesses because adjust_scalar_min_max_vals
     in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372).
   - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
     able to access pseudo terminals) to hang/block further usage of any
     pseudo terminal devices due to an EXTPROC versus ICANON confusion in
     TIOCINQ (bnc#1094825).
   - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and
     consequently has a race condition for access to the extent tree during
     read operations in DIRECT mode, which allowed local users to cause a
     denial of service (BUG) by modifying a certain e_cpos field
     (bnc#1084831).
   - CVE-2017-16533: The usbhid_parse function in
     drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
     service (out-of-bounds read and system crash) or possibly have
     unspecified other impact via a crafted USB device (bnc#1066674).

   The following non-security bugs were fixed:

   - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128).
   - acpi / processor: Fix the return value of acpi_processor_ids_walk()
     (bsc#1051510).
   - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes).
   - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
   - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
     (bsc#1051510).
   - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
   - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
   - alsa: hda: fix unused variable warning (bsc#1051510).
   - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
     (bsc#1051510).
   - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
     (bsc#1051510).
   - alsa: usb-audio: update quirk for B&W PX to remove microphone
     (bsc#1051510).
   - apparmor: Check buffer bounds when mapping permissions mask (git-fixes).
   - ARM: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468).
   - ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
     (bsc#1051510).
   - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
   - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
   - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
   - ASoC: rt5514: Fix the issue of the delay volume applied again
     (bsc#1051510).
   - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510).
   - ASoC: wm8804: Add ACPI support (bsc#1051510).
   - ath10k: fix kernel panic issue during pci probe (bsc#1051510).
   - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510).
   - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510).
   - autofs: fix autofs_sbi() does not check super block type (git-fixes).
   - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
   - autofs: mount point create should honour passed in mode (git-fixes).
   - badblocks: fix wrong return value in badblocks_set if badblocks are
     disabled (git-fixes).
   - batman-adv: Avoid probe ELP information leak (bsc#1051510).
   - batman-adv: fix backbone_gw refcount on queue_work() failure
     (bsc#1051510).
   - batman-adv: fix hardif_neigh refcount on queue_work() failure
     (bsc#1051510).
   - bdi: Fix another oops in wb_workfn() (bsc#1112746).
   - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746).
   - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
     (bsc#1111819).
   - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713).
   - block, bfq: fix wrong init of saved start time for weight raising
     (bsc#1112708).
   - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712).
   - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834).
   - bpf/verifier: disallow pointer subtraction (bsc#1083647).
   - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
     for bsc#1113667).
   - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
   - btrfs: fix file data corruption after cloning a range and fsync
     (bsc#1111901).
   - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes
     bsc#1109919).
   - btrfs: fix mount failure after fsync due to hard link recreation
     (bsc#1103543).
   - btrfs: handle errors while updating refcounts in update_ref_for_cow
     (Git-fixes bsc#1109915).
   - btrfs: send, fix invalid access to commit roots due to concurrent
     snapshotting (bsc#1111904).
   - cdc-acm: fix race between reset and control messaging (bsc#1051510).
   - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983).
   - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
     (bsc#1051510).
   - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
   - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
   - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359).
   - cifs: fix memory leak in SMB2_open() (bsc#1112894).
   - cifs: fix memory leak in SMB2_open() (bsc#1112894).
   - cifs: Fix use after free of a mid_q_entry (bsc#1112903).
   - cifs: Fix use after free of a mid_q_entry (bsc#1112903).
   - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
     (bsc#1051510).
   - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510).
   - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for
     non-am43 SoCs (bsc#1051510).
   - clocksource/drivers/timer-atmel-pit: Properly handle error cases
     (bsc#1051510).
   - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510).
   - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).
   - crypto: ccp - add timeout support in the SEV command (bsc#1106838).
   - crypto: chelsio - Fix memory corruption in DMA Mapped buffers
     (bsc#1051510).
   - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).
   - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510).
   - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
     (bsc#1051510).
   - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).
   - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951).
   - debugobjects: Make stack check warning more informative (bsc#1051510).
   - Disable DRM patches that broke vbox video driver KMP (bsc#1111076)
   - Documentation/l1tf: Fix small spelling typo (bsc#1051510).
   - do d_instantiate/unlock_new_inode combinations safely (git-fixes).
   - Do not leak MNT_INTERNAL away from internal mounts (git-fixes).
   - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510).
   - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
     (bsc#1106110)
   - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510).
   - drm/amdgpu: Fix vce work queue was not cancelled when suspend
     (bsc#1106110)
   - drm/amdgpu/powerplay: fix missing break in switch statements
     (bsc#1113722)
   - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510).
   - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset
     v2" (bsc#1051510).
   - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510).
   - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer
     (bsc#1113722)
   - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth
     (bsc#1113722)
   - drm/i915/audio: Hook up component bindings even if displays are
     (bsc#1113722)
   - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit
     panel's native mode (bsc#1051510).
   - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
     (bsc#1113722)
   - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510).
   - drm/i915: Restore vblank interrupts earlier (bsc#1051510).
   - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510).
   - drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
   - drm/msm: fix OF child-node lookup (bsc#1106110)
   - drm/nouveau/disp: fix DP disable race (bsc#1051510).
   - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).
   - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from
     VBIOS (bsc#1051510).
   - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)
   - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110)
   - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722)
   - e1000: check on netif_running() before calling e1000_up() (bsc#1051510).
   - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510).
   - edac: Raise the maximum number of memory controllers (bsc#1113780).
   - edac, thunderx: Fix memory leak in thunderx_l2c_threaded_isr()
     (bsc#1114279).
   - eeprom: at24: change nvmem stride to 1 (bsc#1051510).
   - eeprom: at24: check at24_read/write arguments (bsc#1051510).
   - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510).
   - enic: do not call enic_change_mtu in enic_probe (bsc#1051510).
   - enic: handle mtu change for vf properly (bsc#1051510).
   - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510).
   - ethtool: fix a privilege escalation bug (bsc#1076830).
   - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554).
   - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736).
   - ext4: avoid divide by zero fault when deleting corrupted inline
     directories (bsc#1112735).
   - ext4: check for NUL characters in extended attribute's name
     (bsc#1112732).
   - ext4: check to make sure the rename(2)'s destination is not freed
     (bsc#1112734).
   - ext4: do not mark mmp buffer head dirty (bsc#1112743).
   - ext4: fix online resize's handling of a too-small final block group
     (bsc#1112739).
   - ext4: fix online resizing for bigalloc file systems with a 1k block size
     (bsc#1112740).
   - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733).
   - ext4: recalucate superblock checksum after updating free blocks/inodes
     (bsc#1112738).
   - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731).
   - ext4: show test_dummy_encryption mount option in /proc/mounts
     (bsc#1112741).
   - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510).
   - firmware: raspberrypi: Register hwmon driver (bsc#1108468).
   - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
     (bsc#1051510).
   - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
     (git-fixes).
   - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
     (git-fixes).
   - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).
   - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745).
   - getname_kernel() needs to make sure that ->name != ->iname in long case
     (git-fixes).
   - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510).
   - gpio: Fix crash due to registration race (bsc#1051510).
   - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
     (bsc#1051510).
   - gpio: mb86s70: Revert "Return error if requesting an already assigned
     gpio" (bsc#1051510).
   - hfsplus: do not return 0 when fill_super() failed (bsc#1051510).
   - hfsplus: stop workqueue when fill_super() failed (bsc#1051510).
   - hfs: prevent crash on exit from failed search (bsc#1051510).
   - hid: add support for Apple Magic Keyboards (bsc#1051510).
   - hid: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510).
   - hid: hid-sensor-hub: Force logical minimum to 1 for power and report
     state (bsc#1051510).
   - hid: quirks: fix support for Apple Magic Keyboards (bsc#1051510).
   - hid: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub
     report (bsc#1051510).
   - hv: avoid crash in vmbus sysfs files (bnc#1108377).
   - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()
     (bsc#1109772).
   - hv_netvsc: fix schedule in RCU context ().
   - hwmon: Add support for RPi voltage sensor (bsc#1108468).
   - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510).
   - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510).
   - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468).
   - hwrng: core - document the quality field (bsc#1051510).
   - hypfs_kill_super(): deal with failed allocations (bsc#1051510).
   - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510).
   - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510).
   - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).
   - iio: adc: at91: fix wrong channel number in triggered buffer mode
     (bsc#1051510).
   - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
     (bsc#1051510).
   - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510).
   - Input: atakbd - fix Atari keymap (bsc#1051510).
   - intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
   - iommu/arm-smmu: Error out only if not enough context interrupts
     (bsc#1106237).
   - iommu/vt-d: Add definitions for PFSID (bsc#1106237).
   - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
   - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237).
   - ipc/shm.c add ->pagesize function to shm_vm_ops (bsc#1111811).
   - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a
     debug dump (bsc#1051510).
   - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
   - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510).
   - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
     (bsc#1051510).
   - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510).
   - iwlwifi: mvm: send BCAST management frames to the right station
     (bsc#1051510).
   - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510).
   - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value
     (bsc#1051510).
   - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257).
   - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240).
   - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).
   - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte
     (bsc#1061840).
   - kabi/severities: correct nvdimm kabi exclusion
   - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports
     of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm
     mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer
     exported because the code was consolideted in one place. These helpers
     are to be called in realmode and linking to them from non-KVM modules is
     a bug. Hence removing them does not break KABI.
   - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.
   - Kbuild: fix # escaping in .cmd files for future Make (git-fixes).
   - kernfs: update comment about kernfs_path() return value (bsc#1051510).
   - kprobes/x86: Fix %p uses in error messages (bsc#1110006).
   - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM
     Functionality bsc#1111806).
   - kvm: Make VM ioctl do valloc for some archs (bsc#1111506).
   - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into
     it (bsc#1061840).
   - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode
     (bsc#1061840).
   - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
   - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller
     physical pages (bsc#1061840).
   - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).
   - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
   - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions
     (bsc#1061840).
   - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).
   - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9
     v2.2 (bsc#1061840).
   - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page
     fault (bsc#1061840).
   - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
   - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping
     size (bsc#1061840).
   - KVM: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE
     escalations (bsc#1061840).
   - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
   - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Enable migration of decrementer register
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Factor fake-suspend handling out of
     kvmppc_save/restore_tm (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault
     handler (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing
     code (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory
     backing (bsc#1061840).
   - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
   - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
   - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
   - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in
     kvmppc_radix_tlbie_page (bsc#1061840).
   - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
   - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space
     (bsc#1061840).
   - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write
     bits do not match (bsc#1061840).
   - KVM: PPC: Book3S HV: Radix page fault handler optimizations
     (bsc#1061840).
   - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Recursively unmap all page table entries when
     unmapping (bsc#1061840).
   - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).
   - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
   - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Streamline setting of reference and change bits
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path
     (bsc#1061840).
   - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler
     (bsc#1061840).
   - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority
     change (bsc#1061840).
   - KVM: PPC: Book3S PR: Add guest MSR parameter for
     kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).
   - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate
     file (bsc#1061840).
   - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).
   - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue
     (bsc#1061840).
   - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).
   - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch
     (bsc#1061840).
   - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).
   - KVM: SVM: Add MSR-based feature support for serializing LFENCE
     (bsc#1106240).
   - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
     (bsc#1106240).
   - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
     (bsc#1106240).
   - KVM: x86: Add a framework for supporting MSR-based features
     (bsc#1106240).
   - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506).
   - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240).
   - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506).
   - kvm: x86: Set highest physical address bits in non-present/reserved
     SPTEs (bsc#1106240).
   - libertas: call into generic suspend code before turning off power
     (bsc#1051510).
   - libnvdimm, badrange: remove a WARN for list_empty (bsc#112128).
   - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408).
   - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408,
     bsc#1113972).
   - libnvdimm: Introduce locked DIMM capacity support (bsc#112128).
   - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7
     (bsc#1111921, bsc#1113408).
   - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, ).
   - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408,
     bsc#1113972).
   - libnvdimm: move poison list functions to a new 'badrange' file
     (bsc#112128).
   - libnvdimm/nfit_test: add firmware download emulation (bsc#112128).
   - libnvdimm/nfit_test: adding support for unit testing enable LSS status
     (bsc#112128).
   - libnvdimm, testing: Add emulation for smart injection commands
     (bsc#112128).
   - libnvdimm, testing: update the default smart ctrl_temperature
     (bsc#112128).
   - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510).
   - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
   - livepatch: create and include UAPI headers ().
   - lockd: fix "list_add double add" caused by legacy signal interface
     (git-fixes).
   - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711).
   - loop: do not call into filesystem while holding lo_ctl_mutex
     (bsc#1112710).
   - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284).
   - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510).
   - mac80211: do not convert to A-MSDU if frag/subframe limited
     (bsc#1051510).
   - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510).
   - mac80211: fix a race between restart and CSA flows (bsc#1051510).
   - mac80211: Fix station bandwidth setting after channel switch
     (bsc#1051510).
   - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510).
   - mac80211_hwsim: require at least one channel (bsc#1051510).
   - mac80211: mesh: fix HWMP sequence numbering to follow standard
     (bsc#1051510).
   - mac80211: minstrel: fix using short preamble CCK rates on HT clients
     (bsc#1051510).
   - mac80211: Run TXQ teardown code before de-registering interfaces
     (bsc#1051510).
   - mac80211: shorten the IBSS debug messages (bsc#1051510).
   - mach64: detect the dot clock divider correctly on sparc (bsc#1051510).
   - make sure that __dentry_kill() always invalidates d_seq, unhashed or not
     (git-fixes).
   - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
     (git-fixes).
   - md/raid10: fix that replacement cannot complete recovery after
     reassemble (git-fixes).
   - md/raid1: add error handling of read error from FailFast device
     (git-fixes).
   - md/raid5-cache: disable reshape completely (git-fixes).
   - md/raid5: fix data corruption of replacements after originals dropped
     (git-fixes).
   - media: af9035: prevent buffer overflow on write (bsc#1051510).
   - media: cx231xx: fix potential sign-extension overflow on large shift
     (bsc#1051510).
   - media: dvb: fix compat ioctl translation (bsc#1051510).
   - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).
   - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).
   - media: pci: cx23885: handle adding to list failure (bsc#1051510).
   - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).
   - media: tvp5150: fix switch exit in set control handler (bsc#1051510).
   - media: tvp5150: fix width alignment during set_selection() (bsc#1051510).
   - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
     (bsc#1051510).
   - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
     (bsc#1051510).
   - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510).
   - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).
   - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510).
   - mmc: block: avoid multiblock reads for the last sector in SPI mode
     (bsc#1051510).
   - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal
     (bsc#1111841).
   - mm/migrate: Use spin_trylock() while resetting rate limit ().
   - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
     (Git-fixes bsc#1109907).
   - modpost: ignore livepatch unresolved relocations ().
   - move changes without Git-commit out of sorted section
   - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510).
   - net/smc: retain old name for diag_mode field (bsc#1106287, LTC#170892).
   - net/smc: use __aligned_u64 for 64-bit smc_diag fields (bsc#1101138,
     LTC#164002).
   - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).
   - nfit_test: add error injection DSMs (bsc#112128).
   - nfit_test: fix buffer overrun, add sanity check (bsc#112128).
   - nfit_test: improve structure offset handling (bsc#112128).
   - nfit_test: prevent parsing error of nfit_test.0 (bsc#112128).
   - nfit_test: when clearing poison, also remove badrange entries
     (bsc#112128).
   - NFS: Avoid quadratic search when freeing delegations (bsc#1084760).
   - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921,
     bsc#1113408).
   - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921,
     bsc#1113408, bsc#1113972).
   - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, ).
   - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408,
     bsc#1113972).
   - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, ).
   - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).
   - nvdimm: Split label init out from the logic for getting config data
     (bsc#1111921, bsc#1113408).
   - nvdimm: Split label init out from the logic for getting config data
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - nvdimm: Use namespace index data to reduce number of label reads needed
     (bsc#1111921, bsc#1113408).
   - nvdimm: Use namespace index data to reduce number of label reads needed
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - of: add helper to lookup compatible child node (bsc#1106110)
   - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510).
   - orangefs: initialize op on loop restart in orangefs_devreq_read
     (bsc#1051510).
   - orangefs_kill_sb(): deal with allocation failures (bsc#1051510).
   - orangefs: use list_for_each_entry_safe in purge_waiting_ops
     (bsc#1051510).
   - ovl: fix format of setxattr debug (git-fixes).
   - ovl: Sync upper dirty data when syncing overlayfs (git-fixes).
   - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510).
   - PCI: hv: Do not wait forever on a device that has disappeared
     (bsc#1109806).
   - PCI: hv: Use effective affinity mask (bsc#1109772).
   - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510).
   - pipe: match pipe_max_size data type with procfs (git-fixes).
   - PM / Domains: Fix genpd to deal with drivers returning 1 from
     ->prepare() (bsc#1051510).
   - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
   - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
   - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb
     (bsc#1091800).
   - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).
   - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784).
   - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
   - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
     (bsc#1055120).
   - powerpc/powernv/ioda: Allocate indirect TCE levels on demand
     (bsc#1061840).
   - powerpc/powernv/ioda: Finish removing explicit max window size check
     (bsc#1061840).
   - powerpc/powernv/ioda: Remove explicit max window size check
     (bsc#1061840).
   - powerpc/powernv: Move TCE manupulation code to its own file
     (bsc#1061840).
   - powerpc/powernv: Rework TCE level allocation (bsc#1061840).
   - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug
     (bsc#1079524, git-fixes).
   - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).
   - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during
     DLPAR (bsc#1113295).
   - powerpc: pseries: remove dlpar_attach_node dependency on full path
     (bsc#1113295).
   - powerpc/rtas: Fix a potential race between CPU-Offline & Migration
     (bsc#1111870).
   - powerpc/xive: Move definition of ESB bits (bsc#1061840).
   - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
   - printk: drop in_nmi check from printk_safe_flush_on_panic()
     (bsc#1112170).
   - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208).
   - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf:
   - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
     (bsc#1051510).
   - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
   - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
     (bsc#1051510).
   - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
   - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
     (git-fixes).
   - random: rate limit unseeded randomness warnings (git-fixes).
   - rculist: add list_for_each_entry_from_rcu() (bsc#1084760).
   - rculist: Improve documentation for list_for_each_entry_from_rcu()
     (bsc#1084760).
   - reiserfs: add check to detect corrupted directory entry (bsc#1109818).
   - reiserfs: do not panic on bad directory entries (bsc#1109818).
   - rename a hv patch to reduce conflicts in -AZURE
   - reorder a qedi patch to allow further work in this branch
   - resource: Include resource end in walk_*() interfaces (bsc#1114279).
   - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510).
   - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510).
   - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510).
   - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237).
   - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510).
   - Revert "mwifiex: handle race during mwifiex_usb_disconnect"
     (bsc#1051510).
   - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)"
     (bsc#1051510).
   - rpc_pipefs: fix double-dput() (bsc#1051510).
   - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes).
   - sched/numa: Limit the conditions where scan period is reset ().
   - scripts/series2git:
   - scripts/series2git: Revert the change mistakenly taken A "fix" for
     series2git went in mistakenly among other patches. Revert it here. It'll
     be picked up from a proper branch if need.
   - scsi: core: Allow state transitions from OFFLINE to BLOCKED
     (bsc#1112246).
   - scsi: core: Allow state transitions from OFFLINE to BLOCKED
     (bsc#1112246).
   - scsi: ipr: Eliminate duplicate barriers ().
   - scsi: ipr: fix incorrect indentation of assignment statement ().
   - scsi: ipr: Use dma_pool_zalloc() ().
   - scsi: libfc: check fc_frame_payload_get() return value for null
     (bsc#1104731).
   - scsi: libfc: check fc_frame_payload_get() return value for null
     (bsc#1104731).
   - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
   - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
   - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870).
   - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured
     (bsc#1108870).
   - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870).
   - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870).
   - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830).
   - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870).
   - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870).
   - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870).
   - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870).
   - scsi: qla2xxx: Move log messages before issuing command to firmware
     (bsc#1108870).
   - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870).
   - scsi: target: prefer dbroot of /etc/target over /var/target
     (bsc#1111928).
   - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).
   - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).
   - smb2: fix missing files in root share directory listing (bsc#1112907).
   - smb2: fix missing files in root share directory listing (bsc#1112907).
   - smb3: fill in statfs fsid and correct namelen (bsc#1112905).
   - smb3: fill in statfs fsid and correct namelen (bsc#1112905).
   - smb3: fix reset of bytes read and written stats (bsc#1112906).
   - smb3: fix reset of bytes read and written stats (bsc#1112906).
   - smb3: on reconnect set PreviousSessionId field (bsc#1112899).
   - smb3: on reconnect set PreviousSessionId field (bsc#1112899).
   - sock_diag: fix use-after-free read in __sk_free (bsc#1051510).
   - soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
   - soreuseport: initialise timewait reuseport field (bsc#1051510).
   - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510).
   - sound: enable interrupt after dma buffer initialization (bsc#1051510).
   - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
   - spi: bcm-qspi: switch back to reading flash using smaller chunks
     (bsc#1051510).
   - spi: sh-msiof: fix deferred probing (bsc#1051510).
   - squashfs: be more careful about metadata corruption (bsc#1051510).
   - Squashfs: Compute expected length from inode size rather than block
     length (bsc#1051510).
   - squashfs metadata 2: electric boogaloo (bsc#1051510).
   - squashfs: more metadata hardening (bsc#1051510).
   - squashfs: more metadata hardening (bsc#1051510).
   - staging: comedi: ni_mio_common: protect register write overflow
     (bsc#1051510).
   - stm: Potential read overflow in stm_char_policy_set_ioctl()
     (bsc#1051510).
   - supported.conf: mark raspberrypi-hwmon as supported
   - switchtec: Fix Spectre v1 vulnerability (bsc#1051510).
   - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes).
   - target: log Data-Out timeouts as errors (bsc#1095805).
   - target: log NOP ping timeouts as errors (bsc#1095805).
   - target: split out helper for cxn timeout error stashing (bsc#1095805).
   - target: stash sess_err_stats on Data-Out timeout (bsc#1095805).
   - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).
   - team: Forbid enslaving team device to itself (bsc#1051510).
   - tools build: fix # escaping in .cmd files for future Make (git-fixes).
   - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#112128).
   - tools/testing/nvdimm: allow custom error code injection (bsc#112128).
   - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#112128).
   - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#112128).
   - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle'
     attribute (bsc#112128).
   - tools/testing/nvdimm: Fix support for emulating controller temperature
     (bsc#112128).
   - tools/testing/nvdimm: force nfit_test to depend on instrumented modules
     (bsc#112128).
   - tools/testing/nvdimm: improve emulation of smart injection (bsc#112128).
   - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
     (bsc#112128).
   - tools/testing/nvdimm: Make DSM failure code injection an override
     (bsc#112128).
   - tools/testing/nvdimm: smart alarm/threshold control (bsc#112128).
   - tools/testing/nvdimm: stricter bounds checking for error injection
     commands (bsc#112128).
   - tools/testing/nvdimm: support nfit_test_dimm attributes under
     nfit_test.1 (bsc#112128).
   - tools/testing/nvdimm: unit test clear-error commands (bsc#112128).
   - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510).
   - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510).
   - tracing: Add barrier to trace_printk() buffer nesting modification
     (bsc#1112219).
   - tty: Do not block on IO when ldisc change is pending (bnc#1105428).
   - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).
   - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).
   - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
   - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
   - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).
   - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).
   - tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
   - Update
     patches.arch/KVM-PPC-Book3S-HV-Snapshot-timebase-offset-on-guest-.patch
     (bsc#1061840, bsc#1086196).
   - Update
     patches.arch/powerpc-powernv-ioda2-Reduce-upper-limit-for-DMA-win.patch
     (bsc#1061840, bsc#1055120).
   - Update
     patches.fixes/0002-nfs41-do-not-return-ENOMEM-on-LAYOUTUNAVAILABLE.patch
     (git-fixes, bsc#1103925).
   - Update patches.fixes/libnvdimm-dimm-maximize-label-transfer-size.patch
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - Update
   patches.fixes/libnvdimm-label-change-nvdimm_num_label_slots-per-uefi-2-7.pa
     tch (bsc#1111921, bsc#1113408, bsc#1113972).
   - Update patches.fixes/libnvdimm-label-fix-sparse-warning.patch
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - Update
     patches.fixes/nvdimm-clarify-comment-in-sizeof_namespace_index.patch
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - Update patches.fixes/nvdimm-remove-empty-if-statement.patch
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - Update patches.fixes/nvdimm-sanity-check-labeloff.patch (bsc#1111921,
     bsc#1113408, bsc#1113972).
   - Update
   patches.fixes/nvdimm-split-label-init-out-from-the-logic-for-getting-config
     -data.patch (bsc#1111921, bsc#1113408, bsc#1113972).
   - Update
   patches.fixes/nvdimm-use-namespace-index-data-to-reduce-number-of-label-rea
     ds-needed.patch (bsc#1111921, bsc#1113408, bsc#1113972).
   - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).
   - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
     (bsc#1051510).
   - usb: gadget: fsl_udc_core: check allocation return value and cleanup on
     failure (bsc#1051510).
   - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation
     (bsc#1051510).
   - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).
   - USB: remove LPM management from usb_driver_claim_interface()
     (bsc#1051510).
   - USB: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).
   - USB: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510).
   - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510).
   - USB: yurex: Check for truncation in yurex_read() (bsc#1051510).
   - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
     (bsc#1109739).
   - use the new async probing feature for the hyperv drivers (bsc#1109772).
   - Use upstream version of pci-hyperv patch (35a88a1)
   - VFS: close race between getcwd() and d_move() (git-fixes).
   - vfs: fix freeze protection in mnt_want_write_file() for overlayfs
     (git-fixes).
   - vmbus: do not return values for uninitalized channels (bsc#1051510).
   - vti4: Do not count header length twice on tunnel setup (bsc#1051510).
   - vti6: fix PMTU caching and reporting on xmit (bsc#1051510).
   - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510).
   - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).
   - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
     (bsc#1110006).
   - x86/boot/KASLR: Work around firmware bugs by excluding
     EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878).
   - x86/boot: Move EISA setup to a separate file (bsc#1110006).
   - x86/cpufeature: Add User-Mode Instruction Prevention definitions
     (bsc#1110006).
   - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature
     (bsc#1110006).
   - x86/eisa: Add missing include (bsc#1110006).
   - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006).
   - x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
     (bsc#1110006).
   - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12
     (bsc#1109772).
   - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006).
   - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).
   - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
     (bsc#1110006).
   - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#112128).
   - x86/paravirt: Fix some warning messages (bnc#1065600).
   - x86/percpu: Fix this_cpu_read() (bsc#1110006).
   - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
     (bsc#1105536).
   - x86/time: Correct the attribute on jiffies' definition (bsc#1110006).
   - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
     (bnc#1065600).
   - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600).
   - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
     (bnc#1065600).
   - xfrm: use complete IPv6 addresses for hash (bsc#1109330).
   - xfs: do not fail when converting shortform attr to long form during
     ATTR_REPLACE (bsc#1105025).
   - xfs: do not fail when converting shortform attr to long form during
     ATTR_REPLACE (bsc#1105025).
   - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
     (bsc#1051510).
   - xhci: Do not print a warning when setting link state for disabled ports
     (bsc#1051510).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP4:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2803=1



Package List:

   - SUSE Linux Enterprise Server 12-SP4 (x86_64):

      kernel-azure-4.12.14-6.3.1
      kernel-azure-base-4.12.14-6.3.1
      kernel-azure-base-debuginfo-4.12.14-6.3.1
      kernel-azure-debuginfo-4.12.14-6.3.1
      kernel-azure-debugsource-4.12.14-6.3.1
      kernel-azure-devel-4.12.14-6.3.1
      kernel-syms-azure-4.12.14-6.3.1

   - SUSE Linux Enterprise Server 12-SP4 (noarch):

      kernel-devel-azure-4.12.14-6.3.1
      kernel-source-azure-4.12.14-6.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-16533.html
   https://www.suse.com/security/cve/CVE-2017-18224.html
   https://www.suse.com/security/cve/CVE-2018-18386.html
   https://www.suse.com/security/cve/CVE-2018-18445.html
   https://www.suse.com/security/cve/CVE-2018-18710.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1055120
   https://bugzilla.suse.com/1061840
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1066674
   https://bugzilla.suse.com/1067906
   https://bugzilla.suse.com/1076830
   https://bugzilla.suse.com/1079524
   https://bugzilla.suse.com/1083647
   https://bugzilla.suse.com/1084760
   https://bugzilla.suse.com/1084831
   https://bugzilla.suse.com/1086196
   https://bugzilla.suse.com/1091800
   https://bugzilla.suse.com/1094825
   https://bugzilla.suse.com/1095805
   https://bugzilla.suse.com/1100132
   https://bugzilla.suse.com/1101138
   https://bugzilla.suse.com/1103356
   https://bugzilla.suse.com/1103543
   https://bugzilla.suse.com/1103925
   https://bugzilla.suse.com/1104124
   https://bugzilla.suse.com/1104731
   https://bugzilla.suse.com/1105025
   https://bugzilla.suse.com/1105428
   https://bugzilla.suse.com/1105536
   https://bugzilla.suse.com/1106110
   https://bugzilla.suse.com/1106237
   https://bugzilla.suse.com/1106240
   https://bugzilla.suse.com/1106287
   https://bugzilla.suse.com/1106359
   https://bugzilla.suse.com/1106838
   https://bugzilla.suse.com/1108377
   https://bugzilla.suse.com/1108468
   https://bugzilla.suse.com/1108870
   https://bugzilla.suse.com/1109330
   https://bugzilla.suse.com/1109739
   https://bugzilla.suse.com/1109772
   https://bugzilla.suse.com/1109784
   https://bugzilla.suse.com/1109806
   https://bugzilla.suse.com/1109818
   https://bugzilla.suse.com/1109907
   https://bugzilla.suse.com/1109911
   https://bugzilla.suse.com/1109915
   https://bugzilla.suse.com/1109919
   https://bugzilla.suse.com/1109951
   https://bugzilla.suse.com/1110006
   https://bugzilla.suse.com/1111040
   https://bugzilla.suse.com/1111076
   https://bugzilla.suse.com/1111506
   https://bugzilla.suse.com/1111806
   https://bugzilla.suse.com/1111811
   https://bugzilla.suse.com/1111819
   https://bugzilla.suse.com/1111830
   https://bugzilla.suse.com/1111834
   https://bugzilla.suse.com/1111841
   https://bugzilla.suse.com/1111870
   https://bugzilla.suse.com/1111901
   https://bugzilla.suse.com/1111904
   https://bugzilla.suse.com/1111921
   https://bugzilla.suse.com/1111928
   https://bugzilla.suse.com/1111983
   https://bugzilla.suse.com/1112170
   https://bugzilla.suse.com/1112173
   https://bugzilla.suse.com/1112208
   https://bugzilla.suse.com/1112219
   https://bugzilla.suse.com/1112221
   https://bugzilla.suse.com/1112246
   https://bugzilla.suse.com/1112372
   https://bugzilla.suse.com/1112514
   https://bugzilla.suse.com/1112554
   https://bugzilla.suse.com/1112708
   https://bugzilla.suse.com/1112710
   https://bugzilla.suse.com/1112711
   https://bugzilla.suse.com/1112712
   https://bugzilla.suse.com/1112713
   https://bugzilla.suse.com/1112731
   https://bugzilla.suse.com/1112732
   https://bugzilla.suse.com/1112733
   https://bugzilla.suse.com/1112734
   https://bugzilla.suse.com/1112735
   https://bugzilla.suse.com/1112736
   https://bugzilla.suse.com/1112738
   https://bugzilla.suse.com/1112739
   https://bugzilla.suse.com/1112740
   https://bugzilla.suse.com/1112741
   https://bugzilla.suse.com/1112743
   https://bugzilla.suse.com/1112745
   https://bugzilla.suse.com/1112746
   https://bugzilla.suse.com/1112878
   https://bugzilla.suse.com/1112894
   https://bugzilla.suse.com/1112899
   https://bugzilla.suse.com/1112902
   https://bugzilla.suse.com/1112903
   https://bugzilla.suse.com/1112905
   https://bugzilla.suse.com/1112906
   https://bugzilla.suse.com/1112907
   https://bugzilla.suse.com/1113257
   https://bugzilla.suse.com/1113284
   https://bugzilla.suse.com/1113295
   https://bugzilla.suse.com/1113408
   https://bugzilla.suse.com/1113667
   https://bugzilla.suse.com/1113722
   https://bugzilla.suse.com/1113751
   https://bugzilla.suse.com/1113780
   https://bugzilla.suse.com/1113972
   https://bugzilla.suse.com/1114279

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW/81GGaOgq3Tt24GAQgiwxAAtV3+48o7W8gkfQan/HJ9cjPy/2vs06f+
KHRQ1Ez3tgXCyeP/02AIudXGtp4tP7EhdEtqMLwxFPE+kV7kGU52B5MIUEn9mlgt
0UiWrU9qFd6utCCk4aWj5lRw//B4QlNr9j+ispazrA0r3h5BFd31S/efnhqWlC3N
AzZlrIlW7Lp/e/zxk9YTwRtBCU5WczibqMvzK+Q/fjJmwycLS+yX412Xmtujphhz
st4TkQUxe947FF1ylplvgtNQAzzhicOkXI/PabofVTlFCohHVsUdNX5OLoC25m16
wpJsaZXy+jV+1rT6O7F8WndQ9p3HeZIKF9dAB8uqQnepJdo3a1q7wutYoNi8dZGr
xGOdmddJaZOXiH+cXqHaX3pzTXqmt5e/aybfNNGe6VoWnCNm+9TTuc+Q+3u5xukT
joWOkD2W1Y83qiCwtskujOpYeDgANiS50XLCk9htOyQojHtFEssqeJxDUVEon1l9
B0TG9rvStB3g1F2xB4ialqdC4PjE/GyCCK/qkphlXCPWKR2OUJlUxDSu3pNQiL8F
l7phTCVu8qQ1u2YKHLEhUgkKcirKqTVsF6ajy+pa3kNU3KAF6g9ALtEgL4eUo+3I
Dsra6aSZYlbBiYhF3irqDkVfOUquY2xxaLVKTsHteYY/cp0MRBvOEa4Dt8TDz/Rd
mTUWDTc8W5w=
=SKhU
-----END PGP SIGNATURE-----

« Back to bulletins