ESB-2019.1189 - [SUSE] linux kernel: Multiple vulnerabilities 2019-04-09

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1189
         SUSE-SU-2019:0901-1 Security update for the Linux Kernel
                               9 April 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account
                   Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-9213 CVE-2019-7222 CVE-2019-7221
                   CVE-2019-6974 CVE-2019-3460 CVE-2019-3459
                   CVE-2019-2024 CVE-2017-18249 

Reference:         ESB-2019.1127
                   ESB-2019.1126
                   ESB-2019.1125
                   ESB-2019.1124

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-20190901-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:0901-1
Rating:            important
References:        #1012382 #1020413 #1023175 #1031492 #1042286 #1050549
                   #1065600 #1070767 #1075697 #1078355 #1082943 #1086095
                   #1086652 #1087036 #1087092 #1090435 #1094823 #1099810
                   #1102875 #1102877 #1102879 #1102882 #1102896 #1102959
                   #1103429 #1105428 #1106061 #1106105 #1106929 #1107866
                   #1109137 #1109248 #1109695 #1114893 #1116345 #1116653
                   #1117108 #1117645 #1117744 #1119019 #1119680 #1119843
                   #1120017 #1120691 #1120722 #1120758 #1120902 #1121713
                   #1121726 #1121805 #1122650 #1122651 #1122779 #1122885
                   #1123321 #1123323 #1123357 #1123933 #1124166 #1124235
                   #1124728 #1124732 #1124735 #1124775 #1124777 #1124780
                   #1124811 #1125000 #1125014 #1125315 #1125446 #1125794
                   #1125796 #1125808 #1125809 #1125810 #1125892 #1126389
                   #1126772 #1126773 #1126805 #1127082 #1127155 #1127561
                   #1127725 #1127731 #1127961 #1128166 #1128452 #1128565
                   #1128696 #1128756 #1128893 #1129080 #1129179 #1129237
                   #1129238 #1129239 #1129240 #1129241 #1129413 #1129414
                   #1129415 #1129416 #1129417 #1129418 #1129419 #1129581
                   #1129770 #1129923
Cross-References:  CVE-2017-18249 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460
                   CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213
Affected Products:
                   SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________

An update that solves 8 vulnerabilities and has 102 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive
various security and bugfixes.
The following security bugs were fixed:

  o CVE-2019-2024: A use-after-free when disconnecting a source was fixed which
    could lead to crashes. bnc#1129179).
  o CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap
    minimum address, which made it easier for attackers to exploit kernel NULL
    pointer dereferences on non-SMAP platforms. This is related to a capability
    check for the wrong task (bnc#1128166).
  o CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled
    reference counting because of a race condition, leading to a
    use-after-free. (bnc#1124728)
  o CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote
    information leak vulnerabilities in the code that handles incoming L2cap
    configuration packets (bsc#1120758).
  o CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor
    related to the emulation of a preemption timer, allowing an guest user/
    process to crash the host kernel. (bsc#1124732).
  o CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related
    to handling page fault exceptions, which allowed a guest user/process to
    use this flaw to leak the host's stack memory contents to a guest (bsc#
    1124735).
  o CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not
    properly track an allocated nid, which allowed local users to cause a
    denial of service (race condition) or possibly have unspecified other
    impact via concurrent threads (bnc#1087036).


The following non-security bugs were fixed:

  o acpi/nfit: Block function zero DSMs (bsc#1123321).
  o acpi, nfit: Fix ARS overflow continuation (bsc#1125000).
  o acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#
    1124775).
  o acpi/nfit: Fix command-supported detection (bsc#1123323).
  o acpi: power: Skip duplicate power resource references in _PRx (bnc#
    1012382).
  o acpi / processor: Fix the return value of acpi_processor_ids_walk() (git
    fixes (acpi)).
  o alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).
  o alpha: fix page fault handling for r16-r18 targets (bnc#1012382).
  o alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
  o alsa: compress: Fix stop handling on compressed capture streams (bnc#
    1012382).
  o alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).
  o alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
    (bnc#1012382).
  o alsa: hda - Serialize codec registrations (bnc#1012382).
  o alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382).
  o ARC: perf: map generic branches to correct hardware condition (bnc#
    1012382).
  o arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
  o arm64: ftrace: do not adjust the LR value (bnc#1012382).
  o arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382).
  o arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
  o arm64: KVM: Skip MMIO insn after emulation (bnc#1012382).
  o arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
  o ARM: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382).
  o ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
    (bnc#1012382).
  o ARM: dts: da850-evm: Correct the sound card name (bnc#1012382).
  o ARM: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382).
  o ARM: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382).
  o ARM: dts: mmp2: fix TWSI2 (bnc#1012382).
  o ARM: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).
  o ARM: OMAP2+: hwmod: Fix some section annotations (bnc#1012382).
  o ARM: pxa: avoid section mismatch warning (bnc#1012382).
  o ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382).
  o ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).
  o ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).
  o ata: Fix racy link clearance (bsc#1107866).
  o ax25: fix possible use-after-free (bnc#1012382).
  o batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382).
  o batman-adv: Force mac header to start of data on xmit (bnc#1012382).
  o block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435).
  o block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893).
  o block/loop: Use global lock for ioctl() operation (bnc#1012382).
  o block/swim3: Fix -EBUSY error when re-opening device after unmount
    (Git-fixes).
  o bluetooth: Fix unnecessary error message for HCI request completion (bnc#
    1012382).
  o bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces
    (bsc#1020413).
  o bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces
    (bsc#1020413).
  o bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#
    1012382).
  o btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#
    1128452).
  o btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
  o btrfs: tree-checker: Do not check max block group size as current max chunk
    size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc
    #1102879 bsc#1102882 bsc#1102896).
  o btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
  o btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#
    1012382).
  o btrfs: validate type when reading a chunk (bnc#1012382).
  o btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
  o can: bcm: check timer values before ktime conversion (bnc#1012382).
  o can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by
    removing it (bnc#1012382).
  o can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
  o ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773).
  o ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#
    1125809).
  o ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235).
  o char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382).
  o ch: fixup refcounting imbalance for SCSI devices (bsc#1124235).
  o cifs: Always resolve hostname before reconnecting (bnc#1012382).
  o cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382).
  o cifs: Do not count -ENODATA as failure for query directory (bnc#1012382).
  o cifs: Do not hide EINTR after sending network packets (bnc#1012382).
  o cifs: Fix possible hang during async MTU reads and writes (bnc#1012382).
  o cifs: Fix potential OOB access of lock element array (bnc#1012382).
  o cifs: Limit memory used by lock request calls to a page (bnc#1012382).
  o clk: imx6q: reset exclusive gates on init (bnc#1012382).
  o clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382).
  o copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
  o cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#
    1120017).
  o cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).
  o crypto: authencesn - Avoid twice completion call in decrypt path (bnc#
    1012382).
  o crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
  o crypto: cts - fix crash on short inputs (bnc#1012382).
  o crypto: user - support incremental algorithm dumps (bsc#1120902).
  o crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382).
  o crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382).
  o cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#
    1012382).
  o dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382).
  o debugfs: fix debugfs_rename parameter checking (bnc#1012382).
  o device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#
    1129770).
  o Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
  o dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#
    1012382).
  o dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382).
  o dm crypt: add cryptographic data integrity protection (authenticated
    encryption) (Git-fixes).
  o dm crypt: factor IV constructor out to separate function (Git-fixes).
  o dm crypt: fix crash by adding missing check for auth key size (git-fixes).
  o dm crypt: fix error return code in crypt_ctr() (git-fixes).
  o dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
  o dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
  o dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
  o dm: do not allow readahead to limit IO size (git fixes (readahead)).
  o dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
  o dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).
  o dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#
    1012382).
  o Documentation/network: reword kernel version reference (bnc#1012382).
  o drbd: Avoid Clang warning about pointless switch statment (bnc#1012382).
  o drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#
    1012382).
  o drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382).
  o drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#
    1012382).
  o drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382).
  o Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389).
  o drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).
  o drm: Fix error handling in drm_legacy_addctx (bsc#1106929)
  o drm/i915: Block fbdev HPD processing during suspend (bsc#1106929)
  o drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#
    1106929)
  o drm/modes: Prevent division by zero htotal (bnc#1012382).
  o drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#
    1106929)
  o drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929)
  o drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#
    1106929)
  o drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#
    1103429)
  o drm/vmwgfx: Fix setting of dma masks (bsc#1106929)
  o drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#
    1106929)
  o e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
  o EDAC: Raise the maximum number of memory controllers (bsc#1120722).
  o efi/libstub/arm64: Use hidden attribute for struct screen_info reference
    (bsc#1122650).
  o enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959).
  o enic: do not overwrite error code (bnc#1012382).
  o enic: fix checksum validation for IPv6 (bnc#1012382).
  o exec: load_script: do not blindly truncate shebang string (bnc#1012382).
  o ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#
    1012382).
  o ext4: Fix crash during online resizing (bsc#1122779).
  o f2fs: Add sanity_check_inode() function (bnc#1012382).
  o f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
  o f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
  o f2fs: clean up argument of recover_data (bnc#1012382).
  o f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
  o f2fs: detect wrong layout (bnc#1012382).
  o f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#
    1012382).
  o f2fs: factor out fsync inode entry operations (bnc#1012382).
  o f2fs: fix inode cache leak (bnc#1012382).
  o f2fs: fix invalid memory access (bnc#1012382).
  o f2fs: fix missing up_read (bnc#1012382).
  o f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).
  o f2fs: fix to convert inline directory correctly (bnc#1012382).
  o f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
  o f2fs: fix to do sanity check with block address in main area (bnc#1012382).
  o f2fs: fix to do sanity check with block address in main area v2 (bnc#
    1012382).
  o f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
  o f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
  o f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#
    1012382).
  o f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
  o f2fs: fix to do sanity check with user_block_count (bnc#1012382).
  o f2fs: fix validation of the block count in sanity_check_raw_super (bnc#
    1012382).
  o f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382).
  o f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
  o f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
  o f2fs: introduce and spread verify_blkaddr (bnc#1012382).
  o f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
  o f2fs: move dir data flush to write checkpoint process (bnc#1012382).
  o f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
  o f2fs: not allow to write illegal blkaddr (bnc#1012382).
  o f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#
    1012382).
  o f2fs: read page index before freeing (bnc#1012382).
  o f2fs: remove an obsolete variable (bnc#1012382).
  o f2fs: return error during fill_super (bnc#1012382).
  o f2fs: sanity check on sit entry (bnc#1012382).
  o f2fs: use crc and cp version to determine roll-forward recovery (bnc#
    1012382).
  o fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929)
  o Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT
  o Fix problem with sharetransport= and NFSv4 (bsc#1114893).
  o fs: add the fsnotify call to vfs_iter_write (bnc#1012382).
  o fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
    (bnc#1012382).
  o fs: do not scan the inode cache before SB_BORN is set (bnc#1012382).
  o fs/epoll: drop ovflist branch prediction (bnc#1012382).
  o fs: fix lost error code in dio_complete (bsc#1117744).
  o fuse: call pipe_buf_release() under pipe lock (bnc#1012382).
  o fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382).
  o fuse: handle zero sized retrieve correctly (bnc#1012382).
  o futex: Fix (possible) missed wakeup (bsc#1050549).
  o gdrom: fix a memory leak bug (bnc#1012382).
  o gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382).
  o gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
  o gpio: pl061: handle failed allocations (bnc#1012382).
  o gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)
  o gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929)
  o HID: debug: fix the ring buffer implementation (bnc#1012382).
  o HID: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382).
  o hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382).
  o hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#
    1012382).
  o hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes).
  o i2c-axxia: check for error conditions first (bnc#1012382).
  o i2c: dev: prevent adapter retries and timeout being set as minus value (bnc
    #1012382).
  o IB/core: type promotion bug in rdma_rw_init_one_mr() ().
  o ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
  o ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#
    1121726).
  o ibmvnic: Increase maximum queue size limit (bsc#1121726).
  o ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
  o ibmvnic: Report actual backing device speed and duplex values (bsc#
    1129923).
  o ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
  o IB/rxe: Fix incorrect cache cleanup in error flow ().
  o IB/rxe: replace kvfree with vfree ().
  o igb: Fix an issue that PME is not enabled during runtime suspend (bnc#
    1012382).
  o inet: frags: add a pointer to struct netns_frags (bnc#1012382).
  o inet: frags: better deal with smp races (bnc#1012382).
  o inet: frags: break the 2GB limit for frags storage (bnc#1012382).
  o inet: frags: change inet_frags_init_net() return value (bnc#1012382).
  o inet: frags: do not clone skb in ip_expire() (bnc#1012382).
  o inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382).
  o inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382).
  o inet: frags: get rif of inet_frag_evicting() (bnc#1012382).
  o inet: frags: refactor ipfrag_init() (bnc#1012382).
  o inet: frags: refactor ipv6_frag_init() (bnc#1012382).
  o inet: frags: refactor lowpan_net_frag_init() (bnc#1012382).
  o inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382).
  o inet: frags: remove some helpers (bnc#1012382).
  o inet: frags: reorganize struct netns_frags (bnc#1012382).
  o inet: frags: use rhashtables for reassembly units (bnc#1012382).
  o input: bma150 - register input device after setting private data (bnc#
    1012382).
  o input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#
    1012382).
  o input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#
    1012382).
  o input: mms114 - fix license module information (bsc#1087092).
  o input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382).
  o intel_pstate: Update frequencies of policy->cpus only from ->set_policy()
    (bsc#1120017).
  o iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
  o iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#
    1106105).
  o iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
  o iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#
    1012382).
  o iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237).
  o iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238).
  o iommu/vt-d: Check identity map for hot-added devices (bsc#1129239).
  o iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#
    1106105).
  o iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#
    1129240).
  o ip: add helpers to process in-order fragments faster (bnc#1012382).
  o ipfrag: really prevent allocation on netns exit (bnc#1012382).
  o ip: frags: fix crash in ip_do_fragment() (bnc#1012382).
  o ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
  o ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#
    1012382).
  o ip: process in-order fragments efficiently (bnc#1012382).
  o ip: use rb trees for IP frag queue (bnc#1012382).
  o ipv4: frags: precedence bug in ip_expire() (bnc#1012382).
  o ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#
    1012382).
  o ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
    (bnc#1012382).
  o ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
  o ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382).
  o ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#
    1012382).
  o irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#
    1012382).
  o isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in
    HFCPCI_l1hw() (bnc#1012382).
  o ixgbe: fix crash in build_skb Rx code path (git-fixes).
  o jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#
    1012382).
  o kABI: protect linux/kfifo.h include in hid-debug (kabi).
  o kABI: protect struct hda_bus (kabi).
  o kABI: protect struct inet_peer (kabi).
  o kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).
  o kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805).
  o kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382).
  o kconfig: fix file name and line number of warn_ignored_character() (bnc#
    1012382).
  o kconfig: fix memory leak when EOF is encountered in quotation (bnc#
    1012382).
  o kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#
    1012382).
  o kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382).
  o KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
  o kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the
    ITS (bsc#1109248).
  o kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables
    (bsc#1109248).
  o kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#
    1109248).
  o kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned
    value (bsc#1109248).
  o kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#
    1129413).
  o kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#
    1129414).
  o kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT
    (bsc#1129415).
  o kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#
    1129416).
  o kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
    (bsc#1129417).
  o kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166).
  o kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166).
  o kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418).
  o kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).
  o kvm: x86: Fix single-step debugging (bnc#1012382).
  o kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419).
  o kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382).
  o l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382).
  o l2tp: fix reading optional fields of L2TPv3 (bnc#1012382).
  o l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382).
  o libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#
    1125810).
  o libceph: handle an empty authorize reply (bsc#1126772).
  o libnvdimm: fix ars_status output length calculation (bsc#1124777).
  o libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811).
  o libnvdimm: Use max contiguous area for namespace size (bsc#1124780).
  o locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).
  o loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc
    #1012382).
  o loop: Fold __loop_release into loop_release (bnc#1012382).
  o loop: Get rid of loop_index_mutex (bnc#1012382).
  o LSM: Check for NULL cred-security on free (bnc#1012382).
  o mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#
    1012382).
  o mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382).
  o md: batch flush requests (bsc#1119680).
  o mdio_bus: Fix use-after-free on device_register fails (git-fixes).
  o media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382).
  o media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).
  o media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#
    1012382).
  o media: vb2: be sure to unlock mutex on errors (bnc#1012382).
  o media: vb2: vb2_mmap: move lock up (bnc#1012382).
  o media: vivid: fix error handling of kthread_run (bnc#1012382).
  o media: vivid: set min width/height to a value > 0 (bnc#1012382).
  o memstick: Prevent memstick host from getting runtime suspended during card
    detection (bnc#1012382).
  o mfd: as3722: Handle interrupts on suspend (bnc#1012382).
  o mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382).
  o mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
  o misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382).
  o mISDN: fix a race in dev_expire_timer() (bnc#1012382).
  o mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes).
  o mlxsw: reg: Use correct offset in field definiton (git-fixes).
  o mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
  o mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).
  o mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382).
  o mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#
    1012382).
  o mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#
    1127731).
  o mm: migrate: do not rely on __PageMovable() of newpage after unlocking it
    (bnc#1012382).
  o mm: only report isolation failures when offlining memory (generic hotplug
    debugability).
  o mm, oom: fix use-after-free in oom_kill_process (bnc#1012382).
  o mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061).
  o mm/page-writeback.c: do not break integrity writeback on ->writepage()
    error (bnc#1012382).
  o mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
    (bnc#1012382).
  o mm, slab: faster active and free stats (bsc#116653, VM Performance).
  o mm/slab: improve performance of gathering slabinfo stats (bsc#116653, VM
    Performance).
  o mm, slab: maintain total slab count instead of active count (bsc#116653, VM
    Performance).
  o modpost: validate symbol names also in find_elf_symbol (bnc#1012382).
  o mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382).
  o net: Add header for usage of fls64() (bnc#1012382).
  o net: bridge: fix a bug on using a neighbour cache entry without checking
    its state (bnc#1012382).
  o net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#
    1012382).
  o net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
  o net: Do not allocate page fragments that are not skb aligned (bnc#1012382).
  o net: dp83640: expire old TX-skb (bnc#1012382).
  o net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).
  o net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes).
  o net: dsa: slave: Do not propagate flag changes on down slave interfaces
    (bnc#1012382).
  o net: Fix for_each_netdev_feature on Big endian (bnc#1012382).
  o net: fix IPv6 prefix route residue (bnc#1012382).
  o net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382).
  o net: Fix usage of pskb_trim_rcsum (bnc#1012382).
  o net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes).
  o net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes).
  o net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382).
  o net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382
    bsc#1116345).
  o net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382).
  o net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#
    1012382).
  o net: lan78xx: Fix race in tx pending skb size calculation (git-fixes).
  o net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382).
  o net/mlx4_core: drop useless LIST_HEAD (git-fixes).
  o net/mlx4_core: Fix qp mtt size calculation (git-fixes).
  o net/mlx4_core: Fix reset flow when in command polling mode (git-fixes).
  o net/mlx4: Fix endianness issue in qp context params (git-fixes).
  o net/mlx5: Continue driver initialization despite debugfs failure
    (git-fixes).
  o net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes).
  o net/mlx5: Fix driver load bad flow when having fw initializing timeout
    (git-fixes).
  o net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers
    (git-fixes).
  o net/mlx5: Fix use-after-free in self-healing flow (git-fixes).
  o net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state
    (git-fixes).
  o net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc
    #1012382).
  o net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets
    (git-fixes).
  o net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes).
  o net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes).
  o net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382).
  o net: qca_spi: Fix race condition in spi transfers (git-fixes).
  o netrom: switch to sock timer API (bnc#1012382).
  o net/rose: fix NULL ax25_cb kernel panic (bnc#1012382).
  o net_sched: refetch skb protocol for each filter (bnc#1012382).
  o net: speed up skb_rbtree_purge() (bnc#1012382).
  o net: stmmac: Fix a race in EEE enable callback (bnc#1012382).
  o net: stmmac: Fix a race in EEE enable callback (git-fixes).
  o net: systemport: Fix WoL with password after deep sleep (bnc#1012382).
  o net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
    (git-fixes).
  o net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382).
  o NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382).
  o nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014).
  o nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382).
  o NFS: nfs_compare_mount_options always compare auth flavors (bnc#1012382).
  o niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382).
  o ocfs2: do not clear bh uptodate for block read (bnc#1012382).
  o ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
  o omap2fb: Fix stack memory disclosure (bsc#1106929)
  o openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382).
  o packet: Do not leak dev refcounts on error exit (bnc#1012382).
  o pci: altera: Check link status before retrain link (bnc#1012382).
  o pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
  o pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#
    1012382).
  o pci: altera: Poll for link training status after retraining the link (bnc#
    1012382).
  o pci: altera: Poll for link up status after retraining the link (bnc#
    1012382).
  o pci: altera: Reorder read/write functions (bnc#1012382).
  o pci: altera: Rework config accessors for use without a struct pci_bus (bnc#
    1012382).
  o pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#
    1129241).
  o perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382).
  o perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382).
  o perf intel-pt: Fix error with config term "pt=0" (bnc#1012382).
  o perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
  o perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
  o perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382).
  o perf tools: Add Hygon Dhyana support (bnc#1012382).
  o perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#
    1012382).
  o perf unwind: Unwind with libdw does not take symfs into account (bnc#
    1012382).
  o perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).
  o perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#
    1121805).
  o perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).
  o perf/x86/intel: Fix memory corruption (bsc#1121805).
  o perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).
  o perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).
  o perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).
  o perf/x86/intel/uncore: Add Node ID mask (bnc#1012382).
  o phy: micrel: Ensure interrupts are reenabled on resume (git-fixes).
  o pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382).
  o platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#
    1012382).
  o platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382).
  o platform/x86: asus-wmi: Tell the EC the OS will handle the display off
    hotkey (bnc#1012382).
  o platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810).
  o powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#
    1109695).
  o powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#
    1109695).
  o powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
  o powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc
    #1109695).
  o powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756).
  o powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382).
  o powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#
    1128756).
  o powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
  o powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756).
  o powerpc/pseries: Perform full re-add of CPU for topology update
    post-migration (bsc#1128756).
  o powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
  o powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
  o powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
  o powerpc/smp: Rework CPU topology construction (bsc#1109695).
  o powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
  o powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382).
  o powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#
    1109695).
  o powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
  o pppoe: fix reception of frames with no mac header (git-fixes).
  o pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes).
  o proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
  o pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#
    1129080).
  o pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
  o ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382).
  o r8169: Add support for new Realtek Ethernet (bnc#1012382).
  o rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#
    1125808).
  o rcu: Force boolean subscript for expedited stall warnings (bnc#1012382).
  o RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ).
  o RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446).
  o Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit
    e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
  o Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy
    (insecure cifs)" (bnc#1012382).
  o Revert "exec: load_script: do not blindly truncate shebang string" (bnc#
    1012382).
  o Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
    (bnc#1012382).
  o Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in
    loop_control_ioctl()" (bnc#1012382).
  o Revert "loop: Fold __loop_release into loop_release" (bnc#1012382).
  o Revert "loop: Get rid of loop_index_mutex" (bnc#1012382).
  o Revert "mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902)."
    The backport patch does not built properly.
  o Revert "mm, devm_memremap_pages: mark devm_memremap_pages()
    EXPORT_SYMBOL_GPL" (bnc#1012382).
  o Revert "net: stmmac: Fix a race in EEE enable callback (git-fixes)." This
    reverts commit f323fa8d233c1f44aff17e6fae90c2c8be30edf9. The patch was
    already included in stable 4.4.176.
  o Revert "sd: disable logical block provisioning if 'lbpme' is not set" This
    reverts commit 96370bd87299c7a6883b3e2bf13818f60c8ba611. Patch not accepted
    upstream.
  o Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc
    #1128565).
  o rhashtable: Add rhashtable_lookup() (bnc#1012382).
  o rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#
    1042286).
  o rhashtable: add schedule points (bnc#1012382).
  o rhashtable: reorganize struct rhashtable layout (bnc#1012382).
  o s390/early: improve machine detection (bnc#1012382).
  o s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#
    1127561).
  o s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382).
  o s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382).
  o sata_rcar: fix deferred probing (bnc#1012382).
  o sched/wake_q: Document wake_q_add() (bsc#1050549).
  o sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).
  o sched/wake_q: Reduce reference counting for special users (bsc#1050549).
  o scripts/decode_stacktrace: only strip base path when a prefix of the path
    (bnc#1012382).
  o scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
  o scsi: aacraid: Fix missing break in switch statement (bsc#1128696).
  o scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#
    1119019).
  o scsi: lpfc: Correct LCB RJT handling (bnc#1012382).
  o scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796).
  o scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is
    invalid (bsc#1127725).
  o scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
  o scsi: mpt3sas: Add an I/O barrier (bsc#1117108).
  o scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#
    1117108).
  o scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#
    1117108).
  o scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108).
  o scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108).
  o scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and
    probe (bsc#1117108).
  o scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108).
  o scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives (bsc#
    1117108).
  o scsi: mpt3sas: Allow processing of events during driver unload (bsc#
    1117108).
  o scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#
    1117108).
  o scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).
  o scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108).
  o scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108).
  o scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5
    controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108).
  o scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108).
  o scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108).
  o scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108).
  o scsi: mpt3sas: check command status before attempting abort (bsc#1117108).
  o scsi: mpt3sas: clarify mmio pointer types (bsc#1117108).
  o scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108).
  o scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc
    #1117108).
  o scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to
    %s: (bsc#1117108).
  o scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels
    (bsc#1117108).
  o scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#
    1117108).
  o scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level>
    (bsc#1117108).
  o scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108).
  o scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing
    Async Broadcast primitive event (bsc#1117108).
  o scsi: mpt3sas: Do not access the structure after decrementing it's instance
    reference count (bsc#1117108).
  o scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura
    controllers (bsc#1117108).
  o scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108).
  o scsi: mpt3sas: fix an out of bound write (bsc#1117108).
  o scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler()
    (bsc#1117108).
  o scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#
    1117108).
  o scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108).
  o scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108).
  o scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal
    commands during controller reset (bsc#1117108).
  o scsi: mpt3sas: fix format overflow warning (bsc#1117108).
  o scsi: mpt3sas: Fix indentation (bsc#1117108).
  o scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()
    ' (bsc#1117108).
  o scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108).
  o scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#
    1117108).
  o scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS
    device after host reset (bsc#1117108).
  o scsi: mpt3sas: fix possible memory leak (bsc#1117108).
  o scsi: mpt3sas: fix pr_info message continuation (bsc#1117108).
  o scsi: mpt3sas: Fix removal and addition of vSES device during host reset
    (bsc#1117108).
  o scsi: mpt3sas: Fix sparse warnings (bsc#1117108).
  o scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1117108).
  o scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108).
  o scsi: mpt3sas: Handle NVMe PCIe device related events generated from
    firmware (bsc#1117108).
  o scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).
  o scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#
    1117108).
  o scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#
    1117108).
  o scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#
    1117108).
  o scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108).
  o scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108).
  o scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108).
  o scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108).
  o scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).
  o scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108).
  o scsi: mpt3sas: lockless command submission (bsc#1117108).
  o scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108).
  o scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log
    info (bsc#1117108).
  o scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108).
  o scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108).
  o scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108).
  o scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108).
  o scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108).
  o scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108).
  o scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).
  o scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo (bsc#
    1117108).
  o scsi: mpt3sas: remove redundant wmb (bsc#1117108).
  o scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).
  o scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc
    #1117108).
  o scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).
  o scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108).
  o scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).
  o scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).
  o scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#
    1117108).
  o scsi: mpt3sas: scan and add nvme device after controller reset (bsc#
    1117108).
  o scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108).
  o scsi: mpt3sas: set default value for cb_idx (bsc#1117108).
  o scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108).
  o scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#
    1117108).
  o scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108).
  o scsi: mpt3sas: simplify task management functions (bsc#1117108).
  o scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108).
  o scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler()
    and mpt3sas_ctl_reset_handler() (bsc#1117108).
  o scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#
    1117108).
  o scsi: mpt3sas: switch to generic DMA API (bsc#1117108).
  o scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108).
  o scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108).
  o scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1117108).
  o scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1117108).
  o scsi: mpt3sas: Update MPI Headers (bsc#1117108).
  o scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108).
  o scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).
  o scsi: mpt3sas: use list_splice_init() (bsc#1117108).
  o scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#
    1117108).
  o scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794).
  o scsi: qla2xxx: Fix early srb free on abort (bsc#1121713).
  o scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713).
  o scsi: qla2xxx: Increase abort timeout value (bsc#1121713).
  o scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713).
  o scsi: qla2xxx: Return switch command on a timeout (bsc#1121713).
  o scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#
    1121713).
  o scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713).
  o scsi: sd: Fix cache_type_store() (bnc#1012382).
  o scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#
    1125315).
  o scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).
  o scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).
  o sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
  o sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095
    bsc#1078355).
  o selinux: fix GPF on invalid policy (bnc#1012382).
  o seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382).
  o serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#
    1012382).
  o series.conf: Move

'patches.fixes/aio-hold-an-extra-file-reference-over-AIO-read-write.patch' into
sorted section.
signal: Always notice exiting tasks (bnc#1012382).
signal: Better detection of synchronous signals (bnc#1012382).
signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382).
skge: potential memory corruption in skge_get_regs() (bnc#1012382).
sky2: Increase D3 delay again (bnc#1012382).
slab: alien caches must not be initialized if the allocation of the alien cache
failed (bnc#1012382).
smack: fix access permissions for keyring (bnc#1012382).
smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382).
soc/tegra: Do not leak device tree node reference (bnc#1012382).
staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382).
staging: iio: ad7780: update voltage on read (bnc#1012382).
staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bnc#1012382).
staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382).
sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc
#1012382).
sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382).
tcp: tcp_v4_err() should be more careful (bnc#1012382).
team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382).
team: Free BPF filter when unregistering netdev (git-fixes).
test_hexdump: use memcpy instead of strncpy (bnc#1012382).
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#
1012382).
timekeeping: Use proper seqcount initializer (bnc#1012382).
tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
tipc: use destination length for copy string (bnc#1012382).
tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#
1129581).
tracing/uprobes: Fix output for multiple string arguments (bnc#1012382).
tty: Do not block on IO when ldisc change is pending (bnc#1105428).
tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428).
tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).
tty: Handle problem if line discipline does not have receive_buf (bnc#1012382).
tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).
tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).
tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
tty/n_hdlc: fix __might_sleep warning (bnc#1012382).
tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382).
tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382).
uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382).
ucc_geth: Reset BQL queue when stopping device (bnc#1012382).
udf: Fix BUG on corrupted inode (bnc#1012382).
um: Avoid marking pages with "changed protection" (bnc#1012382).
usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).
usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
usb: dwc2: Remove unnecessary kfree (bnc#1012382).
usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382).
usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#
1012382).
usb: phy: am335x: fix race condition in _probe (bnc#1012382).
usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382).
usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382).
usb: storage: add quirk for SMI SM3350 (bnc#1012382).
usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#
1012382).
video: clps711x-fb: release disp device node in probe() (bnc#1012382).
vsock: cope with memory allocation failure at socket creation time (bnc#
1012382).
vt: invoke notifier on screen size change (bnc#1012382).
vxlan: test dev->flags & IFF_UP before calling netif_rx() (bnc#1012382).
wireless: airo: potential buffer overflow in sprintf() (bsc#1120902).
writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).
x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).
x86/a.out: Clear the dump structure initially (bnc#1012382).
x86/fpu: Add might_fault() to user_insn() (bnc#1012382).
x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382).
x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382).
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
(bnc#1012382).
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382).
x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382).
x86: respect memory size limiting via mem= parameter (bsc#1117645).
x86/xen: dont add memory above max allowed allocation (bsc#1117645).
xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600).
xen: remove pre-xen3 fallback handlers (bsc#1065600).
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382).
xfrm: refine validation of template and selector families (bnc#1012382).
Yama: Check for pid death before checking ancestry (bnc#1012382).
xfs: remove filestream item xfs_inode reference (bsc#1127961).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP3:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-901=1

Package List:

  o SUSE Linux Enterprise Server 12-SP3 (x86_64):
       kernel-azure-4.4.176-4.25.1
       kernel-azure-base-4.4.176-4.25.1
       kernel-azure-base-debuginfo-4.4.176-4.25.1
       kernel-azure-debuginfo-4.4.176-4.25.1
       kernel-azure-debugsource-4.4.176-4.25.1
       kernel-azure-devel-4.4.176-4.25.1
       kernel-syms-azure-4.4.176-4.25.1
  o SUSE Linux Enterprise Server 12-SP3 (noarch):
       kernel-devel-azure-4.4.176-4.25.1
       kernel-source-azure-4.4.176-4.25.1


References:

  o https://www.suse.com/security/cve/CVE-2017-18249.html
  o https://www.suse.com/security/cve/CVE-2019-2024.html
  o https://www.suse.com/security/cve/CVE-2019-3459.html
  o https://www.suse.com/security/cve/CVE-2019-3460.html
  o https://www.suse.com/security/cve/CVE-2019-6974.html
  o https://www.suse.com/security/cve/CVE-2019-7221.html
  o https://www.suse.com/security/cve/CVE-2019-7222.html
  o https://www.suse.com/security/cve/CVE-2019-9213.html
  o https://bugzilla.suse.com/1012382
  o https://bugzilla.suse.com/1020413
  o https://bugzilla.suse.com/1023175
  o https://bugzilla.suse.com/1031492
  o https://bugzilla.suse.com/1042286
  o https://bugzilla.suse.com/1050549
  o https://bugzilla.suse.com/1065600
  o https://bugzilla.suse.com/1070767
  o https://bugzilla.suse.com/1075697
  o https://bugzilla.suse.com/1078355
  o https://bugzilla.suse.com/1082943
  o https://bugzilla.suse.com/1086095
  o https://bugzilla.suse.com/1086652
  o https://bugzilla.suse.com/1087036
  o https://bugzilla.suse.com/1087092
  o https://bugzilla.suse.com/1090435
  o https://bugzilla.suse.com/1094823
  o https://bugzilla.suse.com/1099810
  o https://bugzilla.suse.com/1102875
  o https://bugzilla.suse.com/1102877
  o https://bugzilla.suse.com/1102879
  o https://bugzilla.suse.com/1102882
  o https://bugzilla.suse.com/1102896
  o https://bugzilla.suse.com/1102959
  o https://bugzilla.suse.com/1103429
  o https://bugzilla.suse.com/1105428
  o https://bugzilla.suse.com/1106061
  o https://bugzilla.suse.com/1106105
  o https://bugzilla.suse.com/1106929
  o https://bugzilla.suse.com/1107866
  o https://bugzilla.suse.com/1109137
  o https://bugzilla.suse.com/1109248
  o https://bugzilla.suse.com/1109695
  o https://bugzilla.suse.com/1114893
  o https://bugzilla.suse.com/1116345
  o https://bugzilla.suse.com/1116653
  o https://bugzilla.suse.com/1117108
  o https://bugzilla.suse.com/1117645
  o https://bugzilla.suse.com/1117744
  o https://bugzilla.suse.com/1119019
  o https://bugzilla.suse.com/1119680
  o https://bugzilla.suse.com/1119843
  o https://bugzilla.suse.com/1120017
  o https://bugzilla.suse.com/1120691
  o https://bugzilla.suse.com/1120722
  o https://bugzilla.suse.com/1120758
  o https://bugzilla.suse.com/1120902
  o https://bugzilla.suse.com/1121713
  o https://bugzilla.suse.com/1121726
  o https://bugzilla.suse.com/1121805
  o https://bugzilla.suse.com/1122650
  o https://bugzilla.suse.com/1122651
  o https://bugzilla.suse.com/1122779
  o https://bugzilla.suse.com/1122885
  o https://bugzilla.suse.com/1123321
  o https://bugzilla.suse.com/1123323
  o https://bugzilla.suse.com/1123357
  o https://bugzilla.suse.com/1123933
  o https://bugzilla.suse.com/1124166
  o https://bugzilla.suse.com/1124235
  o https://bugzilla.suse.com/1124728
  o https://bugzilla.suse.com/1124732
  o https://bugzilla.suse.com/1124735
  o https://bugzilla.suse.com/1124775
  o https://bugzilla.suse.com/1124777
  o https://bugzilla.suse.com/1124780
  o https://bugzilla.suse.com/1124811
  o https://bugzilla.suse.com/1125000
  o https://bugzilla.suse.com/1125014
  o https://bugzilla.suse.com/1125315
  o https://bugzilla.suse.com/1125446
  o https://bugzilla.suse.com/1125794
  o https://bugzilla.suse.com/1125796
  o https://bugzilla.suse.com/1125808
  o https://bugzilla.suse.com/1125809
  o https://bugzilla.suse.com/1125810
  o https://bugzilla.suse.com/1125892
  o https://bugzilla.suse.com/1126389
  o https://bugzilla.suse.com/1126772
  o https://bugzilla.suse.com/1126773
  o https://bugzilla.suse.com/1126805
  o https://bugzilla.suse.com/1127082
  o https://bugzilla.suse.com/1127155
  o https://bugzilla.suse.com/1127561
  o https://bugzilla.suse.com/1127725
  o https://bugzilla.suse.com/1127731
  o https://bugzilla.suse.com/1127961
  o https://bugzilla.suse.com/1128166
  o https://bugzilla.suse.com/1128452
  o https://bugzilla.suse.com/1128565
  o https://bugzilla.suse.com/1128696
  o https://bugzilla.suse.com/1128756
  o https://bugzilla.suse.com/1128893
  o https://bugzilla.suse.com/1129080
  o https://bugzilla.suse.com/1129179
  o https://bugzilla.suse.com/1129237
  o https://bugzilla.suse.com/1129238
  o https://bugzilla.suse.com/1129239
  o https://bugzilla.suse.com/1129240
  o https://bugzilla.suse.com/1129241
  o https://bugzilla.suse.com/1129413
  o https://bugzilla.suse.com/1129414
  o https://bugzilla.suse.com/1129415
  o https://bugzilla.suse.com/1129416
  o https://bugzilla.suse.com/1129417
  o https://bugzilla.suse.com/1129418
  o https://bugzilla.suse.com/1129419
  o https://bugzilla.suse.com/1129581
  o https://bugzilla.suse.com/1129770
  o https://bugzilla.suse.com/1129923

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXKw3AGaOgq3Tt24GAQjnPA//W8FjObKeYJw1L+ApV3eH3CmpNR0Xp4G3
iuDfiTDO+Ofs85rU37w+K48r9TNu31yi3Q3tbTGbnOuRDpT2k6LhQoW41xk2Ku8T
GxxzQPpJXcruV91K+VZHuvyebOmI55E+qeXEgbb5dJapUKuDKzY3TtL/rKLZKBeW
Bld+2woHxze2aNKh5t50LSCwisxGUp60z9DNd5dpdypeGxOCAdQVRjB1t4Yo/TlF
Xus93hG92qhpiwLEhEXB3pTDhINLi0uq5lCRSUEV5QHgAM953D3oQc6UFBEwBl/3
MEAZHQG5W7dN7RxYXvwHk24CfUQUWM5vtN33S79sQb4/+stZ//DapdaNhlLuc6ES
rqJ7ETrsJms0HqsXh4p/gO0AHAKKS3e9HmIjeckcBeRYc3Xuzm/OrQI8zqEmNoY8
H/FQXe2x8XYDTBVCowjYsKO5c2i5hvt+ojJqdtoRvnfhQ1lghpKM1eIntyTyYXuf
Wvf7zbvnZQRDpI9JZZoyXsiarozeSktV8JdyutuVH9vYVLzFSojXjpUxfBR4r1Nk
7HoQV4avixc/F1rlYUyFlhPLWFLsgv2p5foNKcT6+VU+Fz7y58LIkZkyH13VFmpx
fNmiz1Jgga7lphGQn4pVl7NGCC1CYhwTeLpez56t9iJa2gSa0cG77UQpyKH6X7jZ
gXkdemLngAM=
=g8r1
-----END PGP SIGNATURE-----

« Back to bulletins