Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3425 SUSE Security Update: Security update for the Linux Kernel 1 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Impact/Access: Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-18445 CVE-2018-18386 CVE-2017-18224 CVE-2017-16533 Reference: ESB-2018.1335 Original Bulletin: https://www.suse.com/support/update/announcement/2018/suse-su-20183593-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3593-1 Rating: important References: #1046540 #1050319 #1050536 #1050540 #1051510 #1055120 #1065600 #1066674 #1067126 #1067906 #1076830 #1079524 #1083647 #1084760 #1084831 #1086283 #1086288 #1094825 #1095805 #1099125 #1100132 #1102881 #1103308 #1103543 #1104731 #1105025 #1105536 #1106105 #1106110 #1106237 #1106240 #1106838 #1107685 #1108241 #1108377 #1108468 #1108828 #1108841 #1108870 #1109151 #1109158 #1109217 #1109330 #1109739 #1109784 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110096 #1110538 #1110561 #1110921 #1111028 #1111076 #1111506 #1111806 #1111819 #1111830 #1111834 #1111841 #1111870 #1111901 #1111904 #1111928 #1111983 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113257 #1113284 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18386 CVE-2018-18445 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - acpica: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - arm: exynos: Clear global variable on init error path (bsc#1051510). - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch. (bsc#1110921) - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - input: atakbd - fix Atari keymap (bsc#1051510). - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - kvm: svm: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - kvm: vmx: raise internal error for exception during invalid protected mode state (bsc#1110006). - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - kvm: x86: Add a framework for supporting MSR-based features (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006). - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - nfc: trf7970a: fix check of clock frequencies, use && instead of || (bsc#1051510). - nfs: Avoid quadratic search when freeing delegations (bsc#1084760). - pci: Reprogram bridge prefetch registers on resume (bsc#1051510). - pci: dwc: Fix scheduling while atomic issues (git-fixes). - pci: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - pm / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - pm / core: Clear the direct_complete flag on errors (bsc#1051510). - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - rdma/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - Revert "Limit kernel-source build to architectures for which we build binaries" This reverts commit d6435125446d740016904abe30a60611549ae812. - Revert "cdc-acm: implement put_char() and flush_chars()" (bsc#1051510). - Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" (bsc#1051510). - Revert "drm/i915/gvt: set max priority for gvt context" (bsc#1051510). - Revert "gpio: set up initial state from .get_direction()" (bsc#1051510). - Revert "iommu/io-pgtable: Avoid redundant TLB syncs" (bsc#1106237). - Revert "mwifiex: fix incorrect ht capability problem" (bsc#1051510). - Revert "mwifiex: handle race during mwifiex_usb_disconnect" (bsc#1051510). - Revert "pinctrl: sunxi: Do not enforce bias disable (for now)" (bsc#1051510). - Revert "slab: __GFP_ZERO is incompatible with a constructor" (bnc#1108828) This reverts commit de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have false possitives in the tree. - Revert "ubifs: xattr: Do not operate on deleted inodes" (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - usb: Add quirk to support DJI CineSSD (bsc#1051510). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510). - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: yurex: Check for truncation in yurex_read() (bsc#1051510). - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Use upstream version of pci-hyperv patch (35a88a1) - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bnc#1108841). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2" (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert "Return error if requesting an already assigned gpio" (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kabi protect enum mem_type (bsc#1099125). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - libertas: call into generic suspend code before turning off power (bsc#1051510). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - objtool, kprobes/x86: Sync the latest <asm/insn.h> header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - rpc_pipefs: fix double-dput() (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bnc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: added cavium_ptp - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: dwc2: Turn on uframe_sched on "amlogic" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "bcm" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "his" platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on "stm32f4x9_fsotg" platforms (bsc#1102881). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup to avoid even warning about statement without effect. - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h> (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect "Machine check from unknown source" message (bsc#1110006). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: kvm: avoid unused variable warning (bsc#1110006). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2547=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.25.1 kernel-default-debugsource-4.12.14-25.25.1 kernel-default-livepatch-4.12.14-25.25.1 kernel-livepatch-4_12_14-25_25-default-1-1.3.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1050319 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067126 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1099125 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102881 https://bugzilla.suse.com/1103308 https://bugzilla.suse.com/1103543 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106838 https://bugzilla.suse.com/1107685 https://bugzilla.suse.com/1108241 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1108828 https://bugzilla.suse.com/1108841 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109151 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109217 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109784 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110538 https://bugzilla.suse.com/1110561 https://bugzilla.suse.com/1110921 https://bugzilla.suse.com/1111028 https://bugzilla.suse.com/1111076 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111806 https://bugzilla.suse.com/1111819 https://bugzilla.suse.com/1111830 https://bugzilla.suse.com/1111834 https://bugzilla.suse.com/1111841 https://bugzilla.suse.com/1111870 https://bugzilla.suse.com/1111901 https://bugzilla.suse.com/1111904 https://bugzilla.suse.com/1111928 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9qFCGaOgq3Tt24GAQio1w//VXHAnfYqiDqM5Cpd3EcZRzg49aUgfVdZ kmqtBeR8b19zrc6x2yzhGdKNzPStPPAP/LbnI1V6BNucEExk1SPgyVI/TtYdPY2y Glivh+DTaymJYFPb7xBokU6X8FDTI4AohyHtVurU4I2aB8bofw9L94k5SstL9f57 muwObn4WZb6BmLhbUucZe3ZUeLKg8QQRa17IgY+QICgTZlAaKumjgIMoEI2vwS+9 3XX4ix7SEJOn/FGOUZ9ti6ATEd9oRBqlPT8Z8Z1oGU2N2u7Wrxcddhmyosqywkgq DW4S2LxbL1MwFzMRLPw5KbZg/7qFvvt65h2O8tD9GJ1kD2bOKDk+GD8pXjMQWAzn EWz77AVMoko5U0v17SzEBk6qB6/TFh7arAoHQFmn6Uus4uxmPRKraNwWMGirWepq CjaL3u64jRwpiAtfZxQ7lSF673vS1L2u30cuO5QHYcSQAre/4ij6J5qwIvAor87D HCWPt5pridYLPYS+olZN9XSajJ0iB6f6un27Sd+MVWZVi0oLTJg+9kZVkCWFqURz eh4++JUxwmm3I0dw9NJDoJHbFg6Cz48xiCZowadTHE7IashcaBrQwltnzQy9saeW foO8emwsNZe66cW9TcrG6xgndzIjPtOQdKqRHOl9WvX465WrbanwyA0g4foZkehR M0KvTDXf3CM= =ocwg -----END PGP SIGNATURE-----