Vulnerability-Lookup

SUSE-SU-2018:1217-1

Vulnerability from csaf_suse - Published: 2018-05-11 11:30 - Updated: 2018-05-11 11:30

Summary

Security update for the Linux Kernel

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel

Description of the patch: The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.128 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl (bnc#1088241) - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function could have been exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). The following non-security bugs were fixed: - Fix ltp might_sleep() splat BUG - ACPI / PMIC: xpower: Fix power_table addresses (bnc#1012382). - ACPI, PCI, irq: remove redundant check for null string pointer (bnc#1012382). - ACPI/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981). - ACPI/processor: Fix error handling in __acpi_processor_start() (bnc#1012382). - ACPI/processor: Replace racy task affinity logic (bnc#1012382). - ACPICA: Add header support for TPM2 table changes (bsc#1084452). - ACPICA: Add support for new SRAT subtable (bsc#1085981). - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382). - ACPICA: Events: Add runtime stub support for event APIs (bnc#1012382). - ACPICA: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981). - ALSA: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382). - ALSA: aloop: Sync stale timer before release (bnc#1012382). - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382). - ALSA: hda - Revert power_save option default value (git-fixes). - ALSA: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382). - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382). - ALSA: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - ALSA: hda: Add a power_save blacklist (bnc#1012382). - ALSA: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382). - ALSA: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382). - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382). - ALSA: pcm: potential uninitialized return values (bnc#1012382). - ALSA: usb-audio: Add a quirck for BW PX headphones (bnc#1012382). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382). - ARM64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328). - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382). - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382). - ARM: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382). - ARM: dts: Adjust moxart IRQ controller and flags (bnc#1012382). - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382). - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382). - ARM: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382). - ARM: dts: exynos: Correct Trats2 panel reset line (bnc#1012382). - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382). - ARM: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382). - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382). - ARM: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible string to esdhc node (bnc#1012382). - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382). - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382). - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382). - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382). - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382). - ASoC: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382). - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382). - Bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382). - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382). - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382). - Bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382). - Btrfs: incremental send, fix invalid memory access (git-fixes). - Btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382). - CIFS: silence lockdep splat in cifs_relock_file() (bnc#1012382). - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382). - EDAC, mv64x60: Fix an error handling path (bnc#1012382). - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c). - HID: clamp input to logical range if no null state (bnc#1012382). - HID: reject input outside logical range only if null state is set (bnc#1012382). - IB/core: Fix possible crash to access NULL netdev (bsc#966191 bsc#966186). - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 bsc#966186). - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382). - IB/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382). - IB/mlx4: Change vma from shared to private (bnc#1012382). - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 bsc#966186). - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 bsc#966186). - IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382). - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 bsc#1015343). - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 bsc#966172). - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 bsc#966172). - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 bsc#966172). - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 bsc#1015343). - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 bsc#1015343). - IB/srpt: Fix abort handling (bnc#1012382). - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296). - IB/umem: Fix use of npages/nmap fields (bnc#1012382). - Input: elan_i2c - check if device is there before really probing (bnc#1012382). - Input: elan_i2c - clear INT before resetting controller (bnc#1012382). - Input: elantech - force relative mode on a certain module (bnc#1012382). - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382). - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382). - Input: matrix_keypad - fix race when disabling interrupts (bnc#1012382). - Input: mousedev - fix implicit conversion warning (bnc#1012382). - Input: qt1070 - add OF device ID table (bnc#1012382). - Input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382). - KVM: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382). - KVM: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382). - KVM: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382). - KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499). - KVM: arm/arm64: vgic-its: Check result of allocation before use (bsc#). - KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499). - KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499). - KVM: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499). - KVM: mmu: Fix overlap between public and private memslots (bnc#1012382). - KVM: nVMX: Fix handling of lmsw instruction (bnc#1012382). - Kbuild: provide a __UNIQUE_ID for clang (bnc#1012382). - MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012382). - MIPS: BPF: Fix multiple problems in JIT skb access helpers (bnc#1012382). - MIPS: BPF: Quit clobbering callee saved registers in JIT code (bnc#1012382). - MIPS: OCTEON: irq: Check for null return on kzalloc allocation (bnc#1012382). - MIPS: ath25: Check for kzalloc allocation failure (bnc#1012382). - MIPS: kprobes: flush_insn_slot should flush only if probe initialised (bnc#1012382). - MIPS: mm: adjust PKMAP location (bnc#1012382). - MIPS: mm: fixed mappings: correct initialisation (bnc#1012382). - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters (bnc#1012382). - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification (bnc#1012382). - MIPS: ralink: Remove ralink_halt() (bnc#1012382). - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382). - NFC: nfcmrvl: double free on error path (bnc#1012382). - NFS: Fix an incorrect type in struct nfs_direct_req (bnc#1012382). - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382). - NFSv4.1: Work around a Linux server bug.. (bnc#1012382). - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699). - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382). - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348). - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382). - PCI: Add pci_reset_function_locked() (bsc#1084889). - PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914). - PCI: Avoid FLR for Intel 82579 NICs (bsc#1084889). - PCI: Avoid slot reset if bridge itself is broken (bsc#1084918). - PCI: Export pcie_flr() (bsc#1084889). - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382). - PCI: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015). - PCI: Probe for device reset support during enumeration (bsc#1084889). - PCI: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889). - PCI: Protect restore with device lock to be consistent (bsc#1084889). - PCI: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889). - PCI: Remove redundant probes for device reset support (bsc#1084889). - PCI: Wait for up to 1000ms after FLR reset (bsc#1084889). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659). - PCI: hv: Serialize the present and eject work items (bsc#1087659). - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428). - RDMA/cma: Use correct size when writing netlink stats (bnc#1012382). - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access - RDMA/core: Do not use invalid destination in determining port reuse - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382). - RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012382). - RDMA/mlx5: Protect from NULL pointer derefence (bsc#1015342 bsc#1015343). - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382). - RDMA/qedr: Fix QP state initialization race (bsc#1022604). - RDMA/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604). - RDMA/qedr: fix QP's ack timeout configuration (bsc#1022604). - RDMA/rxe: Fix an out-of-bounds read - RDMA/ucma: Check AF family prior resolving address (bnc#1012382). - RDMA/ucma: Check that device exists prior to accessing it (bnc#1012382). - RDMA/ucma: Check that device is connected prior to access it (bnc#1012382). - RDMA/ucma: Check that user does not overflow QP state (bnc#1012382). - RDMA/ucma: Do not allow join attempts for unsupported AF family (bnc#1012382). - RDMA/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382). - RDMA/ucma: Fix access to non-initialized CM_ID object (bnc#1012382). - RDMA/ucma: Fix use-after-free access in ucma_close (bnc#1012382). - RDMA/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382). - RDMA/ucma: Limit possible option size (bnc#1012382). - Revert 'ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux' (bnc#1012382). - Revert 'ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin' (bnc#1012382). - Revert 'ARM: dts: omap3-n900: Fix the audio CODEC's reset pin' (bnc#1012382). - Revert 'PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()' (bnc#1012382). - Revert 'cpufreq: Fix governor module removal race' (bnc#1012382). - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428). - Revert 'genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs' (bnc#1012382). - Revert 'ip6_vti: adjust vti mtu according to mtu of lower device' (bnc#1012382). - Revert 'ipvlan: add L2 check for packets arriving via virtual devices' (reverted in upstream). - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382). - Revert 'mtip32xx: use runtime tag to initialize command header' (bnc#1012382). - Revert 'xhci: plat: Register shutdown for xhci_plat' (bnc#1012382). - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135). - USB: ene_usb6250: fix SCSI residue overwriting (bnc#1012382). - USB: ene_usb6250: fix first command execution (bnc#1012382). - USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382). - USB: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382). - USB: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382). - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bnc#1012382). - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382). - USB: usbmon: remove assignment from IS_ERR argument (bnc#1012382). - Update patches.arch/s390-sles12sp3-08-03-KVM-s390-instruction-execution-protection-support.patch (LTC#162428, bsc#1073069). - Update patches.arch/s390-sles12sp3-08-06-01-s390-mem_detect-use-unsigned-longs.patch (LTC#158956, bsc#1073059). - Update patches.arch/s390-sles12sp3-08-06-02-kvm-s390-enable-all-facility-bits-that-are-known-goo.patch (LTC#158956, bsc#1073059). - Update patches.arch/s390-sles12sp3-08-06-03-s390-sclp-add-hmfai-field.patch (LTC#158956, bsc#1073059). - Update patches.arch/s390-sles12sp3-08-06-04-kvm-s390-populate-mask-of-non-hypervisor-managed-fac.patch (LTC#158956, bsc#1073059). - Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994 bsc#1075091 bnc#1085958). - acpi, numa: fix pxm to online numa node associations (bnc#1012382). - agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382). - ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bnc#1012382). - apparmor: Make path_max parameter readonly (bnc#1012382). - arm/arm64: KVM: Add PSCI_VERSION helper (bsc#1068032). - arm/arm64: KVM: Add smccc accessors to PSCI code (bsc#1068032). - arm/arm64: KVM: Advertise SMCCC v1.1 (bsc#1068032). - arm/arm64: KVM: Consolidate the PSCI include files (bsc#1068032). - arm/arm64: KVM: Implement PSCI 1.0 support (bsc#1068032). - arm/arm64: KVM: Turn kvm_psci_version into a static inline (bsc#1068032). - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032). - arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032). - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313). - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032). - arm64: KVM: Increment PC after handling an SMC trap (bsc#1068032). - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032). - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032). - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382). - arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032). - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032). - arm64: fix smccc compilation (bsc#1068032). - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382). - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487). - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050). - arp: fix arp_filter on l3slave devices (bnc#1012382). - arp: honour gratuitous ARP _replies_ (bnc#1012382). - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382). - ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382). - ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382). - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382). - ath10k: update tdls teardown state to target (bnc#1012382). - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382). - ath: Fix updating radar flags for coutry code India (bnc#1012382). - audit: add tty field to LOGIN event (bnc#1012382). - batman-adv: handle race condition for claims between gateways (bnc#1012382). - bcache: do not attach backing with duplicate UUID (bnc#1012382). - bcache: segregate flash only volume write streams (bnc#1012382). - bcache: stop writeback thread after detaching (bnc#1012382). - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382). - blk-throttle: make sure expire time isn't too big (bnc#1012382). - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382). - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967). - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058). - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087). - bna: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Align RX buffers (bnc#1012382). - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382). - bonding: Do not update slave->link until ready to commit (bnc#1012382). - bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382). - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382). - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382). - bonding: refine bond_fold_stats() wrap detection (bnc#1012382). - bpf, x64: implement retpoline for tail call (bnc#1012382). - bpf, x64: increase number of passes (bnc#1012382). - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382). - bpf: skip unnecessary capability check (bnc#1012382). - braille-console: Fix value returned by _braille_console_setup (bnc#1012382). - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382). - btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382). - btrfs: improve delayed refs iterations (bsc#1076033). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382). - bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382). - can: cc770: Fix queue stall and dropped RTR reply (bnc#1012382). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382). - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382). - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898). - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - clk: Fix __set_clk_rates error print-string (bnc#1012382). - clk: bcm2835: Protect sections updating shared registers (bnc#1012382). - clk: ns2: Correct SDIO bits (bnc#1012382). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382). - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382). - coresight: Fix disabling of CoreSight TPIU (bnc#1012382). - coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382). - cpufreq/sh: Replace racy task affinity logic (bnc#1012382). - cpufreq: Fix governor module removal race (bnc#1012382). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - cpuidle: Add new macro to enter a retention idle state (bsc#1084328). - cpumask: Add helper cpumask_available() (bnc#1012382). - cros_ec: fix nul-termination for firmware build info (bnc#1012382). - crypto: ahash - Fix early termination in hash walk (bnc#1012382). - crypto: cavium - fix memory leak on info (bsc#1086518). - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382). - cx25840: fix unchecked return values (bnc#1012382). - cxgb4: FW upgrade fixes (bnc#1012382). - cxgb4: Fix queue free path of ULD drivers (bsc#1022743). - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382). - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382). - dm ioctl: remove double parentheses (bnc#1012382). - dm: Always copy cmd_flags when cloning a request (bsc#1088087). - dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382). - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382). - driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382). - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296). - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382). - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382). - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382). - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382). - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382). - drm/amdgpu: fix KV harvesting (bnc#1012382). - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382). - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - drm/msm: fix leak in failed get_pages (bnc#1012382). - drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382). - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382). - drm/omap: fix tiled buffer stride calculations (bnc#1012382). - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382). - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382). - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382). - drm/radeon: fix KV harvesting (bnc#1012382). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382). - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382). - drm: Allow determining if current task is output poll worker (bnc#1012382). - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382). - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382). - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382). - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382). - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382). - esp: Fix memleaks on error paths (git-fixes). - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382). - ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382). - f2fs: relax node version check for victim data in gc (bnc#1012382). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - firmware/psci: Expose PSCI conduit (bsc#1068032). - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032). - fix race in drivers/char/random.c:get_reg() (bnc#1012382). - fixup: sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - frv: declare jiffies to be located in the .data section (bnc#1012382). - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382). - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - fs/proc: Stop trying to report thread stacks (bnc#1012382). - fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382). - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382). - genirq: Track whether the trigger type has been set (git-fixes). - genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382). - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382). - gpio: label descriptors using the device name (bnc#1012382). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - hv_balloon: fix bugs in num_pages_onlined accounting - hv_balloon: fix printk loglevel - hv_balloon: simplify hv_online_page()/hv_page_online_one() - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes). - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382). - i2c: i2c-scmi: add a MS HID (bnc#1012382). - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310). - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310). - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799). - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799). - i40e: Acquire NVM lock before reads on all devices (bnc#1012382). - i40iw: Free IEQ resources (bsc#969476 bsc#969477). - ia64: fix module loading for gcc-5.4 (bnc#1012382). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382). - iio: hi8435: avoid garbage event at first enable (bnc#1012382). - iio: hi8435: cleanup reset gpio (bnc#1012382). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382). - iio: st_pressure: st_accel: pass correct platform data to init (git-fixes). - ima: relax requiring a file signature for new files with zero length (bnc#1012382). - infiniband/uverbs: Fix integer overflows (bnc#1012382). - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382). - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382). - ip6_gre: better validate user provided tunnel names (bnc#1012382). - ip6_tunnel: better validate user provided tunnel names (bnc#1012382). - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382). - ip_tunnel: better validate user provided tunnel names (bnc#1012382). - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382). - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799). - ipmi: Use the proper default value for register size in ACPI (bsc#1060799). - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799). - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799). - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871). - ipmi_ssif: Fix logic around alert handling (bsc#1060799). - ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799). - ipmi_ssif: unlock on allocation failure (bsc#1060799). - ipsec: check return value of skb_to_sgvec always (bnc#1012382). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382). - ipv6: sit: better validate user provided tunnel names (bnc#1012382). - ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382). - ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382). - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981). - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382). - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981). - iw_cxgb4: print mapped ports correctly (bsc#321658 bsc#321660 bsc#321661). - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp (bnc#1012382). - kABI: add tty include to audit.c (kabi). - kABI: protect jiffies types (kabi). - kABI: protect skb_to_sgvec* (kabi). - kABI: protect tty include in audit.h (kabi). - kGraft: fix small race in reversion code (bsc#1083125). - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382). - kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012382). - kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382). - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes). - kprobes/x86: Set kprobes pages read-only (bnc#1012382). - kvm/x86: fix icebp instruction handling (bnc#1012382). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499). - kvm: nVMX: fix nested tsc scaling (bsc1087999). - l2tp: do not accept arbitrary sockets (bnc#1012382). - l2tp: fix missing print session offset info (bnc#1012382). - leds: pca955x: Correct I2C Functionality (bnc#1012382). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382). - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382). - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382). - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382). - libata: remove WARN() for DMA or PIO command without data (bnc#1012382). - llist: clang: introduce member_address_is_nonnull() (bnc#1012382). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bnc#1012382). - lockd: fix lockd shutdown race (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes). - loop: Fix lost writes caused by missing flag (bnc#1012382). - lpfc: update version to 11.4.0.7-1 (bsc#1085383). - mISDN: Fix a sleep-in-atomic bug (bnc#1012382). - mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382). - mac80211: remove BUG() when interface type is invalid (bnc#1012382). - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382). - mceusb: sporadic RX truncation corruption fix (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (git-fixes). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - md/raid10: reset the 'first' at the end of loop (bnc#1012382). - md/raid10: skip spare disk as 'first' disk (bnc#1012382). - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382). - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382). - md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382). - media/dvb-core: Race condition when writing to CAM (bnc#1012382). - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382). - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382). - media: cpia2: Fix a couple off by one bugs (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - media: videobuf2-core: do not go out of the buffer range (bnc#1012382). - mei: remove dev_err message on an unsupported ioctl (bnc#1012382). - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382). - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382). - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() (bnc#1012382). - mmc: avoid removing non-removable hosts during suspend (bnc#1012382). - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382). - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - mt7601u: check return value of alloc_skb (bnc#1012382). - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382). - mtip32xx: use runtime tag to initialize command header (bnc#1012382). - neighbour: update neigh timestamps iff update is effective (bnc#1012382). - net sched actions: fix dumping which requires several messages to user space (bnc#1012382). - net/8021q: create device with all possible features in wanted_features (bnc#1012382). - net/faraday: Add missing include of of.h (bnc#1012382). - net/ipv6: Fix route leaking between VRFs (bnc#1012382). - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382). - net/iucv: Free memory obtained by kzalloc (bnc#1012382). - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382). - net/mlx4: Fix the check in attaching steering rules (bnc#1012382). - net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 bsc#966186). - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382). - net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx5: Fix error handling in load one (bsc#1015342 bsc#1015343). - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 bsc#1015343). - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382). - net/mlx5: avoid build warning for uniprocessor (bnc#1012382). - net/mlx5e: Add error print in ETS init (bsc#966170 bsc#966172). - net/mlx5e: Check support before TC swap in ETS init (bsc#966170 bsc#966172). - net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 bsc#1015343). - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 bsc#1015343). - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382). - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382). - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382). - net: cavium: liquidio: fix up 'Avoid dma_unmap_single on uninitialized ndata' (bnc#1012382). - net: cdc_ncm: Fix TX zero padding (bnc#1012382). - net: emac: fix reset timeout with AR8035 phy (bnc#1012382). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382). - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382). - net: fec: Fix unbalanced PM runtime calls (bnc#1012382). - net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: fool proof dev_valid_name() (bnc#1012382). - net: freescale: fix potential null pointer dereference (bnc#1012382). - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511). - net: hns: Fix ethtool private flags (bsc#1085511). - net: ieee802154: fix net_device reference release too early (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: ipv6: send unsolicited NA after DAD (git-fixes). - net: ipv6: send unsolicited NA on admin up (bnc#1012382). - net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382). - net: move somaxconn init from sysctl code (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382). - net: qca_spi: Fix alignment issues in rx path (bnc#1012382). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382). - net: x25: fix one potential use-after-free issue (bnc#1012382). - net: xfrm: allow clearing socket xfrm policies (bnc#1012382). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382). - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382). - netfilter: add back stackpointer size checks (bnc#1012382). - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382). - netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382). - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382). - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382). - netfilter: nat: cope with negative port range (bnc#1012382). - netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382). - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382). - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382). - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382). - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382). - nfsd4: permit layoutget of executable-only files (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - nospec: Include asm/barrier.h dependency (bnc#1012382). - nospec: Kill array_index_nospec_mask_check() (bnc#1012382). - nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382). - nvme/rdma: do no start error recovery twice (bsc#1084967). - nvme: do not send keep-alive frames during reset (bsc#1084223). - nvme: do not send keep-alives to the discovery controller (bsc#1086607). - nvme: expand nvmf_check_if_ready checks (bsc#1085058). - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574). - of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382). - openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382). - ovl: filter trusted xattr for non-admin (bnc#1012382). - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() (bnc#1012382). - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382). - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382). - perf header: Set proper module name when build-id event found (bnc#1012382). - perf inject: Copy events when reordering events in pipe mode (bnc#1012382). - perf probe: Add warning message if there is unexpected event name (bnc#1012382). - perf probe: Return errno when not hitting any event (bnc#1012382). - perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382). - perf session: Do not rely on evlist in pipe mode (bnc#1012382). - perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382). - perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382). - perf tests: Decompress kernel module before objdump (bnc#1012382). - perf tools: Fix copyfile_offset update of output offset (bnc#1012382). - perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382). - perf trace: Add mmap alias for s390 (bnc#1012382). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382). - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers (bsc#1086357). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382). - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() (bnc#1012382). - pinctrl: Really force states during suspend/resume (bnc#1012382). - platform/chrome: Use proper protocol transfer function (bnc#1012382). - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382). - power: supply: pda_power: move from timer to delayed_work (bnc#1012382). - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE] (bnc#1012382). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - pptp: remove a buggy dst release in pptp_connect() (bnc#1012382). - pty: cancel pty slave port buf's work in tty_release (bnc#1012382). - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Use after free in qed_rdma_free() (bsc#1019695 bsc#1019699 bsc#1022604). - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484). - qlcnic: fix unchecked return value (bnc#1012382). - qlge: Avoid reading past end of buffer (bnc#1012382). - r8169: fix setting driver_data after register_netdev (bnc#1012382). - random: use lockless method of accessing and updating f->eg_idx (bnc#1012382). - ray_cs: Avoid reading past end of buffer (bnc#1012382). - rcutorture/configinit: Fix build directory error message (bnc#1012382). - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - regulator: anatop: set default voltage selector for pcie (bnc#1012382). - reiserfs: Make cancel_old_flush() reliable (bnc#1012382). - rndis_wlan: add return value validation (bnc#1012382). - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382). - rtc: interface: Validate alarm-time before handling rollover (bnc#1012382). - rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382). - rtc: snvs: fix an incorrect check of return value (bnc#1012382). - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382). - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382). - rxrpc: check return value of skb_to_sgvec always (bnc#1012382). - s390/dasd: fix hanging safe offline (bnc#1012382). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470). - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470). - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470). - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490). - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490). - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491). - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491). - s390/qeth: free netdevice when removing a card (bnc#1012382). - s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491). - s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490). - s390/qeth: lock read device while queueing next buffer (bnc#1012382). - s390/qeth: on channel error, reject further cmd requests (bnc#1012382). - s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490). - s390/qeth: when thread completes, wake up all waiters (bnc#1012382). - s390: move _text symbol to address higher than zero (bnc#1012382). - sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382). - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382). - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() (bnc#1012382). - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382). - scsi: dh: add new rdac devices (bnc#1012382). - scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382). - scsi: libsas: initialize sas_phy status according to response of DISCOVER (bnc#1012382). - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383). - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865). - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383). - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088865). - scsi: lpfc: Correct target queue depth application changes (bsc#1088865). - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088865). - scsi: lpfc: Fix Abort request WQ selection (bsc#1088865). - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865). - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088865). - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383). - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383). - scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865). - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088865). - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088865). - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383). - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865). - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088865). - scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383). - scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865). - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382). - scsi: mpt3sas: Proper handling of set/clear of 'ATA command pending' flag (bnc#1012382). - scsi: sg: check for valid direction before starting the request (bnc#1012382). - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382). - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206). - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382). - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes). - sctp: do not leak kernel memory to user space (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382). - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - selftests/powerpc: Fix TM resched DSCR test with some compilers (bnc#1012382). - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382). - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382). - selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382). - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382). - selinux: Remove redundant check for unknown labeling behavior (bnc#1012382). - selinux: Remove unnecessary check of array base in selinux_set_mapping() (bnc#1012382). - selinux: check for address length in selinux_socket_bind() (bnc#1012382). - selinux: do not check open permission on sockets (bnc#1012382). - serial: 8250: omap: Disable DMA for console UART (bnc#1012382). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382). - serial: sh-sci: Fix race condition causing garbage during shutdown (bnc#1012382). - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382). - sh_eth: Use platform device for printing before register_netdev() (bnc#1012382). - sit: reload iphdr in ipip6_rcv (bnc#1012382). - skbuff: Fix not waking applications when errors are enqueued (bnc#1012382). - skbuff: only inherit relevant tx_flags (bnc#1012382). - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow (bnc#1012382). - sky2: Increase D3 delay to sky2 stops working after suspend (bnc#1012382). - sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382). - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382). - sparc64: ldc abort during vds iso boot (bnc#1012382). - spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382). - spi: dw: Disable clock after unregistering the host (bnc#1012382). - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382). - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382). - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382). - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382). - staging: comedi: fix comedi_nsamples_left (bnc#1012382). - staging: comedi: ni_mio_common: ack ai fifo error interrupts (bnc#1012382). - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382). - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382). - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382). - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382). - staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382). - staging: wilc1000: fix unchecked return value (bnc#1012382). - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning (bnc#1012382). - sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382). - tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382). - target: prefer dbroot of /etc/target over /var/target (bsc#1087274). - tcm_fileio: Prevent information leak for short reads (bnc#1012382). - tcp: better validation of received ack sequences (bnc#1012382). - tcp: remove poll() flakes with FastOpen (bnc#1012382). - tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382). - team: Fix double free in error path (bnc#1012382). - test_firmware: fix setting old custom fw path back on exit (bnc#1012382). - thermal: power_allocator: fix one race condition issue for thermal_instances list (bnc#1012382). - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382). - timers, sched_clock: Update timeout for clock wrap (bnc#1012382). - tools/usbip: fixes build with musl libc toolchain (bnc#1012382). - tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382). - tty/serial: atmel: add new version check for usart (bnc#1012382). - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bnc#1012382). - tty: provide tty_name() even without CONFIG_TTY (bnc#1012382). - tty: vt: fix up tabstops properly (bnc#1012382). - uas: fix comparison for error code (bnc#1012382). - ubi: Fix race condition between ubi volume creation and udev (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211). - usb: chipidea: properly handle host or gadget initialization failure (bnc#1012382). - usb: dwc2: Improve gadget state disconnection handling (bnc#1012382). - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382). - usb: dwc3: keystone: check return value (bnc#1012382). - usb: gadget: align buffer size when allocating for OUT endpoint (bnc#1012382). - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382). - usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382). - usb: gadget: define free_ep_req as universal function (bnc#1012382). - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382). - usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382). - usb: gadget: fix request length error for isoc transfer (git-fixes). - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align (bnc#1012382). - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382). - usb: usbmon: Read text within supplied buffer size (bnc#1012382). - veth: set peer GSO values (bnc#1012382). - vfb: fix video mode and line_length being set when loaded (bnc#1012382). - vgacon: Set VGA struct resource types (bnc#1012382). - vhost: correctly remove wait queue during poll failure (bnc#1012382). - video/hdmi: Allow 'empty' HDMI infoframes (bnc#1012382). - video: ARM CLCD: fix dma allocation size (bnc#1012382). - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382). - virtio_net: check return value of skb_to_sgvec always (bnc#1012382). - virtio_net: check return value of skb_to_sgvec in one more location (bnc#1012382). - vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382). - vmxnet3: ensure that adapter is in proper state during force_close (bnc#1012382). - vrf: Fix use after free and double free in vrf_finish_output (bnc#1012382). - vt: change SGR 21 to follow the standards (bnc#1012382). - vti6: better validate user provided tunnel names (bnc#1012382). - vxlan: dont migrate permanent fdb entries during learn (bnc#1012382). - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382). - wan: pc300too: abort path on failure (bnc#1012382). - watchdog: hpwdt: Check source of NMI (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - watchdog: hpwdt: SMBIOS check (bnc#1012382). - watchdog: hpwdt: fix unused variable warning (bnc#1012382). - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679). - wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382). - wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382). - workqueue: Allow retrieval of current task's work struct (bnc#1012382). - writeback: fix the wrong congested state variable definition (bnc#1012382). - x86/MCE: Serialize sysfs changes (bnc#1012382). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/asm: Do not use RBP as a temporary register in csum_partial_copy_generic() (bnc#1012382). - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382). - x86/build/64: Force the linker to use 2MB page size (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382). - x86/mm: implement free pmd/pte page interfaces (bnc#1012382). - x86/module: Detect and skip invalid relocations (bnc#1012382). - x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case (bsc#1089925). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382). - x86/vm86/32: Fix POPF emulation (bnc#1012382). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86: i8259: export legacy_pic symbol (bnc#1012382). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). - xen: avoid type warning in xchg_xen_ulong (bnc#1012382). - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (bnc#1012382). - xfrm: fix state migration copy replay sequence numbers (bnc#1012382). - xfrm_user: uncoditionally validate esn replay attribute struct (bnc#1012382).

Patchnames: SUSE-SLE-RT-12-SP3-2018-842

CVE-2017-18257

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H