Vulnerability from csaf_suse
Published
2018-09-25 13:02
Modified
2018-09-25 13:02
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow()
on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image.
This occured because of a lack of proper validation that cached inodes are free
during allocation (bnc#1100001)
- CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that
could have occurred for a corrupted xfs image upon encountering an inode that
is in extent format, but has more extents than fit in the inode fork
(bnc#1099999)
- CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image
after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000)
- CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was
caused by the way the overrun accounting works. Depending on interval and
expiry time values, the overrun can be larger than INT_MAX, but the accounting
is int based. This basically made the accounting values, which are visible to
user space via timer_getoverrun(2) and siginfo::si_overrun, random. This
allowed a local user to cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)
- CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that
could have been used by local attackers to read kernel memory (bnc#1107689)
- CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
- CVE-2018-6555: The irda_setsockopt function allowed local users to cause a
denial of service (ias_object use-after-free and system crash) or possibly have
unspecified other impact via an AF_IRDA socket (bnc#1106511)
- CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed
local users to cause a denial of service (memory consumption) by repeatedly
binding an AF_IRDA socket (bnc#1106509)
- CVE-2018-1129: A flaw was found in the way signature calculation was handled
by cephx authentication protocol. An attacker having access to ceph cluster
network who is able to alter the message payload was able to bypass signature
checks done by cephx protocol (bnc#1096748)
- CVE-2018-1128: It was found that cephx authentication protocol did not verify
ceph clients correctly and was vulnerable to replay attack. Any attacker having
access to ceph cluster network who is able to sniff packets on network can use
this vulnerability to authenticate with ceph service and perform actions
allowed by ceph service (bnc#1096748)
- CVE-2018-10938: A crafted network packet sent remotely by an attacker forced
the kernel to enter an infinite loop in the cipso_v4_optptr() function leading
to a denial-of-service (bnc#1106016)
- CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill
RSB upon a context switch, which made it easier for attackers to conduct
userspace-userspace spectreRSB attacks (bnc#1102517)
- CVE-2018-10902: Protect against concurrent access to prevent double realloc
(double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A
malicious local attacker could have used this for privilege escalation
(bnc#1105322).
- CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292)
- CVE-2018-10883: A local user could have caused an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash by
mounting and operating on a crafted ext4 filesystem image (bsc#1099863)
- CVE-2018-10879: A local user could have caused a use-after-free in
ext4_xattr_set_entry function and a denial of service or unspecified other
impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844)
- CVE-2018-10878: A local user could have caused an out-of-bounds write and a
denial of service or unspecified other impact by mounting and operating a
crafted ext4 filesystem image (bsc#1099813)
- CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space()
function when mounting and operating a crafted ext4 image (bsc#1099811)
- CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs()
function when operating on a crafted ext4 filesystem image (bsc#1099846)
- CVE-2018-10881: A local user could have caused an out-of-bound access in
ext4_get_group_info function, a denial of service, and a system crash by
mounting and operating on a crafted ext4 filesystem image (bsc#1099864)
- CVE-2018-10882: A local user could have caused an out-of-bound write, a
denial of service, and a system crash by unmounting a crafted ext4 filesystem
image (bsc#1099849)
- CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code
when mounting and writing to a crafted ext4 image in ext4_update_inline_data().
An attacker could have used this to cause a system crash and a denial of
service (bsc#1099845)
The following non-security bugs were fixed:
- 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382).
- 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382).
- 9p: fix multiple NULL-pointer-dereferences (bnc#1012382).
- ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382).
- ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382).
- ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382).
- ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382).
- ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382).
- ALSA: emu10k1: Rate-limit error messages about page errors (bnc#1012382).
- ALSA: emu10k1: add error handling for snd_ctl_add (bnc#1012382).
- ALSA: fm801: add error handling for snd_ctl_add (bnc#1012382).
- ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382).
- ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382).
- ALSA: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382).
- ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382).
- ALSA: memalloc: Do not exceed over the requested size (bnc#1012382).
- ALSA: rawmidi: Change resized buffers atomically (bnc#1012382).
- ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810).
- ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382).
- ALSA: virmidi: Fix too long output trigger loop (bnc#1012382).
- ALSA: vx222: Fix invalid endian conversions (bnc#1012382).
- ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382).
- ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382).
- ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382).
- ARC: Fix CONFIG_SWAP (bnc#1012382).
- ARC: mm: allow mprotect to make stack mappings executable (bnc#1012382).
- ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382).
- ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382).
- ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382).
- ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382).
- ARM: dts: da850: Fix interrups property for gpio (bnc#1012382).
- ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382).
- ARM: fix put_user() for gcc-8 (bnc#1012382).
- ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382).
- ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382).
- ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382).
- ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382).
- ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver.
- ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382).
- ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382).
- ASoC: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382).
- ASoC: pxa: Fix module autoload for platform drivers (bnc#1012382).
- ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382).
- Add reference to bsc#1091171 (bnc#1012382; bsc#1091171).
- Bluetooth: avoid killing an already killed socket (bnc#1012382).
- Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382).
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092).
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092).
- Bluetooth: hci_qca: Fix 'Sleep inside atomic section' warning (bnc#1012382).
- Documentation/spec_ctrl: Do some minor cleanups (bnc#1012382).
- HID: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382).
- HID: i2c-hid: check if device is there before really probing (bnc#1012382).
- HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382).
- IB/core: Make testing MR flags for writability a static inline function (bnc#1012382).
- IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596).
- IB/iser: Do not reduce max_sectors (bsc#1063646).
- IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'.
- IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382).
- IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343).
- IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).
- IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382).
- Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382).
- Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382).
- Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382).
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382).
- KVM: MMU: always terminate page walks at level 1 (bsc#1062604).
- KVM: MMU: simplify last_pte_bitmap (bsc#1062604).
- KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369).
- KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
- KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382).
- KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382).
- KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382).
- KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604).
- MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382).
- MIPS: Fix off-by-one in pci_resource_to_user() (bnc#1012382).
- MIPS: ath79: fix register address in ath79_ddr_wb_flush() (bnc#1012382).
- MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012382).
- NET: stmmac: align DMA stuff to largest cache line length (bnc#1012382).
- PCI: Prevent sysfs disable of device while driver is attached (bnc#1012382).
- PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382).
- PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382).
- PCI: pciehp: Fix use-after-free on unplug (bnc#1012382).
- PCI: pciehp: Request control of native hotplug only if supported (bnc#1012382).
- PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382).
- RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477).
- RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477).
- RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477).
- RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376).
- RDMA/mad: Convert BUG_ONs to error flows (bnc#1012382).
- RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343).
- Revert 'MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum' (bnc#1012382).
- Revert 'UBIFS: Fix potential integer overflow in allocation' (bnc#1012382).
- Revert 'f2fs: handle dirty segments inside refresh_sit_entry' (bsc#1106281).
- Revert 'mm: page_alloc: skip over regions of invalid pfns where possible' (bnc#1107078).
- Revert 'net: Do not copy pfmemalloc flag in __copy_skb_header()' (kabi).
- Revert 'netfilter: ipv6: nf_defrag: reduce struct net memory waste' (kabi).
- Revert 'skbuff: Unconditionally copy pfmemalloc in __skb_clone()' (kabi).
- Revert 'vsock: split dwork to avoid reinitializations' (kabi).
- Revert 'x86/mm: Give each mm TLB flush generation a unique ID' (kabi).
- Revert 'x86/speculation/l1tf: Fix up CPU feature flags' (kabi).
- Revert 'x86/speculation: Use Indirect Branch Prediction Barrier in context switch' (kabi).
- Smack: Mark inode instant in smack_task_to_inode (bnc#1012382).
- USB: musb: fix external abort on suspend (bsc#1085536).
- USB: option: add support for DW5821e (bnc#1012382).
- USB: serial: metro-usb: stop I/O after failed open (bsc#1085539).
- USB: serial: sierra: fix potential deadlock at close (bnc#1012382).
- Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319).
- afs: Fix directory permissions check (bsc#1106283).
- arc: fix build errors in arc/include/asm/delay.h (bnc#1012382).
- arc: fix type warnings in arc/mm/cache.c (bnc#1012382).
- arm64: make secondary_start_kernel() notrace (bnc#1012382).
- arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382).
- ath: Add regulatory mapping for APL13_WORLD (bnc#1012382).
- ath: Add regulatory mapping for APL2_FCCA (bnc#1012382).
- ath: Add regulatory mapping for Bahamas (bnc#1012382).
- ath: Add regulatory mapping for Bermuda (bnc#1012382).
- ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382).
- ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382).
- ath: Add regulatory mapping for Serbia (bnc#1012382).
- ath: Add regulatory mapping for Tanzania (bnc#1012382).
- ath: Add regulatory mapping for Uganda (bnc#1012382).
- atl1c: reserve min skb headroom (bnc#1012382).
- atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066).
- audit: allow not equal op for audit by executable (bnc#1012382).
- backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929).
- backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929).
- bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232).
- bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232).
- bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232).
- bcache: do not check return value of debugfs_create_dir() (bsc#1064232).
- bcache: finish incremental GC (bsc#1064232).
- bcache: fix I/O significant decline while backend devices registering (bsc#1064232).
- bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232).
- bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232).
- bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232).
- bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232).
- bcache: set max writeback rate when I/O request is idle (bsc#1064232).
- bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232).
- be2net: remove unused old custom busy-poll fields (bsc#1021121 ).
- blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663).
- block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663).
- block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663).
- block: do not use interruptible wait anywhere (bnc#1012382).
- bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382).
- bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382).
- bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575).
- bnxt_en: Fix for system hang if request_irq fails (bnc#1012382).
- bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ).
- bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382).
- brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382).
- brcmfmac: stop watchdog before detach and free everything (bnc#1012382).
- bridge: Propagate vlan add failure to user (bnc#1012382).
- btrfs: Do not remove block group still has pinned down bytes (bsc#1086457).
- btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382).
- btrfs: do not leak ret from do_chunk_alloc (bnc#1012382).
- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382).
- btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf.
- btrfs: round down size diff when shrinking/growing device (bsc#1097105).
- can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382).
- can: mpc5xxx_can: check of_iomap return before use (bnc#1012382).
- can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382).
- can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382).
- can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382).
- can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382).
- can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382).
- can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382).
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382).
- ceph: fix incorrect use of strncpy (bsc#1107319).
- ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320).
- cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382).
- cifs: add missing debug entries for kconfig options (bnc#1012382).
- cifs: check kmalloc before use (bsc#1012382).
- cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382).
- clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382).
- crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382).
- crypto: authenc - do not leak pointers to authenc keys (bnc#1012382).
- crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382).
- crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382).
- crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382).
- crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382).
- crypto: vmac - separate tfm and request context (bnc#1012382).
- crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317).
- cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382).
- cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014).
- dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382).
- disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382).
- dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382).
- dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382).
- dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382).
- driver core: Partially revert 'driver core: correct device's shutdown order' (bnc#1012382).
- drivers: net: lmc: fix case value for target abort error (bnc#1012382).
- drm/armada: fix colorkey mode property (bnc#1012382).
- drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929).
- drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382).
- drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382).
- drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822).
- drm/drivers: add support for using the arch wc mapping API.
- drm/exynos/dsi: mask frame-done interrupt (bsc#1106929).
- drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382).
- drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382).
- drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382).
- drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382).
- drm/i915/userptr: reject zero user_size (bsc#1090888).
- drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092).
- drm/imx: fix typo in ipu_plane_formats (bsc#1106929).
- drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382).
- drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382).
- drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929).
- drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382).
- drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769).
- drm/radeon: fix mode_valid's return type (bnc#1012382).
- drm: Add DP PSR2 sink enable bit (bnc#1012382).
- drm: Reject getfb for multi-plane framebuffers (bsc#1106929).
- enic: do not call enic_change_mtu in enic_probe.
- enic: handle mtu change for vf properly (bnc#1012382).
- enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382).
- ext4: check for NUL characters in extended attribute's name (bnc#1012382).
- ext4: check for allocation block validity with block group locked (bsc#1104495).
- ext4: do not update s_last_mounted of a frozen fs (bsc#1101841).
- ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841).
- ext4: fix check to prevent initializing reserved inodes (bsc#1104319).
- ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445).
- ext4: fix inline data updates with checksums enabled (bsc#1104494).
- ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382).
- ext4: reset error code in ext4_find_entry in fallback (bnc#1012382).
- ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229).
- f2fs: fix to do not trigger writeback during recovery (bnc#1012382).
- fat: fix memory allocation failure handling of match_strdup() (bnc#1012382).
- fb: fix lost console when the user unplugs a USB adapter (bnc#1012382).
- fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929).
- fix __legitimize_mnt()/mntput() race (bnc#1012382).
- fix mntput/mntput race (bnc#1012382).
- fork: unconditionally clear stack on fork (bnc#1012382).
- fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382).
- fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185).
- fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382).
- fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921).
- fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382).
- fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382).
- fuse: Fix oops at process_init_reply() (bnc#1012382).
- fuse: fix double request_end() (bnc#1012382).
- fuse: fix unlocked access to processing queue (bnc#1012382).
- fuse: umount should wait for all requests (bnc#1012382).
- genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392).
- getxattr: use correct xattr length (bnc#1012382).
- hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552).
- hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382).
- hwrng: exynos - Disable runtime PM on driver unbind.
- i2c: davinci: Avoid zero value of CLKH (bnc#1012382).
- i2c: imx: Fix race condition in dma read (bnc#1012382).
- i2c: imx: Fix reinit_completion() use (bnc#1012382).
- i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382).
- i40e: use cpumask_copy instead of direct assignment (bsc#1053685).
- i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477).
- i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477).
- ibmvnic: Include missing return code checks in reset function (bnc#1107966).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382).
- ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382).
- igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365).
- iio: ad9523: Fix displayed phase (bnc#1012382).
- iio: ad9523: Fix return value for ad952x_store() (bnc#1012382).
- inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506).
- iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105).
- iommu/vt-d: Add definitions for PFSID (bnc#1012382).
- iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382).
- iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105).
- ioremap: Update pgtable free interfaces with addr (bnc#1012382).
- ip: hash fragments consistently (bnc#1012382).
- ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382).
- ipconfig: Correctly initialise ic_nameservers (bnc#1012382).
- ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382).
- ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382).
- ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382).
- ipv6: fix useless rol32 call on hash (bnc#1012382).
- ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382).
- ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962).
- iscsi target: fix session creation failure handling (bnc#1012382).
- isdn: Disable IIOCDBGVAR (bnc#1012382).
- iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477).
- iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382).
- ixgbe: Be more careful when modifying MAC filters (bnc#1012382).
- jfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- jump_label: Add RELEASE barrier after text changes (bsc#1105271).
- jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271).
- jump_label: Move CPU hotplug locking (bsc#1105271).
- jump_label: Provide hotplug context variants (bsc#1105271).
- jump_label: Reduce the size of struct static_key (bsc#1105271).
- jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271).
- jump_label: Split out code under the hotplug lock (bsc#1105271).
- jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271).
- kABI: protect enum tcp_ca_event (kabi).
- kABI: reexport tcp_send_ack (kabi).
- kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)
- kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).
- kasan: do not emit builtin calls when sanitization is off (bnc#1012382).
- kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382).
- kbuild: verify that $DEPMOD is installed (bnc#1012382).
- kernel: improve spectre mitigation (bnc#1106934, LTC#171029).
- kprobes/x86: Fix %p uses in error messages (bnc#1012382).
- kprobes: Make list and blacklist root user read only (bnc#1012382).
- kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897).
- kvm: x86: vmx: fix vpid leak (bnc#1012382).
- l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382).
- lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382).
- libata: Fix command retry decision (bnc#1012382).
- libceph: check authorizer reply/challenge length before reading (bsc#1096748).
- libceph: factor out __ceph_x_decrypt() (bsc#1096748).
- libceph: factor out __prepare_write_connect() (bsc#1096748).
- libceph: factor out encrypt_authorizer() (bsc#1096748).
- libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748).
- libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748).
- llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382).
- locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382).
- locks: pass inode pointer to locks_free_lock_context (bsc@1099832).
- locks: prink more detail when there are leaked locks (bsc#1099832).
- locks: restore a warn for leaked locks on close (bsc#1099832).
- m68k: fix 'bad page state' oops on ColdFire boot (bnc#1012382).
- mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382).
- md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382).
- md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382).
- media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382).
- media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382).
- media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431).
- media: s5p-jpeg: fix number of components macro (bsc#1050431).
- media: saa7164: Fix driver name in debug output (bnc#1012382).
- media: si470x: fix __be16 annotations (bnc#1012382).
- media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382).
- media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382).
- media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382).
- memory: tegra: Apply interrupts mask per SoC (bnc#1012382).
- memory: tegra: Do not handle spurious interrupts (bnc#1012382).
- mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382).
- microblaze: Fix simpleImage format generation (bnc#1012382).
- mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697).
- mm/memory.c: check return value of ioremap_prot (bnc#1012382).
- mm/slub.c: add __printf verification to slab_err() (bnc#1012382).
- mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382).
- mm: Add vm_insert_pfn_prot() (bnc#1012382).
- mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382).
- mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382).
- mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382).
- mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382).
- mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382).
- mtd: ubi: wl: Fix error return code in ubi_wl_init().
- mwifiex: correct histogram data with appropriate index (bnc#1012382).
- mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382).
- net/9p/client.c: version pointer uninitialized (bnc#1012382).
- net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382).
- net/ethernet/freescale/fman: fix cross-build error (bnc#1012382).
- net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382).
- net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382).
- net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343).
- net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172).
- net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).
- net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172).
- net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172).
- net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343).
- net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343).
- net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343).
- net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172).
- net: 6lowpan: fix reserved space for single frames (bnc#1012382).
- net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382).
- net: add skb_condense() helper (bsc#1089066).
- net: adjust skb->truesize in ___pskb_trim() (bsc#1089066).
- net: adjust skb->truesize in pskb_expand_head() (bsc#1089066).
- net: axienet: Fix double deregister of mdio (bnc#1012382).
- net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382).
- net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382).
- net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382).
- net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968).
- net: fix amd-xgbe flow-control issue (bnc#1012382).
- net: hamradio: use eth_broadcast_addr (bnc#1012382).
- net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382).
- net: lan78xx: fix rx handling before first packet is send (bnc#1012382).
- net: mac802154: tx: expand tailroom if necessary (bnc#1012382).
- net: phy: fix flag masking in __set_phy_supported (bnc#1012382).
- net: prevent ISA drivers from building on PPC32 (bnc#1012382).
- net: propagate dev_get_valid_name return code (bnc#1012382).
- net: qca_spi: Avoid packet drop during initial sync (bnc#1012382).
- net: qca_spi: Fix log level if probe fails (bnc#1012382).
- net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382).
- net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382).
- net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382).
- net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253).
- net_sched: Fix missing res info when create new tc_index filter (bnc#1012382).
- net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382).
- netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382).
- netfilter: ipset: List timing out entries with 'timeout 1' instead of zero (bnc#1012382).
- netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382).
- netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797).
- netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797).
- netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382).
- netlink: Do not shift on 64 for ngroups (bnc#1012382).
- netlink: Do not shift with UB on nlk->ngroups (bnc#1012382).
- netlink: Do not subscribe to non-existent groups (bnc#1012382).
- netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382).
- netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382).
- nl80211: Add a missing break in parse_station_flags (bnc#1012382).
- nohz: Fix local_timer_softirq_pending() (bnc#1012382).
- nvme-fc: release io queues to allow fast fail (bsc#1102486).
- nvme: if_ready checks to fail io to deleting controller (bsc#1102486).
- nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486).
- nvmet-fc: fix target sgl list on large transfers (bsc#1102486).
- osf_getdomainname(): use copy_to_user() (bnc#1012382).
- ovl: Do d_type check only if work dir creation was successful (bnc#1012382).
- ovl: Ensure upper filesystem supports d_type (bnc#1012382).
- ovl: warn instead of error if d_type is not supported (bnc#1012382).
- packet: refine ring v3 block size test to hold one frame (bnc#1012382).
- packet: reset network header if packet shorter than ll reserved space (bnc#1012382).
- parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382).
- parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382).
- parisc: Remove ordered stores from syscall.S (bnc#1012382).
- parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382).
- perf auxtrace: Fix queue resize (bnc#1012382).
- perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382).
- perf report powerpc: Fix crash if callchain is empty (bnc#1012382).
- perf test session topology: Fix test on s390 (bnc#1012382).
- perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382).
- perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382).
- perf: fix invalid bit in diagnostic entry (bnc#1012382).
- pinctrl: at91-pio4: add missing of_node_put (bnc#1012382).
- pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382).
- pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382).
- powerpc/32: Add a missing include header (bnc#1012382).
- powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032).
- powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382).
- powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382).
- powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382).
- powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382).
- powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269).
- powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269).
- powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223).
- powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382).
- powerpc/powermac: Mark variable x as unused (bnc#1012382).
- powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382).
- powerpc/topology: Get topology for shared processors at boot (bsc#1104683).
- powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157).
- powerpc: Avoid code patching freed init sections (bnc#1107735).
- powerpc: make feature-fixup tests fortify-safe (bsc#1066223).
- provide special timeout module parameters for EC2 (bsc#1065364).
- ptp: fix missing break in switch (bnc#1012382).
- pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382).
- qed: Add sanity check for SIMD fastpath handler (bnc#1012382).
- qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604).
- qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604).
- qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ).
- qed: Fix possible race for the link state value (bnc#1012382).
- qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604).
- qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604).
- qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604).
- qlge: Fix netdev features configuration (bsc#1098822).
- qlogic: check kstrtoul() for errors (bnc#1012382).
- random: mix rdrand with entropy sent in from userspace (bnc#1012382).
- readahead: stricter check for bdi io_pages (VM Functionality).
- regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382).
- reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382).
- ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382).
- root dentries need RCU-delayed freeing (bnc#1012382).
- rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382).
- rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382).
- rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382).
- s390/kvm: fix deadlock when killed by oom (bnc#1012382).
- s390/lib: use expoline for all bcr instructions (bnc#1106934, LTC#171029).
- s390/pci: fix out of bounds access during irq setup (bnc#1012382).
- s390/qdio: reset old sbal_state flags (bnc#1012382).
- s390/qeth: do not clobber buffer on async TX completion (bnc#1104485, LTC#170349).
- s390/qeth: fix race when setting MAC address (bnc#1104485, LTC#170726).
- s390: add explicit <linux/stringify.h> for jump label (bsc#1105271).
- s390: detect etoken facility (bnc#1106934, LTC#171029).
- s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934 LTC#171029).
- sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
- scsi: 3w-9xxx: fix a missing-check bug (bnc#1012382).
- scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382).
- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382).
- scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382).
- scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346).
- scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382).
- scsi: megaraid: silence a static checker bug (bnc#1012382).
- scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382).
- scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382).
- scsi: qla2xxx: Return error when TMF returns (bnc#1012382).
- scsi: scsi_dh: replace too broad 'TP9' string with the exact models (bnc#1012382).
- scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382).
- scsi: ufs: fix exception event handling (bnc#1012382).
- scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382).
- scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382).
- scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138).
- scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138).
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382).
- selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382).
- selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382).
- selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382).
- selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382).
- selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382).
- selftests: sync: add config fragment for testing sync framework (bnc#1012382).
- selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382).
- selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382).
- serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382).
- sfc: stop the TX queue before pushing new buffers (bsc#1017967 ).
- skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382).
- slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060).
- smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382).
- smb3: do not request leases in symlink creation and query (bnc#1012382).
- spi: davinci: fix a NULL pointer dereference (bnc#1012382).
- squashfs: be more careful about metadata corruption (bnc#1012382).
- squashfs: more metadata hardening (bnc#1012382).
- squashfs: more metadata hardenings (bnc#1012382).
- staging: android: ion: check for kref overflow (bnc#1012382).
- string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319).
- sys: do not hold uts_sem while accessing userspace memory (bnc#1106995).
- target_core_rbd: use RCU in free_device (bsc#1105524).
- tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382).
- tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382).
- tcp: add one more quick ack after after ECN events (bnc#1012382).
- tcp: do not aggressively quick ack after ECN events (bnc#1012382).
- tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382).
- tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382).
- tcp: do not force quickack when receiving out-of-order packets (bnc#1012382).
- tcp: fix dctcp delayed ACK schedule (bnc#1012382).
- tcp: helpers to send special DCTCP ack (bnc#1012382).
- tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382).
- tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382).
- tcp: remove DELAYED ACK events in DCTCP (bnc#1012382).
- tg3: Add higher cpu clock for 5762 (bnc#1012382).
- thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382).
- timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470).
- tools/power turbostat: Read extended processor family from CPUID (bnc#1012382).
- tools/power turbostat: fix -S on UP systems (bnc#1012382).
- tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382).
- tpm: fix race condition in tpm_common_write() (bnc#1012382).
- tracing/blktrace: Fix to allow setting same value (bnc#1012382).
- tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382).
- tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382).
- tracing: Fix double free of event_trigger_data (bnc#1012382).
- tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382).
- tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382).
- tracing: Use __printf markup to silence compiler (bnc#1012382).
- tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382).
- turn off -Wattribute-alias (bnc#1012382).
- ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382).
- ubi: Fix Fastmap's update_vol() (bnc#1012382).
- ubi: Fix races around ubi_refill_pools() (bnc#1012382).
- ubi: Introduce vol_ignored() (bnc#1012382).
- ubi: Rework Fastmap attach base code (bnc#1012382).
- ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382).
- ubifs: Check data node size before truncate (bsc#1106276).
- ubifs: Fix memory leak in lprobs self-check (bsc#1106278).
- ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275).
- ubifs: xattr: Do not operate on deleted inodes (bsc#1106271).
- udl-kms: change down_interruptible to down (bnc#1012382).
- udl-kms: fix crash due to uninitialized memory (bnc#1012382).
- udl-kms: handle allocation failure (bnc#1012382).
- udlfb: set optimal write delay (bnc#1012382).
- uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382).
- usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382).
- usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810).
- usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382).
- usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132).
- usb: dwc2: fix isoc split in transfer with no data (bnc#1012382).
- usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382).
- usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382).
- usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382).
- usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382).
- usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382).
- usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382).
- usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382).
- usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock (bsc#1085536).
- usb: xhci: increase CRS timeout value (bnc#1012382).
- usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382).
- userns: move user access out of the mutex (bnc#1012382).
- vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841).
- virtio_balloon: fix another race between migration and ballooning (bnc#1012382).
- virtio_console: fix uninitialized variable use.
- vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382).
- vmw_balloon: do not use 2MB without batching (bnc#1012382).
- vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382).
- vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382).
- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253).
- vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253).
- vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253).
- vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253).
- vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253).
- vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253).
- vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253).
- vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253).
- vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253).
- vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253).
- vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253).
- vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253).
- vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253).
- vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253).
- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253).
- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1091860 bsc#1098253).
- vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253).
- vmxnet3: update to version 3 (bsc#1091860 bsc#1098253).
- vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253).
- vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253).
- vsock: split dwork to avoid reinitializations (bnc#1012382).
- vti6: Fix dev->max_mtu setting (bsc#1033962).
- vti6: fix PMTU caching and reporting on xmit (bnc#1012382).
- wlcore: sdio: check for valid platform device data before suspend (bnc#1012382).
- x86/MCE: Remove min interval polling limitation (bnc#1012382).
- x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382).
- x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382).
- x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382).
- x86/bugs: Respect nospec command line option (bsc#1068032).
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382).
- x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382).
- x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382).
- x86/cpufeature: preserve numbers (kabi).
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382).
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382).
- x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382).
- x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).
- x86/init: fix build with CONFIG_SWAP=n (bnc#1012382).
- x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382).
- x86/irqflags: Provide a declaration for native_save_fl.
- x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382).
- x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382).
- x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382).
- x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382).
- x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382).
- x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382).
- x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382).
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382).
- x86/paravirt: Make native_save_fl() extern inline (bnc#1012382).
- x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382).
- x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382).
- x86/process: Optimize TIF_NOTSC switch (bnc#1012382).
- x86/process: Re-export start_thread() (bnc#1012382).
- x86/spectre: Add missing family 6 check to microcode check (bnc#1012382).
- x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382).
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382).
- x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382).
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536).
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382).
- x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382).
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).
- x86/speculation/l1tf: Invert all not present mappings (bnc#1012382).
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382).
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382).
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536).
- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382).
- x86/speculation: Add <asm/msr-index.h> dependency (bnc#1012382).
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382).
- x86/speculation: Clean up various Spectre related details (bnc#1012382).
- x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382).
- x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382).
- x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382).
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369).
- x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382).
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382).
- x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382).
- xen-netfront: wait xenbus state change when load module manually (bnc#1012382).
- xen/blkback: do not keep persistent grants too long (bsc#1085042).
- xen/blkback: move persistent grants flags to bool (bsc#1085042).
- xen/blkfront: cleanup stale persistent grants (bsc#1085042).
- xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).
- xen/netfront: do not cache skb_shinfo() (bnc#1012382).
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- xen: set cpu capabilities from xen_start_kernel() (bnc#1012382).
- xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382).
- xfrm: free skb if nlsk pointer is NULL (bnc#1012382).
- xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382).
- xfs: Remove dead code from inode recover function (bsc#1105396).
- xfs: repair malformed inode items during log recovery (bsc#1105396).
- xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382).
- zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382).
Patchnames
SUSE-SLE-SDK-12-SP3-2018-2004,SUSE-SLE-SERVER-12-SP3-2018-2004
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow()\n on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image.\n This occured because of a lack of proper validation that cached inodes are free\n during allocation (bnc#1100001)\n- CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that\n could have occurred for a corrupted xfs image upon encountering an inode that\n is in extent format, but has more extents than fit in the inode fork\n (bnc#1099999)\n- CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image\n after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000)\n- CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was\n caused by the way the overrun accounting works. Depending on interval and\n expiry time values, the overrun can be larger than INT_MAX, but the accounting\n is int based. This basically made the accounting values, which are visible to\n user space via timer_getoverrun(2) and siginfo::si_overrun, random. This\n allowed a local user to cause a denial of service (signed integer overflow) via\n crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)\n- CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that\n could have been used by local attackers to read kernel memory (bnc#1107689)\n- CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local\n attackers to use a incorrect bounds check in the CDROM driver\n CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n- CVE-2018-6555: The irda_setsockopt function allowed local users to cause a\n denial of service (ias_object use-after-free and system crash) or possibly have\n unspecified other impact via an AF_IRDA socket (bnc#1106511)\n- CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed\n local users to cause a denial of service (memory consumption) by repeatedly\n binding an AF_IRDA socket (bnc#1106509)\n- CVE-2018-1129: A flaw was found in the way signature calculation was handled\n by cephx authentication protocol. An attacker having access to ceph cluster\n network who is able to alter the message payload was able to bypass signature\n checks done by cephx protocol (bnc#1096748)\n- CVE-2018-1128: It was found that cephx authentication protocol did not verify\n ceph clients correctly and was vulnerable to replay attack. Any attacker having\n access to ceph cluster network who is able to sniff packets on network can use\n this vulnerability to authenticate with ceph service and perform actions\n allowed by ceph service (bnc#1096748)\n- CVE-2018-10938: A crafted network packet sent remotely by an attacker forced\n the kernel to enter an infinite loop in the cipso_v4_optptr() function leading\n to a denial-of-service (bnc#1106016)\n- CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill\n RSB upon a context switch, which made it easier for attackers to conduct\n userspace-userspace spectreRSB attacks (bnc#1102517)\n- CVE-2018-10902: Protect against concurrent access to prevent double realloc\n (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A\n malicious local attacker could have used this for privilege escalation\n (bnc#1105322).\n- CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292)\n- CVE-2018-10883: A local user could have caused an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and a system crash by\n mounting and operating on a crafted ext4 filesystem image (bsc#1099863)\n- CVE-2018-10879: A local user could have caused a use-after-free in\n ext4_xattr_set_entry function and a denial of service or unspecified other\n impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844)\n- CVE-2018-10878: A local user could have caused an out-of-bounds write and a\n denial of service or unspecified other impact by mounting and operating a\n crafted ext4 filesystem image (bsc#1099813)\n- CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space()\n function when mounting and operating a crafted ext4 image (bsc#1099811)\n- CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs()\n function when operating on a crafted ext4 filesystem image (bsc#1099846)\n- CVE-2018-10881: A local user could have caused an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a system crash by\n mounting and operating on a crafted ext4 filesystem image (bsc#1099864)\n- CVE-2018-10882: A local user could have caused an out-of-bound write, a\n denial of service, and a system crash by unmounting a crafted ext4 filesystem\n image (bsc#1099849)\n- CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code\n when mounting and writing to a crafted ext4 image in ext4_update_inline_data().\n An attacker could have used this to cause a system crash and a denial of\n service (bsc#1099845)\n\nThe following non-security bugs were fixed:\n\n- 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382).\n- 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382).\n- 9p: fix multiple NULL-pointer-dereferences (bnc#1012382).\n- ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382).\n- ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382).\n- ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382).\n- ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382).\n- ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382).\n- ALSA: emu10k1: Rate-limit error messages about page errors (bnc#1012382).\n- ALSA: emu10k1: add error handling for snd_ctl_add (bnc#1012382).\n- ALSA: fm801: add error handling for snd_ctl_add (bnc#1012382).\n- ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382).\n- ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382).\n- ALSA: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382).\n- ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382).\n- ALSA: memalloc: Do not exceed over the requested size (bnc#1012382).\n- ALSA: rawmidi: Change resized buffers atomically (bnc#1012382).\n- ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810).\n- ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382).\n- ALSA: virmidi: Fix too long output trigger loop (bnc#1012382).\n- ALSA: vx222: Fix invalid endian conversions (bnc#1012382).\n- ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382).\n- ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382).\n- ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382).\n- ARC: Fix CONFIG_SWAP (bnc#1012382).\n- ARC: mm: allow mprotect to make stack mappings executable (bnc#1012382).\n- ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382).\n- ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382).\n- ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382).\n- ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382).\n- ARM: dts: da850: Fix interrups property for gpio (bnc#1012382).\n- ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382).\n- ARM: fix put_user() for gcc-8 (bnc#1012382).\n- ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382).\n- ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382).\n- ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382).\n- ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382).\n- ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver.\n- ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382).\n- ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382).\n- ASoC: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382).\n- ASoC: pxa: Fix module autoload for platform drivers (bnc#1012382).\n- ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382).\n- Add reference to bsc#1091171 (bnc#1012382; bsc#1091171).\n- Bluetooth: avoid killing an already killed socket (bnc#1012382).\n- Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382).\n- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092).\n- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092).\n- Bluetooth: hci_qca: Fix 'Sleep inside atomic section' warning (bnc#1012382).\n- Documentation/spec_ctrl: Do some minor cleanups (bnc#1012382).\n- HID: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382).\n- HID: i2c-hid: check if device is there before really probing (bnc#1012382).\n- HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382).\n- IB/core: Make testing MR flags for writability a static inline function (bnc#1012382).\n- IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596).\n- IB/iser: Do not reduce max_sectors (bsc#1063646).\n- IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'.\n- IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382).\n- IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343).\n- IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).\n- IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382).\n- Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382).\n- Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382).\n- Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382).\n- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382).\n- KVM: MMU: always terminate page walks at level 1 (bsc#1062604).\n- KVM: MMU: simplify last_pte_bitmap (bsc#1062604).\n- KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369).\n- KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).\n- KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382).\n- KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382).\n- KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382).\n- KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604).\n- MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382).\n- MIPS: Fix off-by-one in pci_resource_to_user() (bnc#1012382).\n- MIPS: ath79: fix register address in ath79_ddr_wb_flush() (bnc#1012382).\n- MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012382).\n- NET: stmmac: align DMA stuff to largest cache line length (bnc#1012382).\n- PCI: Prevent sysfs disable of device while driver is attached (bnc#1012382).\n- PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382).\n- PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382).\n- PCI: pciehp: Fix use-after-free on unplug (bnc#1012382).\n- PCI: pciehp: Request control of native hotplug only if supported (bnc#1012382).\n- PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382).\n- RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477).\n- RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477).\n- RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477).\n- RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376).\n- RDMA/mad: Convert BUG_ONs to error flows (bnc#1012382).\n- RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343).\n- Revert 'MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum' (bnc#1012382).\n- Revert 'UBIFS: Fix potential integer overflow in allocation' (bnc#1012382).\n- Revert 'f2fs: handle dirty segments inside refresh_sit_entry' (bsc#1106281).\n- Revert 'mm: page_alloc: skip over regions of invalid pfns where possible' (bnc#1107078).\n- Revert 'net: Do not copy pfmemalloc flag in __copy_skb_header()' (kabi).\n- Revert 'netfilter: ipv6: nf_defrag: reduce struct net memory waste' (kabi).\n- Revert 'skbuff: Unconditionally copy pfmemalloc in __skb_clone()' (kabi).\n- Revert 'vsock: split dwork to avoid reinitializations' (kabi).\n- Revert 'x86/mm: Give each mm TLB flush generation a unique ID' (kabi).\n- Revert 'x86/speculation/l1tf: Fix up CPU feature flags' (kabi).\n- Revert 'x86/speculation: Use Indirect Branch Prediction Barrier in context switch' (kabi).\n- Smack: Mark inode instant in smack_task_to_inode (bnc#1012382).\n- USB: musb: fix external abort on suspend (bsc#1085536).\n- USB: option: add support for DW5821e (bnc#1012382).\n- USB: serial: metro-usb: stop I/O after failed open (bsc#1085539).\n- USB: serial: sierra: fix potential deadlock at close (bnc#1012382).\n- Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319).\n- afs: Fix directory permissions check (bsc#1106283).\n- arc: fix build errors in arc/include/asm/delay.h (bnc#1012382).\n- arc: fix type warnings in arc/mm/cache.c (bnc#1012382).\n- arm64: make secondary_start_kernel() notrace (bnc#1012382).\n- arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382).\n- ath: Add regulatory mapping for APL13_WORLD (bnc#1012382).\n- ath: Add regulatory mapping for APL2_FCCA (bnc#1012382).\n- ath: Add regulatory mapping for Bahamas (bnc#1012382).\n- ath: Add regulatory mapping for Bermuda (bnc#1012382).\n- ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382).\n- ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382).\n- ath: Add regulatory mapping for Serbia (bnc#1012382).\n- ath: Add regulatory mapping for Tanzania (bnc#1012382).\n- ath: Add regulatory mapping for Uganda (bnc#1012382).\n- atl1c: reserve min skb headroom (bnc#1012382).\n- atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066).\n- audit: allow not equal op for audit by executable (bnc#1012382).\n- backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929).\n- backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929).\n- bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232).\n- bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232).\n- bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232).\n- bcache: do not check return value of debugfs_create_dir() (bsc#1064232).\n- bcache: finish incremental GC (bsc#1064232).\n- bcache: fix I/O significant decline while backend devices registering (bsc#1064232).\n- bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232).\n- bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232).\n- bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232).\n- bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232).\n- bcache: set max writeback rate when I/O request is idle (bsc#1064232).\n- bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232).\n- be2net: remove unused old custom busy-poll fields (bsc#1021121 ).\n- blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663).\n- block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663).\n- block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663).\n- block: do not use interruptible wait anywhere (bnc#1012382).\n- bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382).\n- bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382).\n- bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575).\n- bnxt_en: Fix for system hang if request_irq fails (bnc#1012382).\n- bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ).\n- bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382).\n- brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382).\n- brcmfmac: stop watchdog before detach and free everything (bnc#1012382).\n- bridge: Propagate vlan add failure to user (bnc#1012382).\n- btrfs: Do not remove block group still has pinned down bytes (bsc#1086457).\n- btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382).\n- btrfs: do not leak ret from do_chunk_alloc (bnc#1012382).\n- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382).\n- btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf.\n- btrfs: round down size diff when shrinking/growing device (bsc#1097105).\n- can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382).\n- can: mpc5xxx_can: check of_iomap return before use (bnc#1012382).\n- can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382).\n- can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382).\n- can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382).\n- can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382).\n- can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382).\n- can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382).\n- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382).\n- ceph: fix incorrect use of strncpy (bsc#1107319).\n- ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320).\n- cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382).\n- cifs: add missing debug entries for kconfig options (bnc#1012382).\n- cifs: check kmalloc before use (bsc#1012382).\n- cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382).\n- clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382).\n- crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382).\n- crypto: authenc - do not leak pointers to authenc keys (bnc#1012382).\n- crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382).\n- crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382).\n- crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382).\n- crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382).\n- crypto: vmac - separate tfm and request context (bnc#1012382).\n- crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317).\n- cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382).\n- cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014).\n- dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382).\n- disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382).\n- dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382).\n- dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382).\n- dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382).\n- dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382).\n- driver core: Partially revert 'driver core: correct device's shutdown order' (bnc#1012382).\n- drivers: net: lmc: fix case value for target abort error (bnc#1012382).\n- drm/armada: fix colorkey mode property (bnc#1012382).\n- drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929).\n- drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382).\n- drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382).\n- drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822).\n- drm/drivers: add support for using the arch wc mapping API.\n- drm/exynos/dsi: mask frame-done interrupt (bsc#1106929).\n- drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382).\n- drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382).\n- drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382).\n- drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382).\n- drm/i915/userptr: reject zero user_size (bsc#1090888).\n- drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092).\n- drm/imx: fix typo in ipu_plane_formats (bsc#1106929).\n- drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382).\n- drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382).\n- drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929).\n- drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382).\n- drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769).\n- drm/radeon: fix mode_valid's return type (bnc#1012382).\n- drm: Add DP PSR2 sink enable bit (bnc#1012382).\n- drm: Reject getfb for multi-plane framebuffers (bsc#1106929).\n- enic: do not call enic_change_mtu in enic_probe.\n- enic: handle mtu change for vf properly (bnc#1012382).\n- enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382).\n- ext4: check for NUL characters in extended attribute's name (bnc#1012382).\n- ext4: check for allocation block validity with block group locked (bsc#1104495).\n- ext4: do not update s_last_mounted of a frozen fs (bsc#1101841).\n- ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841).\n- ext4: fix check to prevent initializing reserved inodes (bsc#1104319).\n- ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445).\n- ext4: fix inline data updates with checksums enabled (bsc#1104494).\n- ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382).\n- ext4: reset error code in ext4_find_entry in fallback (bnc#1012382).\n- ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229).\n- f2fs: fix to do not trigger writeback during recovery (bnc#1012382).\n- fat: fix memory allocation failure handling of match_strdup() (bnc#1012382).\n- fb: fix lost console when the user unplugs a USB adapter (bnc#1012382).\n- fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929).\n- fix __legitimize_mnt()/mntput() race (bnc#1012382).\n- fix mntput/mntput race (bnc#1012382).\n- fork: unconditionally clear stack on fork (bnc#1012382).\n- fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382).\n- fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185).\n- fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382).\n- fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921).\n- fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382).\n- fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382).\n- fuse: Fix oops at process_init_reply() (bnc#1012382).\n- fuse: fix double request_end() (bnc#1012382).\n- fuse: fix unlocked access to processing queue (bnc#1012382).\n- fuse: umount should wait for all requests (bnc#1012382).\n- genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392).\n- getxattr: use correct xattr length (bnc#1012382).\n- hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382).\n- hwrng: exynos - Disable runtime PM on driver unbind.\n- i2c: davinci: Avoid zero value of CLKH (bnc#1012382).\n- i2c: imx: Fix race condition in dma read (bnc#1012382).\n- i2c: imx: Fix reinit_completion() use (bnc#1012382).\n- i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382).\n- i40e: use cpumask_copy instead of direct assignment (bsc#1053685).\n- i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477).\n- i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477).\n- ibmvnic: Include missing return code checks in reset function (bnc#1107966).\n- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382).\n- ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382).\n- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382).\n- igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365).\n- iio: ad9523: Fix displayed phase (bnc#1012382).\n- iio: ad9523: Fix return value for ad952x_store() (bnc#1012382).\n- inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506).\n- iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105).\n- iommu/vt-d: Add definitions for PFSID (bnc#1012382).\n- iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382).\n- iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105).\n- ioremap: Update pgtable free interfaces with addr (bnc#1012382).\n- ip: hash fragments consistently (bnc#1012382).\n- ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382).\n- ipconfig: Correctly initialise ic_nameservers (bnc#1012382).\n- ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382).\n- ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382).\n- ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382).\n- ipv6: fix useless rol32 call on hash (bnc#1012382).\n- ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382).\n- ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962).\n- iscsi target: fix session creation failure handling (bnc#1012382).\n- isdn: Disable IIOCDBGVAR (bnc#1012382).\n- iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477).\n- iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382).\n- ixgbe: Be more careful when modifying MAC filters (bnc#1012382).\n- jfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- jump_label: Add RELEASE barrier after text changes (bsc#1105271).\n- jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271).\n- jump_label: Move CPU hotplug locking (bsc#1105271).\n- jump_label: Provide hotplug context variants (bsc#1105271).\n- jump_label: Reduce the size of struct static_key (bsc#1105271).\n- jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271).\n- jump_label: Split out code under the hotplug lock (bsc#1105271).\n- jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271).\n- kABI: protect enum tcp_ca_event (kabi).\n- kABI: reexport tcp_send_ack (kabi).\n- kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)\n- kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).\n- kasan: do not emit builtin calls when sanitization is off (bnc#1012382).\n- kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382).\n- kbuild: verify that $DEPMOD is installed (bnc#1012382).\n- kernel: improve spectre mitigation (bnc#1106934, LTC#171029).\n- kprobes/x86: Fix %p uses in error messages (bnc#1012382).\n- kprobes: Make list and blacklist root user read only (bnc#1012382).\n- kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897).\n- kvm: x86: vmx: fix vpid leak (bnc#1012382).\n- l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382).\n- lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382).\n- libata: Fix command retry decision (bnc#1012382).\n- libceph: check authorizer reply/challenge length before reading (bsc#1096748).\n- libceph: factor out __ceph_x_decrypt() (bsc#1096748).\n- libceph: factor out __prepare_write_connect() (bsc#1096748).\n- libceph: factor out encrypt_authorizer() (bsc#1096748).\n- libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748).\n- libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748).\n- llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382).\n- locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382).\n- locks: pass inode pointer to locks_free_lock_context (bsc@1099832).\n- locks: prink more detail when there are leaked locks (bsc#1099832).\n- locks: restore a warn for leaked locks on close (bsc#1099832).\n- m68k: fix 'bad page state' oops on ColdFire boot (bnc#1012382).\n- mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382).\n- md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382).\n- md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382).\n- media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382).\n- media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382).\n- media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431).\n- media: s5p-jpeg: fix number of components macro (bsc#1050431).\n- media: saa7164: Fix driver name in debug output (bnc#1012382).\n- media: si470x: fix __be16 annotations (bnc#1012382).\n- media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382).\n- media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382).\n- media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382).\n- memory: tegra: Apply interrupts mask per SoC (bnc#1012382).\n- memory: tegra: Do not handle spurious interrupts (bnc#1012382).\n- mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382).\n- microblaze: Fix simpleImage format generation (bnc#1012382).\n- mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697).\n- mm/memory.c: check return value of ioremap_prot (bnc#1012382).\n- mm/slub.c: add __printf verification to slab_err() (bnc#1012382).\n- mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382).\n- mm: Add vm_insert_pfn_prot() (bnc#1012382).\n- mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382).\n- mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382).\n- mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382).\n- mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382).\n- mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382).\n- mtd: ubi: wl: Fix error return code in ubi_wl_init().\n- mwifiex: correct histogram data with appropriate index (bnc#1012382).\n- mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382).\n- net/9p/client.c: version pointer uninitialized (bnc#1012382).\n- net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382).\n- net/ethernet/freescale/fman: fix cross-build error (bnc#1012382).\n- net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382).\n- net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382).\n- net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343).\n- net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172).\n- net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).\n- net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172).\n- net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172).\n- net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343).\n- net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343).\n- net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343).\n- net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172).\n- net: 6lowpan: fix reserved space for single frames (bnc#1012382).\n- net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382).\n- net: add skb_condense() helper (bsc#1089066).\n- net: adjust skb->truesize in ___pskb_trim() (bsc#1089066).\n- net: adjust skb->truesize in pskb_expand_head() (bsc#1089066).\n- net: axienet: Fix double deregister of mdio (bnc#1012382).\n- net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382).\n- net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382).\n- net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382).\n- net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968).\n- net: fix amd-xgbe flow-control issue (bnc#1012382).\n- net: hamradio: use eth_broadcast_addr (bnc#1012382).\n- net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382).\n- net: lan78xx: fix rx handling before first packet is send (bnc#1012382).\n- net: mac802154: tx: expand tailroom if necessary (bnc#1012382).\n- net: phy: fix flag masking in __set_phy_supported (bnc#1012382).\n- net: prevent ISA drivers from building on PPC32 (bnc#1012382).\n- net: propagate dev_get_valid_name return code (bnc#1012382).\n- net: qca_spi: Avoid packet drop during initial sync (bnc#1012382).\n- net: qca_spi: Fix log level if probe fails (bnc#1012382).\n- net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382).\n- net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382).\n- net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382).\n- net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253).\n- net_sched: Fix missing res info when create new tc_index filter (bnc#1012382).\n- net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382).\n- netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382).\n- netfilter: ipset: List timing out entries with 'timeout 1' instead of zero (bnc#1012382).\n- netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382).\n- netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797).\n- netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797).\n- netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382).\n- netlink: Do not shift on 64 for ngroups (bnc#1012382).\n- netlink: Do not shift with UB on nlk->ngroups (bnc#1012382).\n- netlink: Do not subscribe to non-existent groups (bnc#1012382).\n- netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382).\n- netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).\n- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382).\n- nl80211: Add a missing break in parse_station_flags (bnc#1012382).\n- nohz: Fix local_timer_softirq_pending() (bnc#1012382).\n- nvme-fc: release io queues to allow fast fail (bsc#1102486).\n- nvme: if_ready checks to fail io to deleting controller (bsc#1102486).\n- nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486).\n- nvmet-fc: fix target sgl list on large transfers (bsc#1102486).\n- osf_getdomainname(): use copy_to_user() (bnc#1012382).\n- ovl: Do d_type check only if work dir creation was successful (bnc#1012382).\n- ovl: Ensure upper filesystem supports d_type (bnc#1012382).\n- ovl: warn instead of error if d_type is not supported (bnc#1012382).\n- packet: refine ring v3 block size test to hold one frame (bnc#1012382).\n- packet: reset network header if packet shorter than ll reserved space (bnc#1012382).\n- parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382).\n- parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382).\n- parisc: Remove ordered stores from syscall.S (bnc#1012382).\n- parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382).\n- perf auxtrace: Fix queue resize (bnc#1012382).\n- perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382).\n- perf report powerpc: Fix crash if callchain is empty (bnc#1012382).\n- perf test session topology: Fix test on s390 (bnc#1012382).\n- perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382).\n- perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382).\n- perf: fix invalid bit in diagnostic entry (bnc#1012382).\n- pinctrl: at91-pio4: add missing of_node_put (bnc#1012382).\n- pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382).\n- pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382).\n- powerpc/32: Add a missing include header (bnc#1012382).\n- powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032).\n- powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382).\n- powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382).\n- powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382).\n- powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382).\n- powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269).\n- powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269).\n- powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223).\n- powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382).\n- powerpc/powermac: Mark variable x as unused (bnc#1012382).\n- powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382).\n- powerpc/topology: Get topology for shared processors at boot (bsc#1104683).\n- powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157).\n- powerpc: Avoid code patching freed init sections (bnc#1107735).\n- powerpc: make feature-fixup tests fortify-safe (bsc#1066223).\n- provide special timeout module parameters for EC2 (bsc#1065364).\n- ptp: fix missing break in switch (bnc#1012382).\n- pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382).\n- qed: Add sanity check for SIMD fastpath handler (bnc#1012382).\n- qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604).\n- qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604).\n- qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ).\n- qed: Fix possible race for the link state value (bnc#1012382).\n- qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604).\n- qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604).\n- qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604).\n- qlge: Fix netdev features configuration (bsc#1098822).\n- qlogic: check kstrtoul() for errors (bnc#1012382).\n- random: mix rdrand with entropy sent in from userspace (bnc#1012382).\n- readahead: stricter check for bdi io_pages (VM Functionality).\n- regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382).\n- reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382).\n- ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382).\n- root dentries need RCU-delayed freeing (bnc#1012382).\n- rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382).\n- rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382).\n- rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382).\n- s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382).\n- s390/kvm: fix deadlock when killed by oom (bnc#1012382).\n- s390/lib: use expoline for all bcr instructions (bnc#1106934, LTC#171029).\n- s390/pci: fix out of bounds access during irq setup (bnc#1012382).\n- s390/qdio: reset old sbal_state flags (bnc#1012382).\n- s390/qeth: do not clobber buffer on async TX completion (bnc#1104485, LTC#170349).\n- s390/qeth: fix race when setting MAC address (bnc#1104485, LTC#170726).\n- s390: add explicit <linux/stringify.h> for jump label (bsc#1105271).\n- s390: detect etoken facility (bnc#1106934, LTC#171029).\n- s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934 LTC#171029).\n- sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).\n- scsi: 3w-9xxx: fix a missing-check bug (bnc#1012382).\n- scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382).\n- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382).\n- scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382).\n- scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346).\n- scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382).\n- scsi: megaraid: silence a static checker bug (bnc#1012382).\n- scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382).\n- scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382).\n- scsi: qla2xxx: Return error when TMF returns (bnc#1012382).\n- scsi: scsi_dh: replace too broad 'TP9' string with the exact models (bnc#1012382).\n- scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382).\n- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382).\n- scsi: ufs: fix exception event handling (bnc#1012382).\n- scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382).\n- scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382).\n- scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138).\n- scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138).\n- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382).\n- selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382).\n- selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382).\n- selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382).\n- selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382).\n- selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382).\n- selftests: sync: add config fragment for testing sync framework (bnc#1012382).\n- selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382).\n- selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382).\n- serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382).\n- sfc: stop the TX queue before pushing new buffers (bsc#1017967 ).\n- skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382).\n- slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060).\n- smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382).\n- smb3: do not request leases in symlink creation and query (bnc#1012382).\n- spi: davinci: fix a NULL pointer dereference (bnc#1012382).\n- squashfs: be more careful about metadata corruption (bnc#1012382).\n- squashfs: more metadata hardening (bnc#1012382).\n- squashfs: more metadata hardenings (bnc#1012382).\n- staging: android: ion: check for kref overflow (bnc#1012382).\n- string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319).\n- sys: do not hold uts_sem while accessing userspace memory (bnc#1106995).\n- target_core_rbd: use RCU in free_device (bsc#1105524).\n- tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382).\n- tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382).\n- tcp: add one more quick ack after after ECN events (bnc#1012382).\n- tcp: do not aggressively quick ack after ECN events (bnc#1012382).\n- tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382).\n- tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382).\n- tcp: do not force quickack when receiving out-of-order packets (bnc#1012382).\n- tcp: fix dctcp delayed ACK schedule (bnc#1012382).\n- tcp: helpers to send special DCTCP ack (bnc#1012382).\n- tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382).\n- tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382).\n- tcp: remove DELAYED ACK events in DCTCP (bnc#1012382).\n- tg3: Add higher cpu clock for 5762 (bnc#1012382).\n- thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382).\n- timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470).\n- tools/power turbostat: Read extended processor family from CPUID (bnc#1012382).\n- tools/power turbostat: fix -S on UP systems (bnc#1012382).\n- tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382).\n- tpm: fix race condition in tpm_common_write() (bnc#1012382).\n- tracing/blktrace: Fix to allow setting same value (bnc#1012382).\n- tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382).\n- tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382).\n- tracing: Fix double free of event_trigger_data (bnc#1012382).\n- tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382).\n- tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382).\n- tracing: Use __printf markup to silence compiler (bnc#1012382).\n- tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382).\n- turn off -Wattribute-alias (bnc#1012382).\n- ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382).\n- ubi: Fix Fastmap's update_vol() (bnc#1012382).\n- ubi: Fix races around ubi_refill_pools() (bnc#1012382).\n- ubi: Introduce vol_ignored() (bnc#1012382).\n- ubi: Rework Fastmap attach base code (bnc#1012382).\n- ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382).\n- ubifs: Check data node size before truncate (bsc#1106276).\n- ubifs: Fix memory leak in lprobs self-check (bsc#1106278).\n- ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275).\n- ubifs: xattr: Do not operate on deleted inodes (bsc#1106271).\n- udl-kms: change down_interruptible to down (bnc#1012382).\n- udl-kms: fix crash due to uninitialized memory (bnc#1012382).\n- udl-kms: handle allocation failure (bnc#1012382).\n- udlfb: set optimal write delay (bnc#1012382).\n- uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382).\n- usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382).\n- usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810).\n- usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382).\n- usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132).\n- usb: dwc2: fix isoc split in transfer with no data (bnc#1012382).\n- usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382).\n- usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382).\n- usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382).\n- usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382).\n- usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382).\n- usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382).\n- usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382).\n- usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock (bsc#1085536).\n- usb: xhci: increase CRS timeout value (bnc#1012382).\n- usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382).\n- userns: move user access out of the mutex (bnc#1012382).\n- vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841).\n- virtio_balloon: fix another race between migration and ballooning (bnc#1012382).\n- virtio_console: fix uninitialized variable use.\n- vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382).\n- vmw_balloon: do not use 2MB without batching (bnc#1012382).\n- vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382).\n- vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382).\n- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253).\n- vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253).\n- vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253).\n- vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253).\n- vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253).\n- vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253).\n- vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253).\n- vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253).\n- vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253).\n- vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253).\n- vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253).\n- vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253).\n- vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253).\n- vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253).\n- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253).\n- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1091860 bsc#1098253).\n- vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253).\n- vmxnet3: update to version 3 (bsc#1091860 bsc#1098253).\n- vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253).\n- vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253).\n- vsock: split dwork to avoid reinitializations (bnc#1012382).\n- vti6: Fix dev->max_mtu setting (bsc#1033962).\n- vti6: fix PMTU caching and reporting on xmit (bnc#1012382).\n- wlcore: sdio: check for valid platform device data before suspend (bnc#1012382).\n- x86/MCE: Remove min interval polling limitation (bnc#1012382).\n- x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382).\n- x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382).\n- x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382).\n- x86/bugs: Respect nospec command line option (bsc#1068032).\n- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382).\n- x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382).\n- x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382).\n- x86/cpufeature: preserve numbers (kabi).\n- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382).\n- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382).\n- x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382).\n- x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).\n- x86/init: fix build with CONFIG_SWAP=n (bnc#1012382).\n- x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382).\n- x86/irqflags: Provide a declaration for native_save_fl.\n- x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382).\n- x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382).\n- x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382).\n- x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382).\n- x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382).\n- x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382).\n- x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382).\n- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382).\n- x86/paravirt: Make native_save_fl() extern inline (bnc#1012382).\n- x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382).\n- x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382).\n- x86/process: Optimize TIF_NOTSC switch (bnc#1012382).\n- x86/process: Re-export start_thread() (bnc#1012382).\n- x86/spectre: Add missing family 6 check to microcode check (bnc#1012382).\n- x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382).\n- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382).\n- x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382).\n- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536).\n- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382).\n- x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382).\n- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).\n- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).\n- x86/speculation/l1tf: Invert all not present mappings (bnc#1012382).\n- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382).\n- x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382).\n- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536).\n- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382).\n- x86/speculation: Add <asm/msr-index.h> dependency (bnc#1012382).\n- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382).\n- x86/speculation: Clean up various Spectre related details (bnc#1012382).\n- x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382).\n- x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382).\n- x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382).\n- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369).\n- x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382).\n- x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382).\n- x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382).\n- xen-netfront: wait xenbus state change when load module manually (bnc#1012382).\n- xen/blkback: do not keep persistent grants too long (bsc#1085042).\n- xen/blkback: move persistent grants flags to bool (bsc#1085042).\n- xen/blkfront: cleanup stale persistent grants (bsc#1085042).\n- xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).\n- xen/netfront: do not cache skb_shinfo() (bnc#1012382).\n- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n- xen: set cpu capabilities from xen_start_kernel() (bnc#1012382).\n- xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382).\n- xfrm: free skb if nlsk pointer is NULL (bnc#1012382).\n- xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382).\n- xfs: Remove dead code from inode recover function (bsc#1105396).\n- xfs: repair malformed inode items during log recovery (bsc#1105396).\n- xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382).\n- zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-SDK-12-SP3-2018-2004,SUSE-SLE-SERVER-12-SP3-2018-2004", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2858-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:2858-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20182858-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:2858-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004597.html", }, { category: "self", summary: "SUSE Bug 1012382", url: "https://bugzilla.suse.com/1012382", }, { category: "self", summary: "SUSE Bug 1015342", url: "https://bugzilla.suse.com/1015342", }, { category: "self", summary: "SUSE Bug 1015343", url: "https://bugzilla.suse.com/1015343", }, { category: "self", summary: "SUSE Bug 1017967", url: "https://bugzilla.suse.com/1017967", }, { category: "self", summary: "SUSE Bug 1019695", url: "https://bugzilla.suse.com/1019695", }, { category: "self", summary: "SUSE Bug 1019699", url: "https://bugzilla.suse.com/1019699", }, { category: "self", summary: "SUSE Bug 1020412", url: "https://bugzilla.suse.com/1020412", }, { category: "self", summary: "SUSE Bug 1021121", url: "https://bugzilla.suse.com/1021121", }, { category: "self", summary: "SUSE Bug 1022604", url: "https://bugzilla.suse.com/1022604", }, { category: "self", summary: "SUSE Bug 1024361", url: "https://bugzilla.suse.com/1024361", }, { category: "self", summary: "SUSE Bug 1024365", url: "https://bugzilla.suse.com/1024365", }, { category: "self", summary: "SUSE Bug 1024376", url: "https://bugzilla.suse.com/1024376", }, { category: "self", summary: "SUSE Bug 1027968", url: "https://bugzilla.suse.com/1027968", }, { category: "self", summary: "SUSE Bug 1030552", url: "https://bugzilla.suse.com/1030552", }, { category: "self", summary: "SUSE Bug 1033962", url: "https://bugzilla.suse.com/1033962", }, { category: "self", summary: "SUSE Bug 1042286", url: "https://bugzilla.suse.com/1042286", }, { category: "self", summary: "SUSE Bug 1048317", url: "https://bugzilla.suse.com/1048317", }, { category: "self", summary: "SUSE Bug 1050431", url: "https://bugzilla.suse.com/1050431", }, { category: "self", summary: "SUSE Bug 1053685", url: "https://bugzilla.suse.com/1053685", }, { category: "self", summary: "SUSE Bug 1055014", url: "https://bugzilla.suse.com/1055014", }, { category: "self", summary: "SUSE Bug 1056596", url: "https://bugzilla.suse.com/1056596", }, { category: "self", summary: "SUSE Bug 1062604", url: "https://bugzilla.suse.com/1062604", }, { category: "self", summary: "SUSE Bug 1063646", url: "https://bugzilla.suse.com/1063646", }, { category: "self", summary: "SUSE Bug 1064232", url: "https://bugzilla.suse.com/1064232", }, { category: "self", summary: "SUSE Bug 1065364", url: "https://bugzilla.suse.com/1065364", }, { category: "self", summary: "SUSE Bug 1066223", url: "https://bugzilla.suse.com/1066223", }, { category: "self", summary: "SUSE Bug 1068032", url: "https://bugzilla.suse.com/1068032", }, { category: "self", summary: "SUSE Bug 1068075", url: "https://bugzilla.suse.com/1068075", }, { category: "self", summary: "SUSE Bug 1069138", url: "https://bugzilla.suse.com/1069138", }, { category: "self", summary: "SUSE Bug 1078921", url: "https://bugzilla.suse.com/1078921", }, { category: "self", summary: "SUSE Bug 1080157", url: "https://bugzilla.suse.com/1080157", }, { category: "self", summary: "SUSE Bug 1083663", url: "https://bugzilla.suse.com/1083663", }, { category: "self", summary: "SUSE Bug 1085042", url: "https://bugzilla.suse.com/1085042", }, { category: "self", summary: "SUSE Bug 1085536", url: "https://bugzilla.suse.com/1085536", }, { category: "self", summary: "SUSE Bug 1085539", url: "https://bugzilla.suse.com/1085539", }, { category: "self", summary: "SUSE Bug 1086457", url: "https://bugzilla.suse.com/1086457", }, { category: "self", summary: "SUSE Bug 1087092", url: "https://bugzilla.suse.com/1087092", }, { category: "self", summary: "SUSE Bug 1089066", url: "https://bugzilla.suse.com/1089066", }, { category: "self", summary: "SUSE Bug 1090888", url: "https://bugzilla.suse.com/1090888", }, { category: "self", summary: "SUSE Bug 1091171", url: "https://bugzilla.suse.com/1091171", }, { category: "self", summary: "SUSE Bug 1091860", url: "https://bugzilla.suse.com/1091860", }, { category: "self", summary: "SUSE Bug 1092903", url: "https://bugzilla.suse.com/1092903", }, { category: "self", summary: "SUSE Bug 1096254", url: "https://bugzilla.suse.com/1096254", }, { category: "self", summary: "SUSE Bug 1096748", url: "https://bugzilla.suse.com/1096748", }, { category: "self", summary: "SUSE Bug 1097105", url: "https://bugzilla.suse.com/1097105", }, { category: "self", summary: "SUSE Bug 1098253", url: "https://bugzilla.suse.com/1098253", }, { category: "self", summary: "SUSE Bug 1098822", url: "https://bugzilla.suse.com/1098822", }, { category: "self", summary: "SUSE Bug 1099597", url: "https://bugzilla.suse.com/1099597", }, { category: "self", summary: "SUSE Bug 1099810", url: "https://bugzilla.suse.com/1099810", }, { category: "self", summary: "SUSE Bug 1099811", url: "https://bugzilla.suse.com/1099811", }, { category: "self", summary: "SUSE Bug 1099813", url: "https://bugzilla.suse.com/1099813", }, { category: "self", summary: "SUSE Bug 1099832", url: "https://bugzilla.suse.com/1099832", }, { category: "self", summary: "SUSE Bug 1099844", url: "https://bugzilla.suse.com/1099844", }, { category: "self", summary: "SUSE Bug 1099845", url: "https://bugzilla.suse.com/1099845", }, { category: "self", summary: "SUSE Bug 1099846", url: "https://bugzilla.suse.com/1099846", }, { category: "self", summary: "SUSE Bug 1099849", url: "https://bugzilla.suse.com/1099849", }, { category: "self", summary: "SUSE Bug 1099863", url: "https://bugzilla.suse.com/1099863", }, { category: "self", summary: "SUSE Bug 1099864", url: "https://bugzilla.suse.com/1099864", }, { category: "self", summary: "SUSE Bug 1099922", url: "https://bugzilla.suse.com/1099922", }, { category: "self", summary: "SUSE Bug 1099999", url: "https://bugzilla.suse.com/1099999", }, { category: "self", summary: "SUSE Bug 1100000", url: "https://bugzilla.suse.com/1100000", }, { category: "self", summary: "SUSE Bug 1100001", url: "https://bugzilla.suse.com/1100001", }, { category: "self", summary: "SUSE Bug 1100132", url: "https://bugzilla.suse.com/1100132", }, { category: "self", summary: "SUSE Bug 1101822", url: "https://bugzilla.suse.com/1101822", }, { category: "self", summary: "SUSE Bug 1101841", url: "https://bugzilla.suse.com/1101841", }, { category: "self", summary: "SUSE Bug 1102346", url: "https://bugzilla.suse.com/1102346", }, { category: "self", summary: "SUSE Bug 1102486", url: "https://bugzilla.suse.com/1102486", }, { category: "self", summary: "SUSE Bug 1102517", url: "https://bugzilla.suse.com/1102517", }, { category: "self", summary: "SUSE Bug 1102715", url: "https://bugzilla.suse.com/1102715", }, { category: "self", summary: "SUSE Bug 1102797", url: "https://bugzilla.suse.com/1102797", }, { category: "self", summary: "SUSE Bug 1103269", url: "https://bugzilla.suse.com/1103269", }, { category: "self", summary: "SUSE Bug 1103445", url: "https://bugzilla.suse.com/1103445", }, { category: "self", summary: "SUSE Bug 1104319", url: "https://bugzilla.suse.com/1104319", }, { category: "self", summary: "SUSE Bug 1104485", url: "https://bugzilla.suse.com/1104485", }, { category: "self", summary: "SUSE Bug 1104494", url: "https://bugzilla.suse.com/1104494", }, { category: "self", summary: "SUSE Bug 1104495", url: "https://bugzilla.suse.com/1104495", }, { category: "self", summary: "SUSE Bug 1104683", url: "https://bugzilla.suse.com/1104683", }, { category: "self", summary: "SUSE Bug 1104897", url: "https://bugzilla.suse.com/1104897", }, { category: "self", summary: "SUSE Bug 1105271", url: "https://bugzilla.suse.com/1105271", }, { category: "self", summary: "SUSE Bug 1105292", url: "https://bugzilla.suse.com/1105292", }, { category: "self", summary: "SUSE Bug 1105322", url: "https://bugzilla.suse.com/1105322", }, { category: "self", summary: "SUSE Bug 1105392", url: "https://bugzilla.suse.com/1105392", }, { category: "self", summary: "SUSE Bug 1105396", url: "https://bugzilla.suse.com/1105396", }, { category: "self", summary: "SUSE Bug 1105524", url: "https://bugzilla.suse.com/1105524", }, { category: "self", summary: "SUSE Bug 1105536", url: "https://bugzilla.suse.com/1105536", }, { category: "self", summary: "SUSE Bug 1105769", url: "https://bugzilla.suse.com/1105769", }, { category: "self", summary: "SUSE Bug 1106016", url: "https://bugzilla.suse.com/1106016", }, { category: "self", summary: "SUSE Bug 1106105", url: "https://bugzilla.suse.com/1106105", }, { category: "self", summary: "SUSE Bug 1106185", url: "https://bugzilla.suse.com/1106185", }, { category: "self", summary: "SUSE Bug 1106229", url: "https://bugzilla.suse.com/1106229", }, { category: "self", summary: "SUSE Bug 1106271", url: "https://bugzilla.suse.com/1106271", }, { category: "self", summary: "SUSE Bug 1106275", url: "https://bugzilla.suse.com/1106275", }, { category: "self", summary: "SUSE Bug 1106276", url: "https://bugzilla.suse.com/1106276", }, { category: "self", summary: "SUSE Bug 1106278", url: "https://bugzilla.suse.com/1106278", }, { category: "self", summary: "SUSE Bug 1106281", url: "https://bugzilla.suse.com/1106281", }, { category: "self", summary: "SUSE Bug 1106283", url: "https://bugzilla.suse.com/1106283", }, { category: "self", summary: "SUSE Bug 1106369", url: "https://bugzilla.suse.com/1106369", }, { category: "self", summary: "SUSE Bug 1106509", url: "https://bugzilla.suse.com/1106509", }, { category: "self", summary: "SUSE Bug 1106511", url: "https://bugzilla.suse.com/1106511", }, { category: "self", summary: "SUSE Bug 1106594", url: "https://bugzilla.suse.com/1106594", }, { category: "self", summary: "SUSE Bug 1106697", url: "https://bugzilla.suse.com/1106697", }, { category: "self", summary: "SUSE Bug 1106929", url: "https://bugzilla.suse.com/1106929", }, { category: "self", summary: "SUSE Bug 1106934", url: "https://bugzilla.suse.com/1106934", }, { category: "self", summary: "SUSE Bug 1106995", url: "https://bugzilla.suse.com/1106995", }, { category: "self", summary: "SUSE Bug 1107060", url: "https://bugzilla.suse.com/1107060", }, { category: "self", summary: "SUSE Bug 1107078", url: "https://bugzilla.suse.com/1107078", }, { category: "self", summary: "SUSE Bug 1107319", url: "https://bugzilla.suse.com/1107319", }, { category: "self", summary: "SUSE Bug 1107320", url: "https://bugzilla.suse.com/1107320", }, { category: "self", summary: "SUSE Bug 1107689", url: "https://bugzilla.suse.com/1107689", }, { category: "self", summary: "SUSE Bug 1107735", url: "https://bugzilla.suse.com/1107735", }, { category: "self", summary: "SUSE Bug 1107966", url: "https://bugzilla.suse.com/1107966", }, { category: "self", summary: "SUSE Bug 963575", url: "https://bugzilla.suse.com/963575", }, { category: "self", summary: "SUSE Bug 966170", url: "https://bugzilla.suse.com/966170", }, { category: "self", summary: "SUSE Bug 966172", url: "https://bugzilla.suse.com/966172", }, { category: "self", summary: "SUSE Bug 969470", url: "https://bugzilla.suse.com/969470", }, { category: "self", summary: "SUSE Bug 969476", url: "https://bugzilla.suse.com/969476", }, { category: "self", summary: "SUSE Bug 969477", url: "https://bugzilla.suse.com/969477", }, { category: "self", summary: "SUSE Bug 970506", url: "https://bugzilla.suse.com/970506", }, { category: "self", summary: "SUSE CVE CVE-2018-10876 page", url: "https://www.suse.com/security/cve/CVE-2018-10876/", }, { category: "self", summary: "SUSE CVE CVE-2018-10877 page", url: "https://www.suse.com/security/cve/CVE-2018-10877/", }, { category: "self", summary: "SUSE CVE CVE-2018-10878 page", url: "https://www.suse.com/security/cve/CVE-2018-10878/", }, { category: "self", summary: "SUSE CVE CVE-2018-10879 page", url: "https://www.suse.com/security/cve/CVE-2018-10879/", }, { category: "self", summary: "SUSE CVE CVE-2018-10880 page", url: "https://www.suse.com/security/cve/CVE-2018-10880/", }, { category: "self", summary: "SUSE CVE CVE-2018-10881 page", url: "https://www.suse.com/security/cve/CVE-2018-10881/", }, { category: "self", summary: "SUSE CVE CVE-2018-10882 page", url: "https://www.suse.com/security/cve/CVE-2018-10882/", }, { category: "self", summary: "SUSE CVE CVE-2018-10883 page", url: "https://www.suse.com/security/cve/CVE-2018-10883/", }, { category: "self", summary: "SUSE CVE CVE-2018-10902 page", url: "https://www.suse.com/security/cve/CVE-2018-10902/", }, { category: "self", summary: "SUSE CVE CVE-2018-10938 page", url: "https://www.suse.com/security/cve/CVE-2018-10938/", }, { category: "self", summary: "SUSE CVE CVE-2018-10940 page", url: "https://www.suse.com/security/cve/CVE-2018-10940/", }, { category: "self", summary: "SUSE CVE CVE-2018-1128 page", url: "https://www.suse.com/security/cve/CVE-2018-1128/", }, { category: "self", summary: "SUSE CVE CVE-2018-1129 page", url: "https://www.suse.com/security/cve/CVE-2018-1129/", }, { category: "self", summary: "SUSE CVE CVE-2018-12896 page", url: "https://www.suse.com/security/cve/CVE-2018-12896/", }, { category: "self", summary: "SUSE CVE CVE-2018-13093 page", url: "https://www.suse.com/security/cve/CVE-2018-13093/", }, { category: "self", summary: "SUSE CVE CVE-2018-13094 page", url: "https://www.suse.com/security/cve/CVE-2018-13094/", }, { category: "self", summary: "SUSE CVE CVE-2018-13095 page", url: "https://www.suse.com/security/cve/CVE-2018-13095/", }, { category: "self", summary: "SUSE CVE CVE-2018-15572 page", url: "https://www.suse.com/security/cve/CVE-2018-15572/", }, { category: "self", summary: "SUSE CVE CVE-2018-16658 page", url: "https://www.suse.com/security/cve/CVE-2018-16658/", }, { category: "self", summary: "SUSE CVE CVE-2018-6554 page", url: "https://www.suse.com/security/cve/CVE-2018-6554/", }, { category: "self", summary: "SUSE CVE CVE-2018-6555 page", url: "https://www.suse.com/security/cve/CVE-2018-6555/", }, { category: "self", summary: "SUSE CVE CVE-2018-9363 page", url: "https://www.suse.com/security/cve/CVE-2018-9363/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2018-09-25T13:02:46Z", generator: { date: "2018-09-25T13:02:46Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:2858-1", initial_release_date: "2018-09-25T13:02:46Z", revision_history: [ { date: "2018-09-25T13:02:46Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-docs-azure-4.4.155-4.16.1.noarch", product: { name: "kernel-docs-azure-4.4.155-4.16.1.noarch", product_id: "kernel-docs-azure-4.4.155-4.16.1.noarch", }, }, { category: "product_version", name: "kernel-devel-azure-4.4.155-4.16.1.noarch", product: { name: "kernel-devel-azure-4.4.155-4.16.1.noarch", product_id: "kernel-devel-azure-4.4.155-4.16.1.noarch", }, }, { category: "product_version", name: "kernel-source-azure-4.4.155-4.16.1.noarch", product: { name: "kernel-source-azure-4.4.155-4.16.1.noarch", product_id: "kernel-source-azure-4.4.155-4.16.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "kernel-azure-4.4.155-4.16.1.x86_64", product: { name: "kernel-azure-4.4.155-4.16.1.x86_64", product_id: "kernel-azure-4.4.155-4.16.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-base-4.4.155-4.16.1.x86_64", product: { name: "kernel-azure-base-4.4.155-4.16.1.x86_64", product_id: "kernel-azure-base-4.4.155-4.16.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-devel-4.4.155-4.16.1.x86_64", product: { name: "kernel-azure-devel-4.4.155-4.16.1.x86_64", product_id: "kernel-azure-devel-4.4.155-4.16.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-azure-4.4.155-4.16.1.x86_64", product: { name: "kernel-syms-azure-4.4.155-4.16.1.x86_64", product_id: "kernel-syms-azure-4.4.155-4.16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3", product: { name: "SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-docs-azure-4.4.155-4.16.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", }, product_reference: "kernel-docs-azure-4.4.155-4.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-azure-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-azure-base-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-azure-devel-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.4.155-4.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", }, product_reference: "kernel-devel-azure-4.4.155-4.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.4.155-4.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", }, product_reference: "kernel-source-azure-4.4.155-4.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-syms-azure-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-azure-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-azure-base-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-azure-devel-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.4.155-4.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", }, product_reference: "kernel-devel-azure-4.4.155-4.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.4.155-4.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", }, product_reference: "kernel-source-azure-4.4.155-4.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.4.155-4.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", }, product_reference: "kernel-syms-azure-4.4.155-4.16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2018-10876", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10876", }, ], notes: [ { category: "general", text: "A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10876", url: "https://www.suse.com/security/cve/CVE-2018-10876", }, { category: "external", summary: "SUSE Bug 1099811 for CVE-2018-10876", url: "https://bugzilla.suse.com/1099811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "low", }, ], title: "CVE-2018-10876", }, { cve: "CVE-2018-10877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10877", }, ], notes: [ { category: "general", text: "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10877", url: "https://www.suse.com/security/cve/CVE-2018-10877", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10877", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099846 for CVE-2018-10877", url: "https://bugzilla.suse.com/1099846", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "low", }, ], title: "CVE-2018-10877", }, { cve: "CVE-2018-10878", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10878", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10878", url: "https://www.suse.com/security/cve/CVE-2018-10878", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10878", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099813 for CVE-2018-10878", url: "https://bugzilla.suse.com/1099813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10878", }, { cve: "CVE-2018-10879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10879", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10879", url: "https://www.suse.com/security/cve/CVE-2018-10879", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10879", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099844 for CVE-2018-10879", url: "https://bugzilla.suse.com/1099844", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10879", }, { cve: "CVE-2018-10880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10880", }, ], notes: [ { category: "general", text: "Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10880", url: "https://www.suse.com/security/cve/CVE-2018-10880", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10880", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099845 for CVE-2018-10880", url: "https://bugzilla.suse.com/1099845", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10880", }, { cve: "CVE-2018-10881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10881", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10881", url: "https://www.suse.com/security/cve/CVE-2018-10881", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10881", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099864 for CVE-2018-10881", url: "https://bugzilla.suse.com/1099864", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10881", }, { cve: "CVE-2018-10882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10882", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10882", url: "https://www.suse.com/security/cve/CVE-2018-10882", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10882", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099849 for CVE-2018-10882", url: "https://bugzilla.suse.com/1099849", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10882", }, { cve: "CVE-2018-10883", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10883", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10883", url: "https://www.suse.com/security/cve/CVE-2018-10883", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10883", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1099863 for CVE-2018-10883", url: "https://bugzilla.suse.com/1099863", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10883", }, { cve: "CVE-2018-10902", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10902", }, ], notes: [ { category: "general", text: "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10902", url: "https://www.suse.com/security/cve/CVE-2018-10902", }, { category: "external", summary: "SUSE Bug 1105322 for CVE-2018-10902", url: "https://bugzilla.suse.com/1105322", }, { category: "external", summary: "SUSE Bug 1105323 for CVE-2018-10902", url: "https://bugzilla.suse.com/1105323", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10902", }, { cve: "CVE-2018-10938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10938", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10938", url: "https://www.suse.com/security/cve/CVE-2018-10938", }, { category: "external", summary: "SUSE Bug 1106016 for CVE-2018-10938", url: "https://bugzilla.suse.com/1106016", }, { category: "external", summary: "SUSE Bug 1106191 for CVE-2018-10938", url: "https://bugzilla.suse.com/1106191", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "important", }, ], title: "CVE-2018-10938", }, { cve: "CVE-2018-10940", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10940", }, ], notes: [ { category: "general", text: "The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10940", url: "https://www.suse.com/security/cve/CVE-2018-10940", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-10940", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092903 for CVE-2018-10940", url: "https://bugzilla.suse.com/1092903", }, { category: "external", summary: "SUSE Bug 1107689 for CVE-2018-10940", url: "https://bugzilla.suse.com/1107689", }, { category: "external", summary: "SUSE Bug 1113751 for CVE-2018-10940", url: "https://bugzilla.suse.com/1113751", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-10940", }, { cve: "CVE-2018-1128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1128", }, ], notes: [ { category: "general", text: "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-1128", url: "https://www.suse.com/security/cve/CVE-2018-1128", }, { category: "external", summary: "SUSE Bug 1096748 for CVE-2018-1128", url: "https://bugzilla.suse.com/1096748", }, { category: "external", summary: "SUSE Bug 1114710 for CVE-2018-1128", url: "https://bugzilla.suse.com/1114710", }, { category: "external", summary: "SUSE Bug 1177843 for CVE-2018-1128", url: "https://bugzilla.suse.com/1177843", }, { category: "external", summary: "SUSE Bug 1177859 for CVE-2018-1128", url: "https://bugzilla.suse.com/1177859", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "important", }, ], title: "CVE-2018-1128", }, { cve: "CVE-2018-1129", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1129", }, ], notes: [ { category: "general", text: "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-1129", url: "https://www.suse.com/security/cve/CVE-2018-1129", }, { category: "external", summary: "SUSE Bug 1096748 for CVE-2018-1129", url: "https://bugzilla.suse.com/1096748", }, { category: "external", summary: "SUSE Bug 1114710 for CVE-2018-1129", url: "https://bugzilla.suse.com/1114710", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "important", }, ], title: "CVE-2018-1129", }, { cve: "CVE-2018-12896", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-12896", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-12896", url: "https://www.suse.com/security/cve/CVE-2018-12896", }, { category: "external", summary: "SUSE Bug 1099922 for CVE-2018-12896", url: "https://bugzilla.suse.com/1099922", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "low", }, ], title: "CVE-2018-12896", }, { cve: "CVE-2018-13093", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-13093", }, ], notes: [ { category: "general", text: "An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-13093", url: "https://www.suse.com/security/cve/CVE-2018-13093", }, { category: "external", summary: "SUSE Bug 1100001 for CVE-2018-13093", url: "https://bugzilla.suse.com/1100001", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-13093", }, { cve: "CVE-2018-13094", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-13094", }, ], notes: [ { category: "general", text: "An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-13094", url: "https://www.suse.com/security/cve/CVE-2018-13094", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-13094", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1100000 for CVE-2018-13094", url: "https://bugzilla.suse.com/1100000", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-13094", }, { cve: "CVE-2018-13095", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-13095", }, ], notes: [ { category: "general", text: "An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-13095", url: "https://www.suse.com/security/cve/CVE-2018-13095", }, { category: "external", summary: "SUSE Bug 1099999 for CVE-2018-13095", url: "https://bugzilla.suse.com/1099999", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-13095", }, { cve: "CVE-2018-15572", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-15572", }, ], notes: [ { category: "general", text: "The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-15572", url: "https://www.suse.com/security/cve/CVE-2018-15572", }, { category: "external", summary: "SUSE Bug 1102517 for CVE-2018-15572", url: "https://bugzilla.suse.com/1102517", }, { category: "external", summary: "SUSE Bug 1105296 for CVE-2018-15572", url: "https://bugzilla.suse.com/1105296", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "important", }, ], title: "CVE-2018-15572", }, { cve: "CVE-2018-16658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16658", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-16658", url: "https://www.suse.com/security/cve/CVE-2018-16658", }, { category: "external", summary: "SUSE Bug 1092903 for CVE-2018-16658", url: "https://bugzilla.suse.com/1092903", }, { category: "external", summary: "SUSE Bug 1107689 for CVE-2018-16658", url: "https://bugzilla.suse.com/1107689", }, { category: "external", summary: "SUSE Bug 1113751 for CVE-2018-16658", url: "https://bugzilla.suse.com/1113751", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "low", }, ], title: "CVE-2018-16658", }, { cve: "CVE-2018-6554", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-6554", }, ], notes: [ { category: "general", text: "Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-6554", url: "https://www.suse.com/security/cve/CVE-2018-6554", }, { category: "external", summary: "SUSE Bug 1106509 for CVE-2018-6554", url: "https://bugzilla.suse.com/1106509", }, { category: "external", summary: "SUSE Bug 1106511 for CVE-2018-6554", url: "https://bugzilla.suse.com/1106511", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "low", }, ], title: "CVE-2018-6554", }, { cve: "CVE-2018-6555", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-6555", }, ], notes: [ { category: "general", text: "The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-6555", url: "https://www.suse.com/security/cve/CVE-2018-6555", }, { category: "external", summary: "SUSE Bug 1106509 for CVE-2018-6555", url: "https://bugzilla.suse.com/1106509", }, { category: "external", summary: "SUSE Bug 1106511 for CVE-2018-6555", url: "https://bugzilla.suse.com/1106511", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2018-6555", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "moderate", }, ], title: "CVE-2018-6555", }, { cve: "CVE-2018-9363", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-9363", }, ], notes: [ { category: "general", text: "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-9363", url: "https://www.suse.com/security/cve/CVE-2018-9363", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-9363", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1105292 for CVE-2018-9363", url: "https://bugzilla.suse.com/1105292", }, { category: "external", summary: "SUSE Bug 1105293 for CVE-2018-9363", url: "https://bugzilla.suse.com/1105293", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-base-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-azure-devel-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-azure-4.4.155-4.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-azure-4.4.155-4.16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-azure-4.4.155-4.16.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-09-25T13:02:46Z", details: "important", }, ], title: "CVE-2018-9363", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.