SUSE-SU-2018:2381-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Aug 16 10:21:18 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2381-1
Rating:             important
References:         #1051510 #1051979 #1066110 #1077761 #1086274 
                    #1086314 #1087081 #1089343 #1099811 #1099813 
                    #1099844 #1099845 #1099846 #1099849 #1099858 
                    #1099863 #1099864 #1100132 #1101116 #1101331 
                    #1101669 #1101828 #1101832 #1101833 #1101837 
                    #1101839 #1101841 #1101843 #1101844 #1101845 
                    #1101847 #1101852 #1101853 #1101867 #1101872 
                    #1101874 #1101875 #1101882 #1101883 #1101885 
                    #1101887 #1101890 #1101891 #1101893 #1101895 
                    #1101896 #1101900 #1101902 #1101903 #1102633 
                    #1102658 #1103097 #1103356 #1103421 #1103517 
                    #1103723 #1103724 #1103725 #1103726 #1103727 
                    #1103728 #1103729 #1103730 #1103917 #1103920 
                    #1103948 #1103949 #1104066 #1104111 #1104174 
                    #1104211 #1104319 
Cross-References:   CVE-2018-10876 CVE-2018-10877 CVE-2018-10878
                    CVE-2018-10879 CVE-2018-10880 CVE-2018-10881
                    CVE-2018-10882 CVE-2018-10883 CVE-2018-3620
                    CVE-2018-3646 CVE-2018-5391
Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 61 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 15 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-3620: Local attackers on baremetal systems could use
     speculative code patterns on hyperthreaded processors to read data
     present in the L1 Datacache used by other hyperthreads on the same CPU
     core, potentially leaking sensitive data. (bnc#1087081).
   - CVE-2018-3646: Local attackers in virtualized guest systems could use
     speculative code patterns on hyperthreaded processors to read data
     present in the L1 Datacache used by other hyperthreads on the same CPU
     core, potentially leaking sensitive data, even from other virtual
     machines or the host system. (bnc#1089343).
   - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly
     could be used by remote attackers to consume lots of CPU time
     (bnc#1103097).
   - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A
     use-after-free is possible in ext4_ext_remove_space() function when
     mounting and operating a crafted ext4 image. (bnc#1099811)
   - CVE-2018-10877: The ext4 filesystem is vulnerable to an out-of-bound
     access in the ext4_ext_drop_refs() function when operating on a crafted
     ext4 filesystem image. (bnc#1099846)
   - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user
     can cause an out-of-bounds write and a denial of service or unspecified
     other impact is possible by mounting and operating a crafted ext4
     filesystem image. (bnc#1099813)
   - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user
     can cause a use-after-free in ext4_xattr_set_entry function and a denial
     of service or unspecified other impact may occur by renaming a file in a
     crafted ext4 filesystem image. (bnc#1099844)
   - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
     write in the ext4 filesystem code when mounting and writing to a crafted
     ext4 image in ext4_update_inline_data(). An attacker could use this to
     cause a system crash and a denial of service. (bnc#1099845)
   - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user
     can cause an out-of-bound access in ext4_get_group_info function, a
     denial of service, and a system crash by mounting and operating on a
     crafted ext4 filesystem image. (bnc#1099864)
   - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user
     can cause an out-of-bound write in in fs/jbd2/transaction.c code, a
     denial of service, and a system crash by unmounting a crafted ext4
     filesystem image. (bnc#1099849)
   - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user
     can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a
     denial of service, and a system crash by mounting and operating on a
     crafted ext4 filesystem image. (bnc#1099863)

   The following non-security bugs were fixed:

   - acpi / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is
     2 (bsc#1051510).
   - af_key: Always verify length of provided sadb_key (bsc#1051510).
   - af_key: fix buffer overread in parse_exthdrs() (bsc#1051510).
   - af_key: fix buffer overread in verify_address_len() (bsc#1051510).
   - afs: Fix directory permissions check (bsc#1101828).
   - agp: uninorth: make two functions static (bsc#1051510).
   - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510).
   - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510).
   - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510).
   - alsa: usb-audio: Apply rate limit to warning messages in URB complete
     callback (bsc#1051510).
   - arm64: Correct type for PUD macros (bsc#1103723).
   - arm64: Disable unhandled signal log messages by default (bsc#1103724).
   - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725).
   - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726).
   - arm64: perf: correct PMUVer probing (bsc#1103727).
   - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails
     (bsc#1103728).
   - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
     (bsc#1103729).
   - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730).
   - arm: 8715/1: add a private asm/unaligned.h (bsc#1051510).
   - arm: 8720/1: ensure dump_instr() checks addr_limit (bsc#1051510).
   - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bsc#1051510).
   - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bsc#1051510).
   - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
     (bsc#1051510).
   - arm: 8743/1: bL_switcher: add MODULE_LICENSE tag (bsc#1051510).
   - arm: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
     (bsc#1051510).
   - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bsc#1051510).
   - arm: 8753/1: decompressor: add a missing parameter to the addruart macro
     (bsc#1051510).
   - arm: 8758/1: decompressor: restore r1 and r2 just before jumping to the
     kernel (bsc#1051510).
   - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
     size (bsc#1051510).
   - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
     (bsc#1051510).
   - arm: 8770/1: kprobes: Prohibit probing on optimized_callback
     (bsc#1051510).
   - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bsc#1051510).
   - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions
     (bsc#1051510).
   - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
     (bsc#1051510).
   - arm: amba: Fix race condition with driver_override (bsc#1051510).
   - arm: amba: Fix wrong indentation in driver_override_store()
     (bsc#1051510).
   - arm: amba: Make driver_override output consistent with other buses
     (bsc#1051510).
   - arm: at91: do not select CONFIG_ARM_CPU_SUSPEND for old platforms
     (bsc#1051510).
   - arm: avoid faulting on qemu (bsc#1051510).
   - arm: BUG if jumping to usermode address in kernel mode (bsc#1051510).
   - arm-ccn: perf: Prevent module unload while PMU is in use (bsc#1051510).
   - arm: davinci: Add dma_mask to dm365's eDMA device (bsc#1051510).
   - arm: davinci: board-da830-evm: fix GPIO lookup for MMC/SD (bsc#1051510).
   - arm: davinci: board-da850-evm: fix GPIO lookup for MMC/SD (bsc#1051510).
   - arm: davinci: board-da850-evm: fix WP pin polarity for MMC/SD
     (bsc#1051510).
   - arm: davinci: board-dm355-evm: fix broken networking (bsc#1051510).
   - arm: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
     (bsc#1051510).
   - arm: davinci: board-dm646x-evm: set VPIF capture card name (bsc#1051510).
   - arm: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup
     (bsc#1051510).
   - arm: davinci: dm646x: fix timer interrupt generation (bsc#1051510).
   - arm: davinci: fix mmc entries in dm365's dma_slave_map (bsc#1051510).
   - arm: davinci: fix the GPIO lookup for omapl138-hawk (bsc#1051510).
   - arm: davinci: Use platform_device_register_full() to create pdev for
     dm365's eDMA (bsc#1051510).
   - arm: DRA722: remove redundant definition of 1.0 device (bsc#1051510).
   - arm: fix return value of parse_cpu_capacity (bsc#1051510).
   - arm: kexec: fix failure to boot crash kernel (bsc#1051510).
   - arm: kexec: fix kdump register saving on panic() (bsc#1051510).
   - arm: keystone: fix platform_domain_notifier array overrun (bsc#1051510).
   - arm: kvm: fix building with gcc-8 (bsc#1051510).
   - arm: multi_v7_defconfig: Replace DRM_RCAR_HDMI by generic bridge options
     (bsc#1051510).
   - arm: multi_v7_defconfig: Replace SND_SOC_RSRC_CARD by
     SND_SIMPLE_SCU_CARD (bsc#1051510).
   - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bsc#1051510).
   - arm: OMAP1: clock: Fix debugfs_create_*() usage (bsc#1051510).
   - arm: OMAP2+: Fix SRAM virt to phys translation for
     save_secure_ram_context (bsc#1051510).
   - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (bsc#1051510).
   - arm: OMAP2+: omap_device: drop broken RPM status update from
     suspend_noirq (bsc#1051510).
   - arm: OMAP2+: powerdomain: use raw_smp_processor_id() for trace
     (bsc#1051510).
   - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
     (bsc#1051510).
   - arm: OMAP3: Fix prm wake interrupt for resume (bsc#1051510).
   - arm: OMAP3: hwmod_data: add missing module_offs for MMC3 (bsc#1051510).
   - arm: OMAP3+: PRM: fix of_irq_get() result check (bsc#1051510).
   - arm: OMAP4+: PRM: fix of_irq_get() result checks (bsc#1051510).
   - arm: OMAP: Fix dmtimer init for omap1 (bsc#1051510).
   - arm: OMAP: Fix SRAM W+X mapping (bsc#1051510).
   - arm: orion5x: Revert commit 4904dbda41c8 (bsc#1051510).
   - arm: orion: fix orion_ge00_switch_board_info initialization
     (bsc#1051510).
   - arm: pxa: select both FB and FB_W100 for eseries (bsc#1051510).
   - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bsc#1051510).
   - arm: remove wrong CONFIG_PROC_SYSCTL ifdef (bsc#1051510).
   - arm: s3c24xx: Fix NAND ECC mode for mini2440 board (bsc#1051510).
   - arm: shmobile: defconfig: Enable missing PCIE_RCAR dependency
     (bsc#1051510).
   - arm: shmobile: defconfig: Replace DRM_RCAR_HDMI by generic bridge
     options (bsc#1051510).
   - arm: shmobile: defconfig: Replace SND_SOC_RSRC_CARD by
     SND_SIMPLE_SCU_CARD (bsc#1051510).
   - arm: shmobile: defconfig: Replace USB_XHCI_RCAR by USB_XHCI_PLATFORM
     (bsc#1051510).
   - arm: shmobile: rcar-gen2: Fix deadlock in regulator quirk (bsc#1051510).
   - arm: socfpga_defconfig: Remove QSPI Sector 4K size force (bsc#1051510).
   - arm: spear13xx: Fix dmas cells (bsc#1051510).
   - arm: sunxi_defconfig: Enable CMA (bsc#1051510).
   - arm: sunxi: fix the core number of V3s in sunxi README (bsc#1051510).
   - asoc: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510).
   - asoc: topology: Add missing clock gating parameter when parsing
     hw_configs (bsc#1051510).
   - asoc: topology: Fix bclk and fsync inversion in set_link_hw_format()
     (bsc#1051510).
   - ata: do not schedule hot plug if it is a sas host ().
   - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510).
   - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510).
   - ath: Add regulatory mapping for Bahamas (bsc#1051510).
   - ath: Add regulatory mapping for Bermuda (bsc#1051510).
   - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510).
   - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510).
   - ath: Add regulatory mapping for Serbia (bsc#1051510).
   - ath: Add regulatory mapping for Tanzania (bsc#1051510).
   - ath: Add regulatory mapping for Uganda (bsc#1051510).
   - audit: fix potential null dereference 'context->module.name'
     (bsc#1051510).
   - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction
     (bsc#1051510).
   - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
     (bsc#1101867).
   - befs_lookup(): use d_splice_alias() (bsc#1101844).
   - block: Fix transfer when chunk sectors exceeds max (bsc#1101874).
   - bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510).
   - bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510).
   - bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
     (bsc#1051510).
   - branch-check: fix long->int truncation when profiling branches
     (bsc#1101116,).
   - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510).
   - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
     (bsc#1099858).
   - cachefiles: Fix refcounting bug in backing-file read monitoring
     (bsc#1099858).
   - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
     (bsc#1099858).
   - can: dev: increase bus-off message severity (bsc#1051510).
   - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bsc#1051510).
   - can: m_can: change comparison to bitshift when dealing with a mask
     (bsc#1051510).
   - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872).
   - clk: at91: fix clk-generated compilation (bsc#1051510).
   - clk: renesas: cpg-mssr: Stop using printk format %pCr (bsc#1051510).
   - coccinelle: fix parallel build with CHECK=scripts/coccicheck
     (bsc#1051510).
   - compiler.h: enable builtin overflow checkers and add fallback code
     (bsc#1101116,).
   - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms
     (bsc#1066110).
   - cpu/hotplug: Make bringup/teardown of smp threads symmetric
     (bsc#1089343).
   - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
   - cpu/hotplug: Split do_cpu_down() (bsc#1089343).
   - crypto: authenc - do not leak pointers to authenc keys (bsc#1051510).
   - crypto: authencesn - do not leak pointers to authenc keys (bsc#1051510).
   - crypto: padlock-aes - Fix Nano workaround data corruption (bsc#1051510).
   - delayacct: fix crash in delayacct_blkio_end() after delayacct init
     failure (bsc#1104066).
   - dm: add writecache target (bsc#1101116,).
   - dm: prevent DAX mounts if not supported (bsc#1103917).
   - dm writecache: support optional offset for start of device
     (bsc#1101116,).
   - dm writecache: use 2-factor allocator arguments (bsc#1101116,).
   - doc: Add vendor prefix for Kieback & Peter GmbH (bsc#1051510).
   - drivers: soc: sunxi: fix error processing on base address when claiming
     (bsc#1051510).
   - drm: Add DP PSR2 sink enable bit (bsc#1051510).
   - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510).
   - drm/atomic: Check old_plane_state->crtc in
     drm_atomic_helper_async_check() (bsc#1051510).
   - drm/atomic: Handling the case when setting old crtc for plane
     (bsc#1051510).
   - drm/atomic-helper: Drop plane->fb references only for
     drm_atomic_helper_shutdown() (bsc#1051510).
   - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to
     make gcc happy (bsc#1051510).
   - drm/atomic: Make async plane update checks work as intended, v2
     (bsc#1051510).
   - drm/atomic: Make atomic helper track newly assigned planes correctly, v2
     (bsc#1051510).
   - drm/atomic: Make atomic iterators less surprising (bsc#1051510).
   - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510).
   - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510).
   - drm/nouveau/fifo/gk104-: poll for runlist update completion
     (bsc#1051510).
   - drm/radeon: fix mode_valid's return type (bsc#1051510).
   - drm: re-enable error handling (bsc#1051510).
   - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
     (bsc#1051510).
   - Enable / support pinctrl-lewisburg ()
   - ext2: fix a block leak (bsc#1101875).
   - ext4: add more mount time checks of the superblock (bsc#1101900).
   - ext4: bubble errors from ext4_find_inline_data_nolock() up to
     ext4_iget() (bsc#1101896).
   - ext4: check superblock mapped prior to committing (bsc#1101902).
   - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841).
   - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841).
   - ext4: fix check to prevent initializing reserved inodes (bsc#1104319).
   - ext4: fix fencepost error in check for inode count overflow during
     resize (bsc#1101853).
   - ext4: include the illegal physical block in the bad map ext4_error msg
     (bsc#1101903).
   - ext4: report delalloc reserve as non-free in statfs for project quota
     (bsc#1101843).
   - ext4: update mtime in ext4_punch_hole even if no blocks are released
     (bsc#1101895).
   - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837).
   - fix io_destroy()/aio_complete() race (bsc#1101852).
   - Force log to disk before reading the AGF during a fstrim (bsc#1101893).
   - fs: allow per-device dax status checking for filesystems (bsc#1103917).
   - fscache: Allow cancelled operations to be enqueued (bsc#1099858).
   - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885).
   - fscache: Fix reference overput in fscache_attach_object() error handling
     (bsc#1099858).
   - fs: clear writeback errors in inode_init_always (bsc#1101882).
   - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883).
   - genirq: Check __free_irq() return value for NULL (bsc#1103517).
   - hid: hid-plantronics: Re-resend Update to map button for PTT products
     (bsc#1051510).
   - hid: i2c-hid: check if device is there before really probing
     (bsc#1051510).
   - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
     (bsc#1051510).
   - hv_netvsc: Ensure correct teardown message sequence order ().
   - hv/netvsc: fix handling of fallback to single queue mode ().
   - hv_netvsc: Fix net device attach on older Windows hosts ().
   - hv_netvsc: set master device (bsc#1051979).
   - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() ().
   - hv_netvsc: split sub-channel setup into async and sync ().
   - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown
     ().
   - ibmasm: do not write out of bounds in read handler (bsc#1051510).
   - ibmvnic: Remove code to request error information (bsc#1104174).
   - ibmvnic: Revise RX/TX queue error messages (bsc#1101331).
   - ibmvnic: Update firmware error reporting with cause string (bsc#1104174).
   - input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510).
   - input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
     (bsc#1051510).
   - input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510).
   - irqchip: brcmstb-l2: Define an irq_pm_shutdown function (bsc#1051510).
   - irqchip/gic: Take lock when updating irq type (bsc#1051510).
   - irqchip/gic-v3: Change pr_debug message to pr_devel (bsc#1051510).
   - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry
     (bsc#1051510).
   - irqchip/gic-v3: Ignore disabled ITS nodes (bsc#1051510).
   - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
     (bsc#1051510).
   - irqchip/qcom: Fix check for spurious interrupts (bsc#1051510).
   - irqchip/qcom: Fix u32 comparison with value less than zero (bsc#1051510).
   - isofs: fix potential memory leak in mount option parsing (bsc#1101887).
   - iwlwifi: add more card IDs for 9000 series (bsc#1051510).
   - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510).
   - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343).
   - jump_label: Provide hotplug context variants (bsc#1089343).
   - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343).
   - kabi protect bdev_dax_supported (bsc#1103917).
   - kabi protect struct ccw_device_private (bsc#1103421).
   - kabi/severities: do not complain on hisi_sas internal changes ().
   - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be
     adjusted in case they depend on this particular change
   - kbuild: add '-fno-stack-check' to kernel build options (bsc#1051510).
   - kbuild: Handle builtin dtb file names containing hyphens (bsc#1051510).
   - kbuild: pkg: use --transform option to prefix paths in tar (bsc#1051510).
   - kconfig: display recursive dependency resolution hint just once
     (bsc#1051510).
   - kmemleak: add scheduling point to kmemleak_scan() (bsc#1051510).
   - kvm: SVM: Add pause filter threshold ().
   - kvm: SVM: Implement pause loop exit logic in SVM ().
   - kvm: VMX: Bring the common code to header file ().
   - kvm: VMX: Fix the module parameters for vmx ().
   - kvm: VMX: Remove ple_window_actual_max ().
   - libata: add refcounting to ata_host (git-fixes).
   - libata: ensure host is free'd on error exit paths (git-fixes).
   - libnvdimm, dimm: fix dpa reservation vs uninitialized label area
     (git-fixes).
   - linvdimm, pmem: Preserve read-only setting for pmem devices (git-fixes).
   - media: media-device: fix ioctl function types (bsc#1051510).
   - media: rcar_jpu: Add missing clk_disable_unprepare() on error in
     jpu_open() (bsc#1051510).
   - media: saa7164: Fix driver name in debug output (bsc#1051510).
   - media: si470x: fix __be16 annotations (bsc#1051510).
   - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510).
   - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510).
   - mfd: cros_ec: Fail early if we cannot identify the EC (bsc#1051510).
   - mfd: fsl-imx25: Clean up irq settings during removal (bsc#1051510).
   - mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() (bsc#1051510).
   - misc: pci_endpoint_test: Avoid triggering a BUG() (bsc#1051510).
   - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510).
   - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510).
   - mm: fix __gup_device_huge vs unmap (bsc#1101839).
   - mm/kmemleak.c: make cond_resched() rate-limiting more efficient
     (bsc#1051510).
   - mwifiex: correct histogram data with appropriate index (bsc#1051510).
   - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510).
   - nohz: Fix local_timer_softirq_pending() (bsc#1051510).
   - nvme: ensure forward progress during Admin passthru (git-fixes).
   - nvme-fabrics: Ignore nr_io_queues option for discovery controllers
     (bsc#1102633).
   - nvme: fixup crash on failed discovery (bsc#1103920).
   - nvme.h: fixup ANA group descriptor format (bsc#1104111).
   - nvme: use hw qid in trace events (bsc#1102633).
   - orangefs: report attributes_mask and attributes for statx (bsc#1101832).
   - orangefs: set i_size on new symlink (bsc#1101845).
   - overflow.h: Add allocation size calculation helpers (bsc#1101116,).
   - pci: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510).
   - pci: pciehp: Request control of native hotplug only if supported
     (bsc#1051510).
   - pci: Prevent sysfs disable of device while driver is attached
     (bsc#1051510).
   - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510).
   - pinctrl: intel: Add Intel Lewisburg GPIO support ().
   - pinctrl: nand: meson-gxl: fix missing data pins (bsc#1051510).
   - pmem: only set QUEUE_FLAG_DAX for fsdax mode (bsc#1103917).
   - qed*: Add link change count value to ethtool statistics display
     (bsc#1086314).
   - qed: Add qed APIs for PHY module query (bsc#1086314 ).
   - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ).
   - qede: Add driver callbacks for eeprom module query (bsc#1086314 ).
   - qed: fix spelling mistake "successffuly" -> "successfully" (bsc#1086314).
   - qed: Make some functions static (bsc#1086314).
   - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314).
   - qed: remove redundant functions qed_set_gft_event_id_cm_hdr
     (bsc#1086314).
   - qed: remove redundant pointer 'name' (bsc#1086314).
   - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314).
   - qed*: Utilize FW 8.37.2.0 (bsc#1086314).
   - RDMA/qedr: Fix NULL pointer dereference when running over iWARP without
     RDMA-CM (bsc#1086314).
   - RDMA/qedr: fix spelling mistake: "adrresses" -> "addresses"
     (bsc#1086314).
   - RDMA/qedr: fix spelling mistake: "failes" -> "fails" (bsc#1086314).
   - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
     (bsc#1051510).
   - reiserfs: fix buffer overflow with long warning messages (bsc#1101847).
   - Revert "drm/nouveau/drm/therm/fan: add a fallback if no fan control is
     specified in the vbios" (bsc#1103356).
   - s390/cio: clear timer when terminating driver I/O (bsc#1103421).
   - s390/cio: fix return code after missing interrupt (bsc#1103421).
   - s390/dasd: fix handling of internal requests (bsc#1103421).
   - s390/dasd: fix wrongly assigned configuration data (bsc#1103421).
   - s390/dasd: prevent prefix I/O error (bsc#1103421).
   - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421).
   - s390/ipl: ensure loadparm valid flag is set (bsc#1103421).
   - s390/pci: do not require AIS facility (bsc#1103421).
   - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421).
   - sc16is7xx: Check for an error when the clock is enabled (bsc#1051510).
   - sched/fair: Consider RT/IRQ pressure in capacity_spare_wake()
     (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/fair: Fix find_idlest_group() when local group is not allowed
     (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/fair: Fix usage of find_idlest_group() when no groups are allowed
     (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/fair: Fix usage of find_idlest_group() when the local group is
     idlest (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/fair: Move select_task_rq_fair() slow-path into its own function
     (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/fair: Remove impossible condition from find_idlest_group_cpu()
     (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/fair: Remove unnecessary comparison with -1 (bnc#1101669 optimise
     numa balancing for fast migrate).
   - sched/fair: Spare idle load balancing on nohz_full CPUs (bnc#1101669
     optimise numa balancing for fast migrate).
   - sched/fair: Use 'unsigned long' for utilization, consistently
     (bnc#1101669 optimise numa balancing for fast migrate).
   - sched/smt: Update sched_smt_present at runtime (bsc#1089343).
   - scsi: ata: enhance the definition of SET MAX feature field value ().
   - scsi: hisi_sas: add an mechanism to do reset work synchronously ().
   - scsi: hisi_sas: add check of device in hisi_sas_task_exec() ().
   - scsi: hisi_sas: add internal abort dev in some places ().
   - scsi: hisi_sas: Add LED feature for v3 hw ().
   - scsi: hisi_sas: add RAS feature for v3 hw ().
   - scsi: hisi_sas: add readl poll timeout helper wrappers ().
   - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice ().
   - scsi: hisi_sas: add some print to enhance debugging ().
   - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command ().
   - scsi: hisi_sas: add v2 hw port AXI error handling support ().
   - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE() ().
   - scsi: hisi_sas: add v3 hw suspend and resume ().
   - scsi: hisi_sas: allocate slot buffer earlier ().
   - scsi: hisi_sas: Change common allocation mode of device id ().
   - scsi: hisi_sas: Change frame type for SET MAX commands ().
   - scsi: hisi_sas: change ncq process for v3 hw ().
   - scsi: hisi_sas: change slot index allocation mode ().
   - scsi: hisi_sas: check host frozen before calling "done" function ().
   - scsi: hisi_sas: check IPTT is valid before using it for v3 hw ().
   - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task() ().
   - scsi: hisi_sas: Code cleanup and minor bug fixes ().
   - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
     ().
   - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol()
     ().
   - scsi: hisi_sas: Create a scsi_host_template per HW module ().
   - scsi: hisi_sas: delete timer when removing hisi_sas driver ().
   - scsi: hisi_sas: do link reset for some CHL_INT2 ints ().
   - scsi: hisi_sas: Do not lock DQ for complete task sending ().
   - scsi: hisi_sas: dt-bindings: add an property of signal attenuation ().
   - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() ().
   - scsi: hisi_sas: fix a typo in hisi_sas_task_prep() ().
   - scsi: hisi_sas: fix dma_unmap_sg() parameter ().
   - scsi: hisi_sas: fix PI memory size ().
   - scsi: hisi_sas: fix return value of hisi_sas_task_prep() ().
   - scsi: hisi_sas: Fix return value when get_free_slot() failed ().
   - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO ().
   - scsi: hisi_sas: fix the issue of link rate inconsistency ().
   - scsi: hisi_sas: fix the issue of setting linkrate register ().
   - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw ().
   - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot ().
   - scsi: hisi_sas: increase timer expire of internal abort task ().
   - scsi: hisi_sas: Init disks after controller reset ().
   - scsi: hisi_sas: initialize dq spinlock before use ().
   - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate() ().
   - scsi: hisi_sas: judge result of internal abort ().
   - scsi: hisi_sas: make local symbol host_attrs static ().
   - scsi: hisi_sas: make return type of prep functions void ().
   - scsi: hisi_sas: make SAS address of SATA disks unique ().
   - scsi: hisi_sas: Mark PHY as in reset for nexus reset ().
   - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset ().
   - scsi: hisi_sas: modify some register config for hip08 ().
   - scsi: hisi_sas: optimise port id refresh function ().
   - scsi: hisi_sas: optimise the usage of DQ locking ().
   - scsi: hisi_sas: print device id for errors ().
   - scsi: hisi_sas: re-add the lldd_port_deformed() ().
   - scsi: hisi_sas: relocate clearing ITCT and freeing device ().
   - scsi: hisi_sas: relocate smp sg map ().
   - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency
     ().
   - scsi: hisi_sas: remove redundant handling to event95 for v3 ().
   - scsi: hisi_sas: remove some unneeded structure members ().
   - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req ().
   - scsi: hisi_sas: Reset disks when discovered ().
   - scsi: hisi_sas: some optimizations of host controller reset ().
   - scsi: hisi_sas: stop controller timer for reset ().
   - scsi: hisi_sas: support the property of signal attenuation for v2 hw ().
   - scsi: hisi_sas: Terminate STP reject quickly for v2 hw ().
   - scsi: hisi_sas: Try wait commands before before controller reset ().
   - scsi: hisi_sas: update PHY linkrate after a controller reset ().
   - scsi: hisi_sas: update RAS feature for later revision of v3 HW ().
   - scsi: hisi_sas: use an general way to delay PHY work ().
   - scsi: hisi_sas: Use device lock to protect slot alloc/free ().
   - scsi: hisi_sas: use dma_zalloc_coherent() ().
   - scsi: hisi_sas: workaround a v3 hw hilink bug ().
   - scsi: libsas: defer ata device eh commands to libata ().
   - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than
     PAGE_SIZE (bsc#1102658).
   - scsi: lpfc: Correct LCB ACCept payload (bsc#1102658).
   - scsi: lpfc: devloss timeout race condition caused null pointer reference
     (bsc#1102658).
   - scsi: lpfc: Fix abort error path for NVMET (bsc#1102658).
   - scsi: lpfc: Fix driver crash when re-registering NVME rports
     (bsc#1102658).
   - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word
     (bsc#1102658).
   - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102658).
   - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102658).
   - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102658).
   - scsi: lpfc: Fix panic if driver unloaded when port is offline
     (bsc#1102658).
   - scsi: lpfc: Fix sysfs Speed value on CNA ports (bsc#1102658).
   - scsi: lpfc: Limit tracking of tgt queue depth in fast path (bsc#1102658).
   - scsi: lpfc: Make PBDE optimizations configurable (bsc#1102658).
   - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (bsc#1102658).
   - scsi: lpfc: Revise copyright for new company language (bsc#1102658).
   - scsi: lpfc: Support duration field in Link Cable Beacon V1 command
     (bsc#1102658).
   - scsi: lpfc: update driver version to 12.0.0.5 (bsc#1102658).
   - scsi: lpfc: update driver version to 12.0.0.6 (bsc#1102658).
   - scsi: qla2xxx: Avoid double completion of abort command (git-fixes).
   - scsi: qla2xxx: Fix driver unload by shutting down chip (git-fixes).
   - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion
     (git-fixes).
   - scsi: qla2xxx: Fix NULL pointer dereference for fcport search
     (git-fixes).
   - scsi: qla2xxx: Fix unintialized List head crash (git-fixes).
   - scsi: qla2xxx: Return error when TMF returns (git-fixes).
   - scsi: smartpqi: add in new supported controllers (bsc#1086274).
   - scsi: smartpqi: add inspur advantech ids (bsc#1086274).
   - scsi: smartpqi: bump driver version to 1.1.4-130 (bsc#1086274).
   - scsi: smartpqi: fix critical ARM issue reading PQI index registers
     (bsc#1086274).
   - scsi: smartpqi: improve error checking for sync requests (bsc#1086274).
   - scsi: smartpqi: improve handling for sync requests (bsc#1086274).
   - scsi: smartpqi: update driver version (bsc#1086274).
   - scsi: smartpqi: workaround fw bug for oq deletion (bsc#1086274).
   - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
     (git-fixes).
   - sctp: introduce sctp_dst_mtu (git-fixes).
   - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
     (bsc#1051510).
   - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510).
   - soc: imx: gpc: de-register power domains only if initialized
     (bsc#1051510).
   - soc: imx: gpc: restrict register range for regmap access (bsc#1051510).
   - soc: imx: gpcv2: correct PGC offset (bsc#1051510).
   - soc: imx: gpcv2: Do not pass static memory as platform data
     (bsc#1051510).
   - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510).
   - soc: mediatek: pwrap: fix compiler errors (bsc#1051510).
   - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510).
   - soc: rockchip: power-domain: Fix wrong value when power up pd with
     writemask (bsc#1051510).
   - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510).
   - soc/tegra: flowctrl: Fix error handling (bsc#1051510).
   - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510).
   - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510).
   - spi: bcm2835aux: ensure interrupts are enabled for shared handler
     (bsc#1051510).
   - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate()
     (bsc#1051510).
   - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510).
   - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
     (bsc#1051510).
   - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
     (bsc#1051510).
   - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510).
   - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510).
   - sr: pass down correctly sized SCSI sense buffer (git-fixes).
   - staging: ks7010: Use constants from ieee80211_eid instead of literal
     ints (bsc#1051510).
   - staging: speakup: fix wraparound in uaccess length check (bsc#1051510).
   - supported.conf: add drivers/md/dm-writecache
   - sysrq : fix Show Regs call trace on ARM (bsc#1051510).
   - thermal: exynos: fix setting rising_threshold for Exynos5433
     (bsc#1051510).
   - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510).
   - typec: tcpm: Fix a msecs vs jiffies bug (bsc#1100132).
   - udf: Detect incorrect directory size (bsc#1101891).
   - udf: Provide saner default for invalid uid / gid (bsc#1101890).
   - Update config files to add CONFIG_DM_WRITECACHE=m
   - Update
     patches.arch/KVM-PPC-Check-if-IOMMU-page-is-contained-in-the-pinn.patch
     (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949).
   - usb: hub: Do not wait for connect state at resume for powered-off ports
     (bsc#1051510).
   - usbip: usbip_detach: Fix memory, udev context and udev leak
     (bsc#1051510).
   - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841).
   - virtio_balloon: fix another race between migration and ballooning
     (bsc#1051510).
   - wlcore: sdio: check for valid platform device data before suspend
     (bsc#1051510).
   - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
   - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
     (bsc#1089343).
   - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
   - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
     (bsc#1089343).
   - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
   - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
   - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
   - x86/cpu: Remove the pointless CPU printout (bsc#1089343).
   - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
   - x86/KVM/VMX: Add module argument for L1TF mitigation.
   - x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
   - x86/topology: Provide topology_smt_supported() (bsc#1089343).
   - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (binutils_2.31).
   - xfs: catch inode allocation state mismatch corruption (bsc#1104211).
   - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1614=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-25.13.1
      kernel-default-debugsource-4.12.14-25.13.1
      kernel-default-livepatch-4.12.14-25.13.1


References:

   https://www.suse.com/security/cve/CVE-2018-10876.html
   https://www.suse.com/security/cve/CVE-2018-10877.html
   https://www.suse.com/security/cve/CVE-2018-10878.html
   https://www.suse.com/security/cve/CVE-2018-10879.html
   https://www.suse.com/security/cve/CVE-2018-10880.html
   https://www.suse.com/security/cve/CVE-2018-10881.html
   https://www.suse.com/security/cve/CVE-2018-10882.html
   https://www.suse.com/security/cve/CVE-2018-10883.html
   https://www.suse.com/security/cve/CVE-2018-3620.html
   https://www.suse.com/security/cve/CVE-2018-3646.html
   https://www.suse.com/security/cve/CVE-2018-5391.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1051979
   https://bugzilla.suse.com/1066110
   https://bugzilla.suse.com/1077761
   https://bugzilla.suse.com/1086274
   https://bugzilla.suse.com/1086314
   https://bugzilla.suse.com/1087081
   https://bugzilla.suse.com/1089343
   https://bugzilla.suse.com/1099811
   https://bugzilla.suse.com/1099813
   https://bugzilla.suse.com/1099844
   https://bugzilla.suse.com/1099845
   https://bugzilla.suse.com/1099846
   https://bugzilla.suse.com/1099849
   https://bugzilla.suse.com/1099858
   https://bugzilla.suse.com/1099863
   https://bugzilla.suse.com/1099864
   https://bugzilla.suse.com/1100132
   https://bugzilla.suse.com/1101116
   https://bugzilla.suse.com/1101331
   https://bugzilla.suse.com/1101669
   https://bugzilla.suse.com/1101828
   https://bugzilla.suse.com/1101832
   https://bugzilla.suse.com/1101833
   https://bugzilla.suse.com/1101837
   https://bugzilla.suse.com/1101839
   https://bugzilla.suse.com/1101841
   https://bugzilla.suse.com/1101843
   https://bugzilla.suse.com/1101844
   https://bugzilla.suse.com/1101845
   https://bugzilla.suse.com/1101847
   https://bugzilla.suse.com/1101852
   https://bugzilla.suse.com/1101853
   https://bugzilla.suse.com/1101867
   https://bugzilla.suse.com/1101872
   https://bugzilla.suse.com/1101874
   https://bugzilla.suse.com/1101875
   https://bugzilla.suse.com/1101882
   https://bugzilla.suse.com/1101883
   https://bugzilla.suse.com/1101885
   https://bugzilla.suse.com/1101887
   https://bugzilla.suse.com/1101890
   https://bugzilla.suse.com/1101891
   https://bugzilla.suse.com/1101893
   https://bugzilla.suse.com/1101895
   https://bugzilla.suse.com/1101896
   https://bugzilla.suse.com/1101900
   https://bugzilla.suse.com/1101902
   https://bugzilla.suse.com/1101903
   https://bugzilla.suse.com/1102633
   https://bugzilla.suse.com/1102658
   https://bugzilla.suse.com/1103097
   https://bugzilla.suse.com/1103356
   https://bugzilla.suse.com/1103421
   https://bugzilla.suse.com/1103517
   https://bugzilla.suse.com/1103723
   https://bugzilla.suse.com/1103724
   https://bugzilla.suse.com/1103725
   https://bugzilla.suse.com/1103726
   https://bugzilla.suse.com/1103727
   https://bugzilla.suse.com/1103728
   https://bugzilla.suse.com/1103729
   https://bugzilla.suse.com/1103730
   https://bugzilla.suse.com/1103917
   https://bugzilla.suse.com/1103920
   https://bugzilla.suse.com/1103948
   https://bugzilla.suse.com/1103949
   https://bugzilla.suse.com/1104066
   https://bugzilla.suse.com/1104111
   https://bugzilla.suse.com/1104174
   https://bugzilla.suse.com/1104211
   https://bugzilla.suse.com/1104319



More information about the sle-security-updates mailing list