SUSE-SU-2019:1535-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jun 17 18:28:04 MDT 2019


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1535-1
Rating:             important
References:         #1012382 #1050242 #1051510 #1053043 #1055186 
                    #1056787 #1058115 #1061840 #1063638 #1064802 
                    #1065600 #1065729 #1066129 #1068546 #1071995 
                    #1075020 #1082387 #1083647 #1085535 #1099658 
                    #1103992 #1104353 #1104427 #1106011 #1106284 
                    #1108193 #1108838 #1108937 #1110946 #1111696 
                    #1112063 #1113722 #1114427 #1115688 #1117158 
                    #1117561 #1118139 #1119843 #1120091 #1120423 
                    #1120566 #1120843 #1120902 #1122776 #1123454 
                    #1123663 #1124503 #1124839 #1126356 #1127616 
                    #1128052 #1128904 #1128979 #1129138 #1129273 
                    #1129497 #1129693 #1129770 #1130579 #1130699 
                    #1130972 #1131326 #1131451 #1131488 #1131565 
                    #1131673 #1132044 #1133176 #1133188 #1133190 
                    #1133320 #1133612 #1133616 #1134160 #1134162 
                    #1134199 #1134200 #1134201 #1134202 #1134203 
                    #1134204 #1134205 #1134354 #1134393 #1134459 
                    #1134460 #1134461 #1134537 #1134597 #1134651 
                    #1134671 #1134760 #1134806 #1134810 #1134813 
                    #1134848 #1134936 #1135006 #1135007 #1135008 
                    #1135056 #1135100 #1135120 #1135278 #1135281 
                    #1135309 #1135312 #1135314 #1135315 #1135316 
                    #1135320 #1135323 #1135330 #1135492 #1135542 
                    #1135556 #1135603 #1135642 #1135661 #1135758 
                    #1136206 #1136424 #1136428 #1136430 #1136432 
                    #1136434 #1136435 #1136438 #1136439 #1136477 
                    #1136478 #1136573 #1136586 #1136881 #1136935 
                    #1136990 #1137151 #1137152 #1137153 #1137162 
                    #1137372 #1137444 #1137586 #1137739 #1137752 
                    
Cross-References:   CVE-2018-7191 CVE-2019-10124 CVE-2019-11085
                    CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
                    CVE-2019-11486 CVE-2019-11487 CVE-2019-11815
                    CVE-2019-11833 CVE-2019-11884 CVE-2019-12382
                    CVE-2019-3846 CVE-2019-5489
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 131 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 15 Azure kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2019-11477: A sequence of SACKs may have been crafted such that one
     can trigger an integer overflow, leading to a kernel panic.
   - CVE-2019-11478: It was possible to send a crafted sequence of SACKs
     which will fragment the TCP retransmission queue. An attacker may have
     been able to further exploit the fragmented queue to cause an expensive
     linked-list walk for subsequent SACKs received for that same TCP
     connection.
   - CVE-2019-11479: An attacker could force the Linux kernel to segment its
     responses into multiple TCP segments. This would drastically increased
     the bandwidth required to deliver the same amount of data. Further, it
     would consume additional resources such as CPU and NIC processing power.
   - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
     possibly escalate privileges was found in the mwifiex kernel module
     while connecting to a malicious wireless network. (bnc#1136424)
   - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
     drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an
     unchecked kstrdup of fwstr, which might have allowed an attacker to
     cause a denial of service (NULL pointer dereference and system crash).
     (bnc#1136586)
   - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux
     kernel allowed local attackers to observe page cache access patterns of
     other processes on the same system, potentially allowing sniffing of
     secret information. (Fixing this affects the output of the fincore
     program.) Limited remote exploitation may have been possible, as
     demonstrated by latency differences in accessing public files from an
     Apache HTTP Server. (bnc#1120843)
   - CVE-2019-11487: The Linux kernel allowed page reference count overflow,
     with resultant use-after-free issues, if about 140 GiB of RAM existed.
     It could have occured with FUSE requests. (bnc#1133190)
   - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
     the unused memory region in the extent tree block, which might have
     allowed local users to obtain sensitive information by reading
     uninitialized data in the filesystem. (bnc#1135281)
   - CVE-2018-7191: In the tun subsystem in the Linux kernel,
     dev_get_valid_name was not called before register_netdevice. This
     allowed local users to cause a denial of service (NULL pointer
     dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
     containing a / character. (bnc#1135603)
   - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in
     i915 Graphics for Linux may have allowed an authenticated user to
     potentially enable escalation of privilege via local access.
     (bnc#1135278)
   - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
     net/rds/tcp.c in the Linux kernel There was a race condition leading to
     a use-after-free, related to net namespace cleanup. (bnc#1134537)
   - CVE-2019-11884: The do_hidp_sock_ioctl function in
     net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
     obtain potentially sensitive information from kernel stack memory via a
     hidPCONNADD command, because a name field may not end with a '\0'
     character. (bnc#1134848)
   - CVE-2019-11486: The Siemens R3964 line discipline driver in
     drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions.
     (bnc#1133188)
   - CVE-2019-10124: An attacker could exploit an issue in the hwpoison
     implementation to cause a denial of service (BUG). (bsc#1130699)

   The following non-security bugs were fixed:

   - 9p locks: add mount option for lock retry interval (bsc#1051510).
   - acpi / property: fix handling of data_nodes in acpi_get_next_subnode()
     (bsc#1051510).
   - acpi / utils: Drop reference in test for device presence (bsc#1051510).
   - acpi: button: reinitialize button state upon resume (bsc#1051510).
   - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158).
   - acpica: AML interpreter: add region addresses in global list during
     initialization (bsc#1051510).
   - acpica: Namespace: remove address node from global list after method
     termination (bsc#1051510).
   - alsa: core: Do not refer to snd_cards array directly (bsc#1051510).
   - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).
   - alsa: hda - Register irq handler after the chip initialization
     (bsc#1051510).
   - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).
   - alsa: hda/hdmi - Consider eld_valid when reporting jack event
     (bsc#1051510).
   - alsa: hda/hdmi - Read the pin sense from register when repolling
     (bsc#1051510).
   - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).
   - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).
   - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).
   - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)
     (bsc#1051510).
   - alsa: hda/realtek - EAPD turn on later (bsc#1051510).
   - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone
     bug (bsc#1051510).
   - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).
   - alsa: hda/realtek - Fixup headphone noise via runtime suspend
     (bsc#1051510).
   - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops
     (bsc#1051510).
   - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510).
   - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14)
     (bsc#1051510).
   - alsa: line6: Avoid polluting led_* namespace (bsc#1051510).
   - alsa: line6: use dynamic buffers (bsc#1051510).
   - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).
   - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock()
     (bsc#1051510).
   - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).
   - alsa: seq: Fix race of get-subscription call vs port-delete ioctls
     (bsc#1051510).
   - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).
   - alsa: seq: Protect racy pool manipulation from OSS sequencer
     (bsc#1051510).
   - alsa: seq: Remove superfluous irqsave flags (bsc#1051510).
   - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).
   - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).
   - alsa: timer: Coding style fixes (bsc#1051510).
   - alsa: timer: Make snd_timer_close() really kill pending actions
     (bsc#1051510).
   - alsa: timer: Make sure to clear pending ack list (bsc#1051510).
   - alsa: timer: Revert active callback sync check at close (bsc#1051510).
   - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).
   - alsa: timer: Unify timer callback process code (bsc#1051510).
   - alsa: usb-audio: Fix a memory leak bug (bsc#1051510).
   - alsa: usb-audio: Handle the error from
     snd_usb_mixer_apply_create_quirk() (bsc#1051510).
   - alsa: usx2y: fix a double free bug (bsc#1051510).
   - appletalk: Fix compile regression (bsc#1051510).
   - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).
   - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
   - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
     table (bsc#1117158).
   - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi
   - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).
   - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158).
   - arm64: fix acpi dependencies (bsc#1117158).
   - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).
   - arm: 8833/1: Ensure that NEON code always compiles with Clang
     (bsc#1051510).
   - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).
   - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).
   - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be
     uninitialized (bsc#1051510).
   - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
     (bsc#1051510).
   - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).
   - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
     (bsc#1051510).
   - arm: iop: do not use using 64-bit DMA masks (bsc#1051510).
   - arm: orion: do not use using 64-bit DMA masks (bsc#1051510).
   - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).
   - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).
   - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos
     platforms (bsc#1051510).
   - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510).
   - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).
   - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510).
   - asoc: eukrea-tlv320: fix a leaked reference by adding missing
     of_node_put (bsc#1051510).
   - asoc: fix valid stream condition (bsc#1051510).
   - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510).
   - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510).
   - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put
     (bsc#1051510).
   - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510).
   - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510).
   - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510).
   - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510).
   - asoc: nau8824: fix the issue of the widget with prefix name
     (bsc#1051510).
   - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate
     (bsc#1051510).
   - asoc: stm32: fix sai driver name initialisation (bsc#1051510).
   - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510).
   - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).
   - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).
   - at76c50x-usb: Do not register led_trigger if usb_register_driver failed
     (bsc#1051510).
   - audit: fix a memleak caused by auditing load module (bsc#1051510).
   - b43: shut up clang -Wuninitialized variable warning (bsc#1051510).
   - backlight: lm3630a: Return 0 on success in update_status functions
     (bsc#1051510).
   - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
     (bsc#1051510).
   - bcache: Move couple of functions to sysfs.c (bsc#1130972).
   - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
   - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
   - bcache: Replace bch_read_string_list() by __sysfs_match_string()
     (bsc#1130972).
   - bcache: account size of buckets used in uuid write to
     ca->meta_sectors_written (bsc#1130972).
   - bcache: add MODULE_DESCRIPTION information (bsc#1130972).
   - bcache: add a comment in super.c (bsc#1130972).
   - bcache: add code comments for bset.c (bsc#1130972).
   - bcache: add comment for cache_set->fill_iter (bsc#1130972).
   - bcache: add identifier names to arguments of function definitions
     (bsc#1130972).
   - bcache: add missing SPDX header (bsc#1130972).
   - bcache: add separate workqueue for journal_write to avoid deadlock
     (bsc#1130972).
   - bcache: add static const prefix to char * array declarations
     (bsc#1130972).
   - bcache: add sysfs_strtoul_bool() for setting bit-field variables
     (bsc#1130972).
   - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
   - bcache: cannot set writeback_running via sysfs if no writeback kthread
     created (bsc#1130972).
   - bcache: correct dirty data statistics (bsc#1130972).
   - bcache: do not assign in if condition in bcache_init() (bsc#1130972).
   - bcache: do not assign in if condition register_bcache() (bsc#1130972).
   - bcache: do not check NULL pointer before calling kmem_cache_destroy
     (bsc#1130972).
   - bcache: do not check if debug dentry is ERR or NULL explicitly on remove
     (bsc#1130972).
   - bcache: do not clone bio in bch_data_verify (bsc#1130972).
   - bcache: do not mark writeback_running too early (bsc#1130972).
   - bcache: export backing_dev_name via sysfs (bsc#1130972).
   - bcache: export backing_dev_uuid via sysfs (bsc#1130972).
   - bcache: fix code comments style (bsc#1130972).
   - bcache: fix indent by replacing blank by tabs (bsc#1130972).
   - bcache: fix indentation issue, remove tabs on a hunk of code
     (bsc#1130972).
   - bcache: fix input integer overflow of congested threshold (bsc#1130972).
   - bcache: fix input overflow to cache set io_error_limit (bsc#1130972).
   - bcache: fix input overflow to cache set sysfs file io_error_halflife
     (bsc#1130972).
   - bcache: fix input overflow to journal_delay_ms (bsc#1130972).
   - bcache: fix input overflow to sequential_cutoff (bsc#1130972).
   - bcache: fix input overflow to writeback_delay (bsc#1130972).
   - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
   - bcache: fix ioctl in flash device (bsc#1130972).
   - bcache: fix mistaken code comments in bcache.h (bsc#1130972).
   - bcache: fix mistaken comments in request.c (bsc#1130972).
   - bcache: fix potential div-zero error of writeback_rate_i_term_inverse
     (bsc#1130972).
   - bcache: fix potential div-zero error of writeback_rate_p_term_inverse
     (bsc#1130972).
   - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
   - bcache: fix typo in code comments of closure_return_with_destructor()
     (bsc#1130972).
   - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).
   - bcache: introduce force_wake_up_gc() (bsc#1130972).
   - bcache: make cutoff_writeback and cutoff_writeback_sync tunable
     (bsc#1130972).
   - bcache: move open brace at end of function definitions to next line
     (bsc#1130972).
   - bcache: never writeback a discard operation (bsc#1130972).
   - bcache: not use hard coded memset size in bch_cache_accounting_clear()
     (bsc#1130972).
   - bcache: option to automatically run gc thread after writeback
     (bsc#1130972).
   - bcache: panic fix for making cache device (bsc#1130972).
   - bcache: prefer 'help' in Kconfig (bsc#1130972).
   - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
   - bcache: recal cached_dev_sectors on detach (bsc#1130972).
   - bcache: remove unnecessary space before ioctl function pointer arguments
     (bsc#1130972).
   - bcache: remove unused bch_passthrough_cache (bsc#1130972).
   - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
   - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
   - bcache: replace Symbolic permissions by octal permission numbers
     (bsc#1130972).
   - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
   - bcache: replace printk() by pr_*() routines (bsc#1130972).
   - bcache: set writeback_percent in a flexible range (bsc#1130972).
   - bcache: split combined if-condition code into separate ones
     (bsc#1130972).
   - bcache: stop bcache device when backing device is offline (bsc#1130972).
   - bcache: stop using the deprecated get_seconds() (bsc#1130972).
   - bcache: style fix to add a blank line after declarations (bsc#1130972).
   - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
   - bcache: style fixes for lines over 80 characters (bsc#1130972).
   - bcache: treat stale and dirty keys as bad keys (bsc#1130972).
   - bcache: trivial - remove tailing backslash in macro BTREE_FLAG
     (bsc#1130972).
   - bcache: update comment for bch_data_insert (bsc#1130972).
   - bcache: update comment in sysfs.c (bsc#1130972).
   - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
     (bsc#1130972).
   - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in
     __bch_bucket_alloc_set (bsc#1130972).
   - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
   - bcache: use routines from lib/crc64.c for CRC64 calculation
     (bsc#1130972).
   - bcache: use sysfs_strtoul_bool() to set bit-field variables
     (bsc#1130972).
   - block: Do not revalidate bdev of hidden gendisk (bsc#1120091).
   - block: check_events: do not bother with events if unsupported
     (bsc#1110946, bsc#1119843).
   - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).
   - block: do not leak memory in bio_copy_user_iov() (bsc#1135309).
   - block: fix the return errno for direct IO (bsc#1135320).
   - block: fix use-after-free on gendisk (bsc#1135312).
   - bluetooth: Align minimum encryption key size for LE and BR/EDR
     connections (bsc#1051510).
   - bluetooth: Check key sizes only when Secure Simple Pairing is enabled
     (bsc#1135556).
   - bluetooth: hidp: fix buffer overflow (bsc#1051510).
   - bnxt_en: Free short FW command HWRM memory in error path in
     bnxt_init_one() (bsc#1050242).
   - bnxt_en: Improve RX consumer index validity check
     (networking-stable-19_04_10).
   - bnxt_en: Improve multicast address setup logic
     (networking-stable-19_05_04).
   - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).
   - bonding: fix event handling for stacked bonds
     (networking-stable-19_04_19).
   - bpf, lru: avoid messing with eviction heuristics upon syscall lookup
     (bsc#1083647).
   - bpf: Add missed newline in verifier verbose log (bsc#1056787).
   - bpf: add map_lookup_elem_sys_only for lookups from syscall side
     (bsc#1083647).
   - brcm80211: potential NULL dereference in
     brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).
   - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510).
   - brcmfmac: fix Oops when bringing up interface during usb disconnect
     (bsc#1051510).
   - brcmfmac: fix WARNING during usb disconnect in case of unempty psq
     (bsc#1051510).
   - brcmfmac: fix missing checks for kmemdup (bsc#1051510).
   - brcmfmac: fix race during disconnect when usb completion is in progress
     (bsc#1051510).
   - btrfs: Do not panic when we can't find a root key (bsc#1112063).
   - btrfs: Factor out common delayed refs init code (bsc#1134813).
   - btrfs: Introduce init_delayed_ref_head (bsc#1134813).
   - btrfs: Open-code add_delayed_data_ref (bsc#1134813).
   - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
   - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
   - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
   - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
   - btrfs: add a helper to return a head ref (bsc#1134813).
   - btrfs: breakout empty head cleanup to a helper (bsc#1134813).
   - btrfs: delayed-ref: Introduce better documented delayed ref structures
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: delayed-ref: Use btrfs_ref to refactor
     btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: delayed-ref: Use btrfs_ref to refactor
     btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: do not allow trimming when a fs is mounted with the nologreplay
     option (bsc#1135758).
   - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881).
   - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes()
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent()
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref()
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: fix fsync not persisting changed attributes of a directory
     (bsc#1137151).
   - btrfs: fix race between ranged fsync and writeback of adjacent ranges
     (bsc#1136477).
   - btrfs: fix race updating log root item during fsync (bsc#1137153).
   - btrfs: fix wrong ctime and mtime of a directory after log replay
     (bsc#1137152).
   - btrfs: improve performance on fsync of files with multiple hardlinks
     (bsc#1123454).
   - btrfs: move all ref head cleanup to the helper function (bsc#1134813).
   - btrfs: move extent_op cleanup to a helper (bsc#1134813).
   - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
   - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer
     dereference (bsc#1134806).
   - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head
     to btrfs_qgroup_extent_record (bsc#1134162).
   - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release
     (bsc#1134160).
   - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON()
     (bsc#1133612).
   - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
   - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).
   - btrfs: split delayed ref head initialization and addition (bsc#1134813).
   - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
   - btrfs: tree-checker: detect file extent items with overlapping ranges
     (bsc#1136478).
   - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).
   - ceph: fix ci->i_head_snapc leak (bsc#1122776).
   - ceph: fix use-after-free on symlink traversal (bsc#1134459).
   - ceph: only use d_name directly when parent is locked (bsc#1134460).
   - chardev: add additional check for minor range overlap (bsc#1051510).
   - cifs: keep FileInfo handle live during oplock break (bsc#1106284,
     bsc#1131565).
   - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).
   - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).
   - config: Debug kernel is not supported (bsc#1135492).
   - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510).
   - configfs: fix possible use-after-free in configfs_register_group
     (bsc#1051510).
   - crypto: arm/aes-neonbs - do not access already-freed walk.iv
     (bsc#1051510).
   - crypto: caam - fix caam_dump_sg that iterates through scatterlist
     (bsc#1051510).
   - crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
     (bsc#1051510).
   - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
     (bsc#1051510).
   - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).
   - crypto: crct10dif-generic - fix use via crypto_shash_digest()
     (bsc#1051510).
   - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).
   - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
     (bsc#1051510).
   - crypto: skcipher - do not WARN on unprocessed data after slow walk step
     (bsc#1051510).
   - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).
   - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).
   - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).
   - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661,
     bsc#1137162).
   - crypto: vmx - return correct error code on failed setkey (bsc#1135661,
     bsc#1137162).
   - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
     (bsc#1051510).
   - dccp: Fix memleak in __feat_register_sp (bsc#1051510).
   - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).
   - debugfs: fix use-after-free on symlink traversal (bsc#1051510).
   - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).
   - dmaengine: axi-dmac: Do not check the number of frames for alignment
     (bsc#1051510).
   - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).
   - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
   - documentation: Add MDS vulnerability documentation (bsc#1135642).
   - documentation: Correct the possible MDS sysfs values (bsc#1135642).
   - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158).
   - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510).
   - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).
   - drm/drv: Hold ref on parent device during drm_device lifetime
     (bsc#1051510).
   - drm/etnaviv: lock MMU while dumping core (bsc#1113722)
   - drm/fb-helper: dpms_legacy(): Only set on connectors in use
     (bsc#1051510).
   - drm/i915/fbc: disable framebuffer compression on GeminiLake
     (bsc#1051510).
   - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722)
   - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list
     (bnc#1113722)
   - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+
     (bsc#1113722)
   - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722)
   - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware
     (bsc#1051510).
   - drm/i915/gvt: refine ggtt range validation (bsc#1113722)
   - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).
   - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).
   - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).
   - drm/imx: do not skip DP channel disable for background plane
     (bsc#1051510).
   - drm/mediatek: fix possible object reference leak (bsc#1051510).
   - drm/meson: add size and alignment requirements for dumb buffers
     (bnc#1113722)
   - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722)
   - drm/rockchip: fix for mailbox read validation (bsc#1051510).
   - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).
   - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)
   - drm/ttm: Remove warning about inconsistent mapping information
     (bnc#1131488)
   - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set
     (bsc#1051510).
   - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
     (bsc#1113722)
   - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
     invalid read (bsc#1051510).
   - drm: Wake up next in drm_read() chain if we are forced to putback the
     event (bsc#1051510).
   - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902).
   - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902).
   - dt-bindings: net: Add binding for the external clock for TI WiLink
     (bsc#1085535).
   - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings
     (bsc#1129770).
   - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902).
   - dwc2: gadget: Fix completed transfer size calculation in DDMA
     (bsc#1051510).
   - efi/arm: Defer persistent reservations until after paging_init()
     (bsc#1117158).
   - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158
     bsc#1115688 bsc#1120566).
   - efi/arm: Revert "Defer persistent reservations until after
     paging_init()" (bsc#1117158).
   - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158).
   - efi/arm: libstub: add a root memreserve config table (bsc#1117158).
   - efi/arm: map UEFI memory map even w/o runtime services enabled
     (bsc#1117158).
   - efi/arm: preserve early mapping of UEFI memory map longer for BGRT
     (bsc#1117158).
   - efi: Permit calling efi_mem_reserve_persistent() from atomic context
     (bsc#1117158).
   - efi: Permit multiple entries in persistent memreserve data structure
     (bsc#1117158).
   - efi: Prevent GICv3 WARN() by mapping the memreserve table before first
     use (bsc#1117158).
   - efi: Reduce the amount of memblock reservations for persistent
     allocations (bsc#1117158).
   - efi: add API to reserve memory persistently across kexec reboot
     (bsc#1117158).
   - efi: honour memory reservations passed via a linux specific config table
     (bsc#1117158).
   - ext4: actually request zeroing of inode table after grow (bsc#1135315).
   - ext4: avoid panic during forced reboot due to aborted journal
     (bsc#1126356).
   - ext4: fix data corruption caused by overlapping unaligned and aligned IO
     (bsc#1136428).
   - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).
   - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).
   - ext4: make sanity check in mballoc more strict (bsc#1136439).
   - ext4: wait for outstanding dio during truncate in nojournal mode
     (bsc#1136438).
   - extcon: arizona: Disable mic detect if running when driver is removed
     (bsc#1051510).
   - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722)
   - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722)
   - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).
   - fix rtnh_ok() (git-fixes).
   - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback
     (bsc#1136432).
   - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
     into workqueue when umount (bsc#1136435).
   - ftrace/x86_64: Emulate call function while updating in breakpoint
     handler (bsc#1099658).
   - fuse: fallocate: fix return with locked inode (bsc#1051510).
   - fuse: fix writepages on 32bit (bsc#1051510).
   - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).
   - genetlink: Fix a memory leak on error path (networking-stable-19_03_28).
   - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).
   - gpio: Remove obsolete comment about gpiochip_free_hogs() usage
     (bsc#1051510).
   - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).
   - gpio: fix gpio-adp5588 build errors (bsc#1051510).
   - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).
   - hid: debug: fix race condition with between rdesc_show() and device
     removal (bsc#1051510).
   - hid: input: add mapping for "Toggle Display" key (bsc#1051510).
   - hid: input: add mapping for Assistant key (bsc#1051510).
   - hid: input: add mapping for Expose/Overview key (bsc#1051510).
   - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys
     (bsc#1051510).
   - hid: logitech-hidpp: change low battery level threshold from 31 to 30
     percent (bsc#1051510).
   - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version
     (bsc#1051510).
   - hid: logitech: check the return value of create_singlethread_workqueue
     (bsc#1051510).
   - hwmon: (core) add thermal sensors only if dev->of_node is present
     (bsc#1051510).
   - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
     (bsc#1051510).
   - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
     (bsc#1051510).
   - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
     (bsc#1051510).
   - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
     (bsc#1051510).
   - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
     (bsc#1051510).
   - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
     (bsc#1051510).
   - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
     (bsc#1051510).
   - hwrng: omap - Set default quality (bsc#1051510).
   - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).
   - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510).
   - ibmvnic: Add device identification to requested IRQs (bsc#1137739).
   - ibmvnic: Do not close unopened driver during reset (bsc#1137752).
   - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
   - ibmvnic: Refresh device multicast list after reset (bsc#1137752).
   - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
   - igmp: fix incorrect unsolicit report count when join group (git-fixes).
   - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
     (bsc#1051510).
   - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).
   - iio: common: ssp_sensors: Initialize calculated_time in
     ssp_common_process_data (bsc#1051510).
   - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).
   - indirect call wrappers: helpers to speed-up indirect calls of builtin
     (bsc#1124503).
   - inetpeer: fix uninit-value in inet_getpeer (git-fixes).
   - input: elan_i2c - add hardware ID for multiple Lenovo laptops
     (bsc#1051510).
   - input: introduce KEY_ASSISTANT (bsc#1051510).
   - input: synaptics-rmi4 - fix possible double free (bsc#1051510).
   - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).
   - intel_th: pci: Add Comet Lake support (bsc#1051510).
   - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump
     kernel (bsc#1117158).
   - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158
     bsc#1134671).
   - iommu/vt-d: Do not request page request irq under dmar_global_lock
     (bsc#1135006).
   - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
     (bsc#1135007).
   - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).
   - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
     (networking-stable-19_04_10).
   - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address
     (git-fixes).
   - ip_gre: fix parsing gre header in ipgre_err (git-fixes).
   - ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
     (git-fixes).
   - ipconfig: Correctly initialise ic_nameservers (bsc#1051510).
   - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).
   - ipmi:ssif: compare block number correctly for multi-part return messages
     (bsc#1051510).
   - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).
   - ipmi_ssif: update patch reference for ipmi_ssif fix (bsc#1135120)
   - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
     (git-fixes).
   - ipv4: add sanity checks in ipv4_link_failure() (git-fixes).
   - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
     (networking-stable-19_04_19).
   - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
     (networking-stable-19_05_04).
   - ipv4: recompile ip options in ipv4_link_failure
     (networking-stable-19_04_19).
   - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
     (networking-stable-19_04_30).
   - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes).
   - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).
   - ipv6: fix cleanup ordering for pingv6 registration (git-fixes).
   - ipv6: invert flowlabel sharing check in process and user mode
     (git-fixes).
   - ipv6: mcast: fix unsolicited report interval after receiving querys
     (git-fixes).
   - ipvlan: Add the skb->mark as flow4's member to lookup route
     (bsc#1051510).
   - ipvlan: fix ipv6 outbound device (bsc#1051510).
   - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).
   - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).
   - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes).
   - ipvs: fix buffer overflow with sync daemon and service (git-fixes).
   - ipvs: fix check on xmit to non-local addresses (git-fixes).
   - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
     (bsc#1051510).
   - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).
   - ipvs: fix stats update from local clients (git-fixes).
   - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).
   - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
     (bsc#1051510).
   - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510).
   - jbd2: check superblock mapped prior to committing (bsc#1136430).
   - kABI workaround for removed usb_interface.pm_usage_cnt field
     (bsc#1051510).
   - kABI workaround for snd_seq_kernel_client_enqueue() API changes
     (bsc#1051510).
   - kABI: protect dma-mapping.h include (kabi).
   - kABI: protect ip_options_rcv_srr (kabi).
   - kABI: protect struct mlx5_td (kabi).
   - kABI: protect struct pci_dev (kabi).
   - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
   - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647).
   - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout
     (bsc#1137586).
   - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes).
   - kernel/sys.c: prctl: fix false positive in validate_prctl_map()
     (git-fixes).
   - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
     (bsc#1051510).
   - kernel/sysctl.c: fix out-of-bounds access when setting file-max
     (bsc#1051510).
   - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642).
   - kmsg: Update message catalog to latest IBM level (2019/03/08)
     (bsc#1128904 LTC#176078).
   - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).
   - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers
     (bsc#1061840).
   - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough
     interrupts (bsc#1061840).
   - kvm: PPC: Book3S: Protect memslots while validating user address
     (bsc#1061840).
   - kvm: PPC: Release all hardware TCE tables attached to a group
     (bsc#1061840).
   - kvm: PPC: Remove redundand permission bits removal (bsc#1061840).
   - kvm: PPC: Validate TCEs against preregistered memory page sizes
     (bsc#1061840).
   - kvm: PPC: Validate all tces before updating tables (bsc#1061840).
   - kvm: VMX: Zero out *all* general purpose registers after VM-Exit
     (bsc#1134202).
   - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).
   - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail
     (bsc#1134201).
   - kvm: s390: fix memory overwrites when not using SCA entries
     (bsc#1136206).
   - kvm: s390: provide io interrupt kvm_stat (bsc#1136206).
   - kvm: s390: use created_vcpus in more places (bsc#1136206).
   - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206).
   - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels
     (bsc#1134203).
   - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU
     (bsc#1134204).
   - kvm: x86: svm: make sure NMI is injected after nmi_singlestep
     (bsc#1134205).
   - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).
   - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).
   - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).
   - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).
   - l2tp: prevent pppol2tp_connect() from creating kernel sockets
     (git-fixes).
   - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510).
   - leds: avoid flush_work in atomic context (bsc#1051510).
   - leds: avoid races with workqueue (bsc#1051510).
   - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).
   - lib: add crc64 calculation routines (bsc#1130972).
   - lib: do not depend on linux headers being installed (bsc#1130972).
   - libata: fix using DMA buffers on stack (bsc#1051510).
   - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
     (bsc#1051510).
   - livepatch: Convert error about unsupported reliable stacktrace into a
     warning (bsc#1071995).
   - livepatch: Remove custom kobject state handling (bsc#1071995).
   - livepatch: Remove duplicated code for early initialization (bsc#1071995).
   - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).
   - mISDN: Check address length before reading address family (bsc#1051510).
   - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).
   - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).
   - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).
   - mac80211: fix unaligned access in mesh table hash function (bsc#1051510).
   - mac8390: Fix mmio access size probe (bsc#1051510).
   - md: fix invalid stored role for a disk (bsc#1051510).
   - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).
   - media: au0828: Fix NULL pointer dereference in
     au0828_analog_stream_enable() (bsc#1051510).
   - media: au0828: stop video streaming only when last user stops
     (bsc#1051510).
   - media: coda: clear error return value before picture run (bsc#1051510).
   - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
   - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).
   - media: cx23885: check allocation return (bsc#1051510).
   - media: davinci-isif: avoid uninitialized variable use (bsc#1051510).
   - media: davinci/vpbe: array underflow in vpbe_enum_outputs()
     (bsc#1051510).
   - media: go7007: avoid clang frame overflow warning with KASAN
     (bsc#1051510).
   - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).
   - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
     (bsc#1051510).
   - media: omap_vout: potential buffer overflow in vidioc_dqbuf()
     (bsc#1051510).
   - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).
   - media: ov2659: make S_FMT succeed even if requested format does not
     match (bsc#1051510).
   - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).
   - media: saa7146: avoid high stack usage with clang (bsc#1051510).
   - media: serial_ir: Fix use-after-free in serial_ir_init_module
     (bsc#1051510).
   - media: smsusb: better handle optional alignment (bsc#1051510).
   - media: tw5864: Fix possible NULL pointer dereference in
     tw5864_handle_frame (bsc#1051510).
   - media: usb: siano: Fix false-positive "uninitialized variable" warning
     (bsc#1051510).
   - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).
   - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
     (bsc#1051510).
   - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).
   - media: wl128x: prevent two potential buffer overflows (bsc#1051510).
   - memcg: make it work on sparse non-0-node systems (bnc#1133616).
   - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616).
   - mfd: da9063: Fix OTP control register names to match datasheets for
     DA9063/63L (bsc#1051510).
   - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510).
   - mlxsw: spectrum: Fix autoneg status in ethtool
     (networking-stable-19_04_30).
   - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372)
   - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned
     addresses (bsc#1135330).
   - mm: hwpoison: fix thp split handing in  soft_offline_in_use_page()
     (bsc#1130699, CVE-2019-10124).
   - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
   - mmc: block: Delete gendisk before cleaning up the request queue
     (bsc#1127616).
   - mmc: core: Verify SD bus width (bsc#1051510).
   - mmc: core: fix possible use after free of host (bsc#1051510).
   - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
     (bsc#1051510).
   - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time
     problem (bsc#1051510).
   - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
   - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
   - mmc_spi: add a status check for spi_sync_locked (bsc#1051510).
   - mount: copy the port field into the cloned nfs_server structure
     (bsc#1136990).
   - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device
     (bsc#1051510).
   - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).
   - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol
     (bsc#1051510).
   - mtd: part: fix incorrect format specifier for an unsigned long long
     (bsc#1051510).
   - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on
     read/write (bsc#1129770).
   - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
   - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).
   - mwifiex: Fix possible buffer overflows at parsing bss descriptor
   - mwifiex: prevent an array overflow (bsc#1051510).
   - mwl8k: Fix rate_idx underflow (bsc#1051510).
   - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes).
   - net-gro: Fix GRO flush when receiving a GSO packet
     (networking-stable-19_04_10).
   - net/ibmvnic: Remove tests of member address (bsc#1137739).
   - net/ibmvnic: Update MAC address settings after adapter reset
     (bsc#1134760).
   - net/ibmvnic: Update carrier state after link state change (bsc#1135100).
   - net/ipv4: defensive cipso option parsing (git-fixes).
   - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev
     (git-fixes).
   - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).
   - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices
     (git-fixes).
   - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes).
   - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10).
   - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10).
   - net/mlx5e: Fix error handling when refreshing TIRs
     (networking-stable-19_04_10).
   - net/mlx5e: Fix trailing semicolon (bsc#1075020).
   - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020).
   - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
     (networking-stable-19_04_30).
   - net/rose: fix unbound loop in rose_loopback_timer()
     (networking-stable-19_04_30).
   - net/sched: act_sample: fix divide by zero in the traffic path
     (networking-stable-19_04_10).
   - net/sched: do not dereference a->goto_chain to read the chain index
     (bsc#1064802 bsc#1066129).
   - net/sched: fix ->get helper of the matchall cls
     (networking-stable-19_04_10).
   - net: Fix a bug in removing queues from XPS map (git-fixes).
   - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
     (networking-stable-19_03_28).
   - net: atm: Fix potential Spectre v1 vulnerabilities
     (networking-stable-19_04_19).
   - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).
   - net: do not keep lonely packets forever in the gro hash (git-fixes).
   - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
     (networking-stable-19_05_04).
   - net: dsa: legacy: do not unmask port bitmaps (git-fixes).
   - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
     (git-fixes).
   - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696
     bsc#1117561).
   - net: ethtool: not call vzalloc for zero sized memory request
     (networking-stable-19_04_10).
   - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).
   - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
     (networking-stable-19_04_19).
   - net: hns3: remove resetting check in hclgevf_reset_task_schedule
     (bsc#1104353 bsc#1135056).
   - net: initialize skb->peeked when cloning (git-fixes).
   - net: make skb_partial_csum_set() more robust against overflows
     (git-fixes).
   - net: phy: marvell: Fix buffer overrun with stats counters
     (networking-stable-19_05_04).
   - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30).
   - net: rose: fix a possible stack overflow (networking-stable-19_03_28).
   - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes).
   - net: stmmac: fix memory corruption with large MTUs
     (networking-stable-19_03_28).
   - net: stmmac: move stmmac_check_ether_addr() to driver probe
     (networking-stable-19_04_30).
   - net: test tailroom before appending to linear skb (git-fixes).
   - net: thunderx: do not allow jumbo frames with XDP
     (networking-stable-19_04_19).
   - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19).
   - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).
   - net: use indirect call wrappers at GRO network layer (bsc#1124503).
   - net: use indirect call wrappers at GRO transport layer (bsc#1124503).
   - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev
     (git-fixes).
   - netfilter: bridge: ebt_among: add missing match size checks (git-fixes).
   - netfilter: bridge: ebt_among: add more missing match size checks
     (git-fixes).
   - netfilter: drop template ct when conntrack is skipped (git-fixes).
   - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
     (git-fixes).
   - netfilter: ebtables: handle string from userspace with care (git-fixes).
   - netfilter: ebtables: reject non-bridge targets (git-fixes).
   - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
     (git-fixes).
   - netfilter: nf_log: do not hold nf_log_mutex during user access
     (git-fixes).
   - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).
   - netfilter: nf_socket: Fix out of bounds access in
     nf_sk_lookup_slow_v{4,6} (git-fixes).
   - netfilter: nf_tables: can't fail after linking rule into active rule
     list (git-fixes).
   - netfilter: nf_tables: check msg_type before nft_trans_set(trans)
     (git-fixes).
   - netfilter: nf_tables: fix NULL pointer dereference on
     nft_ct_helper_obj_dump() (git-fixes).
   - netfilter: nf_tables: fix leaking object reference count (git-fixes).
   - netfilter: nf_tables: release chain in flushing set (git-fixes).
   - netfilter: nft_compat: do not dump private area (git-fixes).
   - netfilter: x_tables: initialise match/target check parameter struct
     (git-fixes).
   - netlink: fix uninit-value in netlink_sendmsg (git-fixes).
   - nfs add module option to limit NFSv4 minor version (jsc#PM-231).
   - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations
     (git-fixes).
   - nfs: Enable NFSv4.2 support - jsc at PM-231
   - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
     (bsc#1051510).
   - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration
     (bsc#1129273).
   - nvme-rdma: fix possible free of a non-allocated async event buffer
     (bsc#1120423).
   - nvme: Do not remove namespaces during reset (bsc#1131673).
   - nvme: flush scan_work when resetting controller (bsc#1131673).
   - objtool: Fix function fallthrough detection (bsc#1058115).
   - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434).
   - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on
     OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.
   - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
   - omapfb: add missing of_node_put after of_device_is_available
     (bsc#1051510).
   - openvswitch: add seqadj extension when NAT is used (bsc#1051510).
   - openvswitch: fix flow actions reallocation (bsc#1051510).
   - p54: drop device reference count if fails to enable device (bsc#1135642).
   - packet: fix reserve calculation (git-fixes).
   - packet: in packet_snd start writing at link layer allocation (git-fixes).
   - packet: refine ring v3 block size test to hold one frame (git-fixes).
   - packet: reset network header if packet shorter than ll reserved space
     (git-fixes).
   - packet: validate msg_namelen in send directly (git-fixes).
   - packets: Always register packet sk in the same order
     (networking-stable-19_03_28).
   - parport: Fix mem leak in parport_register_dev_model (bsc#1051510).
   - pci: Factor out pcie_retrain_link() function (git-fixes).
   - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).
   - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).
   - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum
     (git-fixes).
   - pci: endpoint: Use EPC's device in
     dma_alloc_coherent()/dma_free_coherent() (git-fixes).
   - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
     (bsc#1051510).
   - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).
   - platform/x86: dell-rbtn: Add missing #include (bsc#1051510).
   - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).
   - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning"
     (bsc#1051510).
   - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems
     DMI table (bsc#1051510).
   - platform/x86: pmc_atom: Add several Beckhoff Automation boards to
     critclk_systems DMI table (bsc#1051510).
   - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).
   - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).
   - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros
     (bsc#1051510).
   - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).
   - powerpc/64s: Fix page table fragment refcount race vs speculative
     references (bsc#1131326, bsc#1108937).
   - powerpc/eeh: Fix race with driver un/bind (bsc#1065729).
   - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186,
     git-fixes).
   - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186,
     git-fixes).
   - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186,
     git-fixes).
   - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729).
   - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
   - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729).
   - powerpc/process: Fix sparse address space warnings (bsc#1065729).
   - powerpc: Always initialize input array when calling epapr_hypercall()
     (bsc#1065729).
   - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729).
   - proc/kcore: do not bounds check against address 0 (bsc#1051510).
   - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).
   - proc: revalidate kernel thread inodes to root:root (bsc#1051510).
   - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
     (git-fixes).
   - pwm: Fix deadlock warning when removing PWM device (bsc#1051510).
   - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).
   - pwm: meson: Do not disable PWM when setting duty repeatedly
     (bsc#1051510).
   - pwm: meson: Use the spin-lock only to protect register modifications
     (bsc#1051510).
   - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).
   - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).
   - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).
   - qmi_wwan: add Olicard 600 (bsc#1051510).
   - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ).
   - rdma/rxe: Consider skb reserve space based on netdev of GID
     (bsc#1082387, bsc#1103992).
   - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
     (bsc#1051510).
   - rt2x00: do not increment sequence number while re-transmitting
     (bsc#1051510).
   - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).
   - rtc: da9063: set uie_unsupported when relevant (bsc#1051510).
   - rtc: do not reference bogus function pointer in kdoc (bsc#1051510).
   - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510).
   - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
   - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).
   - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes).
   - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
     (git-fixes).
   - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).
   - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
     (bsc#1051510).
   - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).
   - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).
   - scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword
   - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
   - scripts: override locale from environment when running recordmcount.pl
     (bsc#1134354).
   - scsi: qedf: fixup bit operations (bsc#1135542).
   - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542).
   - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542).
   - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature
     (bsc#1130579).
   - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444).
   - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139).
   - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139).
   - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).
   - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444).
   - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp()
     (bsc#1137444).
   - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze
     (bsc#1137444).
   - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes
     'res' (bsc#1137444).
   - scsi: qla2xxx: NULL check before some freeing functions is not needed
     (bsc#1137444).
   - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444).
   - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry()
     (bsc#1137444).
   - scsi: qla2xxx: Remove unused symbols (bsc#1118139).
   - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function
     (bsc#1137444).
   - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139).
   - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139).
   - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent"
     (bsc#1118139).
   - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444).
   - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).
   - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139).
   - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of
     reinventing them (bsc#1137444).
   - sctp: avoid running the sctp state machine recursively
     (networking-stable-19_05_04).
   - sctp: fix identification of new acks for SFR-CACC (git-fixes).
   - sctp: get sctphdr by offset in sctp_compute_cksum
     (networking-stable-19_03_28).
   - sctp: initialize _pad of sockaddr_in before copying to user memory
     (networking-stable-19_04_10).
   - sctp: only update outstanding_bytes for transmitted queue when doing
     prsctp_prune (git-fixes).
   - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).
   - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).
   - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).
   - serial: ar933x_uart: Fix build failure with disabled console
     (bsc#1051510).
   - serial: uartps: console_setup() can't be placed to init section
     (bsc#1051510).
   - signal: Always notice exiting tasks (git-fixes).
   - signal: Better detection of synchronous signals (git-fixes).
   - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).
   - snd: re-export snd_cards for kABI compatibility (bsc#1051510).
   - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).
   - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
     (bsc#1051510).
   - spi: Micrel eth switch: declare missing of table (bsc#1051510).
   - spi: ST ST95HF NFC: declare missing of table (bsc#1051510).
   - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).
   - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
     (bsc#1051510).
   - spi: bcm2835aux: setup gpio-cs to output and correct level during setup
     (bsc#1051510).
   - spi: bcm2835aux: warn in dmesg that native cs is not really supported
     (bsc#1051510).
   - spi: rspi: Fix sequencer reset during initialization (bsc#1051510).
   - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
     (bsc#1051510).
   - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
     (bsc#1051510).
   - staging: vc04_services: Fix a couple error codes (bsc#1051510).
   - staging: vc04_services: prevent integer overflow in create_pagelist()
     (bsc#1051510).
   - staging: wlan-ng: fix adapter initialization failure (bsc#1051510).
   - stm class: Fix an endless loop in channel allocation (bsc#1051510).
   - stm class: Fix channel free in stm output free path (bsc#1051510).
   - stm class: Prevent division by zero (bsc#1051510).
   - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30).
   - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
   - switchtec: Fix unintended mask of MRPC event (git-fixes).
   - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10).
   - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
   - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).
   - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
   - tcp: limit payload size of sacked skbs (bsc#1137586).
   - tcp: purge write queue in tcp_connect_init() (git-fixes).
   - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
   - tcp: tcp_grow_window() needs to respect tcp_space()
     (networking-stable-19_04_19).
   - team: fix possible recursive locking when add slaves
     (networking-stable-19_04_30).
   - team: set slave to promisc if team is already in promisc mode
     (bsc#1051510).
   - test_firmware: Use correct snprintf() limit (bsc#1135642).
   - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).
   - thermal/int340x_thermal: fix mode setting (bsc#1051510).
   - thermal: cpu_cooling: Actually trace CPU load in
     thermal_power_cpu_get_power (bsc#1051510).
   - thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
   - thunderx: eliminate extra calls to put_page() for pages held for
     recycling (networking-stable-19_03_28).
   - thunderx: enable page recycling for non-XDP case
     (networking-stable-19_03_28).
   - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes).
   - tipc: missing entries in name table of publications
     (networking-stable-19_04_19).
   - tools lib traceevent: Fix missing equality check for strcmp
     (bsc#1129770).
   - tracing: Fix partial reading of trace event's id file (bsc#1136573).
   - treewide: Use DEVICE_ATTR_WO (bsc#1137739).
   - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).
   - tty: increase the default flip buffer limit to 2*640K (bsc#1051510).
   - tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
   - tty: pty: Fix race condition between release_one_tty and pty_write
     (bsc#1051510).
   - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
   - tty: serial_core, add ->install (bnc#1129693).
   - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
     (bsc#1051510).
   - tun: add a missing rcu_read_unlock() in error path
     (networking-stable-19_03_28).
   - tun: properly test for IFF_UP (networking-stable-19_03_28).
   - uas: fix alignment of scatter/gather segments (bsc#1129770).
   - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503).
   - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
     (bsc#1135323).
   - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).
   - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
   - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor
     (bsc#1051510).
   - usb: cdc-acm: fix unthrottle races (bsc#1051510).
   - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
     (bsc#1051510).
   - usb: core: Do not unbind interfaces following device reset failure
     (bsc#1051510).
   - usb: core: Fix bug caused by duplicate interface PM usage counter
     (bsc#1051510).
   - usb: core: Fix unterminated string returned by usb_string()
     (bsc#1051510).
   - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).
   - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).
   - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).
   - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).
   - usb: rio500: fix memory leak in close after disconnect (bsc#1051510).
   - usb: rio500: refuse more than one device at a time (bsc#1051510).
   - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).
   - usb: serial: fix unthrottle races (bsc#1051510).
   - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).
   - usb: u132-hcd: fix resource leak (bsc#1051510).
   - usb: usb251xb: fix to avoid potential NULL pointer dereference
     (bsc#1051510).
   - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).
   - usb: w1 ds2490: Fix bug caused by improper use of altsetting array
     (bsc#1051510).
   - usb: yurex: Fix protection fault after device removal (bsc#1051510).
   - usbip: usbip_host: fix BUG: sleeping function called from invalid
     context (bsc#1051510).
   - usbip: usbip_host: fix stub_dev lock context imbalance regression
     (bsc#1051510).
   - usbnet: fix kernel crash after disconnect (bsc#1051510).
   - userfaultfd: use RCU to free the task struct when fork fails (git-fixes).
   - vfio/mdev: Avoid release parent reference during error path
     (bsc#1051510).
   - vfio/mdev: Fix aborting mdev child device removal if one fails
     (bsc#1051510).
   - vfio/pci: use correct format characters (bsc#1051510).
   - vfio_pci: Enable memory accesses before calling pci_map_rom
     (bsc#1051510).
   - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).
   - vhost: reject zero size iova range (networking-stable-19_04_19).
   - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).
   - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).
   - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).
   - vrf: check accept_source_route on the original netdevice
     (networking-stable-19_04_10).
   - vsock/virtio: Initialize core virtio vsock before registering the driver
     (bsc#1051510).
   - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).
   - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
     (bsc#1051510).
   - vsock/virtio: reset connected sockets on device removal (bsc#1051510).
   - vt: always call notifier with the console lock held (bsc#1051510).
   - vxlan: Do not call gro_cells_destroy() before device is unregistered
     (networking-stable-19_03_28).
   - vxlan: trivial indenting fix (bsc#1051510).
   - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete
     (bsc#1051510).
   - w1: fix the resume command API (bsc#1051510).
   - x86/speculation/mds: Fix documentation typo (bsc#1135642).
   - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
   - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
   - xen/pciback: Do not disable pci_COMMAND on pci device reset
     (bsc#1065600).
   - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and
     xenbus_file_write() (bsc#1065600).
   - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes).
   - xfrm6: call kfree_skb when skb is toobig (git-fixes).
   - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).
   - xfrm: Return error on unknown encap_type in init_state (git-fixes).
   - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes).
   - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes).
   - xfrm: fix missing dst_release() after policy blocking lbcast and
     multicast (git-fixes).
   - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).
   - xfrm: reset crypto_done when iterating over multiple input xfrms
     (git-fixes).
   - xfrm: reset transport header back to network header after all input
     transforms ahave been applied (git-fixes).
   - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes).
   - xfs: add log item pinning error injection tag (bsc#1114427).
   - xfs: buffer lru reference count error injection tag (bsc#1114427).
   - xfs: check _btree_check_block value (bsc#1123663).
   - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).
   - xfs: create block pointer check functions (bsc#1123663).
   - xfs: create inode pointer verifiers (bsc#1114427).
   - xfs: detect and fix bad summary counts at mount (bsc#1114427).
   - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub
     (bsc#1114427).
   - xfs: export various function for the online scrubber (bsc#1123663).
   - xfs: expose errortag knobs via sysfs (bsc#1114427).
   - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).
   - xfs: force summary counter recalc at next mount (bsc#1114427).
   - xfs: kill meaningless variable 'zero' (bsc#1106011).
   - xfs: make errortag a per-mountpoint structure (bsc#1123663).
   - xfs: move error injection tags into their own file (bsc#1114427).
   - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).
   - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL
     (bsc#1106011).
   - xfs: refactor btree block header checking functions (bsc#1123663).
   - xfs: refactor btree pointer checks (bsc#1123663).
   - xfs: refactor unmount record write (bsc#1114427).
   - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).
   - xfs: remove xfs_zero_range (bsc#1106011).
   - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).
   - xfs: replace log_badcrc_factor knob with error injection tag
     (bsc#1114427).
   - xfs: sanity-check the unused space before trying to use it (bsc#1123663).
   - xfs: serialize unaligned dio writes against all other dio writes
     (bsc#1134936).
   - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
     (bsc#1051510).
   - xhci: Use %zu for printing size_t type (bsc#1051510).
   - xhci: update bounce buffer with correct sg num (bsc#1051510).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1535=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1535=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64):

      kernel-azure-4.12.14-5.30.1
      kernel-azure-base-4.12.14-5.30.1
      kernel-azure-base-debuginfo-4.12.14-5.30.1
      kernel-azure-debuginfo-4.12.14-5.30.1
      kernel-azure-devel-4.12.14-5.30.1
      kernel-syms-azure-4.12.14-5.30.1

   - SUSE Linux Enterprise Module for Public Cloud 15 (noarch):

      kernel-devel-azure-4.12.14-5.30.1
      kernel-source-azure-4.12.14-5.30.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):

      kernel-devel-azure-4.12.14-5.30.1
      kernel-source-azure-4.12.14-5.30.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):

      cluster-md-kmp-azure-4.12.14-5.30.1
      cluster-md-kmp-azure-debuginfo-4.12.14-5.30.1
      dlm-kmp-azure-4.12.14-5.30.1
      dlm-kmp-azure-debuginfo-4.12.14-5.30.1
      gfs2-kmp-azure-4.12.14-5.30.1
      gfs2-kmp-azure-debuginfo-4.12.14-5.30.1
      kernel-azure-4.12.14-5.30.1
      kernel-azure-base-4.12.14-5.30.1
      kernel-azure-base-debuginfo-4.12.14-5.30.1
      kernel-azure-debuginfo-4.12.14-5.30.1
      kernel-azure-debugsource-4.12.14-5.30.1
      kernel-azure-devel-4.12.14-5.30.1
      kernel-azure-devel-debuginfo-4.12.14-5.30.1
      kernel-azure-extra-4.12.14-5.30.1
      kernel-azure-extra-debuginfo-4.12.14-5.30.1
      kernel-azure-livepatch-4.12.14-5.30.1
      kernel-syms-azure-4.12.14-5.30.1
      kselftests-kmp-azure-4.12.14-5.30.1
      kselftests-kmp-azure-debuginfo-4.12.14-5.30.1
      ocfs2-kmp-azure-4.12.14-5.30.1
      ocfs2-kmp-azure-debuginfo-4.12.14-5.30.1
      reiserfs-kmp-azure-4.12.14-5.30.1
      reiserfs-kmp-azure-debuginfo-4.12.14-5.30.1


References:

   https://www.suse.com/security/cve/CVE-2018-7191.html
   https://www.suse.com/security/cve/CVE-2019-10124.html
   https://www.suse.com/security/cve/CVE-2019-11085.html
   https://www.suse.com/security/cve/CVE-2019-11477.html
   https://www.suse.com/security/cve/CVE-2019-11478.html
   https://www.suse.com/security/cve/CVE-2019-11479.html
   https://www.suse.com/security/cve/CVE-2019-11486.html
   https://www.suse.com/security/cve/CVE-2019-11487.html
   https://www.suse.com/security/cve/CVE-2019-11815.html
   https://www.suse.com/security/cve/CVE-2019-11833.html
   https://www.suse.com/security/cve/CVE-2019-11884.html
   https://www.suse.com/security/cve/CVE-2019-12382.html
   https://www.suse.com/security/cve/CVE-2019-3846.html
   https://www.suse.com/security/cve/CVE-2019-5489.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1050242
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1053043
   https://bugzilla.suse.com/1055186
   https://bugzilla.suse.com/1056787
   https://bugzilla.suse.com/1058115
   https://bugzilla.suse.com/1061840
   https://bugzilla.suse.com/1063638
   https://bugzilla.suse.com/1064802
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1066129
   https://bugzilla.suse.com/1068546
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1075020
   https://bugzilla.suse.com/1082387
   https://bugzilla.suse.com/1083647
   https://bugzilla.suse.com/1085535
   https://bugzilla.suse.com/1099658
   https://bugzilla.suse.com/1103992
   https://bugzilla.suse.com/1104353
   https://bugzilla.suse.com/1104427
   https://bugzilla.suse.com/1106011
   https://bugzilla.suse.com/1106284
   https://bugzilla.suse.com/1108193
   https://bugzilla.suse.com/1108838
   https://bugzilla.suse.com/1108937
   https://bugzilla.suse.com/1110946
   https://bugzilla.suse.com/1111696
   https://bugzilla.suse.com/1112063
   https://bugzilla.suse.com/1113722
   https://bugzilla.suse.com/1114427
   https://bugzilla.suse.com/1115688
   https://bugzilla.suse.com/1117158
   https://bugzilla.suse.com/1117561
   https://bugzilla.suse.com/1118139
   https://bugzilla.suse.com/1119843
   https://bugzilla.suse.com/1120091
   https://bugzilla.suse.com/1120423
   https://bugzilla.suse.com/1120566
   https://bugzilla.suse.com/1120843
   https://bugzilla.suse.com/1120902
   https://bugzilla.suse.com/1122776
   https://bugzilla.suse.com/1123454
   https://bugzilla.suse.com/1123663
   https://bugzilla.suse.com/1124503
   https://bugzilla.suse.com/1124839
   https://bugzilla.suse.com/1126356
   https://bugzilla.suse.com/1127616
   https://bugzilla.suse.com/1128052
   https://bugzilla.suse.com/1128904
   https://bugzilla.suse.com/1128979
   https://bugzilla.suse.com/1129138
   https://bugzilla.suse.com/1129273
   https://bugzilla.suse.com/1129497
   https://bugzilla.suse.com/1129693
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1130579
   https://bugzilla.suse.com/1130699
   https://bugzilla.suse.com/1130972
   https://bugzilla.suse.com/1131326
   https://bugzilla.suse.com/1131451
   https://bugzilla.suse.com/1131488
   https://bugzilla.suse.com/1131565
   https://bugzilla.suse.com/1131673
   https://bugzilla.suse.com/1132044
   https://bugzilla.suse.com/1133176
   https://bugzilla.suse.com/1133188
   https://bugzilla.suse.com/1133190
   https://bugzilla.suse.com/1133320
   https://bugzilla.suse.com/1133612
   https://bugzilla.suse.com/1133616
   https://bugzilla.suse.com/1134160
   https://bugzilla.suse.com/1134162
   https://bugzilla.suse.com/1134199
   https://bugzilla.suse.com/1134200
   https://bugzilla.suse.com/1134201
   https://bugzilla.suse.com/1134202
   https://bugzilla.suse.com/1134203
   https://bugzilla.suse.com/1134204
   https://bugzilla.suse.com/1134205
   https://bugzilla.suse.com/1134354
   https://bugzilla.suse.com/1134393
   https://bugzilla.suse.com/1134459
   https://bugzilla.suse.com/1134460
   https://bugzilla.suse.com/1134461
   https://bugzilla.suse.com/1134537
   https://bugzilla.suse.com/1134597
   https://bugzilla.suse.com/1134651
   https://bugzilla.suse.com/1134671
   https://bugzilla.suse.com/1134760
   https://bugzilla.suse.com/1134806
   https://bugzilla.suse.com/1134810
   https://bugzilla.suse.com/1134813
   https://bugzilla.suse.com/1134848
   https://bugzilla.suse.com/1134936
   https://bugzilla.suse.com/1135006
   https://bugzilla.suse.com/1135007
   https://bugzilla.suse.com/1135008
   https://bugzilla.suse.com/1135056
   https://bugzilla.suse.com/1135100
   https://bugzilla.suse.com/1135120
   https://bugzilla.suse.com/1135278
   https://bugzilla.suse.com/1135281
   https://bugzilla.suse.com/1135309
   https://bugzilla.suse.com/1135312
   https://bugzilla.suse.com/1135314
   https://bugzilla.suse.com/1135315
   https://bugzilla.suse.com/1135316
   https://bugzilla.suse.com/1135320
   https://bugzilla.suse.com/1135323
   https://bugzilla.suse.com/1135330
   https://bugzilla.suse.com/1135492
   https://bugzilla.suse.com/1135542
   https://bugzilla.suse.com/1135556
   https://bugzilla.suse.com/1135603
   https://bugzilla.suse.com/1135642
   https://bugzilla.suse.com/1135661
   https://bugzilla.suse.com/1135758
   https://bugzilla.suse.com/1136206
   https://bugzilla.suse.com/1136424
   https://bugzilla.suse.com/1136428
   https://bugzilla.suse.com/1136430
   https://bugzilla.suse.com/1136432
   https://bugzilla.suse.com/1136434
   https://bugzilla.suse.com/1136435
   https://bugzilla.suse.com/1136438
   https://bugzilla.suse.com/1136439
   https://bugzilla.suse.com/1136477
   https://bugzilla.suse.com/1136478
   https://bugzilla.suse.com/1136573
   https://bugzilla.suse.com/1136586
   https://bugzilla.suse.com/1136881
   https://bugzilla.suse.com/1136935
   https://bugzilla.suse.com/1136990
   https://bugzilla.suse.com/1137151
   https://bugzilla.suse.com/1137152
   https://bugzilla.suse.com/1137153
   https://bugzilla.suse.com/1137162
   https://bugzilla.suse.com/1137372
   https://bugzilla.suse.com/1137444
   https://bugzilla.suse.com/1137586
   https://bugzilla.suse.com/1137739
   https://bugzilla.suse.com/1137752



More information about the sle-security-updates mailing list