SUSE-SU-2019:1527-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Jun 17 18:15:52 MDT 2019


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1527-1
Rating:             important
References:         #1005778 #1005780 #1005781 #1012382 #1019695 
                    #1019696 #1022604 #1053043 #1063638 #1065600 
                    #1066223 #1085535 #1085539 #1090888 #1099658 
                    #1100132 #1106110 #1106284 #1106929 #1108293 
                    #1108838 #1110785 #1110946 #1112063 #1112178 
                    #1116803 #1117562 #1119086 #1120642 #1120843 
                    #1120885 #1120902 #1122776 #1125580 #1126040 
                    #1126356 #1128052 #1129138 #1129770 #1130972 
                    #1131107 #1131488 #1131543 #1131565 #1132212 
                    #1132374 #1132472 #1133188 #1133874 #1134160 
                    #1134162 #1134338 #1134537 #1134564 #1134565 
                    #1134566 #1134651 #1134760 #1134806 #1134813 
                    #1134848 #1135013 #1135014 #1135015 #1135100 
                    #1135120 #1135281 #1135603 #1135642 #1135661 
                    #1135878 #1136424 #1136438 #1136446 #1136448 
                    #1136449 #1136451 #1136452 #1136455 #1136458 
                    #1136539 #1136573 #1136575 #1136586 #1136590 
                    #1136623 #1136810 #1136935 #1136990 #1137142 
                    #1137162 #1137586 #1137739 #1137752 #843419 
                    
Cross-References:   CVE-2013-4343 CVE-2018-17972 CVE-2018-7191
                    CVE-2019-11190 CVE-2019-11477 CVE-2019-11478
                    CVE-2019-11479 CVE-2019-11486 CVE-2019-11815
                    CVE-2019-11833 CVE-2019-11884 CVE-2019-12382
                    CVE-2019-3846 CVE-2019-5489
Affected Products:
                    SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 81 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2019-11477: A sequence of SACKs may have been crafted such that one
     can trigger an integer overflow, leading to a kernel panic. (bsc#1137586)

   - CVE-2019-11478: It was possible to send a crafted sequence of SACKs
     which will fragment the TCP retransmission queue. An attacker may have
     been able to further exploit the fragmented queue to cause an expensive
     linked-list walk for subsequent SACKs received for that same TCP
     connection.

   - CVE-2019-11479: It was possible to send a crafted sequence of SACKs
     which will fragment the RACK send map. A remote attacker may be able to
     further exploit the fragmented send map to cause an expensive
     linked-list walk for subsequent SACKs received for that same TCP
     connection. This would have resulted in excess resource consumption due
     to low mss values.

   - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
     possibly escalate privileges was found in the mwifiex kernel module
     while connecting to a malicious wireless network. (bnc#1136424)

   - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
     drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an
     unchecked kstrdup of fwstr, which might allow an attacker to cause a
     denial of service (NULL pointer dereference and system crash).
     (bnc#1136586)

   - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux
     kernel allowed local attackers to observe page cache access patterns of
     other processes on the same system, potentially allowing sniffing of
     secret information. (Fixing this affects the output of the fincore
     program.) Limited remote exploitation may be possible, as demonstrated
     by latency differences in accessing public files from an Apache HTTP
     Server. (bnc#1120843).

   - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
     the unused memory region in the extent tree block, which might allow
     local users to obtain sensitive information by reading uninitialized
     data in the filesystem. (bnc#1135281)

   - CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14,
     dev_get_valid_name is not called before register_netdevice. This allowed
     local users to cause a denial of service (NULL pointer dereference and
     panic) via an ioctl(TUNSETIFF) call with a dev name containing a /
     character. This is similar to CVE-2013-4343. (bnc#1135603)

   - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on
     setuid programs (such as /bin/su) because install_exec_creds() is called
     too late in load_elf_binary() in fs/binfmt_elf.c, and thus the
     ptrace_may_access() check has a race condition when reading
     /proc/pid/stat. (bnc#1131543)

   - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
     net/rds/tcp.c in the Linux kernel There was a race condition leading to
     a use-after-free, related to net namespace cleanup. (bnc#1134537)

   - CVE-2019-11884: The do_hidp_sock_ioctl function in
     net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
     obtain potentially sensitive information from kernel stack memory via a
     HIDPCONNADD command, because a name field may not end with a '\0'
     character. (bnc#1134848)

   - CVE-2018-17972: An issue was discovered in the proc_pid_stack function
     in fs/proc/base.c in the Linux kernel It did not ensure that only root
     may inspect the kernel stack of an arbitrary task, allowing a local
     attacker to exploit racy stack unwinding and leak kernel task stack
     contents. (bnc#1110785)

   - CVE-2019-11486: The Siemens R3964 line discipline driver in
     drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions.
     (bnc#1133188)

   The following new features were implemented:

   - Updated the Chelsio cxgb4vf driver with the latest upstream patches.
     (fate#321660)

   - Backported changes into e1000e kernel module to support systems using
     the Intel I219-LM NIC chip. (fate#326719)

   - Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747)

   - Update the QLogic/Cavium qed driver (NET). (fate#321703)

   - Update the QLogic/Cavium qede driver (NET). (fate#321702)

   - Update the Chelsio iw_cxgb4 driver with the latest upstream patches.
     (fate#321661)

   - Update the Chelsio cxgb4 driver with the latest upstream patches.
     (fate#321658)

   - Update support for Intel Omni Path (OPA) kernel driver. (fate#321473)

   - Update the QIB driver to the latest upstream version for up-to-date
     functionality and hardware support. (fate#321231)

   The following non-security bugs were fixed:

   - 9p locks: add mount option for lock retry interval (bnc#1012382).
   - 9p: do not trust pdu content for stat item size (bnc#1012382).
   - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bnc#1012382).
   - ALSA: PCM: check if ops are defined before suspending PCM (bnc#1012382).
   - ALSA: core: Fix card races between register and disconnect (bnc#1012382).
   - ALSA: echoaudio: add a check for ioremap_nocache (bnc#1012382).
   - ALSA: info: Fix racy addition/deletion of nodes (bnc#1012382).
   - ALSA: line6: use dynamic buffers (bnc#1012382).
   - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and
     declaration (bnc#1012382).
   - ALSA: sb8: add a check for request_region (bnc#1012382).
   - ALSA: seq: Fix OOB-reads from strlcpy (bnc#1012382).
   - ARM: 8833/1: Ensure that NEON code always compiles with Clang
     (bnc#1012382).
   - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382).
   - ARM: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382).
   - ARM: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382).
   - ARM: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382).
   - ARM: dts: pfla02: increase phy reset duration (bnc#1012382).
   - ARM: iop: do not use using 64-bit DMA masks (bnc#1012382).
   - ARM: orion: do not use using 64-bit DMA masks (bnc#1012382).
   - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos
     platforms (bnc#1012382).
   - ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382).
   - ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382).
   - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
     (bnc#1012382).
   - ASoC: fsl_esai: fix channel swap issue when stream starts (bnc#1012382).
   - ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382).
   - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382).
   - Bluetooth: Align minimum encryption key size for LE and BR/EDR
     connections (bnc#1012382).
   - Bluetooth: Fix decrementing reference count twice in releasing socket
     (bnc#1012382).
   - CIFS: keep FileInfo handle live during oplock break (bsc#1106284,
     bsc#1131565).
   - Correct bsc/FATE numbers.
   - Do not jump to compute_result state from check_result state
     (bnc#1012382).
   - Documentation: Add MDS vulnerability documentation (bnc#1012382).
   - Documentation: Add nospectre_v1 parameter (bnc#1012382).
   - Documentation: Correct the possible MDS sysfs values (bnc#1012382).
   - Documentation: Move L1TF to separate directory (bnc#1012382).
   - HID: debug: fix race condition with between rdesc_show() and device
     removal (bnc#1012382).
   - HID: input: add mapping for Expose/Overview key (bnc#1012382).
   - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
     (bnc#1012382).
   - IB/hfi1: Eliminate opcode tests on mr deref ().
   - IB/hfi1: Unreserve a reserved request when it is completed ().
   - IB/mlx4: Fix race condition between catas error reset and aliasguid
     flows (bnc#1012382).
   - IB/mlx4: Increase the timeout for CM cache (bnc#1012382).
   - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace ().
   - IB/rdmavt: Fix frwr memory registration ().
   - Input: snvs_pwrkey - initialize necessary driver data before enabling
     IRQ (bnc#1012382).
   - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
     (bnc#1012382).
   - KVM: x86: Do not clear EFER during SMM transitions for 32-bit vCPU
     (bnc#1012382).
   - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
     tracing (bnc#1012382).
   - MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382).
   - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
     (git-fixes).
   - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations
     (git-fixes).
   - NFS: Fix I/O request leakages (git-fixes).
   - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family
     (bnc#1012382).
   - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
     (bnc#1012382).
   - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142).
   - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642).
   - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1100132).
   - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780
     bsc#1005781).
   - RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604).
   - Revert "block/loop: Use global lock for ioctl() operation."
     (bnc#1012382).
   - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe
     drivers" (bsc#1110946).
   - Revert "cpu/speculation: Add 'mitigations=' cmdline option" (stable
     backports).
   - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd"
     (bsc#1110946).
   - Revert "kbuild: use -Oz instead of -Os when using clang" (bnc#1012382).
   - Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
     (bnc#1012382).
   - Revert "netns: provide pure entropy for net_hash_mix()" (kabi).
   - Revert "sched: Add sched_smt_active()" (stable backports).
   - Revert "x86/MCE: Save microcode revision in machine check records"
     (kabi).
   - Revert "x86/kprobes: Verify stack frame on kretprobe" (kabi).
   - Revert "x86/speculation/mds: Add 'mitigations=' support for MDS" (stable
     backports).
   - Revert "x86/speculation: Support 'mitigations=' cmdline option" (stable
     backports).
   - SoC: imx-sgtl5000: add missing put_device() (bnc#1012382).
   - UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770).
   - UAS: fix alignment of scatter/gather segments (bsc#1129770).
   - USB: Add new USB LPM helpers (bsc#1129770).
   - USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770).
   - USB: cdc-acm: fix unthrottle races (bsc#1135642).
   - USB: core: Fix bug caused by duplicate interface PM usage counter
     (bnc#1012382).
   - USB: core: Fix unterminated string returned by usb_string()
     (bnc#1012382).
   - USB: serial: fix unthrottle races (bnc#1012382).
   - USB: serial: use variable for status (bnc#1012382).
   - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
     (bnc#1012382).
   - USB: yurex: Fix protection fault after device removal (bnc#1012382).
   - X.509: unpack RSA signatureValue field from BIT STRING (git-fixes).
   - appletalk: Fix compile regression (bnc#1012382).
   - appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382).
   - arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419
     (bsc#1126040).
   - arm64/kernel: rename
     module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040).
   - arm64: Add helper to decode register from instruction (bsc#1126040).
   - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug
     signals (bnc#1012382).
   - arm64: debug: Ensure debug handlers check triggering exception level
     (bnc#1012382).
   - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
     (bnc#1012382).
   - arm64: futex: Restore oldval initialization to work around buggy
     compilers (bnc#1012382).
   - arm64: module-plts: factor out PLT generation code for ftrace
     (bsc#1126040).
   - arm64: module: do not BUG when exceeding preallocated PLT count
     (bsc#1126040).
   - arm64: module: split core and init PLT sections (bsc#1126040).
   - backlight: lm3630a: Return 0 on success in update_status functions
     (bsc#1106929)
   - bcache: Move couple of functions to sysfs.c (bsc#1130972).
   - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
   - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
   - bcache: account size of buckets used in uuid write to
     ca->meta_sectors_written (bsc#1130972).
   - bcache: add MODULE_DESCRIPTION information (bsc#1130972).
   - bcache: add a comment in super.c (bsc#1130972).
   - bcache: add code comments for bset.c (bsc#1130972).
   - bcache: add comment for cache_set->fill_iter (bsc#1130972).
   - bcache: add identifier names to arguments of function definitions
     (bsc#1130972).
   - bcache: add missing SPDX header (bsc#1130972).
   - bcache: add separate workqueue for journal_write to avoid deadlock
     (bsc#1130972).
   - bcache: add static const prefix to char * array declarations
     (bsc#1130972).
   - bcache: add sysfs_strtoul_bool() for setting bit-field variables
     (bsc#1130972).
   - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
   - bcache: cannot set writeback_running via sysfs if no writeback kthread
     created (bsc#1130972).
   - bcache: comment on direct access to bvec table (bsc#1130972).
   - bcache: correct dirty data statistics (bsc#1130972).
   - bcache: do not assign in if condition in bcache_device_init()
     (bsc#1130972).
   - bcache: do not assign in if condition in bcache_init() (bsc#1130972).
   - bcache: do not assign in if condition register_bcache() (bsc#1130972).
   - bcache: do not check NULL pointer before calling kmem_cache_destroy
     (bsc#1130972).
   - bcache: do not check if debug dentry is ERR or NULL explicitly on remove
     (bsc#1130972).
   - bcache: do not clone bio in bch_data_verify (bsc#1130972).
   - bcache: do not mark writeback_running too early (bsc#1130972).
   - bcache: export backing_dev_name via sysfs (bsc#1130972).
   - bcache: export backing_dev_uuid via sysfs (bsc#1130972).
   - bcache: fix code comments style (bsc#1130972).
   - bcache: fix indent by replacing blank by tabs (bsc#1130972).
   - bcache: fix indentation issue, remove tabs on a hunk of code
     (bsc#1130972).
   - bcache: fix input integer overflow of congested threshold (bsc#1130972).
   - bcache: fix input overflow to cache set sysfs file io_error_halflife
     (bnc#1012382).
   - bcache: fix input overflow to journal_delay_ms (bsc#1130972).
   - bcache: fix input overflow to sequential_cutoff (bnc#1012382).
   - bcache: fix input overflow to writeback_delay (bsc#1130972).
   - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
   - bcache: fix ioctl in flash device (bsc#1130972).
   - bcache: fix mistaken code comments in bcache.h (bsc#1130972).
   - bcache: fix mistaken comments in request.c (bsc#1130972).
   - bcache: fix potential div-zero error of writeback_rate_i_term_inverse
     (bsc#1130972).
   - bcache: fix potential div-zero error of writeback_rate_p_term_inverse
     (bsc#1130972).
   - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
   - bcache: fix typo in code comments of closure_return_with_destructor()
     (bsc#1130972).
   - bcache: improve sysfs_strtoul_clamp() (bnc#1012382).
   - bcache: introduce force_wake_up_gc() (bsc#1130972).
   - bcache: make cutoff_writeback and cutoff_writeback_sync tunable
     (bsc#1130972).
   - bcache: move open brace at end of function definitions to next line
     (bsc#1130972).
   - bcache: never writeback a discard operation (bsc#1130972).
   - bcache: not use hard coded memset size in bch_cache_accounting_clear()
     (bsc#1130972).
   - bcache: option to automatically run gc thread after writeback
     (bsc#1130972).
   - bcache: panic fix for making cache device (bsc#1130972).
   - bcache: prefer 'help' in Kconfig (bsc#1130972).
   - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
   - bcache: recal cached_dev_sectors on detach (bsc#1130972).
   - bcache: remove unnecessary space before ioctl function pointer arguments
     (bsc#1130972).
   - bcache: remove unused bch_passthrough_cache (bsc#1130972).
   - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
   - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
   - bcache: replace Symbolic permissions by octal permission numbers
     (bsc#1130972).
   - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
   - bcache: replace printk() by pr_*() routines (bsc#1130972).
   - bcache: set writeback_percent in a flexible range (bsc#1130972).
   - bcache: split combined if-condition code into separate ones
     (bsc#1130972).
   - bcache: stop using the deprecated get_seconds() (bsc#1130972).
   - bcache: style fix to add a blank line after declarations (bsc#1130972).
   - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
   - bcache: style fixes for lines over 80 characters (bsc#1130972).
   - bcache: trace missed reading by cache_missed (bsc#1130972).
   - bcache: treat stale && dirty keys as bad keys (bsc#1130972).
   - bcache: trivial - remove tailing backslash in macro BTREE_FLAG
     (bsc#1130972).
   - bcache: update comment for bch_data_insert (bsc#1130972).
   - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
     (bsc#1130972).
   - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in
     __bch_bucket_alloc_set (bsc#1130972).
   - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
   - bcache: use routines from lib/crc64.c for CRC64 calculation
     (bsc#1130972).
   - bcache: use sysfs_strtoul_bool() to set bit-field variables
     (bsc#1130972).
   - bcache: writeback: properly order backing device IO (bsc#1130972).
   - binfmt_elf: switch to new creds when switching to new mm (bnc#1012382).
   - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382).
   - block: check_events: do not bother with events if unsupported
     (bsc#1110946).
   - block: disk_events: introduce event flags (bsc#1110946).
   - block: do not leak memory in bio_copy_user_iov() (bnc#1012382).
   - block: fix use-after-free on gendisk (bsc#1136448).
   - bnxt_en: Improve multicast address setup logic (bnc#1012382).
   - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382).
   - bonding: fix event handling for stacked bonds (bnc#1012382).
   - bonding: show full hw address in sysfs for slave entries (bnc#1012382).
   - bpf: reject wrong sized filters earlier (bnc#1012382).
   - bridge: Fix error path for kobject_init_and_add() (bnc#1012382).
   - btrfs: Do not panic when we can't find a root key (bsc#1112063).
   - btrfs: Factor out common delayed refs init code (bsc#1134813).
   - btrfs: Introduce init_delayed_ref_head (bsc#1134813).
   - btrfs: Open-code add_delayed_data_ref (bsc#1134813).
   - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
   - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
   - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
   - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
   - btrfs: add a helper to return a head ref (bsc#1134813).
   - btrfs: breakout empty head cleanup to a helper (bsc#1134813).
   - btrfs: delayed-ref: Introduce better documented delayed ref structures
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: delayed-ref: Use btrfs_ref to refactor
     btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: delayed-ref: Use btrfs_ref to refactor
     btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes()
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent()
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref()
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: move all ref head cleanup to the helper function (bsc#1134813).
   - btrfs: move extent_op cleanup to a helper (bsc#1134813).
   - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
   - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer
     dereference (bsc#1134806).
   - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree
     (bsc#1063638 bsc#1128052 bsc#1108838).
   - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head
     to btrfs_qgroup_extent_record (bsc#1134162).
   - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release
     (bsc#1134160).
   - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON()
     (bsc#1134338).
   - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root
     lifespan (bsc#1134651).
   - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
   - btrfs: split delayed ref head initialization and addition (bsc#1134813).
   - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
   - cdc-acm: cleaning up debug in data submission path (bsc#1136539).
   - cdc-acm: fix race between reset and control messaging (bsc#1106110).
   - cdc-acm: handle read pipe errors (bsc#1135878).
   - cdc-acm: reassemble fragmented notifications (bsc#1136590).
   - cdc-acm: store in and out pipes in acm structure (bsc#1136575).
   - cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382).
   - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564).
   - ceph: fix ci->i_head_snapc leak (bsc#1122776).
   - ceph: fix use-after-free on symlink traversal (bsc#1134565).
   - ceph: only use d_name directly when parent is locked (bsc#1134566).
   - cifs: Fix NULL pointer dereference of devname (bnc#1012382).
   - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382).
   - cifs: fallback to older infolevels on findfirst queryinfo retry
     (bnc#1012382).
   - cifs: use correct format characters (bnc#1012382).
   - clk: fix mux clock documentation (bsc#1090888).
   - coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382).
   - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382
     bsc#1112178).
   - cpupower: remove stringop-truncation waring (bsc#1119086).
   - crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382).
   - crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382).
   - crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382).
   - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661,
     bsc#1137162).
   - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661,
     bsc#1137162).
   - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661,
     bsc#1137162).
   - crypto: vmx - return correct error code on failed setkey (bsc#1135661,
     bsc#1137162).
   - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162).
   - crypto: x86/poly1305 - fix overflow during partial reduction
     (bnc#1012382).
   - debugfs: fix use-after-free on symlink traversal (bnc#1012382).
   - device_cgroup: fix RCU imbalance in error case (bnc#1012382).
   - dm thin: add sanity checks to thin-pool and external snapshot creation
     (bnc#1012382).
   - dmaengine: imx-dma: fix warning comparison of distinct pointer types
     (bnc#1012382).
   - dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382).
   - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
     (bnc#1012382).
   - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
     (bnc#1012382).
   - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929)
   - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
     (bnc#1012382).
   - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929)
   - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929)
   - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929)
   - drm/ttm: Remove warning about inconsistent mapping information
     (bnc#1131488)
   - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
     (bsc#1106929)
   - drm/vc4: Account for interrupts in flight (bsc#1106929)
   - drm/vc4: Allocate the right amount of space for boot-time CRTC state.
     (bsc#1106929)
   - drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state()
     (bsc#1106929)
   - drm/vc4: Fix OOPSes from trying to cache a partially constructed BO.
     (bsc#1106929)
   - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() (bsc#1106929)
   - drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929)
   - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929)
   - drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929)
   - drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929)
   - drm/vc4: Fix overflow mem unreferencing when the binner runs dry.
     (bsc#1106929)
   - drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929)
   - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929)
   - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
     (bsc#1106929)
   - drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929)
   - drm/vc4: Free hang state before destroying BO cache. (bsc#1106929)
   - drm/vc4: Move IRQ enable to PM path (bsc#1106929)
   - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar
     (bsc#1106929)
   - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1106929)
   - drm/vc4: Use drm_free_large() on handles to match its allocation.
     (bsc#1106929)
   - drm/vc4: fix a bounds check (bsc#1106929)
   - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
     (bsc#1106929)
   - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to
     (bsc#1106929)
   - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535).
   - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ).
   - e1000e: Add Support for CannonLake (bsc#1108293).
   - e1000e: Fix -Wformat-truncation warnings (bnc#1012382).
   - e1000e: Initial Support for CannonLake (bsc#1108293 ).
   - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bnc#1012382).
   - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458).
   - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810).
   - ext4: actually request zeroing of inode table after grow (bsc#1136451).
   - ext4: add missing brelse() in add_new_gdb_meta_bg() (bnc#1012382).
   - ext4: avoid panic during forced reboot due to aborted journal
     (bsc#1126356).
   - ext4: cleanup bh release code in ext4_ind_remove_space() (bnc#1012382).
   - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452).
   - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449).
   - ext4: make sure enough credits are reserved for dioread_nolock writes
     (bsc#1136623).
   - ext4: prohibit fstrim in norecovery mode (bnc#1012382).
   - ext4: report real fs size after failed resize (bnc#1012382).
   - ext4: wait for outstanding dio during truncate in nojournal mode
     (bsc#1136438).
   - f2fs: do not use mutex lock in atomic context (bnc#1012382).
   - f2fs: fix to do sanity check with current segment number (bnc#1012382).
   - fbdev: fbmem: fix memory access if logo is bigger than the screen
     (bnc#1012382).
   - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bnc#1012382).
   - fs/file.c: initialize init_files.resize_wait (bnc#1012382).
   - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382).
   - fs: fix guard_bio_eod to check for real EOD errors (bnc#1012382).
   - ftrace/x86_64: Emulate call function while updating in breakpoint
     handler (bsc#1099658).
   - genirq: Prevent use-after-free and work list corruption (bnc#1012382).
   - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
     (bnc#1012382).
   - gpio: gpio-omap: fix level interrupt idling (bnc#1012382).
   - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382).
   - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
     (bnc#1012382).
   - hugetlbfs: fix memory leak for resv_map (bnc#1012382).
   - hwrng: virtio - Avoid repeated init of completion (bnc#1012382).
   - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
     (bnc#1012382).
   - ibmvnic: Add device identification to requested IRQs (bsc#1137739).
   - ibmvnic: Do not close unopened driver during reset (bsc#1137752).
   - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
   - ibmvnic: Refresh device multicast list after reset (bsc#1137752).
   - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
   - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382).
   - iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382).
   - iio: ad_sigma_delta: select channel when reading register (bnc#1012382).
   - iio: adc: at91: disable adc channel interrupt in timeout case
     (bnc#1012382).
   - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382).
   - include/linux/bitrev.h: fix constant bitrev (bnc#1012382).
   - include/linux/swap.h: use offsetof() instead of custom __swapoffset
     macro (bnc#1012382).
   - init: initialize jump labels before command line option parsing
     (bnc#1012382).
   - io: accel: kxcjk1013: restore the range after resume (bnc#1012382).
   - iommu/vt-d: Do not request page request irq under dmar_global_lock
     (bsc#1135013).
   - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
     (bsc#1135014).
   - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135015).
   - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012382).
   - ipmi:ssif: compare block number correctly for multi-part return messages
     (bsc#1135120).
   - ipv4: Fix raw socket lookup for local traffic (bnc#1012382).
   - ipv4: add sanity checks in ipv4_link_failure() (git-fixes).
   - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (bnc#1012382).
   - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
     (bnc#1012382).
   - ipv4: recompile ip options in ipv4_link_failure (bnc#1012382).
   - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382).
   - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382).
   - ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382).
   - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382).
   - ipv6: invert flowlabel sharing check in process and user mode
     (bnc#1012382).
   - ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382).
   - ipvs: do not schedule icmp errors from tunnels (bnc#1012382).
   - jffs2: fix use-after-free on symlink traversal (bnc#1012382).
   - kABI: protect ring_buffer_read_prepare (kabi).
   - kABI: protect struct tlb_state (kabi).
   - kABI: protect struct usb_interface (kabi).
   - kABI: restore ___ptrace_may_access (kabi).
   - kABI: restore icmp_send (kabi).
   - kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040)
   - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
   - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout
     (bsc#1137586).
   - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012382).
   - kbuild: simplify ld-option implementation (bnc#1012382).
   - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382).
   - kconfig: display recursive dependency resolution hint just once
     (bsc#1100132).
   - kernel/sysctl.c: fix out-of-bounds access when setting file-max
     (bnc#1012382).
   - keys: Timestamp new keys (bsc#1120902).
   - kprobes: Fix error check when reusing optimized probes (bnc#1012382).
   - kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382).
   - kprobes: Prohibit probing on bsearch() (bnc#1012382).
   - leds: lp55xx: fix null deref on firmware load failure (bnc#1012382).
   - lib/div64.c: off by one in shift (bnc#1012382).
   - lib/int_sqrt: optimize initial value compute (bnc#1012382).
   - lib/string.c: implement a basic bcmp (bnc#1012382).
   - lib: add crc64 calculation routines (bsc#1130972).
   - lib: do not depend on linux headers being installed (bsc#1130972).
   - libata: fix using DMA buffers on stack (bnc#1012382).
   - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382).
   - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).
   - mac80211: do not call driver wake_tx_queue op during reconfig
     (bnc#1012382).
   - mac80211_hwsim: validate number of different channels (bsc#1085539).
   - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212).
   - media: mt9m111: set initial frame size other than 0x0 (bnc#1012382).
   - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
     (bnc#1012382).
   - media: pvrusb2: Prevent a buffer overflow (bsc#1135642).
   - media: s5p-g2d: Correct return type for mem2mem buffer helpers
     (bnc#1012382).
   - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
     (bnc#1012382).
   - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
     (bnc#1012382).
   - media: sh_veu: Correct return type for mem2mem buffer helpers
     (bnc#1012382).
   - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382).
   - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed
     (bsc#1120902).
   - mm/cma.c: cma_declare_contiguous: correct err handling (bnc#1012382).
   - mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382).
   - mm/slab.c: kmemleak no scan alien caches (bnc#1012382).
   - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382).
   - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y
     CONFIG_SMP=n (bnc#1012382).
   - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
     (bnc#1012382).
   - mmc: davinci: remove extraneous __init annotation (bnc#1012382).
   - mmc: omap: fix the maximum timeout setting (bnc#1012382).
   - modpost: file2alias: check prototype of handler (bnc#1012382).
   - modpost: file2alias: go back to simple devtable lookup (bnc#1012382).
   - mount: copy the port field into the cloned nfs_server structure
     (bsc#1136990).
   - mt7601u: bump supported EEPROM version (bnc#1012382).
   - mtd: Fix comparison in map_word_andequal() (git-fixes).
   - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
   - net/ibmvnic: Remove tests of member address (bsc#1137739).
   - net/ibmvnic: Update MAC address settings after adapter reset
     (bsc#1134760).
   - net/ibmvnic: Update carrier state after link state change (bsc#1135100).
   - net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382).
   - net: bridge: multicast: use rcu to access port list from
     br_multicast_start_querier (bnc#1012382).
   - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562).
   - net: ethernet: ti: fix possible object reference leak (bnc#1012382).
   - net: ethtool: not call vzalloc for zero sized memory request
     (bnc#1012382).
   - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
     (bnc#1012382).
   - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
     (bnc#1012382).
   - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382).
   - net: ibm: fix possible object reference leak (bnc#1012382).
   - net: ks8851: Delay requesting IRQ until opened (bnc#1012382).
   - net: ks8851: Dequeue RX packets explicitly (bnc#1012382).
   - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382).
   - net: ks8851: Set initial carrier state to down (bnc#1012382).
   - net: rds: force to destroy connection if t_sock is NULL in
     rds_tcp_kill_sock() (bnc#1012382).
   - net: stmmac: move stmmac_check_ether_addr() to driver probe
     (bnc#1012382).
   - net: ucc_geth - fix Oops when changing number of buffers in the ring
     (bnc#1012382).
   - net: xilinx: fix possible object reference leak (bnc#1012382).
   - netfilter: bridge: set skb transport_header before entering
     NF_INET_PRE_ROUTING (bnc#1012382).
   - netfilter: compat: initialize all fields in xt_init (bnc#1012382).
   - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382).
   - netfilter: physdev: relax br_netfilter dependency (bnc#1012382).
   - netns: provide pure entropy for net_hash_mix() (bnc#1012382).
   - nfs: clean up rest of reqs when failing to add one (git-fixes).
   - nfsd: Do not release the callback slot unless it was actually held
     (bnc#1012382).
   - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
   - nvme-fc: resolve io failures during connect (bsc#1116803).
   - nvme: Do not allow to reset a reconnecting controller (bsc#1133874).
   - ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382).
   - openvswitch: fix flow actions reallocation (bnc#1012382).
   - pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes).
   - packet: Fix error path in packet_init (bnc#1012382).
   - packet: validate msg_namelen in send directly (bnc#1012382).
   - perf evsel: Free evsel->counts in perf_evsel__exit() (bnc#1012382).
   - perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382).
   - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
     (bnc#1012382).
   - perf tests: Fix a memory leak of cpu_map object in the
     openat_syscall_event_on_all_cpus test (bnc#1012382).
   - perf top: Fix error handling in cmd_top() (bnc#1012382).
   - perf/core: Restore mmap record type correctly (bnc#1012382).
   - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes).
   - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
     (bnc#1012382).
   - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382).
   - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382).
   - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382
     bsc#1131107).
   - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382).
   - powerpc/64s: Include cpu header (bnc#1012382).
   - powerpc/booke64: set RI in default MSR (bnc#1012382).
   - powerpc/eeh: Fix race with driver un/bind (bsc#1066223).
   - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot
     arg (bnc#1012382).
   - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
     (bnc#1012382).
   - powerpc/fsl: Add infrastructure to fixup branch predictor flush
     (bnc#1012382).
   - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382).
   - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382).
   - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382).
   - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
     (bnc#1012382).
   - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382).
   - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
     (bnc#1012382).
   - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382).
   - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
     (bnc#1012382).
   - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
     (bnc#1012382).
   - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
     (bnc#1012382).
   - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382).
   - powerpc/lib: fix book3s/32 boot failure due to code patching
     (bnc#1012382).
   - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043).
   - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043).
   - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
   - powerpc/perf: Infrastructure to support addition of blacklisted events
     (bsc#1053043).
   - powerpc/process: Fix sparse address space warnings (bsc#1066223).
   - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382).
   - qede: fix write to free'd pointer error and double free of ptp
     (bsc#1019695 bsc#1019696).
   - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382).
   - qmi_wwan: add Olicard 600 (bnc#1012382).
   - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
     (bnc#1012382).
   - rsi: improve kernel thread handling to fix kernel panic (bnc#1012382).
   - rtc: da9063: set uie_unsupported when relevant (bnc#1012382).
   - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382).
   - s390/3270: fix lockdep false positive on view->lock (bnc#1012382).
   - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382).
   - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382).
   - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
     (bnc#1012382).
   - sc16is7xx: move label 'err_spi' to correct section (git-fixes).
   - sched/fair: Do not re-read ->h_load_next during hierarchical load
     calculation (bnc#1012382).
   - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
     (bnc#1012382).
   - sched/numa: Fix a possible divide-by-zero (bnc#1012382).
   - sched: Add sched_smt_active() (bnc#1012382).
   - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
     (bnc#1012382).
   - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
     (bnc#1012382).
   - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382).
   - scsi: megaraid_sas: return error when create DMA pool failed
     (bnc#1012382).
   - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS
     routines (bnc#1012382).
   - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382).
   - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382).
   - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
     (bnc#1012382).
   - sctp: initialize _pad of sockaddr_in before copying to user memory
     (bnc#1012382).
   - selftests/net: correct the return value for run_netsocktests
     (bnc#1012382).
   - selinux: never allow relabeling on context mounts (bnc#1012382).
   - serial: uartps: console_setup() can't be placed to init section
     (bnc#1012382).
   - slip: make slhc_free() silently accept an error pointer (bnc#1012382).
   - soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382).
   - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382).
   - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
     (bnc#1012382).
   - staging: comedi: ni_usb6501: Fix use of uninitialized mutex
     (bnc#1012382).
   - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
     (bnc#1012382).
   - staging: comedi: vmk80xx: Fix use of uninitialized semaphore
     (bnc#1012382).
   - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
     (bnc#1012382).
   - staging: iio: adt7316: fix the dac read calculation (bnc#1012382).
   - staging: iio: adt7316: fix the dac write calculation (bnc#1012382).
   - supported.conf: add lib/crc64 because bcache uses it
   - sysctl: handle overflow for file-max (bnc#1012382).
   - tcp: Ensure DCTCP reacts to losses (bnc#1012382).
   - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
   - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
   - tcp: limit payload size of sacked skbs (bsc#1137586).
   - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
   - tcp: tcp_grow_window() needs to respect tcp_space() (bnc#1012382).
   - team: fix possible recursive locking when add slaves (bnc#1012382).
   - thermal/int340x_thermal: Add additional UUIDs (bnc#1012382).
   - thermal/int340x_thermal: fix mode setting (bnc#1012382).
   - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382).
   - tipc: check bearer name with right length in
     tipc_nl_compat_bearer_enable (bnc#1012382).
   - tipc: check link name with right length in tipc_nl_compat_link_set
     (bnc#1012382).
   - tipc: handle the err returned from cmd header function (bnc#1012382).
   - tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382).
   - tools lib traceevent: Fix missing equality check for strcmp
     (bsc#1129770).
   - tools/power turbostat: return the exit status of a command (bnc#1012382).
   - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bnc#1012382).
   - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
     (bnc#1012382).
   - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382).
   - tracing: Fix partial reading of trace event's id file (bsc#1136573).
   - tracing: kdb: Fix ftdump to not sleep (bnc#1012382).
   - treewide: Use DEVICE_ATTR_WO (bsc#1137739).
   - tty/serial: atmel: Add is_half_duplex helper (bnc#1012382).
   - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
     (bnc#1012382).
   - tty: increase the default flip buffer limit to 2*640K (bnc#1012382).
   - tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382).
   - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
     (bsc#1136455).
   - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).
   - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bnc#1012382).
   - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382).
   - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382).
   - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382).
   - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382).
   - usb: u132-hcd: fix resource leak (bnc#1012382).
   - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382).
   - usbnet: ipheth: fix potential null pointer dereference in
     ipheth_carrier_set (bnc#1012382).
   - usbnet: ipheth: prevent TX queue timeouts when device not ready
     (bnc#1012382).
   - vfio/pci: use correct format characters (bnc#1012382).
   - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382).
   - vrf: sit mtu should not be updated when vrf netdev is the link
     (bnc#1012382).
   - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
     (bnc#1012382).
   - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382).
   - x86/MCE: Save microcode revision in machine check records (bnc#1012382).
   - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382).
   - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382).
   - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382).
   - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU
     features (bnc#1012382).
   - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
     (bnc#1012382).
   - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
     (bnc#1012382).
   - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382).
   - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
     (bnc#1012382).
   - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382).
   - x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382).
   - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse()
     return an error (bnc#1012382).
   - x86/kprobes: Verify stack frame on kretprobe (bnc#1012382).
   - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382).
   - x86/microcode/intel: Add a helper which gives the microcode revision
     (bnc#1012382).
   - x86/microcode/intel: Check microcode revision before updating sibling
     threads (bnc#1012382).
   - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
     (bnc#1012382).
   - x86/microcode: Update the new microcode revision unconditionally
     (bnc#1012382).
   - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382).
   - x86/process: Consolidate and simplify switch_to_xtra() code
     (bnc#1012382).
   - x86/speculataion: Mark command line parser data __initdata (bnc#1012382).
   - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382).
   - x86/speculation/mds: Fix comment (bnc#1012382).
   - x86/speculation/mds: Fix documentation typo (bnc#1012382).
   - x86/speculation: Add command line control for indirect branch
     speculation (bnc#1012382).
   - x86/speculation: Add prctl() control for indirect branch speculation
     (bnc#1012382).
   - x86/speculation: Add seccomp Spectre v2 user space protection mode
     (bnc#1012382).
   - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382).
   - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382).
   - x86/speculation: Disable STIBP when enhanced IBRS is in use
     (bnc#1012382).
   - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382).
   - x86/speculation: Mark string arrays const correctly (bnc#1012382).
   - x86/speculation: Move STIPB/IBPB string conditionals out of
     cpu_show_common() (bnc#1012382).
   - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382).
   - x86/speculation: Prepare for conditional IBPB in switch_mm()
     (bnc#1012382).
   - x86/speculation: Prepare for per task indirect branch speculation
     control (bnc#1012382).
   - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382).
   - x86/speculation: Provide IBPB always command line options (bnc#1012382).
   - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
     (bnc#1012382).
   - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
     (bnc#1012382).
   - x86/speculation: Rename SSBD update functions (bnc#1012382).
   - x86/speculation: Reorder the spec_v2 code (bnc#1012382).
   - x86/speculation: Reorganize speculation control MSRs update
     (bnc#1012382).
   - x86/speculation: Split out TIF update (bnc#1012382).
   - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382
     bsc#1112178).
   - x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382).
   - x86/speculation: Unify conditional spectre v2 print functions
     (bnc#1012382).
   - x86/speculation: Update the TIF_SSBD comment (bnc#1012382).
   - x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382).
   - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes).
   - x86: vdso: Use $LD instead of $CC to link (bnc#1012382).
   - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
   - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
   - xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382).
   - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and
     xenbus_file_write() (bsc#1065600).
   - xsysace: Fix error handling in ace_setup (bnc#1012382).
   - xtensa: fix return_address (bnc#1012382).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1527=1



Package List:

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      kernel-devel-azure-4.4.180-4.31.1
      kernel-source-azure-4.4.180-4.31.1

   - SUSE Linux Enterprise Server 12-SP3 (x86_64):

      kernel-azure-4.4.180-4.31.1
      kernel-azure-base-4.4.180-4.31.1
      kernel-azure-base-debuginfo-4.4.180-4.31.1
      kernel-azure-debuginfo-4.4.180-4.31.1
      kernel-azure-debugsource-4.4.180-4.31.1
      kernel-azure-devel-4.4.180-4.31.1
      kernel-syms-azure-4.4.180-4.31.1


References:

   https://www.suse.com/security/cve/CVE-2013-4343.html
   https://www.suse.com/security/cve/CVE-2018-17972.html
   https://www.suse.com/security/cve/CVE-2018-7191.html
   https://www.suse.com/security/cve/CVE-2019-11190.html
   https://www.suse.com/security/cve/CVE-2019-11477.html
   https://www.suse.com/security/cve/CVE-2019-11478.html
   https://www.suse.com/security/cve/CVE-2019-11479.html
   https://www.suse.com/security/cve/CVE-2019-11486.html
   https://www.suse.com/security/cve/CVE-2019-11815.html
   https://www.suse.com/security/cve/CVE-2019-11833.html
   https://www.suse.com/security/cve/CVE-2019-11884.html
   https://www.suse.com/security/cve/CVE-2019-12382.html
   https://www.suse.com/security/cve/CVE-2019-3846.html
   https://www.suse.com/security/cve/CVE-2019-5489.html
   https://bugzilla.suse.com/1005778
   https://bugzilla.suse.com/1005780
   https://bugzilla.suse.com/1005781
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1019695
   https://bugzilla.suse.com/1019696
   https://bugzilla.suse.com/1022604
   https://bugzilla.suse.com/1053043
   https://bugzilla.suse.com/1063638
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1066223
   https://bugzilla.suse.com/1085535
   https://bugzilla.suse.com/1085539
   https://bugzilla.suse.com/1090888
   https://bugzilla.suse.com/1099658
   https://bugzilla.suse.com/1100132
   https://bugzilla.suse.com/1106110
   https://bugzilla.suse.com/1106284
   https://bugzilla.suse.com/1106929
   https://bugzilla.suse.com/1108293
   https://bugzilla.suse.com/1108838
   https://bugzilla.suse.com/1110785
   https://bugzilla.suse.com/1110946
   https://bugzilla.suse.com/1112063
   https://bugzilla.suse.com/1112178
   https://bugzilla.suse.com/1116803
   https://bugzilla.suse.com/1117562
   https://bugzilla.suse.com/1119086
   https://bugzilla.suse.com/1120642
   https://bugzilla.suse.com/1120843
   https://bugzilla.suse.com/1120885
   https://bugzilla.suse.com/1120902
   https://bugzilla.suse.com/1122776
   https://bugzilla.suse.com/1125580
   https://bugzilla.suse.com/1126040
   https://bugzilla.suse.com/1126356
   https://bugzilla.suse.com/1128052
   https://bugzilla.suse.com/1129138
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1130972
   https://bugzilla.suse.com/1131107
   https://bugzilla.suse.com/1131488
   https://bugzilla.suse.com/1131543
   https://bugzilla.suse.com/1131565
   https://bugzilla.suse.com/1132212
   https://bugzilla.suse.com/1132374
   https://bugzilla.suse.com/1132472
   https://bugzilla.suse.com/1133188
   https://bugzilla.suse.com/1133874
   https://bugzilla.suse.com/1134160
   https://bugzilla.suse.com/1134162
   https://bugzilla.suse.com/1134338
   https://bugzilla.suse.com/1134537
   https://bugzilla.suse.com/1134564
   https://bugzilla.suse.com/1134565
   https://bugzilla.suse.com/1134566
   https://bugzilla.suse.com/1134651
   https://bugzilla.suse.com/1134760
   https://bugzilla.suse.com/1134806
   https://bugzilla.suse.com/1134813
   https://bugzilla.suse.com/1134848
   https://bugzilla.suse.com/1135013
   https://bugzilla.suse.com/1135014
   https://bugzilla.suse.com/1135015
   https://bugzilla.suse.com/1135100
   https://bugzilla.suse.com/1135120
   https://bugzilla.suse.com/1135281
   https://bugzilla.suse.com/1135603
   https://bugzilla.suse.com/1135642
   https://bugzilla.suse.com/1135661
   https://bugzilla.suse.com/1135878
   https://bugzilla.suse.com/1136424
   https://bugzilla.suse.com/1136438
   https://bugzilla.suse.com/1136446
   https://bugzilla.suse.com/1136448
   https://bugzilla.suse.com/1136449
   https://bugzilla.suse.com/1136451
   https://bugzilla.suse.com/1136452
   https://bugzilla.suse.com/1136455
   https://bugzilla.suse.com/1136458
   https://bugzilla.suse.com/1136539
   https://bugzilla.suse.com/1136573
   https://bugzilla.suse.com/1136575
   https://bugzilla.suse.com/1136586
   https://bugzilla.suse.com/1136590
   https://bugzilla.suse.com/1136623
   https://bugzilla.suse.com/1136810
   https://bugzilla.suse.com/1136935
   https://bugzilla.suse.com/1136990
   https://bugzilla.suse.com/1137142
   https://bugzilla.suse.com/1137162
   https://bugzilla.suse.com/1137586
   https://bugzilla.suse.com/1137739
   https://bugzilla.suse.com/1137752
   https://bugzilla.suse.com/843419



More information about the sle-updates mailing list