SUSE-SU-2019:1245-1: important: Security update for the Linux Kernel

sle-updates at sle-updates at
Tue May 14 22:09:25 MDT 2019

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2019:1245-1
Rating:             important
References:         #1012382 #1020645 #1020989 #1031492 #1047487 
                    #1051510 #1053043 #1062056 #1063638 #1066223 
                    #1070872 #1085539 #1087092 #1094244 #1096480 
                    #1096728 #1097104 #1100132 #1105348 #1106110 
                    #1106913 #1106929 #1111331 #1112178 #1113399 
                    #1114542 #1114638 #1114648 #1114893 #1118338 
                    #1118506 #1119086 #1120902 #1122822 #1125580 
                    #1126356 #1127445 #1129278 #1129326 #1129770 
                    #1130130 #1130343 #1130344 #1130345 #1130346 
                    #1130347 #1130356 #1130425 #1130567 #1130737 
                    #1131107 #1131416 #1131427 #1131587 #1131659 
                    #1131857 #1131900 #1131934 #1131935 #1131980 
                    #1132227 #1132534 #1132589 #1132618 #1132619 
                    #1132634 #1132635 #1132636 #1132637 #1132638 
                    #1132727 #1132828 #1133308 #1133584 #994770 
Cross-References:   CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126
                    CVE-2018-12127 CVE-2018-12130 CVE-2018-15594
                    CVE-2018-5814 CVE-2019-11091 CVE-2019-3882
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP3
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Live Patching 12-SP3
                    SUSE Linux Enterprise High Availability 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE CaaS Platform ALL
                    SUSE CaaS Platform 3.0

   An update that solves 10 vulnerabilities and has 65 fixes
   is now available.


   The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive
   various security and bugfixes.

   Four new speculative execution issues have been identified in Intel CPUs.

   - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
   - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
   - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
   - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory

   This kernel update contains software mitigations, utilizing CPU microcode
   updates shipped in parallel.

   For more information on this set of information leaks, check out

   The following security issues fixed:

   - CVE-2018-5814: Multiple race condition errors when handling probe,
     disconnect, and rebind operations could be exploited to trigger a
     use-after-free condition or a NULL pointer dereference by sending
     multiple USB over IP packets (bnc#1096480).
   - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
     SG_IO ioctl (bsc#1096728)
   - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
     instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
     privilege(CPL) level while emulating unprivileged instructions. An
     unprivileged guest user/process could use this flaw to potentially
     escalate privileges inside guest (bnc#1097104).
   - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
     calls, which made it easier for attackers to conduct Spectre-v2 attacks
     against paravirtual guests (bnc#1105348).
   - CVE-2019-9503: A brcmfmac frame validation bypass was fixed
   - CVE-2019-3882: A flaw was fixed in the vfio interface implementation
     that permitted violation of the user's locked memory limit. If a device
     is bound to a vfio driver, such as vfio-pci, and the local attacker is
     administratively granted ownership of the device, it may cause a system
     memory exhaustion and thus a denial of service (DoS). Versions 3.10,
     4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427).

   The following non-security bugs were fixed:

   - 9p/net: fix memory leak in p9_client_create (bnc#1012382).
   - 9p: use inode->i_lock to protect i_size_write() under 32-bit
   - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus
   - acpi / bus: Only call dmi_check_system() on X86 (git-fixes).
   - acpi / button: make module loadable when booted in non-ACPI mode
   - acpi / device_sysfs: Avoid OF modalias creation for removed device
   - acpi: include ACPI button driver in base kernel (bsc#1062056).
   - Add hlist_add_tail_rcu() (Merge
     git:// (bnc#1012382).
   - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against
     Liquid Saffire 56 (bnc#1012382).
   - alsa: compress: add support for 32bit calls in a 64bit kernel
   - alsa: compress: prevent potential divide by zero bugs (bnc#1012382).
   - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec
   - alsa: hda - Record the current power state before suspend/resume calls
   - alsa: pcm: Do not suspend stream in unrecoverable PCM state
   - alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382).
   - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382).
   - alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382).
   - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382).
   - arc: fix __ffs return value to avoid build warnings (bnc#1012382).
   - arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382).
   - arcv2: Enable unaligned access in early ASM code (bnc#1012382).
   - arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382).
   - arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981,  git-fixes).
   - arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes).
   - arm64: hide __efistub_ aliases from kallsyms (bnc#1012382).
   - arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382).
   - arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382).
   - arm64: mm: Add trace_irqflags annotations to do_debug_exception()
   - arm64: Relax GIC version check during early boot (bnc#1012382).
   - arm64: support keyctl() system call in 32-bit mode (bnc#1012382).
   - arm64: traps: disable irq in die() (bnc#1012382).
   - arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382).
   - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE
     processor (bnc#1012382).
   - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382).
   - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382).
   - arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
   - arm: dts: exynos: Do not ignore real-world fuse values for thermal zone
     0 on Exynos5420 (bnc#1012382).
   - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
   - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be
     uninitialized (bnc#1012382).
   - arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382).
   - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382).
   - ASoC: dapm: change snprintf to scnprintf for possible overflow
   - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382).
   - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
   - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
   - ASoC: topology: free created components in tplg load error (bnc#1012382).
   - assoc_array: Fix shortcut creation (bnc#1012382).
   - ath10k: avoid possible string overflow (bnc#1012382).
   - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092).
   - atm: he: fix sign-extension overflow on large shift (bnc#1012382).
   - autofs: drop dentry reference only when it is never used (bnc#1012382).
   - autofs: fix error return in autofs_fill_super() (bnc#1012382).
   - batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes).
   - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
   - batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382).
   - batman-adv: Only put gw_node list reference when removed (git-fixes).
   - batman-adv: Only put orig_node_vlan list reference when removed
   - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
   - bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382).
   - btrfs: Avoid possible qgroup_rsv_size overflow in
     btrfs_calculate_inode_block_rsv_size (git-fixes).
   - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending
     fix for bsc#1063638).
   - btrfs: fix corruption reading shared and compressed extents after hole
     punching (bnc#1012382).
   - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638).
   - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree
   - btrfs: qgroup: Introduce function to find all new tree blocks of reloc
     tree (bsc#1063638).
   - btrfs: qgroup: Introduce function to trace two swaped extents
   - btrfs: qgroup: Introduce per-root swapped blocks infrastructure
   - btrfs: qgroup: Introduce trace event to analyse the number of dirty
     extents accounted (bsc#1063638 dependency).
   - btrfs: qgroup: Only trace data extents in leaves if we're relocating
     data block group (bsc#1063638).
   - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638).
   - btrfs: qgroup: Search commit root for rescan to avoid missing extent
   - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638).
   - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents
   - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
   - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots
   - btrfs: remove WARN_ON in log_dir_items (bnc#1012382).
   - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770).
   - cfg80211: extend range deviation for DMG (bnc#1012382).
   - cfg80211: size various nl80211 messages correctly (bnc#1012382).
   - cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382).
   - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).
   - cifs: Fix read after write for files with read caching (bnc#1012382).
   - clk: ingenic: Fix round_rate misbehaving with non-integer dividers
   - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
   - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to
     ISR (bnc#1012382).
   - cls_bpf: reset class and reuse major in da (git-fixes).
   - coresight: coresight_unregister() function cleanup (bnc#1012382).
   - coresight: "DEVICE_ATTR_RO" should defined as static (bnc#1012382).
   - coresight: etm4x: Check every parameter used by dma_xx_coherent
   - coresight: fixing lockdep error (bnc#1012382).
   - coresight: release reference taken by 'bus_find_device()' (bnc#1012382).
   - coresight: remove csdev's link from topology (bnc#1012382).
   - coresight: removing bind/unbind options from sysfs (bnc#1012382).
   - cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382).
   - cpufreq: tegra124: add missing of_node_put() (bnc#1012382).
   - cpufreq: Use struct kobj_attribute instead of struct global_attr
   - cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382).
   - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
   - crypto: ahash - fix another early termination in hash walk (bnc#1012382).
   - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
   - crypto: caam - fixed handling of sg list (bnc#1012382).
   - crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382).
   - crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539).
   - crypto: tgr192 - fix unaligned memory access (bsc#1129770).
   - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770).
   - dccp: do not use ipv6 header for ipv4 flow (bnc#1012382).
   - disable kgdboc failed by echo space to
     /sys/module/kgdboc/parameters/kgdboc (bnc#1012382).
   - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
   - dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382).
   - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
   - dm: disable DISCARD if the underlying storage no longer supports it
   - dm: fix to_sector() for 32bit (bnc#1012382).
   - drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567).
   - drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506).
   - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer()
   - drivers: hv: vmbus: Offload the handling of channels to two workqueues
   - drivers: hv: vmbus: Reset the channel callback in
     vmbus_onoffer_rescind() (bsc#1130567).
   - drm/msm: Unblock writer if reader closes file (bnc#1012382).
   - drm/vmwgfx: Do not double-free the mode stored in par->set_mode
   - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
   - ext2: Fix underflow in ext2_max_size() (bnc#1012382).
   - ext4: Avoid panic during forced reboot (bsc#1126356).
   - ext4: brelse all indirect buffer in ext4_ind_remove_space()
   - ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382).
   - ext4: fix NULL pointer dereference while journal is aborted
   - extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382).
   - firmware: dmi: Optimize dmi_matches (git-fixes).
   - floppy: check_events callback should not return a negative number
   - flow_dissector: Check for IP fragmentation even if not using IPv4
     address (git-fixes).
   - fs/9p: use fscache mutex rather than spinlock (bnc#1012382).
   - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).
   - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
   - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
   - fuse: fix possibly missed wake-up after abort (git-fixes).
   - futex: Ensure that futex address is aligned in handle_futex_death()
   - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes).
   - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382).
   - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
   - gpio: vf610: Mask all GPIO interrupts (bnc#1012382).
   - gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382).
   - hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382).
   - hpet: Fix missing '=' character in the __setup() code of
     hpet_mmap_enable (bsc#1129770).
   - hugetlbfs: fix races and page leaks during migration (bnc#1012382).
   - hv_netvsc: Fix napi reschedule while receive completion is busy
   - hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506).
   - hv_netvsc: Fix the return status in RX path (bsc#1118506).
   - hv_netvsc: use napi_schedule_irqoff (bsc#1118506).
   - hv: v4.12 API for hyperv-iommu (bsc#1122822).
   - hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822).
   - i2c: cadence: Fix the hold bit setting (bnc#1012382).
   - i2c: tegra: fix maximum transfer size (bnc#1012382).
   - ib/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
   - ibmvnic: Enable GRO (bsc#1132227).
   - ibmvnic: Fix completion structure initialization (bsc#1131659).
   - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).
   - input: elan_i2c - add id for touchpad found in Lenovo s21e-20
   - input: matrix_keypad - use flush_delayed_work() (bnc#1012382).
   - input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382).
   - input: wacom_serial4 - add support for Wacom ArtPad II tablet
   - intel_th: Do not reference unassigned outputs (bnc#1012382).
   - intel_th: gth: Fix an off-by-one in output unassigning (git-fixes).
   - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345).
   - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE
   - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425).
   - iommu/amd: Set exclusion range correctly (bsc#1130425).
   - iommu: Do not print warning when IOMMU driver only supports unmanaged
     domains (bsc#1130130).
   - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822).
   - iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171,  bsc#1122822).
   - iommu/vt-d: Check capability before disabling protected memory
   - ip6: fix PMTU discovery when using /127 subnets (git-fixes).
   - ip6mr: Do not call __IP6_INC_STATS() from preemptible context
   - ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes).
   - ipvlan: disallow userns cap_net_admin to change global mode/flags
   - ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382).
   - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
   - iscsi_ibft: Fix missing break in switch statement (bnc#1012382).
   - isdn: avm: Fix string plus integer warning from Clang (bnc#1012382).
   - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382).
   - isdn: isdn_tty: fix build warning of strncpy (bnc#1012382).
   - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a
     debug dump (bsc#1119086).
   - jbd2: clear dirty flag when revoking a buffer from an older transaction
   - jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382).
   - kabi fixup gendisk disk_devt revert (bsc#1020989).
   - kbuild: setlocalversion: print error to STDERR (bnc#1012382).
   - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
   - keys: allow reaching the keys quotas exactly (bnc#1012382).
   - keys: always initialize keyring_index_key::desc_len (bnc#1012382).
   - keys: restrict /proc/keys by credentials at open time (bnc#1012382).
   - keys: user: Align the payload buffer (bnc#1012382).
   - kvm: Call kvm_arch_memslots_updated() before updating memslots
   - kvm: nSVM: clear events pending from svm_complete_interrupts() when
     exiting to L1 (bnc#1012382).
   - kvm: nVMX: Apply addr size mask to effective address for VMX
     instructions (bsc#1132635).
   - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments
   - kvm: nVMX: Sign extend displacements of VMX instr's mem operands
   - kvm: Reject device ioctls from processes other than the VM's creator
   - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
   - kvm: VMX: Zero out *all* general purpose registers after VM-Exit
   - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534).
   - kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382).
   - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux
   - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).
   - leds: lp5523: fix a missing check of return value of lp55xx_read
   - libertas: call into generic suspend code before turning off power
   - libertas: fix suspend and resume for SDIO connected cards (bsc#1106110).
   - lib/int_sqrt: optimize small argument (bnc#1012382).
   - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857).
   - locking/lockdep: Add debug_locks check in __lock_downgrade()
   - locking/static_keys: Improve uninitialized key warning (bsc#1106913).
   - m68k: Add -ffreestanding to CFLAGS (bnc#1012382).
   - mac80211: do not initiate TDLS connection if station is not associated
     to AP (bnc#1012382).
   - mac80211: fix miscounting of ttl-dropped frames (bnc#1012382).
   - mac80211: fix "warning: target metric may be used uninitialized"
   - mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382).
   - mac8390: Fix mmio access size probe (bnc#1012382).
   - md: Fix failed allocation of md_register_thread (bnc#1012382).
   - mdio_bus: Fix use-after-free on device_register fails (bnc#1012382
   - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).
   - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma()
   - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
   - media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382).
   - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
   - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382).
   - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
   - media: vivid: potential integer overflow in vidioc_g_edid()
   - mfd: ab8500-core: Return zero in get_register_interruptible()
   - mfd: db8500-prcmu: Fix some section annotations (bnc#1012382).
   - mfd: mc13xxx: Fix a missing check of a register-read failure
   - mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382).
   - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd
     cells (bnc#1012382).
   - mfd: twl-core: Fix section annotations on {,un}protect_pm_master
   - mfd: wm5110: Add missing ASRC rate register (bnc#1012382).
   - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction
   - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
   - missing barriers in some of unix_sock ->addr and ->path accesses
   - mmc: bcm2835: reset host on timeout (bsc#1070872).
   - mmc: block: Allow more than 8 partitions per card (bnc#1012382).
   - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
   - mmc: core: shut up "voltage-ranges unspecified" pr_info() (bnc#1012382).
   - mmc: debugfs: Add a restriction to mmc debugfs clock setting
   - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382).
   - mmc: mmc: fix switch timeout issue caused by jiffies precision
   - mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382).
   - mmc: pxamci: fix enum type confusion (bnc#1012382).
   - mmc: sanitize 'bus width' in debug output (bnc#1012382).
   - mmc: spi: Fix card detection during probe (bnc#1012382).
   - mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382).
   - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).
   - mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes).
   - mm, memory_hotplug: is_mem_section_removable do not pass the end of a
     zone (bnc#1012382).
   - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
   - mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c
     (git-fixes prerequisity).
   - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()
   - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON (bnc#1012382).
   - mm/vmalloc: fix size check for remap_vmalloc_range_partial()
   - move power_up_on_resume flag to end of structure for kABI (bsc#1106110).
   - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready()
   - ncpfs: fix build warning of strncpy (bnc#1012382).
   - net: add description for len argument of dev_get_phys_port_name
   - net: Add __icmp_send helper (bnc#1012382).
   - net: altera_tse: fix connect_local_phy error path (bnc#1012382).
   - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
   - net: avoid use IPCB in cipso_v4_error (bnc#1012382).
   - net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
   - net: do not decrement kobj reference count on init failure (git-fixes).
   - net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382).
   - net: ena: fix race between link up and device initalization
   - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129278).
   - netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry (git-fixes).
   - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP
     options (bnc#1012382).
   - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
   - netfilter: nfnetlink_log: just returns error for unknown command
   - netfilter: nfnetlink: use original skbuff when acking batches
   - netfilter: x_tables: enforce nul-terminated table name from getsockopt
     GET_ENTRIES (bnc#1012382).
   - net: hns: Fix use after free identified by SLUB debug (bnc#1012382).
   - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
   - net: hsr: fix memory leak in hsr_dev_finalize() (bnc#1012382).
   - net/hsr: fix possible crash in add_timer() (bnc#1012382).
   - netlabel: fix out-of-bounds memory accesses (bnc#1012382).
   - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (bnc#1012382).
   - net: mv643xx_eth: disable clk on error path in
     mv643xx_eth_shared_probe() (bnc#1012382).
   - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (bnc#1012382).
   - net/packet: fix 4gb buffer limit due to overflow check (bnc#1012382).
   - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
   - net: phy: Micrel KSZ8061: link failure after cable connect (bnc#1012382).
   - net: rose: fix a possible stack overflow (bnc#1012382).
   - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
   - net: set static variable an initial value in atl2_probe() (bnc#1012382).
   - net: sit: fix UBSAN Undefined behaviour in check_6rd (bnc#1012382).
   - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
   - net-sysfs: call dev_hold if kobject_init_and_add success (git-fixes).
   - net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012382).
   - net: systemport: Fix reception of BPDUs (bnc#1012382).
   - net: tcp_memcontrol: properly detect ancestor socket pressure
   - net/x25: fix a race in x25_bind() (bnc#1012382).
   - net/x25: fix use-after-free in x25_device_event() (bnc#1012382).
   - net/x25: reset state in x25_connect() (bnc#1012382).
   - nfc: nci: memory leak in nci_core_conn_create() (git-fixes).
   - nfs41: pop some layoutget errors to application (bnc#1012382).
   - nfsd: fix memory corruption caused by readdir (bsc#1127445).
   - nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
   - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror()
   - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).
   - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).
   - nfs: fix mount/umount race in nlmclnt (git-fixes).
   - nfs: Fix NULL pointer dereference of dev_name (bnc#1012382).
   - nfsv4.x: always serialize open/close operations (bsc#1114893).
   - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
   - packets: Always register packet sk in the same order (bnc#1012382).
   - parport_pc: fix find_superio io compare code, should use equal test
   - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus
   - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792  vcpus
     (fate#327171, bsc#1122822).
   - perf auxtrace: Define auxtrace record alignment (bnc#1012382).
   - perf bench: Copy kernel files needed to build mem{cpy,set} x86_64
     benchmarks (bnc#1012382).
   - perf intel-pt: Fix CYC timestamp calculation after OVF (bnc#1012382).
   - perf intel-pt: Fix overlap calculation for padding (bnc#1012382).
   - perf intel-pt: Fix TSC slip (bnc#1012382).
   - perf/ring_buffer: Refuse to begin AUX transaction after
     rb->aux_mmap_count drops (bnc#1012382).
   - perf symbols: Filter out hidden symbols from labels (bnc#1012382).
   - perf: Synchronously free aux pages in case of allocation failure
   - perf tools: Handle TOPOLOGY headers with no CPU (bnc#1012382).
   - perf/x86/amd: Add event map for AMD Family 17h (bsc#1114648).
   - phonet: fix building with clang (bnc#1012382).
   - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bnc#1012382).
   - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bnc#1012382).
   - pm / Hibernate: Call flush_icache_range() on pages restored in-place
   - pm / wakeup: Rework wakeup source timer cancellation (bnc#1012382).
   - powerpc/32: Clear on-stack exception marker upon exception return
   - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).
   - powerpc/64: Disable the speculation barrier from the command line
   - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).
   - powerpc/64s: Add new security feature flags for count cache flush
   - powerpc/64s: Add support for software count cache flush (bsc#1131107).
   - powerpc/83xx: Also save/restore SPRG4-7 during suspend (bnc#1012382).
   - powerpc: Always initialize input array when calling epapr_hypercall()
   - powerpc/asm: Add a patch_site macro & helpers for patching instructions
   - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).
   - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area
     topdown search (bsc#1131900).
   - powerpc/numa: document topology_updates_enabled, disable by default
   - powerpc/numa: improve control of topology updates (bsc#1133584).
   - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).
   - powerpc/perf: Remove l2 bus events from HW cache event array
   - powerpc/perf: Update raw-event code encoding comment for power8
     (bsc#1053043, git-fixes).
   - powerpc/powernv/cpuidle: Init all present cpus for deep states
   - powerpc/powernv: Make opal log only readable by root (bnc#1012382).
   - powerpc/powernv: Query firmware for count cache flush settings
   - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244,
   - powerpc/pseries: Query hypervisor for count cache flush settings
   - powerpc/security: Fix spectre_v2 reporting (bsc#1131107).
   - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
   - powerpc/tm: Add commandline option to disable hardware transactional
     memory (bsc#1118338).
   - powerpc/tm: Add TM Unavailable Exception (bsc#1118338).
   - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580).
   - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).
   - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038
   - powerpc/wii: properly disable use of BATs when requested (bnc#1012382).
   - raid10: It's wrong to add len to sector_nr in raid10 reshape twice
   - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (bnc#1012382).
   - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
   - rdma/core: Do not expose unsupported counters (bsc#994770).
   - rdma/srp: Rework SCSI device reset handling (bnc#1012382).
   - Refresh
     . (bsc#1132619)
   - regulator: s2mpa01: Fix step values for some LDOs (bnc#1012382).
   - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bnc#1012382).
   - Revert "bridge: do not add port to router list when receives query with
     source" (bnc#1012382).
   - Revert "mmc: block: do not use parameter prefix if built as module"
   - Revert "scsi, block: fix duplicate bdi name registration crashes"
   - Revert "USB: core: only clean up what we allocated" (bnc#1012382).
   - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
   - rsi: fix a dereference on adapter before it has been null checked
   - rtc: Fix overflow when converting time64_t to rtc_time (bnc#1012382).
   - rtl8xxxu: Fix missing break in switch (bsc#1120902).
   - s390/dasd: fix panic for failed online processing (bsc#1132589).
   - s390/dasd: fix using offset into zero size array error (bnc#1012382).
   - s390: Prevent hotplug rwsem recursion (bsc#1131980).
   - s390/qeth: fix use-after-free in error path (bnc#1012382).
   - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
   - s390/virtio: handle find on invalid queue gracefully (bnc#1012382).
   - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
   - sched/smt: Expose sched_smt_present static key (bsc#1106913).
   - sched/smt: Make sched_smt_present track topology (bsc#1106913).
   - scripts/git_sort/ Add fixes branch from mkp/scsi.git.
   - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
   - scsi: isci: initialize shost fully before calling scsi_add_host()
   - scsi: libfc: free skb when receiving invalid flogi resp (bnc#1012382).
   - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
   - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
   - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
   - scsi: sd: Fix a race between closing an sd device and sd I/O
   - scsi: storvsc: Fix a race in sub-channel creation that can cause panic
   - scsi: storvsc: Fix a race in sub-channel creation that can  cause panic
   - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes ().
   - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes
   - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
   - scsi: virtio_scsi: do not send sc payload with tmfs (bnc#1012382).
   - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
   - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
     devices (bnc#1012382).
   - sctp: fix the transports round robin issue when init is retransmitted
   - sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012382).
   - serial: 8250_pci: Fix number of ports for ACCES serial cards
   - serial: 8250_pci: Have ACCES cards that use the four port Pericom
     PI7C9X7954 chip use the pci_pericom_setup() (bnc#1012382).
   - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
   - serial: max310x: Fix to avoid potential NULL pointer dereference
   - serial: sh-sci: Fix setting SCSCR_TIE while transferring data
   - serial: sprd: adjust TIMEOUT to a big value (bnc#1012382).
   - serial: sprd: clear timeout interrupt only rather than all interrupts
   - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
   - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bnc#1012382).
   - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
   - staging: ashmem: Add missing include (bnc#1012382).
   - staging: ashmem: Avoid deadlock with mmap/shrink (bnc#1012382).
   - staging: goldfish: audio: fix compiliation on arm (bnc#1012382).
   - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
   - staging: lustre: fix buffer overflow of string buffer (bnc#1012382).
   - staging: rtl8188eu: avoid a null dereference on pmlmepriv (bsc#1085539).
   - staging: vt6655: Fix interrupt race condition on device start up
   - staging: vt6655: Remove vif check from vnt_interrupt (bnc#1012382).
   - stm class: Do not leak the chrdev in error path (bnc#1012382).
   - stm class: Fix an endless loop in channel allocation (bnc#1012382).
   - stm class: Fix a race in unlinking (bnc#1012382).
   - stm class: Fix link list locking (bnc#1012382).
   - stm class: Fix locking in unbinding policy path (bnc#1012382).
   - stm class: Fix stm device initialization order (bnc#1012382).
   - stm class: Fix unbalanced module/device refcounting (bnc#1012382).
   - stm class: Fix unlocking braino in the error path (bnc#1012382).
   - stm class: Guard output assignment against concurrency (bnc#1012382).
   - stm class: Hide STM-specific options if STM is disabled (bnc#1012382).
   - stm class: Prevent division by zero (bnc#1012382).
   - stm class: Prevent user-controllable allocations (bnc#1012382).
   - stm class: Support devices with multiple instances (bnc#1012382).
   - stmmac: copy unicast mac address to MAC registers (bnc#1012382).
   - stop_machine: Provide stop_machine_cpuslocked() (bsc#1131980).
   - sunrpc: do not mark uninitialised items as VALID (bsc#1130737).
   - sunrpc: init xdr_stream for zero iov_len, page_len (bsc#11303356).
   - svm/avic: Fix invalidate logical APIC id entry (bsc#1132727).
   - svm: Fix AVIC DFR and LDR handling (bsc#1130343).
   - svm: Fix improper check when deactivate AVIC (bsc#1130344).
   - tcp/dccp: drop SYN packets if accept queue is full (bnc#1012382).
   - tcp/dccp: remove reqsk_put() from inet_child_forget() (git-fixes).
   - tcp: do not use ipv6 header for ipv4 flow (bnc#1012382).
   - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes).
   - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bnc#1012382).
   - time: Introduce jiffies64_to_nsecs() (bsc#1113399).
   - tmpfs: fix link accounting when a tmpfile is linked in (bnc#1012382).
   - tmpfs: fix uninitialized return value in shmem_link (bnc#1012382).
   - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1020645).
   - tpm: Fix the type of the return value in calc_tpm2_event_size()
     (bsc#1020645, git-fixes).
   - tpm: tpm-interface.c drop unused macros (bsc#1020645).
   - tty: atmel_serial: fix a potential NULL pointer dereference
   - udf: Fix crash on IO error during truncate (bnc#1012382).
   - Update
   - usb: core: only clean up what we allocated (bnc#1012382).
   - usb: dwc2: Fix DMA alignment to start at allocated boundary
   - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub
   - usb: dwc3: gadget: Fix suspend/resume during device mode (bnc#1012382).
   - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
   - usb: gadget: Add the gserial port checking in gs_start_tx()
   - usb: gadget: composite: fix dereference after null check coverify
     warning (bnc#1012382).
   - usb: gadget: configfs: add mutex lock before unregister gadget
   - usb: gadget: Potential NULL dereference on allocation error
   - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
   - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
   - usb: serial: cp210x: add ID for Ingenico 3070 (bnc#1012382).
   - usb: serial: cp210x: add new device id (bnc#1012382).
   - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1119086).
   - usb: serial: ftdi_sio: add additional NovaTech products (bnc#1012382).
   - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
   - usb: serial: mos7720: fix mos_parport refcount imbalance on error path
   - usb: serial: option: add Olicard 600 (bnc#1012382).
   - usb: serial: option: add Telit ME910 ECM composition (bnc#1012382).
   - usb: serial: option: set driver_info for SIM5218 and compatibles
   - video: fbdev: Set pixclock = 0 in goldfishfb (bnc#1012382).
   - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
   - vxlan: Do not call gro_cells_destroy() before device is unregistered
   - vxlan: Fix GRO cells race condition between receive and link delete
   - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
   - wlcore: Fix the return value in case of error in
     'wlcore_vendor_cmd_smart_config_start()' (bsc#1120902).
   - x86_64: increase stack size for KASAN_EXTRA (bnc#1012382).
   - x86/apic: Provide apic_ack_irq() (bsc#1122822).
   - x86/apic: Provide apic_ack_irq() (fate#327171, bsc#1122822).
   - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bnc#1012382).
   - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is
     available (bsc#1122822).
   - x86/Hyper-V: Set x2apic destination mode to physical when  x2apic is
     available (fate#327171, bsc#1122822).
   - x86/kexec: Do not setup EFI info if EFI runtime is not enabled
   - x86/mce: Improve error message when kernel cannot recover, p2
   - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012382).
   - x86/speculation: Remove redundant arch_smt_update() invocation
   - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
   - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation
   - x86/vdso: Add VCLOCK_HVCLOCK vDSO clock read method (bsc#1133308).
   - xen-netback: fix occasional leak of grant ref mappings under memory
     pressure (bnc#1012382).
   - xfrm_user: fix info leak in build_aevent() (git-fixes).
   - xfrm_user: fix info leak in xfrm_notify_sa() (git-fixes).
   - xhci: Do not let USB3 ports stuck in polling state prevent suspend
   - xhci: Fix port resume done detection for SS ports with LPM enabled
   - xtensa: SMP: fix ccount_timer_shutdown (bnc#1012382).
   - xtensa: SMP: fix secondary CPU initialization (bnc#1012382).
   - xtensa: SMP: limit number of possible CPUs by NR_CPUS (bnc#1012382).
   - xtensa: smp_lx200_defconfig: fix vectors clash (bnc#1012382).
   - xtensa: SMP: mark each possible CPU as present (bnc#1012382).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP3:

      zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1245=1

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1245=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1245=1

   - SUSE Linux Enterprise Live Patching 12-SP3:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1245=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1245=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1245=1

   - SUSE CaaS Platform ALL:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.

   - SUSE CaaS Platform 3.0:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.

Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):


   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):


   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Server 12-SP3 (noarch):


   - SUSE Linux Enterprise Server 12-SP3 (s390x):


   - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):


   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):


   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):


   - SUSE CaaS Platform ALL (x86_64):


   - SUSE CaaS Platform 3.0 (x86_64):



More information about the sle-updates mailing list