DATABASE RESOURCES PRICING ABOUT US

{"id": "ASA-201612-10", "vendorId": null, "type": "archlinux", "bulletinFamily": "unix", "title": "[ASA-201612-10] linux: denial of service", "description": "Arch Linux Security Advisory ASA-201612-10\n==========================================\n\nSeverity: High\nDate : 2016-12-10\nCVE-ID : CVE-2016-9919\nPackage : linux\nType : denial of service\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package linux before version 4.8.12-3 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 4.8.12-3.\n\n# pacman -Syu \"linux>=4.8.12-3\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe icmp6_send function in net/ipv6/icmp.c in the Linux kernel through\n4.8.12 omits a certain check of the dst data structure, which allows\nremote attackers to cause a denial of service (panic) via a fragmented\nIPv6 packet.\n\nImpact\n======\n\nA remote attacker can cause a kernel panic by sending a fragmented IPv6\npacket.\n\nReferences\n==========\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=189851\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2\nhttps://access.redhat.com/security/cve/CVE-2016-9919", "published": "2016-12-10T00:00:00", "modified": "2016-12-10T00:00:00", "epss": [{"cve": "CVE-2016-9919", "epss": 0.00488, "percentile": 0.72601, "modified": "2023-06-03"}], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://security.archlinux.org/ASA-201612-10", "reporter": "ArchLinux", "references": ["https://wiki.archlinux.org/index.php/CVE", "https://bugzilla.kernel.org/show_bug.cgi?id=189851", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2", "https://access.redhat.com/security/cve/CVE-2016-9919"], "cvelist": ["CVE-2016-9919"], "immutableFields": [], "lastseen": "2023-06-03T14:52:58", "viewCount": 514, "enchantments": {"score": {"value": 2.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201612-11", "ASA-201612-14"]}, {"type": "cve", "idList": ["CVE-2016-9919"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9919"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1531.NASL", "OPENSUSE-2017-245.NASL", "SUSE_SU-2017-0181-1.NASL", "UBUNTU_USN-3170-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843013", "OPENVAS:1361412562310851506", "OPENVAS:1361412562311220191531"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9919"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0456-1", "SUSE-SU-2017:0181-1"]}, {"type": "ubuntu", "idList": ["USN-3170-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9919"]}], "rev": 4}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201612-11"]}, {"type": "cve", "idList": ["CVE-2016-9919"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9919"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3170-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843013"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9919"]}, {"type": "ubuntu", "idList": ["USN-3170-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9919"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-9919", "epss": 0.00406, "percentile": 0.69876, "modified": "2023-05-01"}], "vulnersScore": 2.8}, "_state": {"dependencies": 1685807369, "score": 1685805078, "epss": 0}, "_internal": {"score_hash": "093f90f580b3d80745560109bb557609"}, "affectedPackage": [{"OS": "ArchLinux", "OSVersion": "any", "arch": "any", "packageVersion": "4.8.12-3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}]}

{"redhatcve": [{"lastseen": "2021-09-02T22:52:04", "description": "The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-09T14:48:30", "type": "redhatcve", "title": "CVE-2016-9919", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9919"], "modified": "2020-04-08T19:33:57", "id": "RH:CVE-2016-9919", "href": "https://access.redhat.com/security/cve/cve-2016-9919", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-06-03T14:47:53", "description": "The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-08T17:59:00", "type": "cve", "title": "CVE-2016-9919", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9919"], "modified": "2023-01-24T15:07:00", "cpe": ["cpe:/o:linux:linux_kernel:4.4.223", "cpe:/o:linux:linux_kernel:4.9"], "id": "CVE-2016-9919", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9919", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.4.223:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9:rc7:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2023-06-03T14:52:58", "description": "Arch Linux Security Advisory ASA-201612-11\n==========================================\n\nSeverity: High\nDate : 2016-12-10\nCVE-ID : CVE-2016-9919\nPackage : linux-grsec\nType : denial of service\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package linux-grsec before version 1:4.8.12.r201612062306-2 is\nvulnerable to denial of service.\n\nResolution\n==========\n\nUpgrade to 1:4.8.12.r201612062306-2.\n\n# pacman -Syu \"linux-grsec>=1:4.8.12.r201612062306-2\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe icmp6_send function in net/ipv6/icmp.c in the Linux kernel through\n4.8.12 omits a certain check of the dst data structure, which allows\nremote attackers to cause a denial of service (panic) via a fragmented\nIPv6 packet.\n\nImpact\n======\n\nA remote attacker can cause a kernel panic by sending a fragmented IPv6\npacket.\n\nReferences\n==========\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=189851\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2\nhttps://access.redhat.com/security/cve/CVE-2016-9919", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-10T00:00:00", "type": "archlinux", "title": "[ASA-201612-11] linux-grsec: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9919"], "modified": "2016-12-10T00:00:00", "id": "ASA-201612-11", "href": "https://security.archlinux.org/ASA-201612-11", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-03T14:52:57", "description": "Arch Linux Security Advisory ASA-201612-14\n==========================================\n\nSeverity: High\nDate : 2016-12-12\nCVE-ID : CVE-2016-9919\nPackage : linux-zen\nType : denial of service\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package linux-zen before version 4.8.13-1 is vulnerable to denial\nof service.\n\nResolution\n==========\n\nUpgrade to 4.8.13-1.\n\n# pacman -Syu \"linux-zen>=4.8.13-1\"\n\nThe problem has been fixed upstream in version 4.8.13.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe icmp6_send function in net/ipv6/icmp.c in the Linux kernel through\n4.8.12 omits a certain check of the dst data structure, which allows\nremote attackers to cause a denial of service (panic) via a fragmented\nIPv6 packet.\n\nImpact\n======\n\nA remote attacker can cause a kernel panic by sending a fragmented IPv6\npacket.\n\nReferences\n==========\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=189851\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2\nhttps://access.redhat.com/security/cve/CVE-2016-9919", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-12T00:00:00", "type": "archlinux", "title": "[ASA-201612-14] linux-zen: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9919"], "modified": "2016-12-12T00:00:00", "id": "ASA-201612-14", "href": "https://security.archlinux.org/ASA-201612-14", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-06-03T14:41:17", "description": "The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-08T17:59:00", "type": "debiancve", "title": "CVE-2016-9919", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9919"], "modified": "2016-12-08T17:59:00", "id": "DEBIANCVE:CVE-2016-9919", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9919", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-06-04T14:13:45", "description": "The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through\n4.8.12 omits a certain check of the dst data structure, which allows remote\nattackers to cause a denial of service (panic) via a fragmented IPv6\npacket.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1648662>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-08T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9919", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9919"], "modified": "2016-12-08T00:00:00", "id": "UB:CVE-2016-9919", "href": "https://ubuntu.com/security/CVE-2016-9919", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3170-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9793", "CVE-2016-9919"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843013", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3170-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843013\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 05:38:37 +0100 (Thu, 12 Jan 2017)\");\n script_cve_id(\"CVE-2016-9919\", \"CVE-2016-9793\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3170-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andrey Konovalov discovered that the ipv6\n icmp implementation in the Linux kernel did not properly check data structures on\n send. A remote attacker could use this to cause a denial of service (system crash).\n (CVE-2016-9919)\n\nAndrey Konovalov discovered that signed integer overflows existed in the\nsetsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability\ncould use this to cause a denial of service (system crash or memory\ncorruption). (CVE-2016-9793)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3170-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3170-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-1022-raspi2\", ver:\"4.8.0-1022.25\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.8.0.1022.25\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:28:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0456-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5576", "CVE-2016-9806", "CVE-2017-2584", "CVE-2016-7117", "CVE-2016-9793", "CVE-2017-5577", "CVE-2017-5551", "CVE-2017-2583", "CVE-2016-9919", "CVE-2015-8709", "CVE-2016-8645"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851506", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851506\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:16:41 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2015-8709\", \"CVE-2016-7117\", \"CVE-2016-8645\", \"CVE-2016-9793\",\n \"CVE-2016-9806\", \"CVE-2016-9919\", \"CVE-2017-2583\", \"CVE-2017-2584\",\n \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-5577\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0456-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 42.2 kernel was updated to\n 4.4.42 stable release.\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077 1003253).\n\n - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL\n IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed.\n (bsc#1021294)\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down. (bsc#1021258).\n\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local users to gain\n privileges by establishing a user namespace, waiting for a root process\n to enter that namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no kernel bug\n here (bnc#959709 bsc#960561).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly hav ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0456-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.46~11.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.46~11.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.46~11.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T14:02:14", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5077", "CVE-2017-7277", "CVE-2018-13405", "CVE-2015-6252", "CVE-2013-4511", "CVE-2017-9075", "CVE-2018-19854", "CVE-2014-4171", "CVE-2015-5156", "CVE-2016-2068", "CVE-2016-9919", "CVE-2019-6974", "CVE-2017-7477", "CVE-2018-1095", "CVE-2013-4343", "CVE-2017-8890", "CVE-2018-18397", "CVE-2016-7042", "CVE-2017-12190", "CVE-2018-6412", "CVE-2017-18224"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191531", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1531\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-4343\", \"CVE-2013-4511\", \"CVE-2014-4171\", \"CVE-2014-5077\", \"CVE-2015-5156\", \"CVE-2015-6252\", \"CVE-2016-2068\", \"CVE-2016-7042\", \"CVE-2016-9919\", \"CVE-2017-12190\", \"CVE-2017-18224\", \"CVE-2017-7277\", \"CVE-2017-7477\", \"CVE-2017-9075\", \"CVE-2018-1095\", \"CVE-2018-13405\", \"CVE-2018-18397\", \"CVE-2018-19854\", \"CVE-2018-6412\", \"CVE-2019-6974\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:06:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1531)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1531\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1531\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1531 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.(CVE-2013-4343)\n\nIt was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042)\n\nA flaw was found in the Linux kernel that fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. This allows local users to cause a denial of service by modifying a certain e_cpos field.(CVE-2017-18224)\n\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075)\n\nIn the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel, up to and including 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)\n\nA race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.(CVE-2014-4171)\n\nThe ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.(CVE-2018-1095)\n\nA NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.(CVE-2014-5077)\n\nA vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a d ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:08:25", "description": "Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2016-9919)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3170-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9793", "CVE-2016-9919"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3170-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3170-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96444);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9793\", \"CVE-2016-9919\");\n script_xref(name:\"USN\", value:\"3170-2\");\n\n script_name(english:\"Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3170-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Andrey Konovalov discovered that the ipv6 icmp implementation in the\nLinux kernel did not properly check data structures on send. A remote\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-9919)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3170-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.8-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9793\", \"CVE-2016-9919\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3170-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1022-raspi2\", pkgver:\"4.8.0-1022.25\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1022.25\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:17:45", "description": "The openSUSE 42.2 kernel was updated to 4.4.42 stable release.\n\nThe following security bugs were fixed :\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077 1003253).\n\n - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed. (bsc#1021294)\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258).\n\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here (bnc#959709 bsc#960561).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 bsc#1013542).\n\n - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701).\n\nThe following non-security bugs were fixed :\n\n - 8250/fintek: rename IRQ_MODE macro (boo#1009546).\n\n - acpi, nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).\n\n - acpi, nfit, libnvdimm: fix / harden ars_status output length handling (bsc#1023175).\n\n - acpi, nfit: validate ars_status output buffer size (bsc#1023175).\n\n - arm64/numa: fix incorrect log for memory-less node (bsc#1019631).\n\n - ASoC: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).\n\n - ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled (bsc#1010690).\n\n - ASoC: rt5670: add HS ground control (bsc#1016250).\n\n - avoid including 'mountproto=' with no protocol in /proc/mounts (bsc#1019260).\n\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).\n\n - bcache: partition support: add 16 minors per bcacheN device (bsc#1019784).\n\n - blacklist.conf: add 1b8d2afde54f libnvdimm, pfn: fix ARCH=alpha allmodconfig build failure (bsc#1023175).\n\n - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367)\n\n - blk: Do not collide with QUEUE_FLAG_WC from upstream (bsc#1022547)\n\n - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).\n\n - blk-mq: Always schedule hctx->next_cpu (bsc#1020817).\n\n - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).\n\n - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).\n\n - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).\n\n - blk-mq: improve warning for running a queue on the wrong CPU (bsc#1020817).\n\n - block: Change extern inline to static inline (bsc#1023175).\n\n - Bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).\n\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n\n - brcmfmac: Change error print on wlan0 existence (bsc#1000092).\n\n - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).\n\n - btrfs: bugfix: handle FS_IOC32_(GETFLAGS,SETFLAGS,GETVERSION) in btrfs_ioctl (bsc#1018100).\n\n - btrfs: fix inode leak on failure to setup whiteout inode in rename (bsc#1020975).\n\n - btrfs: fix lockdep warning about log_mutex (bsc#1021455).\n\n - btrfs: fix lockdep warning on deadlock against an inode's log mutex (bsc#1021455).\n\n - btrfs: fix number of transaction units for renames with whiteout (bsc#1020975).\n\n - btrfs: incremental send, fix invalid paths for rename operations (bsc#1018316).\n\n - btrfs: incremental send, fix premature rmdir operations (bsc#1018316).\n\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709).\n\n - btrfs: pin log earlier when renaming (bsc#1020975).\n\n - btrfs: pin logs earlier when doing a rename exchange operation (bsc#1020975).\n\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).\n\n - btrfs: send, add missing error check for calls to path_loop() (bsc#1018316).\n\n - btrfs: send, avoid incorrect leaf accesses when sending utimes operations (bsc#1018316).\n\n - btrfs: send, fix failure to move directories with the same name around (bsc#1018316).\n\n - btrfs: send, fix invalid leaf accesses due to incorrect utimes operations (bsc#1018316).\n\n - btrfs: send, fix warning due to late freeing of orphan_dir_info structures (bsc#1018316).\n\n - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192).\n\n - btrfs: unpin log if rename operation fails (bsc#1020975).\n\n - btrfs: unpin logs if rename exchange operation fails (bsc#1020975).\n\n - [BZ 149851] kernel: Fix invalid domain response handling (bnc#1009718, LTC#149851).\n\n - ceph: fix bad endianness handling in parse_reply_info_extra (bsc#1020488).\n\n - clk: xgene: Add PMD clock (bsc#1019351).\n\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).\n\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n\n - config: enable Ceph kernel client modules for ppc64le (fate#321098)\n\n - config: enable Ceph kernel client modules for s390x (fate#321098)\n\n - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)\n\n - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).\n\n - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).\n\n - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).\n\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n\n - crypto: qat - zero esram only for DH85x devices (1021248).\n\n - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913).\n\n - crypto: xts - consolidate sanity check for keys (bsc#1018913).\n\n - crypto: xts - fix compile errors (bsc#1018913).\n\n - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).\n\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n\n - dax: fix device-dax region base (bsc#1023175).\n\n - device-dax: check devm_nsio_enable() return value (bsc#1023175).\n\n - device-dax: fail all private mapping attempts (bsc#1023175).\n\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n\n - driver core: fix race between creating/querying glue dir and its cleanup (bnc#1008742).\n\n - drivers:hv: balloon: account for gaps in hot add regions (fate#320485).\n\n - drivers:hv: balloon: Add logging for dynamic memory operations (fate#320485).\n\n - drivers:hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not set (fate#320485).\n\n - drivers:hv: balloon: Fix info request to show max page count (fate#320485).\n\n - drivers:hv: balloon: keep track of where ha_region starts (fate#320485).\n\n - drivers:hv: balloon: replace ha_region_mutex with spinlock (fate#320485).\n\n - drivers:hv: balloon: Use available memory value in pressure report (fate#320485).\n\n - drivers:hv: cleanup vmbus_open() for wrap around mappings (fate#320485).\n\n - drivers:hv: do not leak memory in vmbus_establish_gpadl() (fate#320485).\n\n - drivers:hv: get rid of id in struct vmbus_channel (fate#320485).\n\n - drivers:hv: get rid of redundant messagecount in create_gpadl_header() (fate#320485).\n\n - drivers:hv: get rid of timeout in vmbus_open() (fate#320485).\n\n - drivers:hv: Introduce a policy for controlling channel affinity (fate#320485).\n\n - drivers:hv: make VMBus bus ids persistent (fate#320485).\n\n - drivers:hv: ring_buffer: count on wrap around mappings in get_next_pkt_raw() (v2) (fate#320485).\n\n - drivers:hv: ring_buffer: use wrap around mappings in hv_copy(from, to)_ringbuffer() (fate#320485).\n\n - drivers:hv: ring_buffer: wrap around mappings for ring buffers (fate#320485).\n\n - drivers:hv: utils: Check VSS daemon is listening before a hot backup (fate#320485).\n\n - drivers:hv: utils: Continue to poll VSS channel after handling requests (fate#320485).\n\n - drivers:hv: utils: fix a race on userspace daemons registration (bnc#1014392).\n\n - drivers:hv: utils: Fix the mapping between host version and protocol to use (fate#320485).\n\n - drivers:hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (fate#320485).\n\n - drivers:hv: vmbus: Base host signaling strictly on the ring state (fate#320485).\n\n - drivers:hv: vmbus: Enable explicit signaling policy for NIC channels (fate#320485).\n\n - drivers:hv: vmbus: finally fix hv_need_to_signal_on_read() (fate#320485, bug#1018385).\n\n - drivers:hv: vmbus: fix the race when querying & updating the percpu list (fate#320485).\n\n - drivers:hv: vmbus: Implement a mechanism to tag the channel for low latency (fate#320485).\n\n - drivers: hv: vmbus: Make mmio resource local (fate#320485).\n\n - drivers:hv: vmbus: On the read path cleanup the logic to interrupt the host (fate#320485).\n\n - drivers:hv: vmbus: On write cleanup the logic to interrupt the host (fate#320485).\n\n - drivers:hv: vmbus: Reduce the delay between retries in vmbus_post_msg() (fate#320485).\n\n - drivers:hv: vmbus: suppress some 'hv_vmbus: Unknown GUID' warnings (fate#320485).\n\n - drivers:hv: vss: Improve log messages (fate#320485).\n\n - drivers:hv: vss: Operation timeouts should match host expectation (fate#320485).\n\n - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).\n\n - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).\n\n - drivers: net: xgene: Add change_mtu function (bsc#1019351).\n\n - drivers: net: xgene: Add flow control configuration (bsc#1019351).\n\n - drivers: net: xgene: Add flow control initialization (bsc#1019351).\n\n - drivers: net: xgene: Add helper function (bsc#1019351).\n\n - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).\n\n - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).\n\n - drivers: net: xgene: fix build after change_mtu function change (bsc#1019351).\n\n - drivers: net: xgene: fix: Coalescing values for v2 hardware (bsc#1019351).\n\n - drivers: net: xgene: fix: Disable coalescing on v1 hardware (bsc#1019351).\n\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n\n - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).\n\n - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).\n\n - drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool() (bsc#1019351).\n\n - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).\n\n - drm/i915: add helpers for platform specific revision id range checks (bsc#1015367).\n\n - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also (bsc#1015367).\n\n - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367).\n\n - drm/i915: Call intel_dp_mst_resume() before resuming displays (bsc#1015359).\n\n - drm/i915: Cleaning up DDI translation tables (bsc#1014392).\n\n - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392).\n\n - drm/i915: Do not init hpd polling for vlv and chv from runtime_suspend() (bsc#1014120).\n\n - drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re\n\n - drm/i915/dp: Restore PPS HW state from the encoder resume hook (bsc#1019061).\n\n - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C (bsc#1015367).\n\n - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367).\n\n - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 (bsc#1014392).\n\n - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367).\n\n - drm/i915: Fix watermarks for VLV/CHV (bsc#1011176).\n\n - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367).\n\n - drm/i915: Force VDD off on the new power seqeuencer before starting to use it (bsc#1009674).\n\n - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392).\n\n - drm/i915/gen9: Fix PCODE polling during CDCLK change notification (bsc#1015367).\n\n - drm/i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).\n\n - drm/i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).\n\n - drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port\n\n - drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV (bsc#1019061).\n\n - drm/i915: remove parens around revision ids (bsc#1015367).\n\n - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392).\n\n - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367).\n\n - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367).\n\n - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392).\n\n - drm/i915/skl: Update watermarks before the crtc is disabled (bsc#1015367).\n\n - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392).\n\n - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392).\n\n - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367).\n\n - drm/i915/vlv: Prevent enabling hpd polling in late suspend (bsc#1014120).\n\n - drm/i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).\n\n - drm: Use u64 for intermediate dotclock calculations (bnc#1006472).\n\n - drm/vc4: Fix an integer overflow in temporary allocation layout (bsc#1021294).\n\n - drm/vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).\n\n - drm: virtio-gpu: get the fb from the plane state for atomic updates (bsc#1023101).\n\n - EDAC, xgene: Fix spelling mistake in error messages (bsc#1019351).\n\n - efi/libstub: Move Graphics Output Protocol handling to generic code (bnc#974215).\n\n - fbcon: Fix vc attr at deinit (bsc#1000619).\n\n - Fix kABI breakage by i2c-designware baytrail fix (bsc#1011913).\n\n - Fix kABI breakage by linux/acpi.h inclusion in i8042-x86ia46io.h (bsc#1011660).\n\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n\n - gro_cells: mark napi struct as not busy poll candidates (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels() (fate#320485).\n\n - hv: change clockevents unbind tactics (fate#320485).\n\n - hv: do not reset hv_context.tsc_page on crash (fate#320485, bnc#1007729).\n\n - hv_netvsc: add ethtool statistics for tx packet issues (fate#320485).\n\n - hv_netvsc: Add handler for physical link speed change (fate#320485).\n\n - hv_netvsc: Add query for initial physical link speed (fate#320485).\n\n - hv_netvsc: count multicast packets received (fate#320485).\n\n - hv_netvsc: dev hold/put reference to VF (fate#320485).\n\n - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf() (fate#320485).\n\n - hv_netvsc: fix comments (fate#320485).\n\n - hv_netvsc: fix rtnl locking in callback (fate#320485).\n\n - hv_netvsc: Implement batching of receive completions (fate#320485).\n\n - hv_netvsc: improve VF device matching (fate#320485).\n\n - hv_netvsc: init completion during alloc (fate#320485).\n\n - hv_netvsc: make device_remove void (fate#320485).\n\n - hv_netvsc: make inline functions static (fate#320485).\n\n - hv_netvsc: make netvsc_destroy_buf void (fate#320485).\n\n - hv_netvsc: make RSS hash key static (fate#320485).\n\n - hv_netvsc: make variable local (fate#320485).\n\n - hv_netvsc: rearrange start_xmit (fate#320485).\n\n - hv_netvsc: refactor completion function (fate#320485).\n\n - hv_netvsc: remove excessive logging on MTU change (fate#320485).\n\n - hv_netvsc: remove VF in flight counters (fate#320485).\n\n - hv_netvsc: report vmbus name in ethtool (fate#320485).\n\n - hv_netvsc: simplify callback event code (fate#320485).\n\n - hv_netvsc: style cleanups (fate#320485).\n\n - hv_netvsc: use ARRAY_SIZE() for NDIS versions (fate#320485).\n\n - hv_netvsc: use consume_skb (fate#320485).\n\n - hv_netvsc: use kcalloc (fate#320485).\n\n - hv_netvsc: use RCU to protect vf_netdev (fate#320485).\n\n - hyperv: Fix spelling of HV_UNKOWN (fate#320485).\n\n - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while holding the punit semaphore (bsc#1011913).\n\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).\n\n - i2c: designware: Implement support for SMBus block read and write (bsc#1019351).\n\n - i2c: xgene: Fix missing code of DTB support (bsc#1019351).\n\n - i40e: Be much more verbose about what we can and cannot offload (bsc#985561).\n\n - i915: Delete previous two fixes for i915 (bsc#1019061).\n These upstream fixes brought some regressions, so better to revert for now.\n\n - i915: Disable patches.drivers/drm-i915-Exit-cherryview_irq_handler-aft er-one-pass The patch seems leading to the instability on Wyse box (bsc#1015367).\n\n - IB/core: Fix possible memory leak in cma_resolve_iboe_route() (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - IB/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148).\n\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n\n - ibmvnic: convert to use simple_open() (bsc#1015416).\n\n - ibmvnic: Driver Version 1.0.1 (bsc#1015416).\n\n - ibmvnic: drop duplicate header seq_file.h (bsc#1015416).\n\n - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416).\n\n - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416).\n\n - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416).\n\n - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (bsc#1015416).\n\n - ibmvnic: Fix size of debugfs name buffer (bsc#1015416).\n\n - ibmvnic: Handle backing device failover and reinitialization (bsc#1015416).\n\n - ibmvnic: Start completion queue negotiation at server-provided optimum values (bsc#1015416).\n\n - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416).\n\n - ibmvnic: Update MTU after device initialization (bsc#1015416).\n\n - igb: add i211 to i210 PHY workaround (bsc#1009911).\n\n - igb: Workaround for igb i210 firmware issue (bsc#1009911).\n\n - Input: i8042 - Trust firmware a bit more when probing on X86 (bsc#1011660).\n\n - intel_idle: Add KBL support (bsc#1016884).\n\n - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).\n\n - ipc/sem.c: add cond_resched in exit_sme (bsc#979378).\n\n - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474 FATE#319812 bsc#969475 FATE#319814).\n\n - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474 FATE#319812 bsc#969475 FATE#319814).\n\n - KABI fix (bsc#1014410).\n\n - kABI: protect struct mm_struct (kabi).\n\n - kABI: protect struct musb_platform_ops (kabi).\n\n - kABI: protect struct task_struct (kabi).\n\n - kABI: protect struct user_fpsimd_state (kabi).\n\n - kABI: protect struct wake_irq (kabi).\n\n - kABI: protect struct xhci_hcd (kabi).\n\n - kABI: protect user_namespace include in fs/exec (kabi).\n\n - kABI: protect user_namespace include in kernel/ptrace (kabi).\n\n - kabi/severities: Ignore changes in drivers/hv\n\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612, fate#313296).\n\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410, fate#313296).\n\n - libnvdimm, pfn: fix align attribute (bsc#1023175).\n\n - locking/pv-qspinlock: Use cmpxchg_release() in\n __pv_queued_spin_unlock() (bsc#969756).\n\n - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212).\n\n - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212).\n\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).\n\n - md-cluster: convert the completion to wait queue (fate#316335).\n\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock (fate#316335).\n\n - md: fix refcount problem on mddev when stopping array (bsc#1022304).\n\n - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446).\n\n - [media] uvcvideo: uvc_scan_fallback() for webcams with broken chain (bsc#1021474).\n\n - misc/genwqe: ensure zero initialization (fate#321595).\n\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for sdhci-arasan4.9a (bsc#1019351).\n\n - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim progress (bnc#1013000).\n\n - mm, memcg: do not retry precharge charges (bnc#1022559).\n\n - mm, page_alloc: fix check for NULL preferred_zone (bnc#971975 VM performance -- page allocator).\n\n - mm, page_alloc: fix fast-path race with cpuset update or removal (bnc#971975 VM performance -- page allocator).\n\n - mm, page_alloc: fix premature OOM when racing with cpuset mems update (bnc#971975 VM performance -- page allocator).\n\n - mm, page_alloc: keep pcp count and list contents in sync if struct page is corrupted (bnc#971975 VM performance\n -- page allocator).\n\n - mm, page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM performance -- page allocator).\n\n - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).\n\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n\n - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).\n\n - net/af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945, LTC#150566).\n\n - net: ethernet: apm: xgene: use phydev from struct net_device (bsc#1019351).\n\n - net/hyperv: avoid uninitialized variable (fate#320485).\n\n - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701).\n\n - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701).\n\n - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191 FATE#320230).\n\n - net/mlx5e: Use correct flow dissector key on flower offloading (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net: remove useless memset's in drivers get_stats64 (bsc#1019351).\n\n - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - netvsc: add rcu_read locking to netvsc callback (fate#320485).\n\n - netvsc: fix checksum on UDP IPV6 (fate#320485).\n\n - netvsc: reduce maximum GSO size (fate#320485).\n\n - netvsc: Remove mistaken udp.h inclusion (fate#320485).\n\n - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).\n\n - net: xgene: fix backward compatibility fix (bsc#1019351).\n\n - net/xgene: fix error handling during reset (bsc#1019351).\n\n - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).\n\n - nfit: fail DSMs that return non-zero status by default (bsc#1023175).\n\n - NFSv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).\n\n - NFSv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).\n\n - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock() (bnc#921494).\n\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n\n - PCI/AER: include header file (bsc#964944,FATE#319965).\n\n - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).\n\n - pci: hv: Allocate physically contiguous hypercall params buffer (fate#320485).\n\n - pci: hv: Delete the device earlier from hbus->children for hot-remove (fate#320485).\n\n - pci: hv: Fix hv_pci_remove() for hot-remove (fate#320485).\n\n - pci: hv: Handle hv_pci_generic_compl() error case (fate#320485).\n\n - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg() (fate#320485).\n\n - pci: hv: Make unnecessarily global IRQ masking functions static (fate#320485).\n\n - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device (fate#320485).\n\n - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail() (fate#320485).\n\n - pci: hv: Use pci_function_description in struct definitions (fate#320485).\n\n - pci: hv: Use the correct buffer size in new_pcichild_device() (fate#320485).\n\n - pci: hv: Use zero-length array in struct pci_packet (fate#320485).\n\n - pci: xgene: Add local struct device pointers (bsc#1019351).\n\n - pci: xgene: Add register accessors (bsc#1019351).\n\n - pci: xgene: Free bridge resource list on failure (bsc#1019351).\n\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n\n - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).\n\n - pci: xgene: Remove unused platform data (bsc#1019351).\n\n - pci: xgene: Request host bridge window resources (bsc#1019351).\n\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n\n - phy: xgene: rename 'enum phy_mode' to 'enum xgene_phy_mode' (bsc#1019351).\n\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n\n - power: reset: xgene-reboot: Unmap region obtained by of_iomap (bsc#1019351).\n\n - qeth: check not more than 16 SBALEs on the completion queue (bnc#1009718, LTC#148203).\n\n - raid1: ignore discard error (bsc#1017164).\n\n - reiserfs: fix race in prealloc discard (bsc#987576).\n\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n\n - rpm/kernel-binary.spec.in: Fix installation of /etc/uefi/certs (bsc#1019594)\n\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n\n - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).\n\n - rtc: cmos: Do not enable interrupts in the middle of the interrupt handler (bsc#1022429).\n\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n\n - s390/cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).\n\n - s390/sysinfo: show partition extended name and UUID if available (bnc#1009718, LTC#150160).\n\n - s390/time: LPAR offset handling (bnc#1009718, LTC#146920).\n\n - s390/time: move PTFF definitions (bnc#1009718, LTC#146920).\n\n - sched: Allow hotplug notifiers to be setup early (bnc#1022476).\n\n - sched/core: Fix incorrect utilization accounting when switching to fair class (bnc#1022476).\n\n - sched/core: Fix set_user_nice() (bnc#1022476).\n\n - sched/core, x86/topology: Fix NUMA in package topology bug (bnc#1022476).\n\n - sched/cputime: Add steal time support to full dynticks CPU time accounting (bnc#1022476).\n\n - sched/cputime: Fix prev steal time accouting during CPU hotplug (bnc#1022476).\n\n - sched/deadline: Always calculate end of period on sched_yield() (bnc#1022476).\n\n - sched/deadline: Fix a bug in dl_overflow() (bnc#1022476).\n\n - sched/deadline: Fix lock pinning warning during CPU hotplug (bnc#1022476).\n\n - sched/deadline: Fix wrap-around in DL heap (bnc#1022476).\n\n - sched/fair: Avoid using decay_load_missed() with a negative value (bnc#1022476).\n\n - sched/fair: Fix fixed point arithmetic width for shares and effective load (bnc#1022476).\n\n - sched/fair: Fix load_above_capacity fixed point arithmetic width (bnc#1022476).\n\n - sched/fair: Fix min_vruntime tracking (bnc#1022476).\n\n - sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task() (bnc#1022476).\n\n - sched/fair: Improve PELT stuff some more (bnc#1022476).\n\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).\n\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).\n\n - sched/rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).\n\n - sched/rt, sched/dl: Do not push if task's scheduling class was changed (bnc#1022476).\n\n - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).\n\n - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).\n\n - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).\n\n - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).\n\n - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels (fate#320485).\n\n - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).\n\n - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).\n\n - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly, too.\n Also, the corresponding entry got removed from supported.conf.\n\n - ses: Fix SAS device detection in enclosure (bsc#1016403).\n\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n\n - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250).\n\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).\n\n - supported.conf: delete xilinx/ll_temac (bsc#1011602)\n\n - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail (bsc#1018813)\n\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n\n - target: check for XCOPY parameter truncation (bsc#991273).\n\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273).\n\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n\n - target: support XCOPY requests without parameters (bsc#991273).\n\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n\n - tools: hv: Enable network manager for bonding scripts on RHEL (fate#320485).\n\n - tools: hv: fix a compile warning in snprintf (fate#320485).\n\n - Tools: hv: kvp: configurable external scripts path (fate#320485).\n\n - Tools: hv: kvp: ensure kvp device fd is closed on exec (fate#320485).\n\n - tools: hv: remove unnecessary header files and netlink related code (fate#320485).\n\n - tools: hv: remove unnecessary link flag (fate#320485).\n\n - tty: n_hdlc, fix lockdep false positive (bnc#1015840).\n\n - Update metadata for serial fixes (bsc#1013001)\n\n - vmbus: make sysfs names consistent with PCI (fate#320485).\n\n - x86/hpet: Reduce HPET counter read contention (bsc#1014710).\n\n - x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (fate#320485).\n\n - x86/MCE: Dump MCE to dmesg if no consumers (bsc#1013994).", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8709", "CVE-2016-7117", "CVE-2016-8645", "CVE-2016-9793", "CVE-2016-9806", "CVE-2016-9919", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5577"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-245.NASL", "href": "https://www.tenable.com/plugins/nessus/97274", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-245.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97274);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8709\", \"CVE-2016-7117\", \"CVE-2016-8645\", \"CVE-2016-9793\", \"CVE-2016-9806\", \"CVE-2016-9919\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-5577\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-245)\");\n script_summary(english:\"Check for the openSUSE-2017-245 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 42.2 kernel was updated to 4.4.42 stable release.\n\nThe following security bugs were fixed :\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077\n 1003253).\n\n - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the\n VC4_SUBMIT_CL IOCTL in the VideoCore DRM driver for\n Raspberry Pi was fixed. (bsc#1021294)\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have\n allowed users to set setgid bits on files they don't\n down. (bsc#1021258).\n\n - CVE-2017-2583: A Linux kernel built with the\n Kernel-based Virtual Machine (CONFIG_KVM) support was\n vulnerable to an incorrect segment selector(SS) value\n error. A user/process inside guest could have used this\n flaw to crash the guest resulting in DoS or potentially\n escalate their privileges inside guest. (bsc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bnc#1019851).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the\n Linux kernel mishandled uid and gid mappings, which\n allowed local users to gain privileges by establishing a\n user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no\n kernel bug here (bnc#959709 bsc#960561).\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bnc#1013540\n 1017589).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531\n bsc#1013542).\n\n - CVE-2016-9919: The icmp6_send function in\n net/ipv6/icmp.c in the Linux kernel omits a certain\n check of the dst data structure, which allowed remote\n attackers to cause a denial of service (panic) via a\n fragmented IPv6 packet (bnc#1014701).\n\nThe following non-security bugs were fixed :\n\n - 8250/fintek: rename IRQ_MODE macro (boo#1009546).\n\n - acpi, nfit: fix bus vs dimm confusion in xlat_status\n (bsc#1023175).\n\n - acpi, nfit, libnvdimm: fix / harden ars_status output\n length handling (bsc#1023175).\n\n - acpi, nfit: validate ars_status output buffer size\n (bsc#1023175).\n\n - arm64/numa: fix incorrect log for memory-less node\n (bsc#1019631).\n\n - ASoC: cht_bsw_rt5645: Fix leftover kmalloc\n (bsc#1010690).\n\n - ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is\n not enabled (bsc#1010690).\n\n - ASoC: rt5670: add HS ground control (bsc#1016250).\n\n - avoid including 'mountproto=' with no protocol in\n /proc/mounts (bsc#1019260).\n\n - bcache: Make gc wakeup sane, remove set_task_state()\n (bsc#1021260).\n\n - bcache: partition support: add 16 minors per bcacheN\n device (bsc#1019784).\n\n - blacklist.conf: add 1b8d2afde54f libnvdimm, pfn: fix\n ARCH=alpha allmodconfig build failure (bsc#1023175).\n\n - blacklist.conf: Add i915 stable commits that can be\n ignored (bsc#1015367)\n\n - blk: Do not collide with QUEUE_FLAG_WC from upstream\n (bsc#1022547)\n\n - blk-mq: Allow timeouts to run while queue is freezing\n (bsc#1020817).\n\n - blk-mq: Always schedule hctx->next_cpu (bsc#1020817).\n\n - blk-mq: Avoid memory reclaim when remapping queues\n (bsc#1020817).\n\n - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).\n\n - blk-mq: Fix failed allocation path when mapping queues\n (bsc#1020817).\n\n - blk-mq: improve warning for running a queue on the wrong\n CPU (bsc#1020817).\n\n - block: Change extern inline to static inline\n (bsc#1023175).\n\n - Bluetooth: btmrvl: fix hung task warning dump\n (bsc#1018813).\n\n - bnx2x: Correct ringparam estimate when DOWN\n (bsc#1020214).\n\n - brcmfmac: Change error print on wlan0 existence\n (bsc#1000092).\n\n - btrfs: add support for RENAME_EXCHANGE and\n RENAME_WHITEOUT (bsc#1020975).\n\n - btrfs: bugfix: handle\n FS_IOC32_(GETFLAGS,SETFLAGS,GETVERSION) in btrfs_ioctl\n (bsc#1018100).\n\n - btrfs: fix inode leak on failure to setup whiteout inode\n in rename (bsc#1020975).\n\n - btrfs: fix lockdep warning about log_mutex\n (bsc#1021455).\n\n - btrfs: fix lockdep warning on deadlock against an\n inode's log mutex (bsc#1021455).\n\n - btrfs: fix number of transaction units for renames with\n whiteout (bsc#1020975).\n\n - btrfs: incremental send, fix invalid paths for rename\n operations (bsc#1018316).\n\n - btrfs: incremental send, fix premature rmdir operations\n (bsc#1018316).\n\n - btrfs: increment ctx->pos for every emitted or skipped\n dirent in readdir (bsc#981709).\n\n - btrfs: pin log earlier when renaming (bsc#1020975).\n\n - btrfs: pin logs earlier when doing a rename exchange\n operation (bsc#1020975).\n\n - btrfs: remove old tree_root dirent processing in\n btrfs_real_readdir() (bsc#981709).\n\n - btrfs: send, add missing error check for calls to\n path_loop() (bsc#1018316).\n\n - btrfs: send, avoid incorrect leaf accesses when sending\n utimes operations (bsc#1018316).\n\n - btrfs: send, fix failure to move directories with the\n same name around (bsc#1018316).\n\n - btrfs: send, fix invalid leaf accesses due to incorrect\n utimes operations (bsc#1018316).\n\n - btrfs: send, fix warning due to late freeing of\n orphan_dir_info structures (bsc#1018316).\n\n - btrfs: test_check_exists: Fix infinite loop when\n searching for free space entries (bsc#987192).\n\n - btrfs: unpin log if rename operation fails\n (bsc#1020975).\n\n - btrfs: unpin logs if rename exchange operation fails\n (bsc#1020975).\n\n - [BZ 149851] kernel: Fix invalid domain response handling\n (bnc#1009718, LTC#149851).\n\n - ceph: fix bad endianness handling in\n parse_reply_info_extra (bsc#1020488).\n\n - clk: xgene: Add PMD clock (bsc#1019351).\n\n - clk: xgene: Do not call __pa on ioremaped address\n (bsc#1019351).\n\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n\n - config: enable Ceph kernel client modules for ppc64le\n (fate#321098)\n\n - config: enable Ceph kernel client modules for s390x\n (fate#321098)\n\n - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2\n (bsc#1015038)\n\n - crypto: drbg - do not call drbg_instantiate in healt\n test (bsc#1018913).\n\n - crypto: drbg - remove FIPS 140-2 continuous test\n (bsc#1018913).\n\n - crypto: FIPS - allow tests to be disabled in FIPS mode\n (bsc#1018913).\n\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n\n - crypto: qat - zero esram only for DH85x devices\n (1021248).\n\n - crypto: rsa - allow keys >= 2048 bits in FIPS mode\n (bsc#1018913).\n\n - crypto: xts - consolidate sanity check for keys\n (bsc#1018913).\n\n - crypto: xts - fix compile errors (bsc#1018913).\n\n - cxl: fix potential NULL dereference in free_adapter()\n (bsc#1016517).\n\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n\n - dax: fix device-dax region base (bsc#1023175).\n\n - device-dax: check devm_nsio_enable() return value\n (bsc#1023175).\n\n - device-dax: fail all private mapping attempts\n (bsc#1023175).\n\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n\n - driver core: fix race between creating/querying glue dir\n and its cleanup (bnc#1008742).\n\n - drivers:hv: balloon: account for gaps in hot add regions\n (fate#320485).\n\n - drivers:hv: balloon: Add logging for dynamic memory\n operations (fate#320485).\n\n - drivers:hv: balloon: Disable hot add when\n CONFIG_MEMORY_HOTPLUG is not set (fate#320485).\n\n - drivers:hv: balloon: Fix info request to show max page\n count (fate#320485).\n\n - drivers:hv: balloon: keep track of where ha_region\n starts (fate#320485).\n\n - drivers:hv: balloon: replace ha_region_mutex with\n spinlock (fate#320485).\n\n - drivers:hv: balloon: Use available memory value in\n pressure report (fate#320485).\n\n - drivers:hv: cleanup vmbus_open() for wrap around\n mappings (fate#320485).\n\n - drivers:hv: do not leak memory in\n vmbus_establish_gpadl() (fate#320485).\n\n - drivers:hv: get rid of id in struct vmbus_channel\n (fate#320485).\n\n - drivers:hv: get rid of redundant messagecount in\n create_gpadl_header() (fate#320485).\n\n - drivers:hv: get rid of timeout in vmbus_open()\n (fate#320485).\n\n - drivers:hv: Introduce a policy for controlling channel\n affinity (fate#320485).\n\n - drivers:hv: make VMBus bus ids persistent (fate#320485).\n\n - drivers:hv: ring_buffer: count on wrap around mappings\n in get_next_pkt_raw() (v2) (fate#320485).\n\n - drivers:hv: ring_buffer: use wrap around mappings in\n hv_copy(from, to)_ringbuffer() (fate#320485).\n\n - drivers:hv: ring_buffer: wrap around mappings for ring\n buffers (fate#320485).\n\n - drivers:hv: utils: Check VSS daemon is listening before\n a hot backup (fate#320485).\n\n - drivers:hv: utils: Continue to poll VSS channel after\n handling requests (fate#320485).\n\n - drivers:hv: utils: fix a race on userspace daemons\n registration (bnc#1014392).\n\n - drivers:hv: utils: Fix the mapping between host version\n and protocol to use (fate#320485).\n\n - drivers:hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout\n (fate#320485).\n\n - drivers:hv: vmbus: Base host signaling strictly on the\n ring state (fate#320485).\n\n - drivers:hv: vmbus: Enable explicit signaling policy for\n NIC channels (fate#320485).\n\n - drivers:hv: vmbus: finally fix\n hv_need_to_signal_on_read() (fate#320485, bug#1018385).\n\n - drivers:hv: vmbus: fix the race when querying & updating\n the percpu list (fate#320485).\n\n - drivers:hv: vmbus: Implement a mechanism to tag the\n channel for low latency (fate#320485).\n\n - drivers: hv: vmbus: Make mmio resource local\n (fate#320485).\n\n - drivers:hv: vmbus: On the read path cleanup the logic to\n interrupt the host (fate#320485).\n\n - drivers:hv: vmbus: On write cleanup the logic to\n interrupt the host (fate#320485).\n\n - drivers:hv: vmbus: Reduce the delay between retries in\n vmbus_post_msg() (fate#320485).\n\n - drivers:hv: vmbus: suppress some 'hv_vmbus: Unknown\n GUID' warnings (fate#320485).\n\n - drivers:hv: vss: Improve log messages (fate#320485).\n\n - drivers:hv: vss: Operation timeouts should match host\n expectation (fate#320485).\n\n - drivers: net: phy: mdio-xgene: Add hardware dependency\n (bsc#1019351).\n\n - drivers: net: phy: xgene: Fix 'remove' function\n (bsc#1019351).\n\n - drivers: net: xgene: Add change_mtu function\n (bsc#1019351).\n\n - drivers: net: xgene: Add flow control configuration\n (bsc#1019351).\n\n - drivers: net: xgene: Add flow control initialization\n (bsc#1019351).\n\n - drivers: net: xgene: Add helper function (bsc#1019351).\n\n - drivers: net: xgene: Add support for Jumbo frame\n (bsc#1019351).\n\n - drivers: net: xgene: Configure classifier with pagepool\n (bsc#1019351).\n\n - drivers: net: xgene: fix build after change_mtu function\n change (bsc#1019351).\n\n - drivers: net: xgene: fix: Coalescing values for v2\n hardware (bsc#1019351).\n\n - drivers: net: xgene: fix: Disable coalescing on v1\n hardware (bsc#1019351).\n\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n\n - drivers: net: xgene: fix: RSS for non-TCP/UDP\n (bsc#1019351).\n\n - drivers: net: xgene: fix: Use GPIO to get link status\n (bsc#1019351).\n\n - drivers: net: xgene: uninitialized variable in\n xgene_enet_free_pagepool() (bsc#1019351).\n\n - drm: Fix broken VT switch with video=1366x768 option\n (bsc#1018358).\n\n - drm/i915: add helpers for platform specific revision id\n range checks (bsc#1015367).\n\n - drm/i915: Apply broader WaRsDisableCoarsePowerGating for\n guc also (bsc#1015367).\n\n - drm/i915/bxt: add revision id for A1 stepping and use it\n (bsc#1015367).\n\n - drm/i915: Call intel_dp_mst_resume() before resuming\n displays (bsc#1015359).\n\n - drm/i915: Cleaning up DDI translation tables\n (bsc#1014392).\n\n - drm/i915: Clean up L3 SQC register field definitions\n (bsc#1014392).\n\n - drm/i915: Do not init hpd polling for vlv and chv from\n runtime_suspend() (bsc#1014120).\n\n - drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re\n\n - drm/i915/dp: Restore PPS HW state from the encoder\n resume hook (bsc#1019061).\n\n - drm/i915/dsi: fix CHV dsi encoder hardware state readout\n on port C (bsc#1015367).\n\n - drm/i915: Exit cherryview_irq_handler() after one pass\n (bsc#1015367).\n\n - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer\n translation entry 2 (bsc#1014392).\n\n - drm/i915: Fix system resume if PCI device remained\n enabled (bsc#1015367).\n\n - drm/i915: Fix watermarks for VLV/CHV (bsc#1011176).\n\n - drm/i915: Force ringbuffers to not be at offset 0\n (bsc#1015367).\n\n - drm/i915: Force VDD off on the new power seqeuencer\n before starting to use it (bsc#1009674).\n\n - drm/i915/gen9: Add WaInPlaceDecompressionHang\n (bsc#1014392).\n\n - drm/i915/gen9: Fix PCODE polling during CDCLK change\n notification (bsc#1015367).\n\n - drm/i915: Mark CPU cache as dirty when used for\n rendering (bsc#1015367).\n\n - drm/i915: Mark i915_hpd_poll_init_work as static\n (bsc#1014120).\n\n - drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port\n\n - drm/i915: Prevent PPS stealing from a normal DP port on\n VLV/CHV (bsc#1019061).\n\n - drm/i915: remove parens around revision ids\n (bsc#1015367).\n\n - drm/i915/skl: Add WaDisableGafsUnitClkGating\n (bsc#1014392).\n\n - drm/i915/skl: Fix rc6 based gpu/system hang\n (bsc#1015367).\n\n - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs\n (bsc#1015367).\n\n - drm/i915/skl: Update DDI translation tables for SKL\n (bsc#1014392).\n\n - drm/i915/skl: Update watermarks before the crtc is\n disabled (bsc#1015367).\n\n - drm/i915: Update Skylake DDI translation table for DP\n (bsc#1014392).\n\n - drm/i915: Update Skylake DDI translation table for HDMI\n (bsc#1014392).\n\n - drm/i915/userptr: Hold mmref whilst calling\n get-user-pages (bsc#1015367).\n\n - drm/i915/vlv: Prevent enabling hpd polling in late\n suspend (bsc#1014120).\n\n - drm/i915: Workaround for DP DPMS D3 on Dell monitor\n (bsc#1019061).\n\n - drm: Use u64 for intermediate dotclock calculations\n (bnc#1006472).\n\n - drm/vc4: Fix an integer overflow in temporary allocation\n layout (bsc#1021294).\n\n - drm/vc4: Return -EINVAL on the overflow checks failing\n (bsc#1021294).\n\n - drm: virtio-gpu: get the fb from the plane state for\n atomic updates (bsc#1023101).\n\n - EDAC, xgene: Fix spelling mistake in error messages\n (bsc#1019351).\n\n - efi/libstub: Move Graphics Output Protocol handling to\n generic code (bnc#974215).\n\n - fbcon: Fix vc attr at deinit (bsc#1000619).\n\n - Fix kABI breakage by i2c-designware baytrail fix\n (bsc#1011913).\n\n - Fix kABI breakage by linux/acpi.h inclusion in\n i8042-x86ia46io.h (bsc#1011660).\n\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n\n - gro_cells: mark napi struct as not busy poll candidates\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n\n - hv: acquire vmbus_connection.channel_mutex in\n vmbus_free_channels() (fate#320485).\n\n - hv: change clockevents unbind tactics (fate#320485).\n\n - hv: do not reset hv_context.tsc_page on crash\n (fate#320485, bnc#1007729).\n\n - hv_netvsc: add ethtool statistics for tx packet issues\n (fate#320485).\n\n - hv_netvsc: Add handler for physical link speed change\n (fate#320485).\n\n - hv_netvsc: Add query for initial physical link speed\n (fate#320485).\n\n - hv_netvsc: count multicast packets received\n (fate#320485).\n\n - hv_netvsc: dev hold/put reference to VF (fate#320485).\n\n - hv_netvsc: fix a race between netvsc_send() and\n netvsc_init_buf() (fate#320485).\n\n - hv_netvsc: fix comments (fate#320485).\n\n - hv_netvsc: fix rtnl locking in callback (fate#320485).\n\n - hv_netvsc: Implement batching of receive completions\n (fate#320485).\n\n - hv_netvsc: improve VF device matching (fate#320485).\n\n - hv_netvsc: init completion during alloc (fate#320485).\n\n - hv_netvsc: make device_remove void (fate#320485).\n\n - hv_netvsc: make inline functions static (fate#320485).\n\n - hv_netvsc: make netvsc_destroy_buf void (fate#320485).\n\n - hv_netvsc: make RSS hash key static (fate#320485).\n\n - hv_netvsc: make variable local (fate#320485).\n\n - hv_netvsc: rearrange start_xmit (fate#320485).\n\n - hv_netvsc: refactor completion function (fate#320485).\n\n - hv_netvsc: remove excessive logging on MTU change\n (fate#320485).\n\n - hv_netvsc: remove VF in flight counters (fate#320485).\n\n - hv_netvsc: report vmbus name in ethtool (fate#320485).\n\n - hv_netvsc: simplify callback event code (fate#320485).\n\n - hv_netvsc: style cleanups (fate#320485).\n\n - hv_netvsc: use ARRAY_SIZE() for NDIS versions\n (fate#320485).\n\n - hv_netvsc: use consume_skb (fate#320485).\n\n - hv_netvsc: use kcalloc (fate#320485).\n\n - hv_netvsc: use RCU to protect vf_netdev (fate#320485).\n\n - hyperv: Fix spelling of HV_UNKOWN (fate#320485).\n\n - i2c: designware-baytrail: Disallow the CPU to enter C6\n or C7 while holding the punit semaphore (bsc#1011913).\n\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI\n (bsc#1019351).\n\n - i2c: designware: Implement support for SMBus block read\n and write (bsc#1019351).\n\n - i2c: xgene: Fix missing code of DTB support\n (bsc#1019351).\n\n - i40e: Be much more verbose about what we can and cannot\n offload (bsc#985561).\n\n - i915: Delete previous two fixes for i915 (bsc#1019061).\n These upstream fixes brought some regressions, so better\n to revert for now.\n\n - i915: Disable\n patches.drivers/drm-i915-Exit-cherryview_irq_handler-aft\n er-one-pass The patch seems leading to the instability\n on Wyse box (bsc#1015367).\n\n - IB/core: Fix possible memory leak in\n cma_resolve_iboe_route() (bsc#966191 FATE#320230\n bsc#966186 FATE#320228).\n\n - IB/mlx5: Fix iteration overrun in GSI qps (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Fix steering resource leak (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n\n - IB/mlx5: Set source mac address in FTE (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n\n - ibmveth: calculate gso_segs for large packets\n (bsc#1019148).\n\n - ibmveth: check return of skb_linearize in\n ibmveth_start_xmit (bsc#1019148).\n\n - ibmveth: consolidate kmalloc of array, memset 0 to\n kcalloc (bsc#1019148).\n\n - ibmveth: set correct gso_size and gso_type\n (bsc#1019148).\n\n - ibmvnic: convert to use simple_open() (bsc#1015416).\n\n - ibmvnic: Driver Version 1.0.1 (bsc#1015416).\n\n - ibmvnic: drop duplicate header seq_file.h (bsc#1015416).\n\n - ibmvnic: fix error return code in ibmvnic_probe()\n (bsc#1015416).\n\n - ibmvnic: Fix GFP_KERNEL allocation in interrupt context\n (bsc#1015416).\n\n - ibmvnic: Fix missing brackets in init_sub_crq_irqs\n (bsc#1015416).\n\n - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt\n context (bsc#1015416).\n\n - ibmvnic: Fix size of debugfs name buffer (bsc#1015416).\n\n - ibmvnic: Handle backing device failover and\n reinitialization (bsc#1015416).\n\n - ibmvnic: Start completion queue negotiation at\n server-provided optimum values (bsc#1015416).\n\n - ibmvnic: Unmap ibmvnic_statistics structure\n (bsc#1015416).\n\n - ibmvnic: Update MTU after device initialization\n (bsc#1015416).\n\n - igb: add i211 to i210 PHY workaround (bsc#1009911).\n\n - igb: Workaround for igb i210 firmware issue\n (bsc#1009911).\n\n - Input: i8042 - Trust firmware a bit more when probing on\n X86 (bsc#1011660).\n\n - intel_idle: Add KBL support (bsc#1016884).\n\n - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).\n\n - ipc/sem.c: add cond_resched in exit_sme (bsc#979378).\n\n - ixgbe: Do not clear RAR entry when clearing VMDq for SAN\n MAC (bsc#969474 FATE#319812 bsc#969475 FATE#319814).\n\n - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths\n (bsc#969474 FATE#319812 bsc#969475 FATE#319814).\n\n - KABI fix (bsc#1014410).\n\n - kABI: protect struct mm_struct (kabi).\n\n - kABI: protect struct musb_platform_ops (kabi).\n\n - kABI: protect struct task_struct (kabi).\n\n - kABI: protect struct user_fpsimd_state (kabi).\n\n - kABI: protect struct wake_irq (kabi).\n\n - kABI: protect struct xhci_hcd (kabi).\n\n - kABI: protect user_namespace include in fs/exec (kabi).\n\n - kABI: protect user_namespace include in kernel/ptrace\n (kabi).\n\n - kabi/severities: Ignore changes in drivers/hv\n\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np\n kthread (bsc#1010612, fate#313296).\n\n - kgraft/xen: Do not block kGraft in xenbus kthread\n (bsc#1017410, fate#313296).\n\n - libnvdimm, pfn: fix align attribute (bsc#1023175).\n\n - locking/pv-qspinlock: Use cmpxchg_release() in\n __pv_queued_spin_unlock() (bsc#969756).\n\n - locking/rtmutex: Prevent dequeue vs. unlock race\n (bsc#1015212).\n\n - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner()\n (bsc#1015212).\n\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc\n (bsc#1019351).\n\n - md-cluster: convert the completion to wait queue\n (fate#316335).\n\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock\n (fate#316335).\n\n - md: fix refcount problem on mddev when stopping array\n (bsc#1022304).\n\n - md linear: fix a race between linear_add() and\n linear_congested() (bsc#1018446).\n\n - [media] uvcvideo: uvc_scan_fallback() for webcams with\n broken chain (bsc#1021474).\n\n - misc/genwqe: ensure zero initialization (fate#321595).\n\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23\n quirks for sdhci-arasan4.9a (bsc#1019351).\n\n - mm: do not loop on GFP_REPEAT high order requests if\n there is no reclaim progress (bnc#1013000).\n\n - mm, memcg: do not retry precharge charges (bnc#1022559).\n\n - mm, page_alloc: fix check for NULL preferred_zone\n (bnc#971975 VM performance -- page allocator).\n\n - mm, page_alloc: fix fast-path race with cpuset update or\n removal (bnc#971975 VM performance -- page allocator).\n\n - mm, page_alloc: fix premature OOM when racing with\n cpuset mems update (bnc#971975 VM performance -- page\n allocator).\n\n - mm, page_alloc: keep pcp count and list contents in sync\n if struct page is corrupted (bnc#971975 VM performance\n -- page allocator).\n\n - mm, page_alloc: move cpuset seqcount checking to\n slowpath (bnc#971975 VM performance -- page allocator).\n\n - mwifiex: add missing check for PCIe8997 chipset\n (bsc#1018813).\n\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n\n - mwifiex: fix PCIe register information for 8997 chipset\n (bsc#1018813).\n\n - net/af_iucv: do not use paged skbs for TX on\n HiperSockets (bnc#1020945, LTC#150566).\n\n - net: ethernet: apm: xgene: use phydev from struct\n net_device (bsc#1019351).\n\n - net/hyperv: avoid uninitialized variable (fate#320485).\n\n - net: icmp6_send should use dst dev to determine L3\n domain (bsc#1014701).\n\n - net: ipv6: tcp reset, icmp need to consider L3 domain\n (bsc#1014701).\n\n - net/mlx4_en: Fix panic on xmit while port is down\n (bsc#966191 FATE#320230).\n\n - net/mlx5e: Use correct flow dissector key on flower\n offloading (bsc#966170 FATE#320225 bsc#966172\n FATE#320226).\n\n - net/mlx5: Fix autogroups groups num not decreasing\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5: Keep autogroups list ordered (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n\n - net: remove useless memset's in drivers get_stats64\n (bsc#1019351).\n\n - net_sched: fix a typo in tc_for_each_action()\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - netvsc: add rcu_read locking to netvsc callback\n (fate#320485).\n\n - netvsc: fix checksum on UDP IPV6 (fate#320485).\n\n - netvsc: reduce maximum GSO size (fate#320485).\n\n - netvsc: Remove mistaken udp.h inclusion (fate#320485).\n\n - net: xgene: avoid bogus maybe-uninitialized warning\n (bsc#1019351).\n\n - net: xgene: fix backward compatibility fix\n (bsc#1019351).\n\n - net/xgene: fix error handling during reset\n (bsc#1019351).\n\n - net: xgene: move xgene_cle_ptree_ewdn data off stack\n (bsc#1019351).\n\n - nfit: fail DSMs that return non-zero status by default\n (bsc#1023175).\n\n - NFSv4: Cap the transport reconnection timer at 1/2 lease\n period (bsc#1014410).\n\n - NFSv4: Cleanup the setting of the nfs4 lease period\n (bsc#1014410).\n\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too\n (bsc#1020685).\n\n - ocfs2: fix deadlock on mmapped page in\n ocfs2_write_begin_nolock() (bnc#921494).\n\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n\n - PCI/AER: include header file (bsc#964944,FATE#319965).\n\n - pci: generic: Fix pci_remap_iospace() failure path\n (bsc#1019630).\n\n - pci: hv: Allocate physically contiguous hypercall params\n buffer (fate#320485).\n\n - pci: hv: Delete the device earlier from hbus->children\n for hot-remove (fate#320485).\n\n - pci: hv: Fix hv_pci_remove() for hot-remove\n (fate#320485).\n\n - pci: hv: Handle hv_pci_generic_compl() error case\n (fate#320485).\n\n - pci: hv: Handle vmbus_sendpacket() failure in\n hv_compose_msi_msg() (fate#320485).\n\n - pci: hv: Make unnecessarily global IRQ masking functions\n static (fate#320485).\n\n - pci: hv: Remove the unused 'wrk' in struct\n hv_pcibus_device (fate#320485).\n\n - pci: hv: Use list_move_tail() instead of list_del() +\n list_add_tail() (fate#320485).\n\n - pci: hv: Use pci_function_description in struct\n definitions (fate#320485).\n\n - pci: hv: Use the correct buffer size in\n new_pcichild_device() (fate#320485).\n\n - pci: hv: Use zero-length array in struct pci_packet\n (fate#320485).\n\n - pci: xgene: Add local struct device pointers\n (bsc#1019351).\n\n - pci: xgene: Add register accessors (bsc#1019351).\n\n - pci: xgene: Free bridge resource list on failure\n (bsc#1019351).\n\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n\n - pci: xgene: Pass struct xgene_pcie_port to setup\n functions (bsc#1019351).\n\n - pci: xgene: Remove unused platform data (bsc#1019351).\n\n - pci: xgene: Request host bridge window resources\n (bsc#1019351).\n\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n\n - phy: xgene: rename 'enum phy_mode' to 'enum\n xgene_phy_mode' (bsc#1019351).\n\n - powerpc/fadump: Fix the race in crash_fadump()\n (bsc#1022971).\n\n - power: reset: xgene-reboot: Unmap region obtained by\n of_iomap (bsc#1019351).\n\n - qeth: check not more than 16 SBALEs on the completion\n queue (bnc#1009718, LTC#148203).\n\n - raid1: ignore discard error (bsc#1017164).\n\n - reiserfs: fix race in prealloc discard (bsc#987576).\n\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file\n (bsc#1012422)\n\n - rpm/kernel-binary.spec.in: Fix installation of\n /etc/uefi/certs (bsc#1019594)\n\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n\n - rtc: cmos: Clear ACPI-driven alarms upon resume\n (bsc#1022429).\n\n - rtc: cmos: Do not enable interrupts in the middle of the\n interrupt handler (bsc#1022429).\n\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n\n - s390/cpuinfo: show maximum thread id (bnc#1009718,\n LTC#148580).\n\n - s390/sysinfo: show partition extended name and UUID if\n available (bnc#1009718, LTC#150160).\n\n - s390/time: LPAR offset handling (bnc#1009718,\n LTC#146920).\n\n - s390/time: move PTFF definitions (bnc#1009718,\n LTC#146920).\n\n - sched: Allow hotplug notifiers to be setup early\n (bnc#1022476).\n\n - sched/core: Fix incorrect utilization accounting when\n switching to fair class (bnc#1022476).\n\n - sched/core: Fix set_user_nice() (bnc#1022476).\n\n - sched/core, x86/topology: Fix NUMA in package topology\n bug (bnc#1022476).\n\n - sched/cputime: Add steal time support to full dynticks\n CPU time accounting (bnc#1022476).\n\n - sched/cputime: Fix prev steal time accouting during CPU\n hotplug (bnc#1022476).\n\n - sched/deadline: Always calculate end of period on\n sched_yield() (bnc#1022476).\n\n - sched/deadline: Fix a bug in dl_overflow()\n (bnc#1022476).\n\n - sched/deadline: Fix lock pinning warning during CPU\n hotplug (bnc#1022476).\n\n - sched/deadline: Fix wrap-around in DL heap\n (bnc#1022476).\n\n - sched/fair: Avoid using decay_load_missed() with a\n negative value (bnc#1022476).\n\n - sched/fair: Fix fixed point arithmetic width for shares\n and effective load (bnc#1022476).\n\n - sched/fair: Fix load_above_capacity fixed point\n arithmetic width (bnc#1022476).\n\n - sched/fair: Fix min_vruntime tracking (bnc#1022476).\n\n - sched/fair: Fix the wrong throttled clock time for\n cfs_rq_clock_task() (bnc#1022476).\n\n - sched/fair: Improve PELT stuff some more (bnc#1022476).\n\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline\n (bnc#1022476).\n\n - sched/rt: Fix PI handling vs. sched_setscheduler()\n (bnc#1022476).\n\n - sched/rt: Kick RT bandwidth timer immediately on start\n up (bnc#1022476).\n\n - sched/rt, sched/dl: Do not push if task's scheduling\n class was changed (bnc#1022476).\n\n - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).\n\n - scsi: bfa: Increase requested firmware version to\n 3.2.5.1 (bsc#1013273).\n\n - scsi_dh_alua: uninitialized variable in alua_rtpg()\n (bsc#1012910).\n\n - scsi: Modify HITACHI OPEN-V blacklist entry\n (bsc#1006469).\n\n - scsi: storvsc: Payload buffer incorrectly sized for 32\n bit kernels (fate#320485).\n\n - sd: always scan VPD pages if thin provisioning is\n enabled (bsc#1013792).\n\n - serial: 8250_fintek: fix the mismatched IRQ mode\n (boo#1009546).\n\n - serial: 8250: Integrate Fintek into 8250_base\n (boo#1016979). Update config files to change\n CONFIG_SERIAL_8250_FINTEK to boolean accordingly, too.\n Also, the corresponding entry got removed from\n supported.conf.\n\n - ses: Fix SAS device detection in enclosure\n (bsc#1016403).\n\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n\n - sunrpc: fix refcounting problems with auth_gss messages\n (boo#1011250).\n\n - sunrpc: Limit the reconnect backoff timer to the max RPC\n message timeout (bsc#1014410).\n\n - supported.conf: delete xilinx/ll_temac (bsc#1011602)\n\n - supported.conf: Support Marvell WiFi/BT SDIO and\n pinctrl-cherrytrail (bsc#1018813)\n\n - target: add XCOPY target/segment desc sense codes\n (bsc#991273).\n\n - target: bounds check XCOPY segment descriptor list\n (bsc#991273).\n\n - target: bounds check XCOPY total descriptor list length\n (bsc#991273).\n\n - target: check for XCOPY parameter truncation\n (bsc#991273).\n\n - target: check XCOPY segment descriptor CSCD IDs\n (bsc#1017170).\n\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE\n sense (bsc#991273).\n\n - target: simplify XCOPY wwn->se_dev lookup helper\n (bsc#991273).\n\n - target: support XCOPY requests without parameters\n (bsc#991273).\n\n - target: use XCOPY segment descriptor CSCD IDs\n (bsc#1017170).\n\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense\n (bsc#991273).\n\n - tools: hv: Enable network manager for bonding scripts on\n RHEL (fate#320485).\n\n - tools: hv: fix a compile warning in snprintf\n (fate#320485).\n\n - Tools: hv: kvp: configurable external scripts path\n (fate#320485).\n\n - Tools: hv: kvp: ensure kvp device fd is closed on exec\n (fate#320485).\n\n - tools: hv: remove unnecessary header files and netlink\n related code (fate#320485).\n\n - tools: hv: remove unnecessary link flag (fate#320485).\n\n - tty: n_hdlc, fix lockdep false positive (bnc#1015840).\n\n - Update metadata for serial fixes (bsc#1013001)\n\n - vmbus: make sysfs names consistent with PCI\n (fate#320485).\n\n - x86/hpet: Reduce HPET counter read contention\n (bsc#1014710).\n\n - x86/hyperv: Handle unknown NMIs on one CPU when\n unknown_nmi_panic (fate#320485).\n\n - x86/MCE: Dump MCE to dmesg if no consumers\n (bsc#1013994).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=921494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991273\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.46-11.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.46-11.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.46-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.46-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:45", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption.\n (bsc#1013531).\n\n - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2015-8964", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7425", "CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8645", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9793", "CVE-2016-9919"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0181-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0181-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96603);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2015-8964\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7425\", \"CVE-2016-7913\", \"CVE-2016-7917\", \"CVE-2016-8645\", \"CVE-2016-8666\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9793\", \"CVE-2016-9919\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x\n provides an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7039: The IP stack in the Linux kernel allowed\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for large\n crafted packets, as demonstrated by packets that contain\n only VLAN headers, a related issue to CVE-2016-8666\n (bnc#1001486).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel through 4.8.2,\n when the GNU Compiler Collection (gcc) stack protector\n is enabled, uses an incorrect buffer size for certain\n timeout data, which allowed local users to cause a\n denial of service (stack memory corruption and panic) by\n reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in\n net/netfilter/nfnetlink.c in the Linux kernel did not\n check whether a batch message's length field is large\n enough, which allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (infinite loop or out-of-bounds read) by\n leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039 (bnc#1003964).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misuses the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE\n setsockopt() implementation was fixed, which allowed\n CAP_NET_ADMIN users to cause memory corruption.\n (bsc#1013531).\n\n - CVE-2016-9919: The icmp6_send function in\n net/ipv6/icmp.c in the Linux kernel omits a certain\n check of the dst data structure, which allowed remote\n attackers to cause a denial of service (panic) via a\n fragmented IPv6 packet (bnc#1014701).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7039/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9084/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9919/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170181-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78a2e8c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-87=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-87=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.38-93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T13:47:50", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):Use-after-free vulnerability in driverset/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.(CVE-2013-4343)It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042)A flaw was found in the Linux kernel that fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. This allows local users to cause a denial of service by modifying a certain e_cpos field.(CVE-2017-18224)The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel, up to and including 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.(CVE-2014-4171)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.\n When the candidate has been publicized, the details for this candidate will be provided.(CVE-2018-1095)A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.(CVE-2014-5077)A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.(CVE-2018-13405)In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.(CVE-2019-6974)A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)-i1/4zfrag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.(CVE-2017-7477)Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.(CVE-2013-4511)It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.(CVE-2017-12190)An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).(CVE-2018-19854)The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.(CVE-2018-18397)The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.(CVE-2017-7277)A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory.\n A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack.(CVE-2015-6252)A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system.(CVE-2015-5156)The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.(CVE-2016-2068)The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.(CVE-2016-9919)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4343", "CVE-2013-4511", "CVE-2014-4171", "CVE-2014-5077", "CVE-2015-5156", "CVE-2015-6252", "CVE-2016-2068", "CVE-2016-7042", "CVE-2016-9919", "CVE-2017-12190", "CVE-2017-18224", "CVE-2017-7277", "CVE-2017-7477", "CVE-2017-9075", "CVE-2018-1095", "CVE-2018-13405", "CVE-2018-18397", "CVE-2018-19854", "CVE-2018-6412", "CVE-2019-6974"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1531.NASL", "href": "https://www.tenable.com/plugins/nessus/124984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124984);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2013-4343\",\n \"CVE-2013-4511\",\n \"CVE-2014-4171\",\n \"CVE-2014-5077\",\n \"CVE-2015-5156\",\n \"CVE-2015-6252\",\n \"CVE-2016-2068\",\n \"CVE-2016-7042\",\n \"CVE-2016-9919\",\n \"CVE-2017-12190\",\n \"CVE-2017-18224\",\n \"CVE-2017-7277\",\n \"CVE-2017-7477\",\n \"CVE-2017-9075\",\n \"CVE-2018-1095\",\n \"CVE-2018-13405\",\n \"CVE-2018-18397\",\n \"CVE-2018-19854\",\n \"CVE-2018-6412\",\n \"CVE-2019-6974\"\n );\n script_bugtraq_id(\n 62360,\n 63512,\n 68157,\n 68881\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1531)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):Use-after-free\n vulnerability in driverset/tun.c in the Linux kernel\n through 3.11.1 allows local users to gain privileges by\n leveraging the CAP_NET_ADMIN capability and providing\n an invalid tuntap interface name in a TUNSETIFF ioctl\n call.(CVE-2013-4343)It was found that when the gcc\n stack protector was enabled, reading the /proc/keys\n file could cause a panic in the Linux kernel due to\n stack corruption. This happened because an incorrect\n buffer size was used to hold a 64-bit timeout value\n rendered as weeks.(CVE-2016-7042)A flaw was found in\n the Linux kernel that fs/ocfs2/aops.c omits use of a\n semaphore and consequently has a race condition for\n access to the extent tree during read operations in\n DIRECT mode. This allows local users to cause a denial\n of service by modifying a certain e_cpos\n field.(CVE-2017-18224)The sctp_v6_create_accept_sk\n function in net/sctp/ipv6.c in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2017-9075)In\n the function sbusfb_ioctl_helper() in\n drivers/video/fbdev/sbuslib.c in the Linux kernel, up\n to and including 4.15, an integer signedness error\n allows arbitrary information leakage for the\n FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC\n commands.(CVE-2018-6412)A race condition flaw was found\n in the way the Linux kernel's mmap(2), madvise(2), and\n fallocate(2) system calls interacted with each other\n while operating on virtual memory file system files. A\n local user could use this flaw to cause a denial of\n service.(CVE-2014-4171)** RESERVED ** This candidate\n has been reserved by an organization or individual that\n will use it when announcing a new security problem.\n When the candidate has been publicized, the details for\n this candidate will be provided.(CVE-2018-1095)A NULL\n pointer dereference flaw was found in the way the Linux\n kernel's Stream Control Transmission Protocol (SCTP)\n implementation handled simultaneous connections between\n the same hosts. A remote attacker could use this flaw\n to crash the system.(CVE-2014-5077)A vulnerability was\n found in the fs/inode.c:inode_init_owner() function\n logic of the LInux kernel that allows local users to\n create files with an unintended group ownership and\n with group execution and SGID permission bits set, in a\n scenario where a directory is SGID and belongs to a\n certain group and is writable by a user who is not a\n member of this group. This can lead to excessive\n permissions granted in case when they should\n not.(CVE-2018-13405)In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)A\n flaw was found in the way Linux kernel allocates heap\n memory to build the scattergather list from a fragment\n list(skb_shinfo(skb)-i1/4zfrag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if\n 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST'\n feature are both used together. A remote user or\n process could use this flaw to potentially escalate\n their privilege on a system.(CVE-2017-7477)Multiple\n integer overflows in Alchemy LCD frame-buffer drivers\n in the Linux kernel before 3.12 allow local users to\n create a read-write memory mapping for the entirety of\n kernel memory, and consequently gain privileges, via\n crafted mmap operations, related to the (1)\n au1100fb_fb_mmap function in drivers/video/au1100fb.c\n and the (2) au1200fb_fb_mmap function in\n drivers/video/au1200fb.c.(CVE-2013-4511)It was found\n that in the Linux kernel through v4.14-rc5,\n bio_map_user_iov() and bio_unmap_user() in\n 'block/bio.c' do unbalanced pages refcounting if IO\n vector has small consecutive buffers belonging to the\n same page. bio_add_pc_page() merges them into one, but\n the page reference is never dropped, causing a memory\n leak and possible system lockup due to out-of-memory\n condition.(CVE-2017-12190)An issue was discovered in\n the Linux kernel before 4.19.3. crypto_report_one() and\n related functions in crypto/crypto_user.c (the crypto\n user configuration API) do not fully initialize\n structures that are copied to userspace, potentially\n leaking sensitive memory to user programs. NOTE: this\n is a CVE-2013-2547 regression but with easier\n exploitability because the attacker does not need a\n capability (however, the system must have the\n CONFIG_CRYPTO_USER kconfig option).(CVE-2018-19854)The\n userfaultfd implementation in the Linux kernel before\n 4.19.7 mishandles access control for certain UFFDIO_\n ioctl calls, as demonstrated by allowing local users to\n write data into holes in a tmpfs file (if the user has\n read-only access to that file, and that file contains\n holes), related to fs/userfaultfd.c and\n mm/userfaultfd.c.(CVE-2018-18397)The TCP stack in the\n Linux kernel through 4.10.6 mishandles the\n SCM_TIMESTAMPING_OPT_STATS feature, which allows local\n users to obtain sensitive information from the kernel's\n internal socket data structures or cause a denial of\n service (out-of-bounds read) via crafted system calls,\n related to net/core/skbuff.c and\n net/socket.c.(CVE-2017-7277)A flaw was found in the way\n the Linux kernel's vhost driver treated userspace\n provided log file descriptor when processing the\n VHOST_SET_LOG_FD ioctl command. The file descriptor was\n never released and continued to consume kernel memory.\n A privileged local user with access to the\n /dev/vhost-net files could use this flaw to create a\n denial-of-service attack.(CVE-2015-6252)A buffer\n overflow flaw was found in the way the Linux kernel's\n virtio-net subsystem handled certain fraglists when the\n GRO (Generic Receive Offload) functionality was enabled\n in a bridged network configuration. An attacker on the\n local network could potentially use this flaw to crash\n the system, or, although unlikely, elevate their\n privileges on the system.(CVE-2015-5156)The MSM QDSP6\n audio driver (aka sound driver) for the Linux kernel\n 3.x, as used in Qualcomm Innovation Center (QuIC)\n Android contributions for MSM devices and other\n products, allows attackers to gain privileges or cause\n a denial of service (integer overflow, and buffer\n overflow or buffer over-read) via a crafted application\n that performs a (1) AUDIO_EFFECTS_WRITE or (2)\n AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug\n CR1006609.(CVE-2016-2068)The icmp6_send function in\n net/ipv6/icmp.c in the Linux kernel through 4.8.12\n omits a certain check of the dst data structure which\n allows remote attackers to cause a denial of service\n (panic) via a fragmented IPv6 packet.(CVE-2016-9919)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1531\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a754e398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9075\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-06-03T15:47:07", "description": "## Releases\n\n * Ubuntu 16.10 \n\n## Packages\n\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nAndrey Konovalov discovered that the ipv6 icmp implementation in the Linux \nkernel did not properly check data structures on send. A remote attacker \ncould use this to cause a denial of service (system crash). (CVE-2016-9919)\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). (CVE-2016-9793)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9793", "CVE-2016-9919"], "modified": "2017-01-11T00:00:00", "id": "USN-3170-2", "href": "https://ubuntu.com/security/notices/USN-3170-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2017-02-13T21:00:01", "description": "The openSUSE 42.2 kernel was updated to 4.4.42 stable release.\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077 1003253).\n - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL\n IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed.\n (bsc#1021294)\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down. (bsc#1021258).\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local users to gain\n privileges by establishing a user namespace, waiting for a root process\n to enter that namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states &quot;there is no kernel bug\n here (bnc#959709 bsc#960561).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531 bsc#1013542).\n - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux\n kernel omits a certain check of the dst data structure, which allowed\n remote attackers to cause a denial of service (panic) via a fragmented\n IPv6 packet (bnc#1014701).\n\n The following non-security bugs were fixed:\n\n - 8250/fintek: rename IRQ_MODE macro (boo#1009546).\n - acpi, nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).\n - acpi, nfit, libnvdimm: fix / harden ars_status output length handling\n (bsc#1023175).\n - acpi, nfit: validate ars_status output buffer size (bsc#1023175).\n - arm64/numa: fix incorrect log for memory-less node (bsc#1019631).\n - ASoC: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).\n - ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled\n (bsc#1010690).\n - ASoC: rt5670: add HS ground control (bsc#1016250).\n - avoid including &quot;mountproto=&quot; with no protocol in /proc/mounts\n (bsc#1019260).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1019784).\n - blacklist.conf: add 1b8d2afde54f libnvdimm, pfn: fix ARCH=alpha\n allmodconfig build failure (bsc#1023175).\n - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367)\n - blk: Do not collide with QUEUE_FLAG_WC from upstream (bsc#1022547)\n - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).\n - blk-mq: Always schedule hctx-&gt;next_cpu (bsc#1020817).\n - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).\n - blk-mq: do not overwrite rq-&gt;mq_ctx (bsc#1020817).\n - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).\n - blk-mq: improve warning for running a queue on the wrong CPU\n (bsc#1020817).\n - block: Change extern inline to static inline (bsc#1023175).\n - Bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - brcmfmac: Change error print on wlan0 existence (bsc#1000092).\n - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: fix inode leak on failure to setup whiteout inode in rename\n (bsc#1020975).\n - btrfs: fix lockdep warning about log_mutex (bsc#1021455).\n - btrfs: fix lockdep warning on deadlock against an inode's log mutex\n (bsc#1021455).\n - btrfs: fix number of transaction units for renames with whiteout\n (bsc#1020975).\n - btrfs: incremental send, fix invalid paths for rename operations\n (bsc#1018316).\n - btrfs: incremental send, fix premature rmdir operations (bsc#1018316).\n - btrfs: increment ctx-&gt;pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: pin log earlier when renaming (bsc#1020975).\n - btrfs: pin logs earlier when doing a rename exchange operation\n (bsc#1020975).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, add missing error check for calls to path_loop()\n (bsc#1018316).\n - btrfs: send, avoid incorrect leaf accesses when sending utimes\n operations (bsc#1018316).\n - btrfs: send, fix failure to move directories with the same name around\n (bsc#1018316).\n - btrfs: send, fix invalid leaf accesses due to incorrect utimes\n operations (bsc#1018316).\n - btrfs: send, fix warning due to late freeing of orphan_dir_info\n structures (bsc#1018316).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: unpin log if rename operation fails (bsc#1020975).\n - btrfs: unpin logs if rename exchange operation fails (bsc#1020975).\n - [BZ 149851] kernel: Fix invalid domain response handling (bnc#1009718,\n LTC#149851).\n - ceph: fix bad endianness handling in parse_reply_info_extra\n (bsc#1020488).\n - clk: xgene: Add PMD clock (bsc#1019351).\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n - config: enable Ceph kernel client modules for ppc64le (fate#321098)\n - config: enable Ceph kernel client modules for s390x (fate#321098)\n - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)\n - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).\n - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).\n - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n - crypto: qat - zero esram only for DH85x devices (1021248).\n - crypto: rsa - allow keys &gt;= 2048 bits in FIPS mode (bsc#1018913).\n - crypto: xts - consolidate sanity check for keys (bsc#1018913).\n - crypto: xts - fix compile errors (bsc#1018913).\n - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n - dax: fix device-dax region base (bsc#1023175).\n - device-dax: check devm_nsio_enable() return value (bsc#1023175).\n - device-dax: fail all private mapping attempts (bsc#1023175).\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n - driver core: fix race between creating/querying glue dir and its cleanup\n (bnc#1008742).\n - drivers:hv: balloon: account for gaps in hot add regions (fate#320485).\n - drivers:hv: balloon: Add logging for dynamic memory operations\n (fate#320485).\n - drivers:hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not\n set (fate#320485).\n - drivers:hv: balloon: Fix info request to show max page count\n (fate#320485).\n - drivers:hv: balloon: keep track of where ha_region starts (fate#320485).\n - drivers:hv: balloon: replace ha_region_mutex with spinlock (fate#320485).\n - drivers:hv: balloon: Use available memory value in pressure report\n (fate#320485).\n - drivers:hv: cleanup vmbus_open() for wrap around mappings (fate#320485).\n - drivers:hv: do not leak memory in vmbus_establish_gpadl() (fate#320485).\n - drivers:hv: get rid of id in struct vmbus_channel (fate#320485).\n - drivers:hv: get rid of redundant messagecount in create_gpadl_header()\n (fate#320485).\n - drivers:hv: get rid of timeout in vmbus_open() (fate#320485).\n - drivers:hv: Introduce a policy for controlling channel affinity\n (fate#320485).\n - drivers:hv: make VMBus bus ids persistent (fate#320485).\n - drivers:hv: ring_buffer: count on wrap around mappings in\n get_next_pkt_raw() (v2) (fate#320485).\n - drivers:hv: ring_buffer: use wrap around mappings in hv_copy{from,\n to}_ringbuffer() (fate#320485).\n - drivers:hv: ring_buffer: wrap around mappings for ring buffers\n (fate#320485).\n - drivers:hv: utils: Check VSS daemon is listening before a hot backup\n (fate#320485).\n - drivers:hv: utils: Continue to poll VSS channel after handling requests\n (fate#320485).\n - drivers:hv: utils: fix a race on userspace daemons registration\n (bnc#1014392).\n - drivers:hv: utils: Fix the mapping between host version and protocol to\n use (fate#320485).\n - drivers:hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (fate#320485).\n - drivers:hv: vmbus: Base host signaling strictly on the ring state\n (fate#320485).\n - drivers:hv: vmbus: Enable explicit signaling policy for NIC channels\n (fate#320485).\n - drivers:hv: vmbus: finally fix hv_need_to_signal_on_read() (fate#320485,\n bug#1018385).\n - drivers:hv: vmbus: fix the race when querying &amp; updating the percpu list\n (fate#320485).\n - drivers:hv: vmbus: Implement a mechanism to tag the channel for low\n latency (fate#320485).\n - drivers: hv: vmbus: Make mmio resource local (fate#320485).\n - drivers:hv: vmbus: On the read path cleanup the logic to interrupt the\n host (fate#320485).\n - drivers:hv: vmbus: On write cleanup the logic to interrupt the host\n (fate#320485).\n - drivers:hv: vmbus: Reduce the delay between retries in vmbus_post_msg()\n (fate#320485).\n - drivers:hv: vmbus: suppress some &quot;hv_vmbus: Unknown GUID&quot; warnings\n (fate#320485).\n - drivers:hv: vss: Improve log messages (fate#320485).\n - drivers:hv: vss: Operation timeouts should match host expectation\n (fate#320485).\n - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).\n - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).\n - drivers: net: xgene: Add change_mtu function (bsc#1019351).\n - drivers: net: xgene: Add flow control configuration (bsc#1019351).\n - drivers: net: xgene: Add flow control initialization (bsc#1019351).\n - drivers: net: xgene: Add helper function (bsc#1019351).\n - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).\n - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).\n - drivers: net: xgene: fix build after change_mtu function change\n (bsc#1019351).\n - drivers: net: xgene: fix: Coalescing values for v2 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: Disable coalescing on v1 hardware\n (bsc#1019351).\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).\n - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).\n - drivers: net: xgene: uninitialized variable in\n xgene_enet_free_pagepool() (bsc#1019351).\n - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).\n - drm/i915: add helpers for platform specific revision id range checks\n (bsc#1015367).\n - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also\n (bsc#1015367).\n - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367).\n - drm/i915: Call intel_dp_mst_resume() before resuming displays\n (bsc#1015359).\n - drm/i915: Cleaning up DDI translation tables (bsc#1014392).\n - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392).\n - drm/i915: Do not init hpd polling for vlv and chv from runtime_suspend()\n (bsc#1014120).\n - drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re\n - drm/i915/dp: Restore PPS HW state from the encoder resume hook\n (bsc#1019061).\n - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C\n (bsc#1015367).\n - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367).\n - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry\n 2 (bsc#1014392).\n - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367).\n - drm/i915: Fix watermarks for VLV/CHV (bsc#1011176).\n - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367).\n - drm/i915: Force VDD off on the new power seqeuencer before starting to\n use it (bsc#1009674).\n - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392).\n - drm/i915/gen9: Fix PCODE polling during CDCLK change notification\n (bsc#1015367).\n - drm/i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).\n - drm/i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).\n - drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port\n - drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV\n (bsc#1019061).\n - drm/i915: remove parens around revision ids (bsc#1015367).\n - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392).\n - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367).\n - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367).\n - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392).\n - drm/i915/skl: Update watermarks before the crtc is disabled\n (bsc#1015367).\n - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392).\n - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392).\n - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367).\n - drm/i915/vlv: Prevent enabling hpd polling in late suspend (bsc#1014120).\n - drm/i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).\n - drm: Use u64 for intermediate dotclock calculations (bnc#1006472).\n - drm/vc4: Fix an integer overflow in temporary allocation layout\n (bsc#1021294).\n - drm/vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).\n - drm: virtio-gpu: get the fb from the plane state for atomic updates\n (bsc#1023101).\n - EDAC, xgene: Fix spelling mistake in error messages (bsc#1019351).\n - efi/libstub: Move Graphics Output Protocol handling to generic code\n (bnc#974215).\n - fbcon: Fix vc attr at deinit (bsc#1000619).\n - Fix kABI breakage by i2c-designware baytrail fix (bsc#1011913).\n - Fix kABI breakage by linux/acpi.h inclusion in i8042-x86ia46io.h\n (bsc#1011660).\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n - gro_cells: mark napi struct as not busy poll candidates (bsc#966191\n FATE#320230 bsc#966186 FATE#320228).\n - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels()\n (fate#320485).\n - hv: change clockevents unbind tactics (fate#320485).\n - hv: do not reset hv_context.tsc_page on crash (fate#320485, bnc#1007729).\n - hv_netvsc: add ethtool statistics for tx packet issues (fate#320485).\n - hv_netvsc: Add handler for physical link speed change (fate#320485).\n - hv_netvsc: Add query for initial physical link speed (fate#320485).\n - hv_netvsc: count multicast packets received (fate#320485).\n - hv_netvsc: dev hold/put reference to VF (fate#320485).\n - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf()\n (fate#320485).\n - hv_netvsc: fix comments (fate#320485).\n - hv_netvsc: fix rtnl locking in callback (fate#320485).\n - hv_netvsc: Implement batching of receive completions (fate#320485).\n - hv_netvsc: improve VF device matching (fate#320485).\n - hv_netvsc: init completion during alloc (fate#320485).\n - hv_netvsc: make device_remove void (fate#320485).\n - hv_netvsc: make inline functions static (fate#320485).\n - hv_netvsc: make netvsc_destroy_buf void (fate#320485).\n - hv_netvsc: make RSS hash key static (fate#320485).\n - hv_netvsc: make variable local (fate#320485).\n - hv_netvsc: rearrange start_xmit (fate#320485).\n - hv_netvsc: refactor completion function (fate#320485).\n - hv_netvsc: remove excessive logging on MTU change (fate#320485).\n - hv_netvsc: remove VF in flight counters (fate#320485).\n - hv_netvsc: report vmbus name in ethtool (fate#320485).\n - hv_netvsc: simplify callback event code (fate#320485).\n - hv_netvsc: style cleanups (fate#320485).\n - hv_netvsc: use ARRAY_SIZE() for NDIS versions (fate#320485).\n - hv_netvsc: use consume_skb (fate#320485).\n - hv_netvsc: use kcalloc (fate#320485).\n - hv_netvsc: use RCU to protect vf_netdev (fate#320485).\n - hyperv: Fix spelling of HV_UNKOWN (fate#320485).\n - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while\n holding the punit semaphore (bsc#1011913).\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).\n - i2c: designware: Implement support for SMBus block read and write\n (bsc#1019351).\n - i2c: xgene: Fix missing code of DTB support (bsc#1019351).\n - i40e: Be much more verbose about what we can and cannot offload\n (bsc#985561).\n - i915: Delete previous two fixes for i915 (bsc#1019061). These upstream\n fixes brought some regressions, so better to revert for now.\n - i915: Disable\n patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The\n patch seems leading to the instability on Wyse box (bsc#1015367).\n - IB/core: Fix possible memory leak in cma_resolve_iboe_route()\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - IB/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - IB/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172\n FATE#320226).\n - IB/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - ibmvnic: convert to use simple_open() (bsc#1015416).\n - ibmvnic: Driver Version 1.0.1 (bsc#1015416).\n - ibmvnic: drop duplicate header seq_file.h (bsc#1015416).\n - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416).\n - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416).\n - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416).\n - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context\n (bsc#1015416).\n - ibmvnic: Fix size of debugfs name buffer (bsc#1015416).\n - ibmvnic: Handle backing device failover and reinitialization\n (bsc#1015416).\n - ibmvnic: Start completion queue negotiation at server-provided optimum\n values (bsc#1015416).\n - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416).\n - ibmvnic: Update MTU after device initialization (bsc#1015416).\n - igb: add i211 to i210 PHY workaround (bsc#1009911).\n - igb: Workaround for igb i210 firmware issue (bsc#1009911).\n - Input: i8042 - Trust firmware a bit more when probing on X86\n (bsc#1011660).\n - intel_idle: Add KBL support (bsc#1016884).\n - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).\n - ipc/sem.c: add cond_resched in exit_sme (bsc#979378).\n - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474\n FATE#319812 bsc#969475 FATE#319814).\n - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474\n FATE#319812 bsc#969475 FATE#319814).\n - KABI fix (bsc#1014410).\n - kABI: protect struct mm_struct (kabi).\n - kABI: protect struct musb_platform_ops (kabi).\n - kABI: protect struct task_struct (kabi).\n - kABI: protect struct user_fpsimd_state (kabi).\n - kABI: protect struct wake_irq (kabi).\n - kABI: protect struct xhci_hcd (kabi).\n - kABI: protect user_namespace include in fs/exec (kabi).\n - kABI: protect user_namespace include in kernel/ptrace (kabi).\n - kabi/severities: Ignore changes in drivers/hv\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612, fate#313296).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,\n fate#313296).\n - libnvdimm, pfn: fix align attribute (bsc#1023175).\n - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock()\n (bsc#969756).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212).\n - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212).\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).\n - md-cluster: convert the completion to wait queue (fate#316335).\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock (fate#316335).\n - md: fix refcount problem on mddev when stopping array (bsc#1022304).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - [media] uvcvideo: uvc_scan_fallback() for webcams with broken chain\n (bsc#1021474).\n - misc/genwqe: ensure zero initialization (fate#321595).\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for\n sdhci-arasan4.9a (bsc#1019351).\n - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim\n progress (bnc#1013000).\n - mm, memcg: do not retry precharge charges (bnc#1022559).\n - mm, page_alloc: fix check for NULL preferred_zone (bnc#971975 VM\n performance -- page allocator).\n - mm, page_alloc: fix fast-path race with cpuset update or removal\n (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: fix premature OOM when racing with cpuset mems update\n (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: keep pcp count and list contents in sync if struct page\n is corrupted (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM\n performance -- page allocator).\n - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).\n - net/af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,\n LTC#150566).\n - net: ethernet: apm: xgene: use phydev from struct net_device\n (bsc#1019351).\n - net/hyperv: avoid uninitialized variable (fate#320485).\n - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701).\n - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701).\n - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191\n FATE#320230).\n - net/mlx5e: Use correct flow dissector key on flower offloading\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net: remove useless memset's in drivers get_stats64 (bsc#1019351).\n - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - netvsc: add rcu_read locking to netvsc callback (fate#320485).\n - netvsc: fix checksum on UDP IPV6 (fate#320485).\n - netvsc: reduce maximum GSO size (fate#320485).\n - netvsc: Remove mistaken udp.h inclusion (fate#320485).\n - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).\n - net: xgene: fix backward compatibility fix (bsc#1019351).\n - net/xgene: fix error handling during reset (bsc#1019351).\n - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).\n - nfit: fail DSMs that return non-zero status by default (bsc#1023175).\n - NFSv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - NFSv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).\n - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()\n (bnc#921494).\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n - PCI/AER: include header file (bsc#964944,FATE#319965).\n - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).\n - pci: hv: Allocate physically contiguous hypercall params buffer\n (fate#320485).\n - pci: hv: Delete the device earlier from hbus-&gt;children for hot-remove\n (fate#320485).\n - pci: hv: Fix hv_pci_remove() for hot-remove (fate#320485).\n - pci: hv: Handle hv_pci_generic_compl() error case (fate#320485).\n - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg()\n (fate#320485).\n - pci: hv: Make unnecessarily global IRQ masking functions static\n (fate#320485).\n - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device\n (fate#320485).\n - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail()\n (fate#320485).\n - pci: hv: Use pci_function_description in struct definitions\n (fate#320485).\n - pci: hv: Use the correct buffer size in new_pcichild_device()\n (fate#320485).\n - pci: hv: Use zero-length array in struct pci_packet (fate#320485).\n - pci: xgene: Add local struct device pointers (bsc#1019351).\n - pci: xgene: Add register accessors (bsc#1019351).\n - pci: xgene: Free bridge resource list on failure (bsc#1019351).\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).\n - pci: xgene: Remove unused platform data (bsc#1019351).\n - pci: xgene: Request host bridge window resources (bsc#1019351).\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n - phy: xgene: rename &quot;enum phy_mode&quot; to &quot;enum xgene_phy_mode&quot;\n (bsc#1019351).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - power: reset: xgene-reboot: Unmap region obtained by of_iomap\n (bsc#1019351).\n - qeth: check not more than 16 SBALEs on the completion queue\n (bnc#1009718, LTC#148203).\n - raid1: ignore discard error (bsc#1017164).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/kernel-binary.spec.in: Fix installation of /etc/uefi/certs\n (bsc#1019594)\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).\n - rtc: cmos: Do not enable interrupts in the middle of the interrupt\n handler (bsc#1022429).\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n - s390/cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).\n - s390/sysinfo: show partition extended name and UUID if available\n (bnc#1009718, LTC#150160).\n - s390/time: LPAR offset handling (bnc#1009718, LTC#146920).\n - s390/time: move PTFF definitions (bnc#1009718, LTC#146920).\n - sched: Allow hotplug notifiers to be setup early (bnc#1022476).\n - sched/core: Fix incorrect utilization accounting when switching to fair\n class (bnc#1022476).\n - sched/core: Fix set_user_nice() (bnc#1022476).\n - sched/core, x86/topology: Fix NUMA in package topology bug (bnc#1022476).\n - sched/cputime: Add steal time support to full dynticks CPU time\n accounting (bnc#1022476).\n - sched/cputime: Fix prev steal time accouting during CPU hotplug\n (bnc#1022476).\n - sched/deadline: Always calculate end of period on sched_yield()\n (bnc#1022476).\n - sched/deadline: Fix a bug in dl_overflow() (bnc#1022476).\n - sched/deadline: Fix lock pinning warning during CPU hotplug\n (bnc#1022476).\n - sched/deadline: Fix wrap-around in DL heap (bnc#1022476).\n - sched/fair: Avoid using decay_load_missed() with a negative value\n (bnc#1022476).\n - sched/fair: Fix fixed point arithmetic width for shares and effective\n load (bnc#1022476).\n - sched/fair: Fix load_above_capacity fixed point arithmetic width\n (bnc#1022476).\n - sched/fair: Fix min_vruntime tracking (bnc#1022476).\n - sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task()\n (bnc#1022476).\n - sched/fair: Improve PELT stuff some more (bnc#1022476).\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).\n - sched/rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).\n - sched/rt, sched/dl: Do not push if task's scheduling class was changed\n (bnc#1022476).\n - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).\n - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).\n - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).\n - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).\n - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels\n (fate#320485).\n - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).\n - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).\n - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update\n config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly,\n too. Also, the corresponding entry got removed from supported.conf.\n - ses: Fix SAS device detection in enclosure (bsc#1016403).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - supported.conf: delete xilinx/ll_temac (bsc#1011602)\n - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail\n (bsc#1018813)\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn-&gt;se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - tools: hv: Enable network manager for bonding scripts on RHEL\n (fate#320485).\n - tools: hv: fix a compile warning in snprintf (fate#320485).\n - Tools: hv: kvp: configurable external scripts path (fate#320485).\n - Tools: hv: kvp: ensure kvp device fd is closed on exec (fate#320485).\n - tools: hv: remove unnecessary header files and netlink related code\n (fate#320485).\n - tools: hv: remove unnecessary link flag (fate#320485).\n - tty: n_hdlc, fix lockdep false positive (bnc#1015840).\n - Update metadata for serial fixes (bsc#1013001)\n - vmbus: make sysfs names consistent with PCI (fate#320485).\n - x86/hpet: Reduce HPET counter read contention (bsc#1014710).\n - x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic\n (fate#320485).\n - x86/MCE: Dump MCE to dmesg if no consumers (bsc#1013994).\n\n", "cvss3": {}, "published": "2017-02-13T21:09:59", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-5576", "CVE-2016-9806", "CVE-2017-2584", "CVE-2016-7117", "CVE-2016-9793", "CVE-2017-5577", "CVE-2017-5551", "CVE-2017-2583", "CVE-2016-9919", "CVE-2015-8709", "CVE-2016-8645"], "modified": "2017-02-13T21:09:59", "id": "OPENSUSE-SU-2017:0456-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00021.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-01-17T18:59:44", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations that\n underspecifies removing extended privilege attributes, which allowed\n local users to cause a denial of service (capability stripping) via a\n failed invocation of a system call, as demonstrated by using chown to\n remove a capability from the ping or Wireshark dumpcap program\n (bnc#914939).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers\n to cause a denial of service (stack consumption and panic) or possibly\n have unspecified other impact by triggering use of the GRO path for\n large crafted packets, as demonstrated by packets that contain only VLAN\n headers, a related issue to CVE-2016-8666 (bnc#1001486).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc)\n stack protector is enabled, uses an incorrect buffer size for certain\n timeout data, which allowed local users to cause a denial of service\n (stack memory corruption and panic) by reading the /proc/keys file\n (bnc#1004517).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (use-after-free)\n via vectors involving omission of the firmware name from a certain data\n structure (bnc#1010478).\n - CVE-2016-7917: The nfnetlink_rcv_batch function in\n net/netfilter/nfnetlink.c in the Linux kernel did not check whether a\n batch message's length field is large enough, which allowed local users\n to obtain sensitive information from kernel memory or cause a denial of\n service (infinite loop or out-of-bounds read) by leveraging the\n CAP_NET_ADMIN capability (bnc#1010444).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers\n to cause a denial of service (stack consumption and panic) or possibly\n have unspecified other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by interleaved IPv4\n headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964).\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed\n local users to bypass integer overflow checks, and cause a denial of\n service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS\n ioctl call, aka a &quot;state machine confusion bug (bnc#1007197).\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel\n misuses the kzalloc function, which allowed local users to cause a\n denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file (bnc#1007197).\n - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation\n was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption.\n (bsc#1013531).\n - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux\n kernel omits a certain check of the dst data structure, which allowed\n remote attackers to cause a denial of service (panic) via a fragmented\n IPv6 packet (bnc#1014701).\n\n The following non-security bugs were fixed:\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).\n - acpi / PAD: do not register acpi_pad driver if running as Xen dom0\n (bnc#995278).\n - Add mainline tags to various hyperv patches\n - alsa: fm801: detect FM-only card earlier (bsc#1005917).\n - alsa: fm801: explicitly free IRQ line (bsc#1005917).\n - alsa: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1005917).\n - alsa: hda - Bind with i915 only when Intel graphics is present\n (bsc#1012767).\n - alsa: hda - Clear the leftover component assignment at\n snd_hdac_i915_exit() (bsc#1012767).\n - alsa: hda - Degrade i915 binding failure message (bsc#1012767).\n - alsa: hda - Fix yet another i915 pointer leftover in error path\n (bsc#1012767).\n - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365).\n - alsa: hda - Turn off loopback mixing as default (bsc#1001462).\n - apparmor: add missing id bounds check on dfa verification (bsc#1000304).\n - apparmor: check that xindex is in trans_table bounds (bsc#1000304).\n - apparmor: do not check for vmalloc_addr if kvzalloc() failed\n (bsc#1000304).\n - apparmor: do not expose kernel stack (bsc#1000304).\n - apparmor: ensure the target profile name is always audited (bsc#1000304).\n - apparmor: exec should not be returning ENOENT when it denies\n (bsc#1000304).\n - apparmor: fix audit full profile hname on successful load (bsc#1000304).\n - apparmor: fix change_hat not finding hat after policy replacement\n (bsc#1000287).\n - apparmor: fix disconnected bind mnts reconnection (bsc#1000304).\n - apparmor: fix log failures for all profiles in a set (bsc#1000304).\n - apparmor: fix module parameters can be changed after policy is locked\n (bsc#1000304).\n - apparmor: fix oops in profile_unpack() when policy_db is not present\n (bsc#1000304).\n - apparmor: fix put() parent ref after updating the active ref\n (bsc#1000304).\n - apparmor: fix refcount bug in profile replacement (bsc#1000304).\n - apparmor: fix refcount race when finding a child profile (bsc#1000304).\n - apparmor: fix replacement bug that adds new child to old parent\n (bsc#1000304).\n - apparmor: fix uninitialized lsm_audit member (bsc#1000304).\n - apparmor: fix update the mtime of the profile file on replacement\n (bsc#1000304).\n - apparmor: internal paths should be treated as disconnected (bsc#1000304).\n - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).\n - arm64: Call numa_store_cpu_info() earlier.\n - arm64/efi: Enable runtime call flag checking (bsc#1005745).\n - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745).\n - arm64: Refuse to install 4k kernel on 64k system\n - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS\n (bsc#1006576)\n - arm: bcm2835: add CPU node for ARM core (boo#1012094).\n - arm: bcm2835: Split the DT for peripherals from the DT for the CPU\n (boo#1012094).\n - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690).\n - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690).\n - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690).\n - asoc: fsl_ssi: mark SACNT register volatile (bsc#1005917).\n - asoc: imx-spdif: Fix crash on suspend (bsc#1005917).\n - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690).\n - asoc: Intel: add fw name to common dsp context (bsc#1010690).\n - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail\n (bsc#1010690).\n - asoc: Intel: Add module tags for common match module (bsc#1010690).\n - asoc: Intel: add NULL test (bsc#1010690).\n - AsoC: Intel: Add quirks for MinnowBoard MAX (bsc#1010690).\n - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690).\n - asoc: Intel: Atom: add 24-bit support for media playback and capture\n (bsc#1010690).\n - ASoc: Intel: Atom: add deep buffer definitions for atom platforms\n (bsc#1010690).\n - asoc: Intel: Atom: add definitions for modem/SSP0 interface\n (bsc#1010690).\n - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690).\n - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690).\n - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690).\n - asoc: Intel: Atom: add support for RT5642 (bsc#1010690).\n - asoc: Intel: Atom: add terminate entry for dmi_system_id tables\n (bsc#1010690).\n - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690).\n - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690).\n - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690).\n - asoc: Intel: atom: fix 0-day warnings (bsc#1010690).\n - asoc: Intel: Atom: fix boot warning (bsc#1010690).\n - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690).\n - asoc: Intel: atom: fix missing breaks that would cause the wrong\n operation to execute (bsc#1010690).\n - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690).\n - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690).\n - asoc: Intel: atom: Make some messages to debug level (bsc#1010690).\n - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690).\n - asoc: Intel: atom: statify cht_quirk (bsc#1010690).\n - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW\n (bsc#1010690).\n - asoc: Intel: boards: align pin names between byt-rt5640 drivers\n (bsc#1010690).\n - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver\n (bsc#1010690).\n - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690).\n - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690).\n - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet\n (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR\n (bsc#1010690).\n - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled\n (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing\n (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690).\n - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690).\n - asoc: Intel: cht: fix uninit variable warning (bsc#1010690).\n - asoc: Intel: common: add translation from HID to codec-name\n (bsc#1010690).\n - asoc: Intel: common: filter ACPI devices with _STA return value\n (bsc#1010690).\n - asoc: Intel: common: increase the loglevel of &quot;FW Poll Status&quot;\n (bsc#1010690).\n - asoc: Intel: Create independent acpi match module (bsc#1010690).\n - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690).\n - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690).\n - asoc: Intel: Load the atom DPCM driver only (bsc#1010690).\n - asoc: intel: make function stub static (bsc#1010690).\n - asoc: Intel: Move apci find machine routines (bsc#1010690).\n - asoc: Intel: pass correct parameter in sst_alloc_stream_mrfld()\n (bsc#1005917).\n - asoc: intel: Replace kthread with work (bsc#1010690).\n - asoc: Intel: Skylake: Always acquire runtime pm ref on unload\n (bsc#1005917).\n - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue\n (bsc#1010690).\n - asoc: rt5640: add ASRC support (bsc#1010690).\n - asoc: rt5640: add internal clock source support (bsc#1010690).\n - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690).\n - asoc: rt5640: add supplys for dac power (bsc#1010690).\n - asoc: rt5640: remove unused variable (bsc#1010690).\n - asoc: rt5640: Set PLL src according to source (bsc#1010690).\n - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690).\n - asoc: rt5645: Add dmi_system_id &quot;Google Setzer&quot; (bsc#1010690).\n - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690).\n - asoc: rt5645: fix reg-2f default value (bsc#1010690).\n - asoc: rt5645: improve headphone pop when system resumes from S3\n (bsc#1010690).\n - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690).\n - asoc: rt5645: merge DMI tables of google projects (bsc#1010690).\n - asoc: rt5645: patch reg-0x8a (bsc#1010690).\n - asoc: rt5645: polling jd status in all conditions (bsc#1010690).\n - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690).\n - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690).\n - asoc: rt5645: use polling to support HS button (bsc#1010690).\n - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work\n and cancel_delayed_work_sync (bsc#1010690).\n - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690).\n - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040\n (bsc#1010690).\n - asoc: rt5670: fix HP Playback Volume control (bsc#1010690).\n - asoc: rt5670: patch reg-0x8a (bsc#1010690).\n - asoc: simple-card: do not fail if sysclk setting is not supported\n (bsc#1005917).\n - asoc: tegra_alc5632: check return value (bsc#1005917).\n - asoc: wm8960: Fix WM8960_SYSCLK_PLL mode (bsc#1005917).\n - autofs: fix multiple races (bsc#997639).\n - autofs: use dentry flags to block walks during expire (bsc#997639).\n - blacklist.conf: Add dup / unapplicable commits (bsc#1005545).\n - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367)\n - blacklist.conf: add inapplicable / duped commits (bsc#1005917)\n - blacklist.conf: ignore commit bfe6c8a89e03 (&quot;arm64: Fix NUMA build error\n when !CONFIG_ACPI&quot;)\n - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The\n code layout upstream that motivated this patch is completely different\n to what is in SLE 12 SP2 as schedutil was not backported.\n - block_dev: do not test bdev-&gt;bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - btrfs: allocate root item at snapshot ioctl time (bsc#1012452).\n - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452).\n - btrfs: Check metadata redundancy on balance (bsc#1012452).\n - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452).\n - btrfs: cleanup, stop casting for extent_map-&gt;lookup everywhere\n (bsc#1012452).\n - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452).\n - btrfs: deal with duplicates during extent_map insertion in\n btrfs_get_extent (bsc#1001171).\n - btrfs: deal with existing encompassing extent map in btrfs_get_extent()\n (bsc#1001171).\n - btrfs: do an allocation earlier during snapshot creation (bsc#1012452).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#994881).\n - btrfs: do not leave dangling dentry if symlink creation failed\n (bsc#1012452).\n - btrfs: do not use slab cache for struct btrfs_delalloc_work\n (bsc#1012452).\n - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452).\n - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452).\n - btrfs: Enhance chunk validation check (bsc#1012452).\n - btrfs: Enhance super validation check (bsc#1012452).\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space\n (bsc#1005666).\n - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c\n (bsc983087, bsc986255).\n - btrfs: fix endless loop in balancing block groups (bsc#1006804).\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n - btrfs: fix locking bugs when defragging leaves (bsc#1012452).\n - btrfs: fix memory leaks after transaction is aborted (bsc#1012452).\n - btrfs: fix output of compression message in btrfs_parse_options()\n (bsc#1012452).\n - btrfs: fix race between free space endio workers and space cache\n writeout (bsc#1012452).\n - btrfs: fix races on root_log_ctx lists (bsc#1007653).\n - btrfs: fix race when finishing dev replace leading to transaction abort\n (bsc#1012452).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: fix typo in log message when starting a balance (bsc#1012452).\n - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups\n (bsc#1012452).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: make btrfs_close_one_device static (bsc#1012452).\n - btrfs: make clear_extent_bit helpers static inline (bsc#1012452).\n - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452).\n - btrfs: make end_extent_writepage return void (bsc#1012452).\n - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452).\n - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452).\n - btrfs: make extent_range_redirty_for_io return void (bsc#1012452).\n - btrfs: make lock_extent static inline (bsc#1012452).\n - btrfs: make set_extent_bit helpers static inline (bsc#1012452).\n - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452).\n - btrfs: make set_range_writeback return void (bsc#1012452).\n - btrfs: preallocate path for snapshot creation at ioctl time\n (bsc#1012452).\n - btrfs: put delayed item hook into inode (bsc#1012452).\n - btrfs: qgroup: Add comments explaining how btrfs qgroup works\n (bsc983087, bsc986255).\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing\n (bsc983087, bsc986255).\n - btrfs: qgroup: Rename functions to make it follow reserve, trace,\n account steps (bsc983087, bsc986255).\n - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452).\n - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns\n (bsc#1007653).\n - btrfs: remove unused inode argument from uncompress_inline()\n (bsc#1012452).\n - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452).\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452).\n - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452).\n - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452).\n - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452).\n - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452).\n - btrfs: use smaller type for btrfs_path locks (bsc#1012452).\n - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452).\n - btrfs: use smaller type for btrfs_path reada (bsc#1012452).\n - btrfs: verbose error when we find an unexpected item in sys_array\n (bsc#1012452).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115).\n - Delete patches.fixes/apparmor-initialize-common_audit_data.patch\n (bsc#1000304) It'll be fixed in the upcoming apparmor fix series from\n upstream.\n - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052).\n - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052).\n - dell-wmi: Clean up hotkey table size check (bsc#1004052).\n - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052).\n - dell-wmi: Improve unknown hotkey handling (bsc#1004052).\n - dell-wmi: Process only one event on devices with interface version 0\n (bsc#1004052).\n - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052).\n - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052).\n - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052).\n - Drivers: hv: utils: fix a race on userspace daemons registration\n (bnc#1014392).\n - drm/amdgpu: Do not leak runtime pm ref on driver load (bsc#1005545).\n - drm/amdgpu: Do not leak runtime pm ref on driver unload (bsc#1005545).\n - drm/i915: Acquire audio powerwell for HD-Audio registers (bsc#1005545).\n - drm/i915: add helpers for platform specific revision id range checks\n (bsc#1015367).\n - drm/i915: Add missing ring_mask to Pineview (bsc#1005917).\n - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also\n (bsc#1015367).\n - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367).\n - drm/i915: Calculate watermark related members in the crtc_state, v4\n (bsc#1011176).\n - drm/i915: Call intel_dp_mst_resume() before resuming displays\n (bsc#1015359).\n - drm/i915: call kunmap_px on pt_vaddr (bsc#1005545).\n - drm/i915: Cleaning up DDI translation tables (bsc#1014392).\n - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392).\n - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C\n (bsc#1015367).\n - drm/i915: Enable polling when we do not have hpd (bsc#1014120).\n - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367).\n - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry\n 2 (bsc#1014392).\n - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367).\n - drm/i915: fix the SDE irq dmesg warnings properly (bsc#1005545).\n - drm/i915: Fix VBT backlight Hz to PWM conversion for PNV (bsc#1005545).\n - drm/i915: Fix vbt PWM max setup for CTG (bsc#1005545).\n - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367).\n - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392).\n - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check\n (bsc#1011176).\n - drm/i915: Kill intel_runtime_pm_disable() (bsc#1005545).\n - drm/i915: Make plane fb tracking work correctly, v2 (bsc#1004048).\n - drm/i915: Make prepare_plane_fb fully interruptible (bsc#1004048).\n - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176).\n - drm/i915: On fb alloc failure, unref gem object where it gets refed\n (bsc#1005545).\n - drm/i915: Only call commit_planes when there are things to commit\n (bsc#1004048).\n - drm/i915: Only commit active planes when updating planes during reset\n (bsc#1004048).\n - drm/i915: Only run commit when crtc is active, v2 (bsc#1004048).\n - drm/i915: remove parens around revision ids (bsc#1015367).\n - drm/i915: Set crtc_state-&gt;lane_count for HDMI (bsc#1005545).\n - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392).\n - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367).\n - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367).\n - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392).\n - drm/i915/skl: Update watermarks before the crtc is disabled\n (bsc#1015367).\n - drm/i915: suppress spurious !wm_changed warning (bsc#1006267).\n - drm/i915: Unconditionally flush any chipset buffers before execbuf\n (bsc#1005545).\n - drm/i915: Update legacy primary state outside the commit hook, v2\n (bsc#1004048).\n - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392).\n - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392).\n - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367).\n - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug()\n (bsc#1014120).\n - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120).\n - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()\n (bsc#1014120).\n - drm/i915: Wait for power cycle delay after turning off DSI panel power\n (bsc#1005545).\n - drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on\n SKL (bsc#1005545).\n - drm/layerscape: reduce excessive stack usage (bsc#1005545).\n - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917).\n - drm/nouveau: Do not leak runtime pm ref on driver unload (bsc#1005545).\n - drm/radeon: Also call cursor_move_locked when the cursor size changes\n (bsc#1000433).\n - drm/radeon: Always store CRTC relative radeon_crtc-&gt;cursor_x/y values\n (bsc#1000433).\n - drm/radeon/ci add comment to document intentionally unreachable code\n (bsc#1005545).\n - drm/radeon: Do not leak runtime pm ref on driver load (bsc#1005545).\n - drm/radeon: Do not leak runtime pm ref on driver unload (bsc#1005545).\n - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on\n (bsc#998054)\n - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433).\n - drm/radeon: Switch to drm_vblank_on/off (bsc#998054).\n - drm/rockchip: fix a couple off by one bugs (bsc#1005545).\n - drm/tegra: checking for IS_ERR() instead of NULL (bsc#1005545).\n - edac/mce_amd: Add missing SMCA error descriptions (fate#320474,\n bsc#1013700).\n - edac/mce_amd: Use SMCA prefix for error descriptions arrays\n (fate#320474, bsc#1013700).\n - efi/arm64: Do not apply MEMBLOCK_NOMAP to UEFI memory map mapping\n (bsc#986987).\n - efi: ARM: avoid warning about phys_addr_t cast.\n - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745).\n - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745).\n - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745).\n - ext4: fix data exposure after a crash (bsc#1012829).\n - Fix kabi change cause by adding flock_owner to open_context (bsc#998689).\n - Fixup UNMAP calculation (bsc#1005327)\n - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992).\n - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,\n bsc#979681).\n - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).\n - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).\n - fs/cifs: Move check for prefix path to within cifs_get_root()\n (bsc#799133).\n - fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n - genirq: Add untracked irq handler (bsc#1006827).\n - genirq: Use a common macro to go through the actions list (bsc#1006827).\n - gpio: generic: make bgpio_pdata always visible.\n - gpio: Restore indentation of parent device setup.\n - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via\n FOU (bsc#1001486).\n - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486).\n - gro_cells: mark napi struct as not busy poll candidates (bsc#966191\n FATE#320230 bsc#966186 FATE#320228).\n - group-source-files.pl: mark arch/*/scripts as devel make[2]:\n /usr/src/linux-4.6.4-2/arch/powerpc/scripts/gcc-check-mprofile-kernel.sh: C\n ommand not found\n - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175).\n - hpsa: use bus '3' for legacy HBA devices (bsc#1010665).\n - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665).\n - hv: do not lose pending heartbeat vmbus packets (bnc#1006918).\n - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913).\n - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions\n (bsc#1011913).\n - i2c: designware-baytrail: Work around Cherry Trail semaphore errors\n (bsc#1011913).\n - i2c: designware: Prevent runtime suspend during adapter registration\n (bsc#1011913).\n - i2c: designware: retry transfer on transient failure (bsc#1011913).\n - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT\n (bsc#1011913).\n - i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690)\n Realtek codecs on CHT platform require this i2c bus driver.\n - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576).\n - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648).\n - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477\n FATE#319816).\n - i40iw: Add missing check for interface already open (bsc#974842\n FATE#319831 bsc#974843 FATE#319832).\n - i40iw: Add missing NULL check for MPA private data (bsc#974842\n FATE#319831 bsc#974843 FATE#319832).\n - i40iw: Avoid writing to freed memory (bsc#974842 FATE#319831 bsc#974843\n FATE#319832).\n - i40iw: Change mem_resources pointer to a u8 (bsc#974842 FATE#319831\n bsc#974843 FATE#319832).\n - i40iw: Do not set self-referencing pointer to NULL after kfree\n (bsc#974842 FATE#319831 bsc#974843 FATE#319832).\n - i40iw: Fix double free of allocated_buffer (bsc#974842 FATE#319831\n bsc#974843 FATE#319832).\n - i40iw: Protect req_resource_num update (bsc#974842 FATE#319831\n bsc#974843 FATE#319832).\n - i40iw: Receive notification events correctly (bsc#974842 FATE#319831\n bsc#974843 FATE#319832).\n - i40iw: Send last streaming mode message for loopback connections\n (bsc#974842 FATE#319831 bsc#974843 FATE#319832).\n - i40iw: Update hw_iwarp_state (bsc#974842 FATE#319831 bsc#974843\n FATE#319832).\n - ib/core: Fix possible memory leak in cma_resolve_iboe_route()\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - ib/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - ib/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172\n FATE#320226).\n - ib/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - ibmvnic: convert to use simple_open() (bsc#1015416).\n - ibmvnic: Driver Version 1.0.1 (bsc#1015416).\n - ibmvnic: drop duplicate header seq_file.h (bsc#1015416).\n - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416).\n - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416).\n - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416).\n - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context\n (bsc#1015416).\n - ibmvnic: Fix size of debugfs name buffer (bsc#1015416).\n - ibmvnic: Handle backing device failover and reinitialization\n (bsc#1015416).\n - ibmvnic: Start completion queue negotiation at server-provided optimum\n values (bsc#1015416).\n - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416).\n - ibmvnic: Update MTU after device initialization (bsc#1015416).\n - input: ALPS - add touchstick support for SS5 hardware (bsc#987703).\n - input: ALPS - allow touchsticks to report pressure (bsc#987703).\n - input: ALPS - handle 0-pressure 1F events (bsc#987703).\n - input: ALPS - set DualPoint flag for 74 03 28 devices (bsc#987703).\n - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978).\n - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978).\n - ipc/sem.c: add cond_resched in exit_sme (bsc#979378).\n - ipmi_si: create hardware-independent softdep for ipmi_devintf\n (bsc#1009062).\n - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474\n FATE#319812 bsc#969475 FATE#319814).\n - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474\n FATE#319812 bsc#969475 FATE#319814).\n - kABI: protect struct dw_mci.\n - kABI: protect struct mmc_packed (kabi).\n - kABI: reintroduce iov_iter_fault_in_multipages_readable.\n - kABI: reintroduce sk_filter (kabi).\n - kABI: reintroduce strtobool (kabi).\n - kABI: restore ip_cmsg_recv_offset parameters (kabi).\n - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690)\n These drivers are self-contained, not for 3rd party drivers.\n - kabi/severities: Whitelist libceph and rbd (bsc#988715). Like SLE12-SP1.\n - kernel-module-subpackage: Properly quote flavor in expressions That\n fixes a parse error if the flavor starts with a digit or contains other\n non-alphabetic characters.\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - kvm: arm/arm64: Fix occasional warning from the timer work function\n (bsc#988524).\n - kvm: x86: correctly reset dest_map-&gt;vector when restoring LAPIC state\n (bsc#966471).\n - libceph: enable large, variable-sized OSD requests (bsc#988715).\n - libceph: make r_request msg_size calculation clearer (bsc#988715).\n - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op\n (bsc#988715).\n - libceph: osdc-&gt;req_mempool should be backed by a slab pool (bsc#988715).\n - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).\n - lib/mpi: avoid assembler warning (bsc#1003581).\n - lib/mpi: mpi_read_buffer(): fix buffer overflow (bsc#1003581).\n - lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs\n (bsc#1003581).\n - lib/mpi: mpi_read_buffer(): replace open coded endian conversion\n (bsc#1003581).\n - lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access (bsc#1003581).\n - lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement\n (bsc#1003581).\n - lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic\n (bsc#1003581).\n - lib/mpi: mpi_write_sgl(): replace open coded endian conversion\n (bsc#1003581).\n - lib/mpi: use &quot;static inline&quot; instead of &quot;extern inline&quot; (bsc#1003581).\n - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock()\n (bsc#969756).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212).\n - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212).\n - mailbox/xgene-slimpro: Checking for IS_ERR instead of NULL.\n - md/raid1: fix: IO can block resync indefinitely (bsc#1001310).\n - mlx4: Do not BUG_ON() if device reset failed (bsc#1001888).\n - mm: do not use radix tree writeback tags for pages in swap cache\n (bnc#971975 VM performance -- swap).\n - mm: filemap: do not plant shadow entries without radix tree node\n (bnc#1005929).\n - mm: filemap: fix mapping-&gt;nrpages double accounting in fuse\n (bnc#1005929).\n - mm/filemap: generic_file_read_iter(): check for zero reads\n unconditionally (bnc#1007955).\n - mm/mprotect.c: do not touch single threaded PTEs which are on the right\n node (bnc#971975 VM performance -- numa balancing).\n - mm: workingset: fix crash in shadow node shrinker caused by\n replace_page_cache_page() (bnc#1005929).\n - mm/zswap: use workqueue to destroy pool (VM Functionality, bsc#1005923).\n - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701).\n - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701).\n - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191\n FATE#320230).\n - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices\n (bsc#1006809).\n - net/mlx5: Add error prints when validate ETS failed (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Avoid setting unused var when modifying vport node GUID\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5e: Use correct flow dissector key on flower offloading\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Fix teardown errors that happen in pci error handler\n (bsc#1001169).\n - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net: sctp, forbid negative length (bnc#1005921).\n - netvsc: fix incorrect receive checksum offloading (bnc#1006915).\n - nfs: nfs4_fl_prepare_ds must be careful about reporting success\n (bsc#1000776).\n - nfsv4: add flock_owner to open context (bnc#998689).\n - nfsv4: change nfs4_do_setattr to take an open_context instead of a\n nfs4_state (bnc#998689).\n - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of\n lock_owner (bnc#998689).\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is\n one (bnc#998689).\n - oom: print nodemask in the oom report (bnc#1003866).\n - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158)\n - pci/acpi: Allow all PCIe services on non-ACPI host bridges (bsc#1006827).\n - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827).\n - pci: correctly cast mem_base in pci_read_bridge_mmio_pref()\n (bsc#1001888).\n - pci: Do not set RCB bit in LNKCTL if the upstream bridge hasn't\n (bsc#1001888).\n - pci: Fix BUG on device attach failure (bnc#987641).\n - pci: pciehp: Allow exclusive userspace control of indicators\n (bsc#1006827).\n - pci: Remove return values from pcie_port_platform_notify() and relatives\n (bsc#1006827).\n - perf/x86: Add perf support for AMD family-17h processors (fate#320473).\n - pm / hibernate: Fix 2G size issue of snapshot image verification\n (bsc#1004252).\n - pm / sleep: declare __tracedata symbols as char rather than char\n (bnc#1005895).\n - powercap/intel_rapl: Add support for Kabylake (bsc#1003566).\n - powercap / RAPL: add support for Denverton (bsc#1003566).\n - powercap / RAPL: Add support for Ivy Bridge server (bsc#1003566).\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - powerpc/xmon: Add xmon command to dump process/task similar to ps(1)\n (fate#322020).\n - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat).\n - qede: Correctly map aggregation replacement pages (bsc#966318\n FATE#320158 bsc#966316 FATE#320159).\n - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158\n bsc#966316 FATE#320159).\n - qgroup: Prevent qgroup-&gt;reserved from going subzero (bsc#993841).\n - qla2xxx: Fix NULL pointer deref in QLA interrupt (bsc#1003068).\n - qla2xxx: setup data needed in ISR before setting up the ISR\n (bsc#1006528).\n - rbd: truncate objects on cmpext short reads (bsc#988715).\n - Revert &quot;ACPI / LPSS: allow to use specific PM domain during -&gt;probe()&quot;\n (bsc#1005917).\n - Revert &quot;can: dev: fix deadlock reported after bus-off&quot;.\n - Revert &quot;fix minor infoleak in get_user_ex()&quot; (p.k.o).\n - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655,\n bsc#979681)\n - Revert &quot;x86/mm: Expand the exception table logic to allow new handling\n options&quot; (p.k.o).\n - rpm/config.sh: Build against SP2 in the OBS as well\n - rpm/constraints.in: increase disk for kernel-syzkaller The\n kernel-syzkaller build now consumes around 30G. This causes headache in\n factory where the package rebuilds over and over. Require 35G disk size\n to successfully build the flavor.\n - rpm/kernel-binary.spec.in: Build the -base package unconditionally\n (bsc#1000118)\n - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n\n - rpm/kernel-binary.spec.in: Only build -base and -extra with\n CONFIG_MODULES (bsc#1000118)\n - rpm/kernel-binary.spec.in: Simplify debug info switch Any\n CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays.\n - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n - rpm/package-descriptions: Add 64kb kernel flavor description\n - rpm/package-descriptions: add kernel-syzkaller\n - rpm/package-descriptions: pv has been merged into -default (fate#315712)\n - rpm/package-descriptions: the flavor is 64kb, not 64k\n - s390/mm: fix gmap tlb flush issues (bnc#1005925).\n - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance --\n context switch).\n - sched/fair: Fix incorrect task group -&gt;load_avg (bsc#981825).\n - sched/fair: Optimize find_idlest_cpu() when there is no choice\n (bnc#978907 Scheduler performance -- idle search).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013001).\n - serial: 8250_port: fix runtime PM use in __do_stop_tx_rs485()\n (bsc#983152).\n - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250).\n - supported.conf: add hid-logitech-hidpp (bsc#1002322 bsc#1002786)\n - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the\n stale entry for the old overlayfs.\n - supported.conf: Mark vmx-crypto as supported (fate#319564)\n - supported.conf: xen-netfront should be in base packages, just\n like its non-pvops predecessor. (bsc#1002770)\n - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606).\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()\n (bsc#963609 FATE#320143).\n - time: Avoid undefined behaviour in ktime_add_safe() (bnc#1006103).\n - Update config files: select new CONFIG_SND_SOC_INTEL_SST_* helpers\n - Update\n patches.suse/btrfs-8401-fix-qgroup-accounting-when-creating-snap.patch\n (bsc#972993).\n - usb: gadget: composite: Clear reserved fields of SSP Dev Cap\n (FATE#319959).\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices\n (bsc#922634).\n - Using BUG_ON() as an assert() is _never_ acceptable (bnc#1005929).\n - vmxnet3: Wake queue from reset work (bsc#999907).\n - Whitelist KVM KABI changes resulting from adding a hcall. caused by\n 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use\n H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected\n as result of changing KVM KABI so whitelisting for now. If we get some\n additional input from IBM we can back out the patch.\n - writeback: initialize inode members that track writeback history\n (bsc#1012829).\n - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()\n (bsc#1013479).\n - x86/efi: Enable runtime call flag checking (bsc#1005745).\n - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745).\n - x86/hpet: Reduce HPET counter read contention (bsc#1014710).\n - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types\n (fate#320474, bsc#1013700). Exclude removed symbols from kABI check.\n They're AMD Zen relevant only and completely useless to other modules -\n only edac_mce_amd.ko.\n - x86/mce/AMD: Increase size of the bank_map type (fate#320474,\n bsc#1013700).\n - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks\n (fate#320474, bsc#1013700).\n - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474,\n bsc#1013700).\n - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks()\n (fate#320474, bsc#1013700).\n - x86/pci: VMD: Attach VMD resources to parent domain's resource tree\n (bsc#1006827).\n - x86/pci: VMD: Document code for maintainability (bsc#1006827).\n - x86/pci: VMD: Fix infinite loop executing irq's (bsc#1006827).\n - x86/pci: VMD: Initialize list item in IRQ disable (bsc#1006827).\n - x86/pci: VMD: Request userspace control of PCIe hotplug indicators\n (bsc#1006827).\n - x86/pci: VMD: Select device dma ops to override (bsc#1006827).\n - x86/pci: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827).\n - x86/pci: VMD: Set bus resource start to 0 (bsc#1006827).\n - x86/pci: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827).\n - x86/pci: VMD: Use lock save/restore in interrupt enable path\n (bsc#1006827).\n - x86/pci/VMD: Use untracked irq handler (bsc#1006827).\n - x86/pci: VMD: Use x86_vector_domain as parent domain (bsc#1006827).\n - x86, powercap, rapl: Add Skylake Server model number (bsc#1003566).\n - x86, powercap, rapl: Reorder CPU detection table (bsc#1003566).\n - x86, powercap, rapl: Use Intel model macros intead of open-coding\n (bsc#1003566).\n - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing\n (bnc#1005169).\n - zram: Fix unbalanced idr management at hot removal (bsc#1010970).\n\n", "cvss3": {}, "published": "2017-01-17T19:11:45", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9084", "CVE-2016-9793", "CVE-2016-7917", "CVE-2016-8666", "CVE-2015-8964", "CVE-2016-7425", "CVE-2015-1350", "CVE-2016-9083", "CVE-2016-9919", "CVE-2016-7913", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-8645"], "modified": "2017-01-17T19:11:45", "id": "SUSE-SU-2017:0181-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00028.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}