{"id": "EULEROS_SA-2017-1001.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-05-02T00:00:00", "modified": "2017-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=99848", "reporter": "Tenable", "references": ["http://www.nessus.org/u?d5780220"], "cvelist": ["CVE-2016-9806", "CVE-2016-8666", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-3672"], "type": "nessus", "lastseen": "2017-05-04T20:44:22", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-9806", "CVE-2016-8666", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-3672"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "hash": "cc278c2818236d27c171a15ea0784f23bc658957bdab5664a1c9ee760c27bf69", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "4b2d11a67217aae440da75853c5c5f5a", "key": "description"}, {"hash": "7c444ea8419d668be59012d58b75e6cb", "key": "references"}, {"hash": "dcac2dcb1482e5eeb88ed2dd3ffaf36d", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d356786be2f93b49e1afe88705f49970", "key": "cvelist"}, {"hash": "09a571428c93c7a2d494e61fdf7161af", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "dcac2dcb1482e5eeb88ed2dd3ffaf36d", "key": "modified"}, {"hash": "241799a875fe4ddd679edf318dda7676", "key": "pluginID"}, {"hash": "effdd28429a82e1106a7bf810edb72e3", "key": "sourceData"}, {"hash": "e985fbd2c5ddcc49c87aee94a15a8f7b", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=99848", "id": "EULEROS_SA-2017-1001.NASL", "lastseen": "2017-05-02T02:44:03", "modified": "2017-05-01T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.2", "pluginID": "99848", "published": "2017-05-01T00:00:00", "references": ["http://www.nessus.org/u?d5780220"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99848);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2017/05/01 19:05:11 $\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n script_osvdb_id(\n 136761,\n 145649,\n 145694,\n 147698,\n 148137,\n 148443,\n 148861\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5780220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "type": "nessus", "viewCount": 0}, "differentElements": ["published", "modified", "sourceData"], "edition": 1, "lastseen": "2017-05-02T02:44:03"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-9806", "CVE-2016-8666", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-3672"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "hash": "6b655eedfda302db91b6d14b3a8ae38d45756b830832319650c72626b75144d5", "hashmap": [{"hash": "53784ff7c486320838231ecdb0e92b83", "key": "sourceData"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "4b2d11a67217aae440da75853c5c5f5a", "key": "description"}, {"hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5", "key": "modified"}, {"hash": "7c444ea8419d668be59012d58b75e6cb", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5", "key": "published"}, {"hash": "d356786be2f93b49e1afe88705f49970", "key": "cvelist"}, {"hash": "09a571428c93c7a2d494e61fdf7161af", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "241799a875fe4ddd679edf318dda7676", "key": "pluginID"}, {"hash": "e985fbd2c5ddcc49c87aee94a15a8f7b", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=99848", "id": "EULEROS_SA-2017-1001.NASL", "lastseen": "2017-05-02T20:44:05", "modified": "2017-05-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.2", "pluginID": "99848", "published": "2017-05-02T00:00:00", "references": ["http://www.nessus.org/u?d5780220"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99848);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2017/05/02 13:34:09 $\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n script_osvdb_id(\n 147698,\n 136761,\n 148137,\n 148861,\n 145649,\n 145694,\n 148443\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5780220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-05-02T20:44:05"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d356786be2f93b49e1afe88705f49970"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "4b2d11a67217aae440da75853c5c5f5a"}, {"key": "href", "hash": "09a571428c93c7a2d494e61fdf7161af"}, {"key": "modified", "hash": "da6aa731495907f7c1150b75a2987c92"}, {"key": "naslFamily", "hash": "67933a273737791ab6f71e29a2605c31"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "pluginID", "hash": "241799a875fe4ddd679edf318dda7676"}, {"key": "published", "hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5"}, {"key": "references", "hash": "7c444ea8419d668be59012d58b75e6cb"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "20580ea4a4aab8b19391ef23822bcced"}, {"key": "title", "hash": "e985fbd2c5ddcc49c87aee94a15a8f7b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "4536ef421b6866f3c3bfdf0cb034a5540fa4ae76f753bfc61537aa01c3d2b608", "viewCount": 1, "objectVersion": "1.2", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99848);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2017/05/04 13:21:27 $\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n script_osvdb_id(\n 136761,\n 145649,\n 145694,\n 147698,\n 148137,\n 148443,\n 148861\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5780220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "99848", "enchantments": {"vulnersScore": 10.0}}

{"result": {"cve": [{"id": "CVE-2016-9806", "type": "cve", "title": "CVE-2016-9806", "description": "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.", "published": "2016-12-28T02:59:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9806", "cvelist": ["CVE-2016-9806"], "lastseen": "2017-07-18T10:49:33"}, {"id": "CVE-2016-8666", "type": "cve", "title": "CVE-2016-8666", "description": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.", "published": "2016-10-16T17:59:15", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8666", "cvelist": ["CVE-2016-8666"], "lastseen": "2017-04-18T16:00:42"}, {"id": "CVE-2016-10088", "type": "cve", "title": "CVE-2016-10088", "description": "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.", "published": "2016-12-30T13:59:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10088", "cvelist": ["CVE-2016-10088"], "lastseen": "2017-04-18T15:59:03"}, {"id": "CVE-2016-9555", "type": "cve", "title": "CVE-2016-9555", "description": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.", "published": "2016-11-27T22:59:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9555", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-04-18T16:01:03"}, {"id": "CVE-2016-9576", "type": "cve", "title": "CVE-2016-9576", "description": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.", "published": "2016-12-28T02:59:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9576", "cvelist": ["CVE-2016-9576"], "lastseen": "2017-04-18T16:01:03"}, {"id": "CVE-2016-9588", "type": "cve", "title": "CVE-2016-9588", "description": "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.", "published": "2016-12-28T02:59:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9588", "cvelist": ["CVE-2016-9588"], "lastseen": "2016-12-31T16:54:35"}, {"id": "CVE-2016-3672", "type": "cve", "title": "CVE-2016-3672", "description": "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", "published": "2016-04-27T13:59:27", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3672", "cvelist": ["CVE-2016-3672"], "lastseen": "2016-12-03T10:11:38"}], "nessus": [{"id": "SUSE_SU-2017-0303-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0303-1)", "description": "This update for the Linux Kernel 3.12.60-52_63 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96869", "cvelist": ["CVE-2016-9806"], "lastseen": "2017-02-17T01:02:34"}, {"id": "VIRTUOZZO_VZA-2017-007.NASL", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-007)", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact.\n\n - It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.\n\n - A flaw was found in the way nfnetlink validated length of batch messages that could allow a user logged in to a container as root to cause a general protection fault and crash the host.\n\n - A flaw was found in the way nfnetlink handled errors while processing batch messages that could allow a user logged in to a container as root to trigger use after free and crash the host.\n\n - A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-03-27T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=97979", "cvelist": ["CVE-2016-9806", "CVE-2016-3070", "CVE-2016-8645"], "lastseen": "2017-08-17T00:08:44"}, {"id": "SUSE_SU-2017-0267-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96761", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9576"], "lastseen": "2017-01-25T21:01:37"}, {"id": "SUSE_SU-2017-0247-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0247-1)", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96700", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:02:42"}, {"id": "UBUNTU_USN-3168-2.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3168-2)", "description": "USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96438", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-09-09T10:07:33"}, {"id": "SUSE_SU-2017-0268-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0268-1)", "description": "This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96762", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-25T21:02:23"}, {"id": "UBUNTU_USN-3168-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3168-1)", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96437", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-09-09T10:08:22"}, {"id": "SUSE_SU-2017-0245-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0245-1)", "description": "This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96698", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:00:37"}, {"id": "SUSE_SU-2017-0246-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0246-1)", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96699", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:01:28"}, {"id": "SUSE_SU-2017-0244-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0244-1)", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96697", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:02:16"}], "suse": [{"id": "SUSE-SU-2017:0303-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 18 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_63 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n\n", "published": "2017-01-27T22:09:30", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00062.html", "cvelist": ["CVE-2016-9806"], "lastseen": "2017-01-27T22:59:52"}, {"id": "SUSE-SU-2017:0267-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 17 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-24T12:09:03", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00054.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9576"], "lastseen": "2017-01-24T12:59:38"}, {"id": "SUSE-SU-2017:0247-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 10 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:11:51", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00051.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0235-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 (important)", "description": "This update for the Linux Kernel 3.12.59-60_41 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-20T17:18:24", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00046.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-20T16:59:42"}, {"id": "SUSE-SU-2017:0246-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 15 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:10:46", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00050.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0245-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 16 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:09:43", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00049.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0231-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 (important)", "description": "This update for the Linux Kernel 3.12.51-60_25 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-20T17:14:52", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00042.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-20T16:59:42"}, {"id": "SUSE-SU-2017:0244-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 12 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:08:32", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00048.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0234-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 (important)", "description": "This update for the Linux Kernel 3.12.57-60_35 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-20T17:17:24", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00045.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-20T16:59:42"}, {"id": "SUSE-SU-2017:0248-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 14 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:12:54", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00052.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}], "ubuntu": [{"id": "USN-3168-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2016-9756](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9756>))\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). ([CVE-2016-9793](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9793>))\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9794](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9794>))\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9806](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9806>))", "published": "2017-01-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3168-1/", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-08-09T19:13:34"}, {"id": "USN-3168-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2016-9756](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9756>))\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). ([CVE-2016-9793](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9793>))\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9794](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9794>))\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9806](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9806>))", "published": "2017-01-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3168-2/", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-08-09T19:14:35"}, {"id": "USN-3209-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>))\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3209-1/", "cvelist": ["CVE-2017-6074", "CVE-2016-10088", "CVE-2016-9588"], "lastseen": "2017-08-09T19:12:57"}, {"id": "USN-3208-2", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "description": "USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n([CVE-2016-9191](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9191>))\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>))\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. ([CVE-2017-2583](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2583>))\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). ([CVE-2017-2584](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2584>))\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-5549](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5549>))\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3208-2/", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-08-09T19:12:53"}, {"id": "USN-3208-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n([CVE-2016-9191](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9191>))\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>))\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. ([CVE-2017-2583](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2583>))\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). ([CVE-2017-2584](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2584>))\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-5549](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5549>))\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3208-1/", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-08-09T19:14:58"}, {"id": "USN-3360-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that the Linux kernel did not properly initialize a Wake- \non-Lan data structure. A local attacker could use this to expose sensitive \ninformation (kernel memory). ([CVE-2014-9900](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9900>))\n\nIt was discovered that the Linux kernel did not properly restrict access to \n/proc/iomem. A local attacker could use this to expose sensitive \ninformation. ([CVE-2015-8944](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8944>))\n\nIt was discovered that a use-after-free vulnerability existed in the \nperformance events and counters subsystem of the Linux kernel for ARM64. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. ([CVE-2015-8955](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8955>))\n\nIt was discovered that the SCSI generic (sg) driver in the Linux kernel \ncontained a double-free vulnerability. A local attacker could use this to \ncause a denial of service (system crash). ([CVE-2015-8962](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8962>))\n\nSasha Levin discovered that a race condition existed in the performance \nevents and counters subsystem of the Linux kernel when handling CPU unplug \nevents. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. ([CVE-2015-8963](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8963>))\n\nTilman Schmidt and Sasha Levin discovered a use-after-free condition in the \nTTY implementation in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). ([CVE-2015-8964](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8964>))\n\nIt was discovered that the fcntl64() system call in the Linux kernel did \nnot properly set memory limits when returning on 32-bit ARM processors. A \nlocal attacker could use this to gain administrative privileges. \n([CVE-2015-8966](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8966>))\n\nIt was discovered that the system call table for ARM 64-bit processors in \nthe Linux kernel was not write-protected. An attacker could use this in \nconjunction with another kernel vulnerability to execute arbitrary code. \n([CVE-2015-8967](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8967>))\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound \nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could \nuse this to expose sensitive information (kernel memory). \n([CVE-2017-1000380](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000380>))\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the \nLinux kernel did not properly validate some ioctl arguments. A local \nattacker could use this to cause a denial of service (system crash). \n([CVE-2017-7346](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7346>))\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n([CVE-2017-7895](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7895>))\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-8924](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8924>))\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). ([CVE-2017-8925](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8925>))\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. ([CVE-2017-9074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9074>))\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in \nthe Linux kernel did not properly initialize memory. A local attacker could \nuse this to expose sensitive information (kernel memory). ([CVE-2017-9605](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9605>))", "published": "2017-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3360-2/", "cvelist": ["CVE-2017-7895", "CVE-2017-1000380", "CVE-2017-9074", "CVE-2017-7346", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2014-9900", "CVE-2017-8924", "CVE-2015-8963", "CVE-2015-8944", "CVE-2015-8955", "CVE-2017-8925", "CVE-2015-8966", "CVE-2015-8967", "CVE-2017-9605"], "lastseen": "2017-08-09T19:12:26"}, {"id": "USN-3360-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that the Linux kernel did not properly initialize a Wake- \non-Lan data structure. A local attacker could use this to expose sensitive \ninformation (kernel memory). ([CVE-2014-9900](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9900>))\n\nIt was discovered that the Linux kernel did not properly restrict access to \n/proc/iomem. A local attacker could use this to expose sensitive \ninformation. ([CVE-2015-8944](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8944>))\n\nIt was discovered that a use-after-free vulnerability existed in the \nperformance events and counters subsystem of the Linux kernel for ARM64. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. ([CVE-2015-8955](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8955>))\n\nIt was discovered that the SCSI generic (sg) driver in the Linux kernel \ncontained a double-free vulnerability. A local attacker could use this to \ncause a denial of service (system crash). ([CVE-2015-8962](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8962>))\n\nSasha Levin discovered that a race condition existed in the performance \nevents and counters subsystem of the Linux kernel when handling CPU unplug \nevents. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. ([CVE-2015-8963](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8963>))\n\nTilman Schmidt and Sasha Levin discovered a use-after-free condition in the \nTTY implementation in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). ([CVE-2015-8964](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8964>))\n\nIt was discovered that the fcntl64() system call in the Linux kernel did \nnot properly set memory limits when returning on 32-bit ARM processors. A \nlocal attacker could use this to gain administrative privileges. \n([CVE-2015-8966](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8966>))\n\nIt was discovered that the system call table for ARM 64-bit processors in \nthe Linux kernel was not write-protected. An attacker could use this in \nconjunction with another kernel vulnerability to execute arbitrary code. \n([CVE-2015-8967](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8967>))\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound \nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could \nuse this to expose sensitive information (kernel memory). \n([CVE-2017-1000380](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000380>))\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the \nLinux kernel did not properly validate some ioctl arguments. A local \nattacker could use this to cause a denial of service (system crash). \n([CVE-2017-7346](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7346>))\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n([CVE-2017-7895](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7895>))\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-8924](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8924>))\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). ([CVE-2017-8925](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8925>))\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in \nthe Linux kernel did not properly initialize memory. A local attacker could \nuse this to expose sensitive information (kernel memory). ([CVE-2017-9605](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9605>))", "published": "2017-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3360-1/", "cvelist": ["CVE-2017-7895", "CVE-2017-1000380", "CVE-2017-7346", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2014-9900", "CVE-2017-8924", "CVE-2015-8963", "CVE-2015-8944", "CVE-2015-8955", "CVE-2017-8925", "CVE-2015-8966", "CVE-2015-8967", "CVE-2017-9605"], "lastseen": "2017-08-09T19:14:03"}, {"id": "USN-3188-1", "type": "ubuntu", "title": "Linux kernel vulnerability", "description": "Andrey Konovalov discovered that the SCTP implementation in the Linux \nkernel improperly handled validation of incoming data. A remote attacker \ncould use this to cause a denial of service (system crash).", "published": "2017-02-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3188-1/", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-08-09T19:14:25"}, {"id": "USN-3188-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerability", "description": "USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux \nkernel improperly handled validation of incoming data. A remote attacker \ncould use this to cause a denial of service (system crash).", "published": "2017-02-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3188-2/", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-08-09T19:11:55"}, {"id": "USN-3187-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Andrey Konovalov discovered that the SCTP implementation in the Linux \nkernel improperly handled validation of incoming data. A remote attacker \ncould use this to cause a denial of service (system crash). ([CVE-2016-9555](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9555>))\n\nIt was discovered that multiple memory leaks existed in the XFS \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (memory consumption). ([CVE-2016-9685](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9685>))", "published": "2017-02-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-3187-1/", "cvelist": ["CVE-2016-9555", "CVE-2016-9685"], "lastseen": "2017-08-09T19:14:40"}], "openvas": [{"id": "OPENVAS:1361412562310843009", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-3168-2", "description": "Check the version of linux-lts-trusty", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843009", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-07-25T10:57:53"}, {"id": "OPENVAS:1361412562310843018", "type": "openvas", "title": "Ubuntu Update for linux USN-3168-1", "description": "Check the version of linux", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843018", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-07-25T10:57:47"}, {"id": "OPENVAS:1361412562310851489", "type": "openvas", "title": "SuSE Update for Kernel openSUSE-SU-2017:0458-1 (Kernel)", "description": "Check the version of kernel", "published": "2017-02-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851489", "cvelist": ["CVE-2016-9806", "CVE-2016-7117", "CVE-2016-9793", "CVE-2016-7917", "CVE-2016-10088", "CVE-2017-5551", "CVE-2016-10147", "CVE-2016-9576", "CVE-2016-8645"], "lastseen": "2017-07-26T08:56:56"}, {"id": "OPENVAS:1361412562310851506", "type": "openvas", "title": "SuSE Update for the openSUSE-SU-2017:0456-1 (Linux Kernel)", "description": "Check the version of Linux Kernel", "published": "2017-02-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851506", "cvelist": ["CVE-2017-5576", "CVE-2016-9806", "CVE-2017-2584", "CVE-2016-7117", "CVE-2016-9793", "CVE-2017-5577", "CVE-2017-5551", "CVE-2017-2583", "CVE-2016-9919", "CVE-2015-8709", "CVE-2016-8645"], "lastseen": "2017-07-26T08:56:40"}, {"id": "OPENVAS:1361412562310871855", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:1842-01", "description": "Check the version of kernel", "published": "2017-08-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871855", "cvelist": ["CVE-2016-9604", "CVE-2016-9806", "CVE-2016-7097", "CVE-2016-6213", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2016-10088", "CVE-2017-6001", "CVE-2015-8839", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-9075", "CVE-2014-7975", "CVE-2016-9685", "CVE-2015-8970", "CVE-2016-10147", "CVE-2016-9576", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-2596", "CVE-2016-9588", "CVE-2017-9076", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797", "CVE-2016-7042", "CVE-2016-8645", "CVE-2014-7970"], "lastseen": "2017-08-21T11:27:27"}, {"id": "OPENVAS:1361412562310851415", "type": "openvas", "title": "SuSE Update for Kernel openSUSE-SU-2016:2584-1 (Kernel)", "description": "Check the version of the Kernel", "published": "2016-10-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851415", "cvelist": ["CVE-2016-8666", "CVE-2016-7039", "CVE-2016-5195"], "lastseen": "2017-07-26T08:53:40"}, {"id": "OPENVAS:1361412562310851414", "type": "openvas", "title": "SuSE Update for Kernel openSUSE-SU-2016:2583-1 (Kernel)", "description": "Check the version of the Kernel", "published": "2016-10-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851414", "cvelist": ["CVE-2016-8666", "CVE-2016-7425", "CVE-2016-8658", "CVE-2016-7039", "CVE-2016-5195"], "lastseen": "2017-07-26T08:54:00"}, {"id": "OPENVAS:1361412562310851513", "type": "openvas", "title": "SuSE Update for Linux Kernel openSUSE-SU-2016:3050-1 (Linux Kernel)", "description": "Check the version of the", "published": "2017-02-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851513", "cvelist": ["CVE-2016-9794", "CVE-2016-8655", "CVE-2016-9084", "CVE-2016-7917", "CVE-2016-8666", "CVE-2015-8964", "CVE-2016-9555", "CVE-2016-8632", "CVE-2015-1350", "CVE-2016-9083", "CVE-2016-7913", "CVE-2016-7039", "CVE-2016-7042"], "lastseen": "2017-07-26T08:56:40"}, {"id": "OPENVAS:1361412562310843060", "type": "openvas", "title": "Ubuntu Update for linux USN-3209-1", "description": "Check the version of linux", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843060", "cvelist": ["CVE-2017-6074", "CVE-2016-10088", "CVE-2016-9588"], "lastseen": "2017-07-25T10:57:25"}, {"id": "OPENVAS:1361412562310843062", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3208-2", "description": "Check the version of linux-lts-xenial", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843062", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-07-25T10:57:22"}], "oraclelinux": [{"id": "ELSA-2017-3508", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-61.1.25]\n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042}\n- nvme: Limit command retries (Keith Busch) [Orabug: 25374751] \n- fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828}\n- tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666}\n- i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] \n- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655}\n- netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806}\n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}\n[4.1.12-61.1.24]\n- rebuild bumping release", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3508.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8655", "CVE-2016-9793", "CVE-2016-8666", "CVE-2016-6828", "CVE-2016-7042"], "lastseen": "2017-01-13T01:33:23"}, {"id": "ELSA-2017-1842-1", "type": "oraclelinux", "title": "1 ", "description": " ", "published": "2017-08-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-1842-1.html", "cvelist": ["CVE-2016-9604", "CVE-2016-9806", "CVE-2016-7097", "CVE-2016-6213", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2016-10088", "CVE-2017-6001", "CVE-2015-8839", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-9075", "CVE-2014-7975", "CVE-2016-9685", "CVE-2015-8970", "CVE-2016-10147", "CVE-2016-9576", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-2596", "CVE-2016-9588", "CVE-2017-9076", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797", "CVE-2016-7042", "CVE-2016-8645", "CVE-2014-7970"], "lastseen": "2017-08-22T10:03:06"}, {"id": "ELSA-2017-1842", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "description": " ", "published": "2017-08-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-1842.html", "cvelist": ["CVE-2016-9604", "CVE-2016-9806", "CVE-2016-7097", "CVE-2016-6213", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2016-10088", "CVE-2017-6001", "CVE-2015-8839", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-9075", "CVE-2014-7975", "CVE-2016-9685", "CVE-2015-8970", "CVE-2016-10147", "CVE-2016-9576", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-2596", "CVE-2016-9588", "CVE-2017-9076", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797", "CVE-2016-7042", "CVE-2016-8645", "CVE-2014-7970"], "lastseen": "2017-08-08T04:23:21"}, {"id": "ELSA-2017-3566", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-118.18.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895}\n[3.8.13-118.18.1]\n- fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] \n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] \n- VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] \n- VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] \n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}", "published": "2017-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3566.html", "cvelist": ["CVE-2016-10208", "CVE-2016-2782", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-10088", "CVE-2015-6252", "CVE-2015-9731", "CVE-2015-5257", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-5669", "CVE-2017-2647", "CVE-2017-5986", "CVE-2016-10229", "CVE-2017-7187", "CVE-2016-10142", "CVE-2016-9644"], "lastseen": "2017-05-16T13:21:12"}, {"id": "ELSA-2017-0817", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "description": "[2.6.32-696.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074}\n[2.6.32-695]\n- [block] nvme: Dont poll device being removed (David Milburn) [1422521]\n[2.6.32-694]\n- [fs] posix_acl: Clear SGID bit when setting file permissions (Andreas Grunbacher) [1371252] {CVE-2016-7097}\n- [fs] switch posix_acl_equiv_mode() to umode_t * (Andreas Grunbacher) [1371252] {CVE-2016-7097}\n- [perf] sched latency: Fix thread pid reuse issue (Jiri Olsa) [1400743]\n- [fs] ext4: fix races of writeback with punch hole and zero range (Lukas Czerner) [1394786]\n- [fs] ext4: validate s_reserved_gdt_blocks on mount (Lukas Czerner) [1394786]\n- [fs] ext4: release bh in make_indexed_dir (Lukas Czerner) [1394786]\n- [fs] ext4: reinforce check of i_dtime when clearing high fields of uid and gid (Lukas Czerner) [1394786]\n- [fs] ext4: validate that metadata blocks do not overlap superblock (Lukas Czerner) [1394786]\n- [fs] ext4: short-cut orphan cleanup on error (Lukas Czerner) [1394786]\n- [fs] ext4: fix reference counting bug on block allocation error (Lukas Czerner) [1394786]\n- [fs] ext4: check for extents that wrap around (Lukas Czerner) [1394786]\n- [fs] ext4: silence UBSAN in ext4_mb_init() (Lukas Czerner) [1394786]\n- [fs] ext4: address UBSAN warning in mb_find_order_for_block() (Lukas Czerner) [1394786]\n- [fs] ext4: clean up error handling when orphan list is corrupted (Lukas Czerner) [1394786]\n- [fs] ext4: fix hang when processing corrupted orphaned inode list (Lukas Czerner) [1394786]\n- [fs] jbd2: Fix unreclaimed pages after truncate in data=journal mode (Lukas Czerner) [1394786]\n- [fs] ext4: Fix handling of extended tv_sec (Lukas Czerner) [1394786]\n- [fs] create and use seq_show_option for escaping (Lukas Czerner) [1394786]\n- [fs] ext4: replace open coded nofail allocation in ext4_free_blocks() (Lukas Czerner) [1394786]\n- [fs] ext4: Introduce EFSBADCRC and EFSCORRUPTED error codes (Lukas Czerner) [1394786]\n- [block] ensure request->part is valid (Jeff Moyer) [1416341]\n- [sound] alsa: hda - fix Lewisburg audio issue (Jaroslav Kysela) [1413134]\n[2.6.32-693]\n- [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1419396]\n- [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1419396]\n- [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1419396]\n- [netdrv] sfc: clean fallbacks between promisc/normal in efx_ef10_filter_sync_rx_mode (Jarod Wilson) [1419396]\n- [netdrv] sfc: support cascaded multicast filters (Jarod Wilson) [1419396]\n- [netdrv] sfc: Make failed filter removal less noisy (Jarod Wilson) [1410750]\n- [netdrv] sfc: re-factor efx_ef10_filter_sync_rx_mode() (Jarod Wilson) [1410750]\n- [netdrv] sfc: refactor debug-or-warnings printks (Jarod Wilson) [1410750]\n- [net] implement netif_cond_dbg macro (Jarod Wilson) [1410750]\n[2.6.32-692]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1401058]\n- [fs] revert 'sunrpc: make AF_LOCAL connect synchronous' (Benjamin Coddington) [1420044]\n[2.6.32-691]\n- [net] tcp: correct memory barrier usage in tcp_check_space() (Oleg Nesterov) [1386136]\n- [fs] epoll: prevent missed events on EPOLL_CTL_MOD (Oleg Nesterov) [1386136]\n- [acpi] acpica: Fix regression in FADT revision checks (Lenny Szubowicz) [1418339]\n- [net] ipv6: stop sending PTB packets for MTU < 1280 (Hannes Frederic Sowa) [1415931] {CVE-2016-10142}\n- [net] fix dst_ops_extend leaks (Sabrina Dubroca) [1399633]\n[2.6.32-690]\n- [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1405267]\n- [scsi] mpt3sas: Fix for block device of raid exists even after deleting raid disk (Tomas Henzl) [1416552]\n[2.6.32-689]\n- [netdrv] be2net: fix initial MAC setting (Ivan Vecera) [1415905]\n[2.6.32-688]\n- [netdrv] sfc: fix missing mc_promisc setting (Jarod Wilson) [1410750]\n[2.6.32-687]\n- [netdrv] sfc: reduce severity of PIO buffer alloc failures (Jarod Wilson) [1410750]\n- [netdrv] sfc: avoid division by zero (Jarod Wilson) [1410750]\n- [netdrv] sfc: Insert multicast filters as well as mismatch filters in promiscuous mode (Jarod Wilson) [1410750]\n- [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1410750]\n- [netdrv] sfc: warn if other functions have been reset by MCFW (Jarod Wilson) [1410750]\n- [netdrv] sfc: add output flag decoding to efx_mcdi_set_workaround (Jarod Wilson) [1410750]\n- [netdrv] sfc: get PIO buffer size from the NIC (Jarod Wilson) [1410750]\n- [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1410750]\n- [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1410750]\n- [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1410750]\n- [netdrv] sfc: Downgrade EPERM messages from MCDI to debug (Jarod Wilson) [1410750]\n- [netdrv] sfc: cope with ENOSYS from efx_mcdi_get_workarounds() (Jarod Wilson) [1410750]\n- [netdrv] sfc: enable cascaded multicast filters in MCFW (Jarod Wilson) [1410750]\n- [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1410750]\n- [dm] raid: fix transient device failure processing (Mike Snitzer) [1404425]\n[2.6.32-686]\n- [scsi] Add intermediate STARGET_REMOVE state to scsi_target_state (Ewan Milne) [1349623]\n- [scsi] restart list search after unlock in scsi_remove_target (Ewan Milne) [1349623]\n- [powerpc] pci: Support per-aperture memory offset (Laurent Vivier) [1413448]\n- [powerpc] pci: Dont add bogus empty resources to PHBs (Laurent Vivier) [1413448]\n- [mm] mmap.c: fix arithmetic overflow in __vm_enough_memory() (Jerome Marchand) [1413500]\n- [net] ping: check minimum size on ICMP header length (Mateusz Guzik) [1414202] {CVE-2016-8399}\n- [scsi] sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Ewan Milne) [1414823] {CVE-2016-10088 CVE-2016-9576}\n[2.6.32-685]\n- [kernel] ftrace: Do not function trace inlined functions (Pratyush Anand) [1413456]\n- [x86] paravirt: Do not trace _paravirt_ident_*() functions (Pratyush Anand) [1413456]\n- [netdrv] i40e: Fix for long link down notification time (Stefan Assmann) [1414274]\n- [scsi] megaraid_sas: fix done in queue_command (Tomas Henzl) [1415192]\n- [scsi] megaraid: fixes (Tomas Henzl) [1415192]\n- [netdrv] ixgbe: Add support for new X557 device (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add KR backplane support for x550em_a (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for SGMII backplane interface (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for SFPs with retimer (Ken Cox) [1408509]\n- [netdrv] ixgbe: Introduce function to control MDIO speed (Ken Cox) [1408509]\n- [netdrv] ixgbe: Read and set instance id (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for x550em_a 10G MAC type (Ken Cox) [1408509]\n- [netdrv] ixgbe: Use method pointer to access IOSF devices (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for single-port X550 device (Ken Cox) [1408509]\n- [netdrv] ixgbe: Clean up interface for firmware commands (Ken Cox) [1408509]\n- [netdrv] ixgbe: Change the lan_id and func fields to a u8 to avoid casts (Ken Cox) [1408509]\n- [netdrv] ixgbe: Fix flow control for Xeon D KR backplane (Ken Cox) [1408509]\n- [netdrv] ixgbe: Make all unchanging ops structures const (Ken Cox) [1408509]\n- [netdrv] ixgbe: Update PTP to support X550EM_x devices (Ken Cox) [1408509]\n- [netdrv] ixgbe: convert to CYCLECOUNTER_MASK macro (Ken Cox) [1408509]\n- [netdrv] ixgbevf: add VF support for new hardware (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Support Windows hosts (Hyper-V) (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Add the device IDs presented while running on Hyper-V (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Move API negotiation function into mac_ops (Ken Cox) [1408507]\n- [x86] tsc: Reset cycle_last after resume from S3/S4 (Lenny Szubowicz) [1406468]\n- [kernel] hung_task: allow hung_task_panic when hung_task_warnings is 0 (Waiman Long) [1410297]\n[2.6.32-684]\n- [s390] kernel/ap: Fix hang condition on crypto card config-off (Hendrik Brueckner) [1413552]\n- [s390] zcrypt: Improved invalid domain response handling (Hendrik Brueckner) [1406389]\n- [infiniband] ucm: Fix bitmap wrap when devnum > IB_UCM_MAX_DEVICES (Slava Shwartsman) [1413476]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Kamal Heib) [1408937]\n- [netdrv] be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [1406659]\n- [netdrv] be2net: dont delete MAC on close on unprivileged BE3 VFs (Ivan Vecera) [1406659]\n- [netdrv] be2net: fix status check in be_cmd_pmac_add() (Ivan Vecera) [1406659]\n- [acpi] acpica: Tables: Update FADT handling (Lenny Szubowicz) [1408401]\n- [acpi] acpica: ACPI 6.0: Add changes for FADT table (Lenny Szubowicz) [1408401]\n- [acpi] acpica: Basic support for FADT version 5 (Lenny Szubowicz) [1408401]\n- [acpi] acpica: Remove use of unreliable FADT revision field (Lenny Szubowicz) [1408401]\n[2.6.32-683]\n- [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1411279]\n- [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1411279]\n- [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1411279]\n- [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1411279]\n- [net] mlx4_en: Fix type mismatch for 32-bit systems (Slava Shwartsman) [1399239]\n- [net] mlx4_en: Resolve dividing by zero in 32-bit system (Slava Shwartsman) [1399239]\n- [netdrv] e1000e: Initial support for KabeLake (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Clear ULP configuration register on ULP exit (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Increase PHY PLL clock gate timing (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Increase ULP timer (Jarod Wilson) [1406917]\n- [netdrv] e1000e: initial support for i219-LM (3) (Jarod Wilson) [1406917]\n- [netdrv] be2net: fix unicast list filling (Ivan Vecera) [1408247]\n- [netdrv] be2net: fix accesses to unicast list (Ivan Vecera) [1408247]\n- [netdrv] sfc: Downgrade or remove some error messages (Jarod Wilson) [1410750]\n- [netdrv] be2net: call be_set_uc_list() unconditionally (Ivan Vecera) [1402679]\n- [netdrv] mlx5e: Use hw_features through netdev_extended macro (Kamal Heib) [1385318]\n- [block] nvme: Dont stop kthread while clearing queues (David Milburn) [1399431]\n- [fs] dlm: Fix saving of NULL callbacks (Robert S Peterson) [1264492]\n[2.6.32-682]\n- [x86] kdump: Fix several bound checking error of crashkernel reserving (Baoquan He) [1349069]\n- [x86] kdump: Crashkernel auto reservation failed on large system (Baoquan He) [1349069]\n- [kdump] Fix wrong dmi_present argument in case efi_smbios_addr being used (Dave Young) [1404984]\n- [kdump] Add error check in case dmi_get_system_info return null (Dave Young) [1404984]\n- [netdrv] bnxt_en: Improve the delay logic for firmware response (John Linville) [1406129]\n- [netdrv] bnxt_en: Implement proper firmware message padding (John Linville) [1406129]\n- [netdrv] bnxt_en: Refactor _hwrm_send_message() (John Linville) [1406129]\n- [netdrv] bnxt_en: Fix dmesg log firmware error messages (John Linville) [1406129]\n- [netdrv] bnxt_en: Use firmware provided message timeout value (John Linville) [1406129]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Scott Mayhew) [1325766]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Scott Mayhew) [1325766]\n- [fs] nfs: Fix a performance regression in readdir (Scott Mayhew) [1325766]\n[2.6.32-681]\n- [net] udplite: fast-path computation of checksum coverage (Hangbin Liu) [1404127]\n- [ata] libata: fix sff host state machine locking while polling (Cathy Avery) [1390972]\n- [ata] libata-sff: use WARN instead of BUG on illegal host state machine state (Cathy Avery) [1390972]\n- [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (Vitaly Kuznetsov) [1400428]\n- [fs] nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [1409002]\n- [fs] nfsd: fix deadlock secinfo+readdir compound (J. Bruce Fields) [1314505]\n- [fs] nfsd4: fix recovery-dir leak on nfsd startup failure (J. Bruce Fields) [1266405]\n- [x86] Mark Skylake processors with Kaby Lake PCH as unsupported (David Arcari) [1405459]\n- [infiniband] ipoib: Remove cant use GFP_NOIO warning (Slava Shwartsman) [1321529]\n- [netdrv] veth: allow changing the mac address while interface is up (David Arcari) [1402696]\n- [kernel] tracing: Protect tracer flags with trace_types_lock (Steven Rostedt) [1397661]\n- [acpi] acpica: Prevent circular object list in acpi_ns_exec_module_code (Lenny Szubowicz) [1401776]\n- [acpi] acpica: Fix possible memory leak for module-level code execution (Lenny Szubowicz) [1401776]\n- [acpi] acpica: Add additional module-level code support (Lenny Szubowicz) [1401776]\n- [fs] xfs: growfs: use uncached buffers for new headers (Bill ODonnell) [1134314]\n- [fs] xfs: catch invalid negative blknos in _xfs_buf_find() (Bill ODonnell) [1134314]\n- [fs] xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (Bill ODonnell) [1134314]\n[2.6.32-680]\n- [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1397807]\n[2.6.32-679]\n- [mm] Revert 'mm: Fix slab growing out of bound within a cpuset' (Larry Woodman) [1402713]\n- [netdrv] cxgb4: update latest firmware version supported (Sai Vemuri) [1381382]\n- [kernel] audit: correctly record file names with different path name types (Paul Moore) [1305103]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: ldio_outstanding variable is not decremented in completion path (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: 128 MSIX Support (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n[2.6.32-678]\n- [netdrv] RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips (Sai Vemuri) [1381382]\n- [netdrv] cxgb4: Stop Rx Queues before freeing it up (Sai Vemuri) [1381382]\n- [netdrv] iw_cxgb4 : Added 'Fail' column in debug iw_cxgb4 stats (Sai Vemuri) [1381382]\n- [netdrv] cxgb4: Add info print to display number of MSI-X vectors allocated (Sai Vemuri) [1381382]\n- [netdrv] iwpm: crash fix for large connections test (Sai Vemuri) [1381382]\n- [netdrv] cxgb4/cxgb4vf : Use vlan_gro_frags_gr() for VLANs (Sai Vemuri) [1381382]\n- [netdrv] cxgb4vf : Using RHEL6 provided napi_gro_frags_gr() API which returns (enum gro_result) values (Sai Vemuri) [1381382]\n- [serial] 8250_pci: Detach low-level driver during PCI error recovery (Gustavo Duarte) [1400508]\n- [drm] reservation: Remove shadowing local variable 'ret' (Rob Clark) [1398084]\n- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399457] {CVE-2016-9555}\n- [net] ipv6: add mtu lock check in __ip6_rt_update_pmtu (Xin Long) [1397295]\n- [net] Reduce queue allocation to one in kdump kernel (Sai Vemuri) [1321315]\n- [netdrv] cxgb4: Force cxgb4 driver as MASTER in kdump kernel (Sai Vemuri) [1321315]\n[2.6.32-677]\n- [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.15.37.0 (Sai Vemuri) [1349112]\n- [netdrv] be2net: fix locking (Ivan Vecera) [1397915]\n- [perf] tools: Initialize reference counts in map__clone() (Jiri Olsa) [1359100]\n- [perf] tools: Replace map->referenced & maps->removed_maps with map->refcnt (Jiri Olsa) [1359100]\n- [md] raid10: add rcu protection to rdev access in raid10_sync_request (Xiao Ni) [1395048]\n- [md] raid10: add rcu protection in raid10_status (Xiao Ni) [1395048]\n- [md] raid10: fix refounct imbalance when resyncing an array with a replacement device (Xiao Ni) [1395048]\n- [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1342659]\n- [x86] ACPI: add dynamic_debug support (Prarit Bhargava) [1252674]\n- [mm] hugetlb: fix huge_pte_alloc BUG_ON (Dave Anderson) [1397250]\n[2.6.32-676]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add in missing white spaces in error messages text (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1397873]\n- [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: Do not fire DCMDs during PCI shutdown/detach (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Send correct PhysArm to FW for R1 VD downgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: clean function declarations in megaraid_sas_base.c up (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add in missing white space in error message text (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix the search of first memory bar (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Use memdup_user() rather than duplicating its implementation (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix probing cards without io port (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Downgrade two success messages to info (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: task management code optimizations (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: call ISR function to clean up pending replies in OCR path (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: reduce memory footprints in kdump mode (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add missing curly braces in ioctl handler (Tomas Henzl) [1396567]\n- [scsi] mpt3sas: Bump driver version as '14.101.00.00' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for Endianness issue (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Use the new MPI 2.6 32-bit Atomic Request Descriptors for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: set EEDP-escape-flags for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Increased/Additional MSIX support for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Added Device IDs for SAS35 devices and updated MPI header (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Dont spam logs if logging level is 0 (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix warnings exposed by W=1 (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Eliminate dead sleep_flag code (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Eliminate conditional locking in mpt3sas_scsih_issue_tm() (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Ensure the connector_name string is NUL-terminated (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Bump driver version as '14.100.00.00' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Remove unused macro 'MPT_DEVICE_TLR_ON' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Implement device_remove_in_progress check in IOCTL path (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for incorrect numbers for MSIX vectors enabled when non RDPQ card is enumerated first (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for improper info displayed in var log, while blocking or unblocking the device (Tomas Henzl) [1306469]\n- [net] increase xmit RECURSION_LIMIT to 10 (Sabrina Dubroca) [1392660]\n- [net] add a recursion limit in xmit path (Sabrina Dubroca) [1392660]\n- [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1390061]\n- [net] netfilter: ebtables: Fix extension lookup with identical name (Sabrina Dubroca) [1390061]\n- [net] ipv6: ipv6_find_hdr restore prev functionality (Paolo Abeni) [1392975]\n[2.6.32-675]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359304] {CVE-2016-6136}\n- [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1353844]\n- [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1353844]\n- [fs] nfs: Dont pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1353844]\n- [fs] dlm: Dont save callbacks after accept (Robert S Peterson) [1264492]\n- [fs] dlm: Save and restore socket callbacks properly (Robert S Peterson) [1264492]\n- [fs] dlm: Replace nodeid_to_addr with kernel_getpeername (Robert S Peterson) [1264492]\n- [fs] dlm: print kernel message when we get an error from kernel_sendpage (Robert S Peterson) [1264492]\n- [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1397552]\n- [hv] storvsc: Payload buffer incorrectly sized for 32 bit kernels (Cathy Avery) [1394756]\n- [fs] xfs: fix unbalanced inode reclaim flush locking (Brian Foster) [1384564]\n- [scsi] hpsa: correct logical resets (Joseph Szczypek) [1083110]\n- [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1083110]\n- [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1083110]\n- [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1083110]\n- [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1083110]\n- [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1083110]\n- [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1083110]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1372465]\n[2.6.32-674]\n- [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1351798]\n- [x86] Mark Intel Purley supported (Steve Best) [1271866]\n- [pnp] Prevent attaching to ACPI IPMI device (Charles Rose) [857150]\n[2.6.32-673]\n- [netdrv] ehea: fix operation state report (Gustavo Duarte) [1089134]\n- [block] nvme: Always use MSI/MSI-x interrupts (David Milburn) [1372023]\n- [fs] aio: aio_nr decrements dont need to be delayed (Jiri Olsa) [1386216]\n- [fs] aio: dont bother with async freeing on failure in ioctx_alloc() (Jiri Olsa) [1386216]\n- [fs] epoll: ep_unregister_pollwait() can use the freed pwq->whead (Lauro Ramos Venancio) [1392372]\n- [fs] epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() (Lauro Ramos Venancio) [1392372]\n[2.6.32-672]\n- [sched] Fix rq->nr_uninterruptible update race (Aaron Tomlin) [1377292]\n- [security] keys: Fix short sprintf buffer in /proc/keys show function (Frantisek Hrbata) [1375208] {CVE-2016-7042}\n- [net] bridge: fix switched interval for MLD Query types (Hangbin Liu) [1392327]\n- [net] netfilter: ipv6: move POSTROUTING invocation before fragmentation (Eric Garver) [1391240]\n- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390046] {CVE-2016-7117}\n- [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1381585]\n- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379529] {CVE-2016-6828}\n- [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1388287]\n- [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_timewait_sock (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_sock (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_request_sock (Florian Westphal) [1388287]\n- [net] tcp: helpers to mitigate ACK loops by rate-limiting out-of-window dupacks (Florian Westphal) [1388287]\n- [net] ipv6: Dont change dst->flags using assignments (Marcelo Leitner) [1389478]\n- [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1385088]\n[2.6.32-671]\n- [perf] list: Fix rNNNN list output to appear only once (Jiri Olsa) [1291256 1374411]\n- [perf] symbols: Check kptr_restrict for root (Jiri Olsa) [1291256 1374411]\n- [fs] SUNRPC: Fix a regression when reconnecting (Benjamin Coddington) [1323801]\n- [fs] SUNRPC: Clear the request rq_bytes_sent field in xprt_release_write (Benjamin Coddington) [1323801]\n- [fs] SUNRPC: Lock the transport layer on shutdown (Benjamin Coddington) [1323801]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M (opcode 0F AF) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M, IMM (opcode 69) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M, imm8 (opcode 6B) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: Use a register for ____emulate_2op() destination (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: pass destination type to ____emulate_2op() (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: add Src2Imm decoding (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: consolidate immediate decode into a function (Radim Krcmar) [1313468]\n- [hv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1388701]\n- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1378614]\n- [hv] vmbus: Fix signaling logic in hv_need_to_signal_on_read() (Vitaly Kuznetsov) [1319054]\n- [hv] vmbus: Eliminate the spin lock on the read path (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer: eliminate hv_ringbuffer_peek() (Vitaly Kuznetsov) [1319054]\n- [hv] remove code duplication between vmbus_recvpacket()/vmbus_recvpacket_raw() (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer: remove code duplication from hv_ringbuffer_peek/read() (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer.c: fix comment style (Vitaly Kuznetsov) [1319054]\n- [hv] netvsc: set nvdev link after populating chn_table (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: synchronize netvsc_change_mtu()/netvsc_set_channels() with netvsc_remove() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: get rid of struct net_device pointer in struct netvsc_device (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: untangle the pointer mess (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: use start_remove flag to protect netvsc_link_change() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: move start_remove flag to net_device_context (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Move subchannel waiting to rndis_filter_device_remove() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Wait for sub-channels to be processed during probe (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Properly size the vrss queues (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Add close of RNDIS filter into change mtu call (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] hv_netvsc: Add support to set MTU reservation from guest side (Vitaly Kuznetsov) [1352105]\n- [perf] probe: Clear probe_trace_event when add_probe_trace_event() fails (Jiri Olsa) [1291510]\n- [perf] probe: Move ftrace probe-event operations to probe-file.c (Jiri Olsa) [1291510]\n- [block] loop: fix comment typo in loop_config_discard (Lukas Czerner) [818597]\n- [block] loop: Limit the number of requests in the bio list (Lukas Czerner) [818597]\n- [fs] ext4: optimize test_root() (Lukas Czerner) [1236047]\n- [fs] ext4: verify group number in verify_group_input() before using it (Lukas Czerner) [1236047]\n- [fs] nfsd: use short read as well as i_size to set eof (Benjamin Coddington) [1302415]\n- [fs] xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (Carlos Maiolino) [1259493]\n- [fs] xfs: Fix rounding in xfs_alloc_fix_len() (Carlos Maiolino) [1259493]\n- [fs] jbd: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015]\n- [fs] jbd2: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015]\n[2.6.32-670]\n- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1387243]\n- [misc] hpilo: Changes to support new security states in iLO5 FW (Joseph Szczypek) [1376584]\n- [misc] hpilo: Change e-mail address from hp.com to hpe.com (Joseph Szczypek) [1376584]\n- [misc] hpilo: cleanup hpilo (Joseph Szczypek) [1376584]\n- [mm] memory_hotplug.c: change normal message to use pr_debug (Jeremy McNicoll) [1255272]\n- [acpi] mem_hotplug: set memory info correctly when problems forcing mem online (Jeremy McNicoll) [1255272]\n- [fs] bio: Need to free integrity payload if the split bio gets memory by itself (Xiao Ni) [1268434]\n- [md] add rdev reference for super write (Xiao Ni) [1365718]\n- [netdrv] rtlwifi: fix memory leak for USB device (Stanislaw Gruszka) [1364597]\n- [fs] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() (Benjamin Coddington) [1353272]\n- [drm] nouveau/kms: take mode_config mutex in connector hotplug path (Ben Skeggs) [1349978]\n- [kernel] clocksource: Defer override invalidation unless clock is unstable (Prarit Bhargava) [1356231]\n- [kernel] clocksource: Reselect clocksource when watchdog validated high-res capability (Prarit Bhargava) [1356231]\n- [fs] nfs4: clnt: respect noresvport when establishing connections to DSes (Benjamin Coddington) [1346041]\n- [fs] nfs: Add nfs_client behavior flags (Benjamin Coddington) [1346041]\n- [block] fix /proc/diskstats in-flight - kABI workaround (Jerome Marchand) [1273339 1306879]\n- [block] add internal hd part table references (Jerome Marchand) [1273339 1306879]\n- [block] fix accounting bug on cross partition merges (Jerome Marchand) [1273339 1306879]\n- [block] kref: add kref_test_and_get (Jerome Marchand) [1273339 1306879]\n- [block] Revert 'block: fix accounting bug on cross partition merges' (Jerome Marchand) [1273339 1306879]\n- [perf] thread: Fix reference count initial state (Jiri Olsa) [1359100]\n- [perf] tools: Reference count struct map (Jiri Olsa) [1359100]\n- [perf] tools: Check if a map is still in use when deleting it (Jiri Olsa) [1359100]\n- [perf] tools: Protect accesses the map rbtrees with a rw lock (Jiri Olsa) [1359100]\n- [perf] tools: Introduce struct maps (Jiri Olsa) [1359100]\n- [perf] tools: Assign default value for some pointers (Jiri Olsa) [1359100]\n- [perf] tools: Use maps__first()/map__next() (Jiri Olsa) [1359100]\n- [perf] tools: Leave DSO destruction to the map destruction (Jiri Olsa) [1359100]\n- [perf] machine: Mark removed threads as such (Jiri Olsa) [1359100]\n- [perf] tools: Import rb_erase_init from block/ in the kernel sources (Jiri Olsa) [1359100]\n- [perf] tools: Nuke unused map_groups__flush() (Jiri Olsa) [1359100]\n- [perf] tools: Remove redundant initialization of thread linkage members (Jiri Olsa) [1359100]\n- [perf] tools: Rename maps__next (Jiri Olsa) [1359100]\n- [perf] machine: Do not call map_groups__delete(), drop refcnt instead (Jiri Olsa) [1359100]\n- [perf] hists: Rename add_hist_entry to hists__findnew_entry (Jiri Olsa) [1359100]\n- [perf] tools: Use atomic.h for the map_groups refcount (Jiri Olsa) [1359100]\n- [perf] tests: Fix map_groups refcount test (Jiri Olsa) [1359100]\n- [perf] machine: No need to keep a refcnt for last_match (Jiri Olsa) [1359100]\n- [perf] tests: Show refcounting broken expectations in thread-mg-share test (Jiri Olsa) [1359100]\n- [perf] machine: Protect the machine->threads with a rwlock (Jiri Olsa) [1359100]\n- [video] efifb: prevent null-deref when iterating dmi_list (Rob Clark) [1360982]\n- [video] configs: updates for fb backport (Rob Clark) [1360982]\n- [video] fbdev: efifb: bind to efi-framebuffer (Rob Clark) [1360982]\n- [video] fbdev: vesafb: bind to platform-framebuffer device (Rob Clark) [1360982]\n- [video] fbdev: simplefb: add common x86 RGB formats (Rob Clark) [1360982]\n- [video] x86: sysfb: move EFI quirks from efifb to sysfb (Rob Clark) [1360982]\n- [video] x86: provide platform-devices for boot-framebuffers (Rob Clark) [1360982]\n- [video] fbdev: simplefb: mark as fw and allocate apertures (Rob Clark) [1360982]\n- [video] fbdev: simplefb: add init through platform_data (Rob Clark) [1360982]\n- [video] drivers/video: implement a simple framebuffer driver (Rob Clark) [1360982]\n- [video] vesafb: fix memory leak (Rob Clark) [1360982]\n- [video] uvesafb,vesafb: create WC or WB PAT-entries (Rob Clark) [1360982]\n- [video] vesafb: fix comment a typo (Rob Clark) [1360982]\n- [video] vesafb: use platform_driver_probe() instead of platform_driver_register() (Rob Clark) [1360982]\n- [video] efifb: Fix call to wrong unregister function (Rob Clark) [1360982]\n- [video] efifb: Disallow manual bind and unbind (Rob Clark) [1360982]\n- [video] efifb: Fix mismatched request/release_mem_region (Rob Clark) [1360982]\n- [video] efifb: fix int to pointer cast warning (Rob Clark) [1360982]\n- [video] efifb: Add override for 11 Macbook Air 3,1 (Rob Clark) [1360982]\n- [video] efifb: Support overriding fields FW tells us with the DMI data (Rob Clark) [1360982]\n- [video] efifb: support AMD Radeon HD 6490 (Rob Clark) [1360982]\n- [video] efifb: support the EFI framebuffer on more Apple hardware (Rob Clark) [1360982]\n- [video] efifb: check that the base address is plausible on pci systems (Rob Clark) [1360982]\n- [video] drivers/video/efifb.c: support framebuffer for NVIDIA 9400M in MacBook Pro 5, 1 (Rob Clark) [1360982]\n[2.6.32-669]\n- [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1374067]\n- [netdrv] cxgb4: Enable SR-IOV configuration via PCI sysfs interface (Sai Vemuri) [1222751]\n- [netdrv] bnx2x: dont wait for Tx completion on recovery (Michal Schmidt) [1300681]\n- [pm] hibernate: Only crash if necessary in create/free_basic_memory_bitmaps() (Jerry Snitselaar) [1374378]\n- [netdrv] ixgbe: add WoL support for some 82599 subdevice IDs (Ken Cox) [1316845]\n- [kernel] cgroup: improve old cgroup handling in cgroup_attach_proc() (Lauro Ramos Venancio) [1372085]\n- [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1382496]\n- [watchdog] hpwdt: HP rebranding (Linda Knippers) [1388170]\n- [documentation] Fix hpwdt documentation to match RHEL6 (Linda Knippers) [1388170]\n- [acpi] acpica: Fix for a Store->ArgX when ArgX contains a reference to a field (Lenny Szubowicz) [1324697]\n- [acpi] acpica: Standardize all switch() blocks (Lenny Szubowicz) [1324697]\n- [acpi] acpica: Interpreter: Fix Store() when implicit conversion is not possible (Lenny Szubowicz) [1324697]\n- [fs] backing-dev: fix wakeup timer races with bdi_unregister() (Jeff Moyer) [1111683]\n- [fs] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1111683]\n- [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683]\n- [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683]\n- [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683]\n- [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683]\n- [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683]\n- [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683]\n- [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683]\n- [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683]\n- [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683]\n- [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683]\n- [fs] writeback: bdi_writeback_task() must set task state before calling schedule() (Jeff Moyer) [1111683]\n- [fs] writeback: remove wb_list (Jeff Moyer) [1111683]\n- [s390] zfcp: close window with unblocked rport during rport gone (Hendrik Brueckner) [1383980]\n- [s390] zfcp: fix ELS/GS request&response length for hardware data router (Hendrik Brueckner) [1383981]\n- [s390] zfcp: fix fc_host port_type with NPIV (Hendrik Brueckner) [1383982]\n- [s390] zcrypt: toleration of new crypto adapter hardware with type 12 (Hendrik Brueckner) [1344041]\n- [s390] time: LPAR offset handling (Hendrik Brueckner) [1381564]\n- [s390] time: move PTFF definitions (Hendrik Brueckner) [1381564]\n- [scsi] libfc: Dont have fc_exch_find log errors on a new exchange (Chris Leech) [1368175]\n- [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1383078]\n- [scsi] libfc: dont advance state machine for incoming FLOGI (Chris Leech) [1368175]\n- [scsi] libfc: Do not login if the port is already started (Chris Leech) [1368175]\n- [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1368175]\n- [scsi] libfc: Do not take rdata->rp_mutex when processing a (Chris Leech) [1368175]\n- [scsi] libfc: Fixup disc_mutex handling (Chris Leech) [1368175]\n- [scsi] libfc: Revisit kref handling (Chris Leech) [1368175]\n- [scsi] fcoe: Stop fc_rport_priv structure leak (Chris Leech) [1368175]\n- [scsi] libfc: do not send ABTS when resetting exchanges (Chris Leech) [1368175]\n- [scsi] libfc: reset exchange manager during LOGO handling (Chris Leech) [1368175]\n- [scsi] libfc: send LOGO for PLOGI failure (Chris Leech) [1368175]\n- [scsi] libfc: Issue PRLI after a PRLO has been received (Chris Leech) [1368175]\n- [scsi] libfc: fix seconds_since_last_reset calculation (Chris Leech) [1368175]\n- [scsi] libfc: Update rport reference counting (Chris Leech) [1368175]\n- [scsi] libfc: XenServer fails to mount root filesystem (Chris Leech) [1368175]\n[2.6.32-668]\n- [netdrv] mlx5e: Fix minimum MTU (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Devices mtu field is u16 and not int (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Allow resetting VF admin mac to zero (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Correctly handle RSS indirection table when changing number of channels (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Fix ethtool RX hash func configuration change (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Fix LRO modify (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Remove wrong poll CQ optimization (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Do not BUG_ON during reset when PCI is offline (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Count HW buffer overrun only once (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: fix some error handling in mlx4_multi_func_init() (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Remove unused macro (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Initialize hop_limit when creating address handle (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Expose correct maximum number of CQE capacity (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: fix handling return value of mlx4_slave_convert_port (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use vmalloc for WR buffers when needed (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use correct order of variables in log message (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Expose correct max_sge_rd limit (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Avoid returning success in case of an error flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Replace VF zero mac with random mac in mlx4_core (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Fix resource tracker error flow in add_res_range (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Copy/set only sizeof struct mlx4_eqe bytes (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: really allow to change RSS key (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix incorrect cq flushing in error state (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use correct SL on AH query under RoCE (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Forbid using sysfs to change RoCE pkeys (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Demote mcg message from warning to debug (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix potential deadlock when sending mad to wire (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4, mlx5, mthca: Expose max_sge_rd correctly (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Add extra check for total vfs for SRIOV (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Remove BUG_ON assert when checking if ring is full (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Relieve cpu load average on the port sending flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Fix wrong index in propagating port change event to VFs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix memory leak in do_slave_init (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Disable HA for SRIOV PF RoCE devices (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Release TX QP when destroying TX ring (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Disable Granular QoS per VF under IB/Eth VPI configuration (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: fix typo in mlx4_set_vf_mac (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: need to call close fw if alloc icm is called twice (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: double free of dev_vfs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] bnx2x: dont reset chip on cleanup if PCI function is offline (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: avoid leaking memory on bnx2x_init_one() failures (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Prevent false warning for lack of FC NPIV (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix 84833 phy command handler (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix led setting for 84858 phy (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Correct 84858 PHY fw version (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix 84833 RX CRC (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix link-forcing for KR2 (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Warn about grc timeouts in register dump (Michal Schmidt) [1386199]\n- [netdrv] be2net: Enable VF link state setting for BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix TX stats for TSO packets (Ivan Vecera) [1347812]\n- [netdrv] be2net: NCSI FW section should be properly updated with ethtool for BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: Provide an alternate way to read pf_num for BEx chips (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix mac address collision in some configurations (Ivan Vecera) [1347812]\n- [netdrv] be2net: Avoid redundant addition of mac address in HW (Ivan Vecera) [1347812]\n- [netdrv] be2net: Add privilege level check for OPCODE_COMMON_GET_EXT_FAT_CAPABILITIES SLI cmd (Ivan Vecera) [1347812]\n- [netdrv] be2net: Issue COMMON_RESET_FUNCTION cmd during driver unload (Ivan Vecera) [1347812]\n- [netdrv] be2net: Support UE recovery in BEx/Skyhawk adapters (Ivan Vecera) [1347812]\n- [netdrv] be2net: replace polling with sleeping in the FW completion path (Ivan Vecera) [1347812]\n- [netdrv] be2net: do not remove vids from driver table if be_vid_config() fails (Ivan Vecera) [1347812]\n- [netdrv] be2net: clear vlan-promisc setting before programming the vlan list (Ivan Vecera) [1347812]\n- [netdrv] be2net: perform temperature query in adapter regardless of its interface state (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix broadcast echoes from EVB in BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix definition of be_max_eqs() (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Ivan Vecera) [1347812]\n- [netdrv] be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Ivan Vecera) [1347812]\n- [netdrv] be2net: use max-TXQs limit too while provisioning VF queue pairs (Ivan Vecera) [1347812]\n- [netdrv] benet: be_resume needs to protect be_open with rtnl_lock (Ivan Vecera) [1347812]\n- [netdrv] be2net: Dont leak iomapped memory on removal (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix a UE caused by passing large frames to the ASIC (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Ivan Vecera) [1347812]\n- [netdrv] be2net: Interpret and log new data thats added to the port misconfigure async event (Ivan Vecera) [1347812]\n- [netdrv] be2net: Request RSS capability of Rx interface depending on number of Rx rings (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix interval calculation in interrupt moderation (Ivan Vecera) [1347812]\n- [netdrv] be2net: Add retry in case of error recovery failure (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix Lancer error recovery (Ivan Vecera) [1347812]\n- [netdrv] be2net: Dont run ethtool self-tests for VFs (Ivan Vecera) [1347812]\n- [netdrv] be2net: SRIOV Queue distribution should factor in EQ-count of VFs (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix be_vlan_rem_vid() to check vlan id being removed (Ivan Vecera) [1347812]\n- [netdrv] be2net: check for INSUFFICIENT_PRIVILEGES error (Ivan Vecera) [1347812]\n- [netdrv] be2net: return error status from be_set_phys_id() (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix port-res desc query of GET_PROFILE_CONFIG FW cmd (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix VF link state transition from disabled to auto (Ivan Vecera) [1347812]\n- [netdrv] bnx2: fix locking when netconsole is used (Ivan Vecera) [1291369]\n- [netdrv] tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (Ivan Vecera) [1347828]\n- [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1347828]\n- [netdrv] tg3: Report the correct number of RSS queues through tg3_get_rxnfc (Ivan Vecera) [1347828]\n- [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1347828]\n- [netdrv] net: tg3: avoid uninitialized variable warning (Ivan Vecera) [1347828]\n- [net] ipv6: restrict hop_limit sysctl setting to range (1; 255) (Paolo Abeni) [1314305]\n- [net] ipv4: add limits to ip_default_ttl (Paolo Abeni) [1314305]\n- [net] route: enforce hoplimit max value (Paolo Abeni) [1313899]\nfor userland (Sabrina Dubroca) [1317697]\n- [net] sctp: use the same clock as if sock source timestamps were on (Xin Long) [1334561]\n- [net] sctp: update the netstamp_needed counter when copying sockets (Xin Long) [1334561]\n- [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1312728]\n- [net] pppoe: fix memory corruption in padt work structure (Beniamino Galvani) [1317900]\n- [net] pppoe: drop pppoe device in pppoe_unbind_sock_work (Beniamino Galvani) [1317900]\n- [net] pppoe: Use workqueue to die properly when a PADT is received (Beniamino Galvani) [1317900]\n- [net] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [1327680]\n- [net] ipv6: Consolidate route lookup sequences (Jakub Sitnicki) [1327680]\n- [net] macvtap: Add support of packet capture on macvtap device (Sabrina Dubroca) [1373100]\n- [scsi] fnic: pci_dma_mapping_error() doesnt return an error code (Maurizio Lombardi) [1364593]\n- [scsi] fnic: Using rport->dd_data to check rport online instead of rport_lookup (Maurizio Lombardi) [1364593]\n- [scsi] fnic: Cleanup the I/O pending with fw and has timed out and is used to issue LUN reset (Maurizio Lombardi) [1364593]\n- [scsi] fnic: move printk()s outside of the critical code section (Maurizio Lombardi) [1364593]\n- [scsi] fnic: check pci_map_single() return value (Maurizio Lombardi) [1364593]\n- [scsi] be2iscsi: Driver version: 11.1.0.0 (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Replace _bh with _irqsave/irqrestore (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Remove redundant iscsi_wrb desc memset (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix async PDU handling path (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Reduce driver load/unload time (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix ExpStatSn in management tasks (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Update the driver version (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix WRB leak in login/logout path (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix async link event processing (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to process 25G link speed info from FW (Maurizio Lombardi) [1347815]\n- [scsi] scsi_transport_iscsi: Add 25G and 40G speed definition (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix IOPOLL implementation (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix return value for MCC completion (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Add FW config validation (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to handle misconfigured optics events (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix VLAN support for IPv6 network (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to remove shutdown entry point (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Added return value check for mgmt_get_all_if_id (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Set mbox timeout to 30s (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to synchronize tag allocation using spin_lock (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to use atomic bit operations for tag_state (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix mbox synchronization replacing spinlock with mutex (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix soft lockup in mgmt_get_all_if_id path using bmbx (Maurizio Lombardi) [1347815]\n- [scsi] scsi_debug: fix logical block provisioning support when unmap_alignment != 0 (Maurizio Lombardi) [1388096]\n- [scsi] scsi_debug: fix logical block provisioning support (Maurizio Lombardi) [1388096]\n- [scsi] mpt3sas: Fix resume on WarpDrive flash cards (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: avoid mpt3sas_transport_port_add NULL parent_dev (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: set num_phys after allocating phy space (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: add missing curly braces (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Handle active cable exception event (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Update MPI header to 2.00.42 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: remove unused fw_event_work elements (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove usage of 'struct timeval' (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Dont overreach ioc->reply_post during initialization (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Free memory pools before retrying to allocate with different value (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updated MPI Header to 2.00.42 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Add support for configurable Chain Frame Size (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Added smp_affinity_enable module parameter (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Never block the Enclosure device (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Fix static analyzer(coverity) tool identified defects (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Added support for high port count HBA variants (Tomas Henzl) [1329353]\n- [scsi] bnx2fc: Update version number to 2.10.3 (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Check sc_cmd device and host pointer before returning the command to the mid-layer (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Print netdev device name when FCoE is successfully initialized (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Print when we send a fip keep alive (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: bnx2fc_eh_abort(): fix wrong return code (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Show information about log levels in 'modinfo' (Maurizio Lombardi) [1380385]\n- [scsi] hpsa: update driver revision to 3.4.10-0-RH2 (Joseph Szczypek) [1377892]\n- [scsi] hpsa: correct scsi 6byte lba calculation (Joseph Szczypek) [1377892]\n- [scsi] lpfc: remove unknown ELS message warnings for RDP (Maurizio Lombardi) [1347811]\n- [scsi] smartpqi: add to config-generic (Scott Benesh) [1343743]\n- [scsi] smartpqi: raid bypass lba calculation fix (Scott Benesh) [1343743]\n- [scsi] smartpqi: bump driver version (Scott Benesh) [1343743]\n- [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1343743]\n- [scsi] smartpqi: update Kconfig (Scott Benesh) [1343743]\n- [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1343743]\n- [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1343743]\n- [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1343743]\n- [scsi] smartpqi: minor function reformating (Scott Benesh) [1343743]\n- [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1343743]\n- [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1343743]\n- [scsi] smartpqi: add kdump support (Scott Benesh) [1343743]\n- [scsi] smartpqi: enhance reset logic (Scott Benesh) [1343743]\n- [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1343743]\n- [scsi] smartpqi: simplify spanning (Scott Benesh) [1343743]\n- [scsi] smartpqi: change tmf macro names (Scott Benesh) [1343743]\n- [scsi] smartpqi: change aio sg processing (Scott Benesh) [1343743]\n- [scsi] aacraid: remove wildcard for series 9 controllers (Scott Benesh) [1343743]\n- [scsi] smartpqi: initial commit of Microsemi smartpqi driver (Scott Benesh) [1343743]\n[2.6.32-667]\n- [hv] get rid of id in struct vmbus_channel (Vitaly Kuznetsov) [1322802]\n- [hv] make VMBus bus ids persistent (Vitaly Kuznetsov) [1322802]\n- [hv] storvsc: Fix potential memory leak (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Filter out storvsc messages CD-ROM medium not present (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: fix SRB_STATUS_ABORTED handling (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: add logging for error/warning messages (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Fix a bug in the handling of SRB status flags (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Dont set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Set the tablesize based on the information given by the host (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Dont assume that the scatterlist is not chained (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Retrieve information about the capability of the target (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Always send on the selected outgoing channel (Cathy Avery) [1322928 1352824]\n- [hv] vmbus: Support a vmbus API for efficiently sending page arrays (Cathy Avery) [1322928 1352824]\n- [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: reset host_specified_ha_region (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: dont crash when memory is added in non-sorted order (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] dont leak memory in vmbus_establish_gpadl() (Vitaly Kuznetsov) [1376860]\n- [hv] get rid of redundant messagecount in create_gpadl_header() (Vitaly Kuznetsov) [1376860]\n- [hv] vmbus: dont manipulate with clocksources on crash (Cathy Avery) [1365049]\n- [hv] correct tsc page sequence invalid value (Cathy Avery) [1365049]\n- [hv] vmbus: fix build warning (Cathy Avery) [1365049]\n- [hv] vmbus: Implement a clocksource based on the TSC page (Cathy Avery) [1365049]\n- [hv] kvp: cancel kvp_host_handshake_work on module unload (Vitaly Kuznetsov) [1321259]\n- [x86] mm/xen: Suppress hugetlbfs in PV guests (Vitaly Kuznetsov) [1312331]\n- [mm] hugetlb: allow hugepages_supported to be architecture specific (Vitaly Kuznetsov) [1312331]\n[2.6.32-666]\n- [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: RSS Hash Option parameters (Stefan Assmann) [1360179]\n- [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Allow PF driver to configure RSS (Stefan Assmann) [1360179]\n- [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Dont Panic (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1360179]\n- [netdrv] i40evf: properly handle VLAN features (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1360179]\n- [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1360179]\n- [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Fix get_rss_aq (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add longer wait after remove module (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Fix VLAN features (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add additional check for reset (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1360179]\n- [netdrv] i40evf: remove dead code (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1360179]\n- [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1360179]\n- [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1360179]\n- [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1360179]\n- [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1360179]\n- [netdrv] i40evf: set adapter state on reset failure (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1360179]\n- [netdrv] i40evf: support packet split receive (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1360179]\n- [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Change vf driver string to reflect all products i40evf supports (Stefan Assmann) [1360179]\n- [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1360179]\n- [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: enable bus master after reset (Stefan Assmann) [1360179]\n- [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1360179]\n- [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add external power class to get link status (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Geneve cloud tunnel type (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1360179]\n- [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1360179]\n- [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: null out ring pointers on free (Stefan Assmann) [1360179]\n- [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1360179]\n- [netdrv] i40evf: allow channel bonding of VFs (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1360179]\n- [netdrv] treewide: Fix typos in printk (Stefan Assmann) [1360179]\n- [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1360179]\n- [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: change version string generation (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1360179]\n- [netdrv] i40evf: check rings before freeing resources (Stefan Assmann) [1360179]\n- [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: check for and deal with non-contiguous TCs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Update device ids for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Drop extra copy of function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Use consistent type for vf_id (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: PTP - avoid aggregate return warnings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix uninitialized variable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add VF promiscuous mode driver support (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add promiscuous on VLAN support (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove zero check (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Code cleanup in i40e_add_fdir_ethtool (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix errant PCIe bandwidth message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move NVM event wait check to NVM code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Restrict VF poll mode to only single function mode devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move HW flush (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Leave debug_mask cleared at init (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Inserting a HW capability display info (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Request PHY media event at reset time (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Lower some message levels (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix for supported link modes in 10GBaseT PHYs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Disable link polling (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Make VF resets more reliable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove unused variable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove redundant check on vsi->active_vlans (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Change comment to reflect correct function name (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Change unknown event error msg to ignore message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Added code to prevent double resets (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Notify VFs of all resets (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove timer and task only if created (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Assure that adminq is alive in debug mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove MSIx only if created (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix up return code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Save off VSI resource count when updating VSI (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: queue-specific settings for interrupt moderation (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: let go of the past (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: suspend scheduling during driver unload (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Use the new rx ctl register helpers. Dont use AQ calls from clear_hw (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add check for null VSI (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Expose some registers to program parser, FD and RSS logic (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix for unexpected messaging (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Do not wait for Rx queue disable in DCB reconfig (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Increase timeout when checking GLGEN_RSTAT_DEVSTATE bit (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix led blink capability for 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Clean-up Rx packet checksum handling (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Set skb->csum_level for encapsulated checksum (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Add exception handling for Tx checksum (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: better error reporting for nvmupdate (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: expand comment (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Do not disable queues in the Legacy/MSI Interrupt handler (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Removal of code which relies on BASE VEB SEID (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix PROMISC mode for Multi-function per port (MFP) devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: cleanup use of pf->hw (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: drop unused debugfs file 'dump' (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: get rid of magic number (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: dump descriptor indexes in hex (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use new add_veb calling with VEB stats control (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add VEB stat control and remove L2 cloud filter (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: set shared bit for multicast filters (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Make the DCB firmware checks for X710/XL710 only (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: move sync_vsi_filters up in service_task (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add priv flag for automatic rule eviction (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: avoid large memcpy by assigning struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: count allocation errors (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: drop unused function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: negate PHY int mask bits (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: APIs to Add/remove port mirroring rules (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix: do not sleep in netdev_ops (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: allocate memory safer (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: fix missing space (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: drop duplicate definition (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: remove unnecessary local var (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove VF device IDs from PF (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add netdev info to VSI dump (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add a little more to an NVM update debug message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: refactor DCB function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add 20G speed for Tx bandwidth calculations (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add counter for arq overflows (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Store lan_vsi_idx and lan_vsi_id in the right size (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add 100Mb ethtool reporting (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Limit DCB FW version checks to X710/XL710 devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Extend ethtool RSS hooks for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add new device IDs for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: bump version to 1.4.10 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Cleanup the code with respect to restarting autoneg (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Replace X722 mac check in ethtool get_settings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add mac_filter_element at the end of the list instead of HEAD (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: allow zero MAC address for VFs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: change log messages and error returns (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: clean whole mac filter list (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: hush little warnings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use explicit cast from u16 to u8 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: dont add zero MAC filter (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: properly delete VF MAC filters (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: chomp the BIT(_ULL) (Stefan Assmann) [1249250 1310402 1346978]", "published": "2017-03-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-0817.html", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2017-6074", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-6136", "CVE-2016-6828", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-4998", "CVE-2016-7042"], "lastseen": "2017-03-27T21:17:47"}, {"id": "ELSA-2017-3535", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.294.6]\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n[2.6.39-400.294.5]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n[2.6.39-400.294.4]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}", "published": "2017-03-31T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3535.html", "cvelist": ["CVE-2016-8633", "CVE-2016-8399", "CVE-2016-10088", "CVE-2017-2636", "CVE-2016-7425", "CVE-2017-6345", "CVE-2016-3140", "CVE-2017-7187", "CVE-2016-10142", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-4700"], "lastseen": "2017-04-18T17:19:18"}, {"id": "ELSA-2017-3534", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-118.17.4]\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n[3.8.13-118.17.3]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n[3.8.13-118.17.2]\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}\n[3.8.13-118.17.1]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696686] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696686] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696686] {CVE-2017-2636}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 21305080] {CVE-2015-4700}\n- net: filter: return -EINVAL if BPF_S_ANC* operation is not supported (Daniel Borkmann) [Orabug: 22187148] \n- KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) \n- KEYS: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451530] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463927] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463927] {CVE-2016-3672}\n- pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (WANG Cong) [Orabug: 25490335] {CVE-2015-8569}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490372] {CVE-2015-5707}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507195] {CVE-2016-9588}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507230] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507230] {CVE-2016-8645}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507281] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507328] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507328] {CVE-2016-7425}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512413] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512471] {CVE-2016-3140}\n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25543892] {CVE-2017-5970}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682430] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646}\n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793}", "published": "2017-03-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3534.html", "cvelist": ["CVE-2016-8633", "CVE-2017-6074", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-10088", "CVE-2017-5970", "CVE-2017-2636", "CVE-2016-9178", "CVE-2016-7425", "CVE-2016-4485", "CVE-2016-4482", "CVE-2017-6345", "CVE-2016-8646", "CVE-2016-9588", "CVE-2016-3140", "CVE-2013-7446", "CVE-2017-7187", "CVE-2015-8569", "CVE-2016-10142", "CVE-2016-9644", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-4700"], "lastseen": "2017-04-01T03:18:17"}, {"id": "ELSA-2017-3533", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-61.1.33]\n- Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.32]\n- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.31]\n- rebuild bumping release\n[4.1.12-61.1.30]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}\n[4.1.12-61.1.29]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}\n- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783] \n- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783] \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}\n- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}\n- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}\n- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}\n- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}\n- tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}\n- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847] \n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}\n- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}\n- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}\n- mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035] \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)", "published": "2017-03-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3533.html", "cvelist": ["CVE-2016-7097", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-10088", "CVE-2017-6001", "CVE-2017-5970", "CVE-2015-8952", "CVE-2017-2636", "CVE-2016-8632", "CVE-2016-9178", "CVE-2016-7425", "CVE-2016-3951", "CVE-2016-10147", "CVE-2016-9756", "CVE-2017-6345", "CVE-2017-2596", "CVE-2016-9588", "CVE-2016-3140", "CVE-2017-7187", "CVE-2016-9644", "CVE-2016-3672", "CVE-2016-8645", "CVE-2017-5897"], "lastseen": "2017-04-01T03:18:27"}, {"id": "ELSA-2017-3567", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.295.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895}\n[2.6.39-400.295.1]\n- ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214}\n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257}\n- RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910}\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] \n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}", "published": "2017-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3567.html", "cvelist": ["CVE-2016-2782", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2016-8633", "CVE-2017-6074", "CVE-2016-8399", "CVE-2015-1420", "CVE-2016-10088", "CVE-2015-6252", "CVE-2015-9731", "CVE-2015-5257", "CVE-2017-2636", "CVE-2017-2583", "CVE-2016-7425", "CVE-2017-6214", "CVE-2016-4485", "CVE-2016-4482", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-2647", "CVE-2017-5986", "CVE-2016-3140", "CVE-2016-10229", "CVE-2013-7446", "CVE-2017-7187", "CVE-2016-10142", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-6937", "CVE-2015-4700"], "lastseen": "2017-05-16T13:20:57"}, {"id": "ELSA-2017-3609", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-103.3.8]\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365}\n[4.1.12-103.3.7]\n- i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222]\n[4.1.12-103.3.6]\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645497]\n[4.1.12-103.3.5]\n- dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533}\n[4.1.12-103.3.4]\n- mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585981] {CVE-2016-9604} {CVE-2016-9604}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200}\n- ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- scsi: megaraid_sas: handle dma_addr_t right on 32-bit (Arnd Bergmann) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME fast path io support (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME interface target prop added (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME Interface detection and prop settings (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete (Shivasharan S) [Orabug: 26560952] \n- fs/fuse: fuse mount can cause panic with no memory numa node (Somasundaram Krishnasamy) [Orabug: 26151828] \n- Fix regression which breaks DFS mounting (Sachin Prabhu) [Orabug: 26335022] \n- ol7/spec: sync up linux-firmware version for ol74 (Ethan Zhao) [Orabug: 26567308] [Orabug: 26567283] \n- nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797}\n- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797}\n- ol6/spec: sync up linux-firmware version for ol6 (Ethan Zhao) [Orabug: 26586911] [Orabug: 26586927]\n[4.1.12-103.3.2]\n- rds: tcp: cancel all worker threads before shutting down socket (Yuval Shaia) [Orabug: 26332905] \n- Revert 'ixgbevf: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- Revert 'ixgbe: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- xen: do not re-use pirq number cached in pci device msi msg data (Boris Ostrovsky) [Orabug: 26324865] \n- xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26520653] \n- ocfs2: fix deadlock caused by recursive locking in xattr (Eric Ren) [Orabug: 26554428] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26554428] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26554428] \n- Revert 'add OCFS2_LOCK_RECURSIVE arg_flags to ocfs2_cluster_lock() to prevent hang' (Ashish Samant) [Orabug: 26554428] \n- MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug: 26368162] {CVE-2017-7477} {CVE-2017-7477}\n- sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26492439] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671}\n- PCI: Workaround wrong flags completions for IDT switch (James Puthukattukaran) [Orabug: 26362330] \n- xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect (Annie Li)\n[4.1.12-103.3.1]\n- MSI: Dont assign MSI IRQ vector twice (Ashok Vairavan) [Orabug: 25982356] \n- IB/core: Remove stray semicolon in cma_init (Yuval Shaia) [Orabug: 26188883] \n- ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074}\n- scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26473220] \n- mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26473220] \n- blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26486215] \n- blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26486215] \n- nvme: Complete all stuck requests (Keith Busch) [Orabug: 26486215] \n- nvme: Dont suspend admin queue that wasnt created (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26486215] \n- nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26486215] \n- Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- net/sock: add WARN_ON(parent->sk) in sock_graft() (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: use sock_create_lite() to create the accept socket (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: set linger to 1 when unloading a rds-tcp (Sowmini Varadhan) [Orabug: 26236194] \n- rds: tcp: send handshake ping-probe from passive endpoint (Sowmini Varadhan) [Orabug: 26236194] \n- Revert 'SUNRPC: Refactor svc_set_num_threads()' (Dhaval Giani) [Orabug: 26450033] \n- Revert 'NFSv4: Fix callback server shutdown' (Dhaval Giani) [Orabug: 26450033] \n- mm: fix use-after-free if memory allocation failed in vma_adjust() (Kirill A. Shutemov) [Orabug: 25647067] \n- scsi: smartpqi: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 26191021] \n- scsi: smartpqi: bump driver version (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove writeq/readq function definitions (Corentin Labbe) [Orabug: 26191021] \n- scsi: smartpqi: add module parameters (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup list initialization (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add raid level show (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: make ioaccel references consistent (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance device add and remove messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update timeout on admin commands (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: map more raid errors to SCSI errors (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup controller branding (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update rescan worker (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update device offline (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct aio error path (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add lockup action (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove qdepth calculations for logical volumes (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance kdump (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: change return value for LUN reset operations (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add ptraid support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update copyright (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add new PCI device IDs (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: minor driver cleanup (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct BMIC identify physical drive (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: eliminate redundant error messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add pqi_wait_for_completion_io (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct bdma hw bug (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add heartbeat check (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add suspend and resume support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance resets (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add supporting events (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: ensure controller is in SIS mode at init (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add in controller checkpoint for controller lockups. (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: set pci completion timeout (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct remove scsi devices (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: fix time handling (Arnd Bergmann) [Orabug: 26191021] \n- Btrfs: fix extent_same allowing destination offset beyond i_size (Filipe Manana) [Orabug: 26376770] \n- NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26402457] \n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452559] \n- xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452559] \n- sparc64: Convert non-fatal error print to a debug print (DAX driver) (Sanath Kumar) [Orabug: 26476370] \n- selftests: sparc64: memory: Add tests for privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- memory: sparc64: Add privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Export the adi_state structure (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Use cpu_poke to resume idle cpu (Vijay Kumar) [Orabug: 26399224] \n- sparc64: Add a new hypercall CPU_POKE (Vijay Kumar) [Orabug: 26399224] \n- cpuset: consider dying css as offline (Tejun Heo) [Orabug: 26475766] \n- sparc64: Treat ERESTARTSYS as an acceptable error (DAX driver) (Sanath Kumar) [Orabug: 26475734] \n- sparc64: fix out of order spin_lock_irqsave and spin_unlock_restore (Thomas Tai) [Orabug: 26430325] \n- SPARC64: vcc: delay device removal until close() (Aaron Young) [Orabug: 26315957] \n- bnxt_en: Fix SRIOV on big-endian architecture. (Michael Chan) [Orabug: 26443303] \n- arch/sparc: Enable queued spinlock support for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce xchg16 for SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Enable queued rwlocks for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce cmpxchg_u8 SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Define config parameter CPU_BIG_ENDIAN (Allen Pais) [Orabug: 26373790] \n- kernel/locking: Fix compile error with qrwlock.c (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Remove the check #ifndef __LINUX_SPINLOCK_TYPES_H (Babu Moger) [Orabug: 26373790] \n- locking/qrwlock: Fix write unlock bug on big endian systems (pan xinhui) [Orabug: 26373790] \n- locking/qrwlock: Implement queue_write_unlock() using smp_store_release() (Will Deacon) [Orabug: 26373790] \n- locking/qspinlock: Avoid redundant read of next pointer (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Prefetch the next node cacheline (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Reduce reader/writer to reader lock transfer latency (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Better optimization for interrupt context readers (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename functions to queued_*() (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Dont contend with readers when setting _QW_WAITING (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS (Babu Moger) [Orabug: 26373790] \n- locking/qspinlock: Use a simple write to grab the lock (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Optimize for smaller NR_CPUS (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Extract out code snippets for the next patch (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Add pending bit (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Introduce a simple generic 4-byte queued spinlock (Waiman Long) [Orabug: 26373790] \n- qede: Add support for ingress headroom (Mintz, Yuval) [Orabug: 25933053] \n- qede: Update receive statistic once per NAPI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make OOO archipelagos into an array (Michal Kalderon) [Orabug: 25933053] \n- qed: Provide iSCSI statistics to management (Mintz, Yuval) [Orabug: 25933053] \n- qed: Inform qedi the number of possible CQs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Add missing stat for new isles (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont close the OUT_EN during init (Mintz, Yuval) [Orabug: 25933053] \n- qed: Configure cacheline size in HW (Tomer Tayar) [Orabug: 25933053] \n- qed: Dont use main-ptt in unrelated flows (Rahul Verma) [Orabug: 25933053] \n- qed: Warn PTT usage by wrong hw-function (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct MSI-x for storage (Mintz, Yuval) [Orabug: 25933053] \n- qed: fix missing break in OOO_LB_TC case (Colin Ian King) [Orabug: 25933053] \n- qed: Add a missing error code (Dan Carpenter) [Orabug: 25933053] \n- qed: RoCE doesnt need to use SRC (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct TM ILT lines in presence of VFs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix TM block ILT allocation (Michal Kalderon) [Orabug: 25933053] \n- qed: Revise QM cofiguration (Ariel Elior) [Orabug: 25933053] \n- qed: Use BDQ resource for storage protocols (Mintz, Yuval) [Orabug: 25933053] \n- qed: Utilize resource-lock based scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: Support management-based resource locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Send pf-flr as part of initialization (Mintz, Yuval) [Orabug: 25933053] \n- qed: Move to new load request scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: hw_init() to receive parameter-struct (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct HW stop flow (Tomer Tayar) [Orabug: 25933053] \n- qed: Reserve VF feature before PF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont waste SBs unused by RoCE (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct endian order of MAC passed to MFW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Pass src/dst sizes when interacting with MFW (Tomer Tayar) [Orabug: 25933053] \n- qed: Revise MFW command locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Always publish VF link from leading hwfn (Mintz, Yuval) [Orabug: 25933053] \n- qed: Raise verbosity of Malicious VF indications (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make qed_iov_mark_vf_flr() return bool (Mintz, Yuval) [Orabug: 25933053] \n- qed: Deprecate VF multiple queue-stop (Mintz, Yuval) [Orabug: 25933053] \n- qed: Uniform IOV queue validation (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct default VF coalescing configuration (Mintz, Yuval) [Orabug: 25933053] \n- qed: Set HW-channel to ready before ACKing VF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Clean VF malicious indication when disabling IOV (Mintz, Yuval) [Orabug: 25933053] \n- qed: Increase verbosity of VF -> PF errors (Mintz, Yuval) [Orabug: 25933053] \n- qed*: Add support for QL41xxx adapters (Mintz, Yuval) [Orabug: 25933053] \n- qed: Enable iSCSI Out-of-Order (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct out-of-bound access in OOO history (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix interrupt flags on Rx LL2 (Ram Amrani) [Orabug: 25933053] \n- qed: Free previous connections when releasing iSCSI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix mapping leak on LL2 rx flow (Mintz, Yuval) [Orabug: 25933053] \n- qed: Prevent creation of too-big u32-chains (Tomer Tayar) [Orabug: 25933053] \n- qed: Align CIDs according to DORQ requirement (Ram Amrani) [Orabug: 25933053] \n- qed*: Utilize Firmware 8.15.3.0 (Mintz, Yuval) [Orabug: 25933053] \n- qedi: Add PCI device-ID for QL41xxx adapters. (Manish Rangankar) [Orabug: 25933053] \n- qed: Fix copy of uninitialized memory (robert.foss@collabora.com) [Orabug: 25933053] \n- qed: Dont use attention PTT for configuring BW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix race with multiple VFs (Mintz, Yuval) [Orabug: 25933053] \n- qede: Add driver support for PTP (Sudarsana Reddy Kalluru) [Orabug: 25933053] \n- qede: Remove unnecessary datapath dereference (Mintz, Yuval) [Orabug: 25933053] \n- qede - mark SKB as encapsulated (Manish Chopra) [Orabug: 25933053] \n- qede: Postpone reallocation until NAPI end (Mintz, Yuval) [Orabug: 25933053] \n- qede: Split filtering logic to its own file (Mintz, Yuval) [Orabug: 25933053] \n- qede: Break datapath logic into its own file (Mintz, Yuval) [Orabug: 25933053] \n- SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26276067] \n- btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362455] \n- btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362455] \n- btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362455] \n- Revert 'mm: meminit: only set page reserved in the memblock region' (Dhaval Giani) [Orabug: 25879295] \n- Revert 'mm: meminit: move page initialization into a separate function' (Dhaval Giani) [Orabug: 25879295] \n- net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26402662] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363}\n- drm/mgag200: Fix to always set HiPri for G200e4 V2 (Mathieu Larouche) [Orabug: 26408731] \n- dtrace: FBT module support and SPARCs return probes (Tomas Jedlicka) [Orabug: 26414392] [Orabug: 26414402] \n- bnx2x: Dont post statistics to malicious VFs (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: Allow vfs to disable txvlan offload (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: fix pf2vf bulletin DMA mapping leak (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: Fix Multi-Cos (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: add missing configuration of VF VLAN filters (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix incorrect filter count in an error message (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: do not rollback VF MAC/VLAN filters we did not configure (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix detection of VLAN filtering feature for VF (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix possible overrun of VFPF multicast addresses array (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: lower verbosity of VF stats debug messages (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [Orabug: 26308277] \n- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077}\n- lpfc update for uek4 11.4.0.2 (rkennedy) [Orabug: 26283182] \n- lpfc: Driver responds LS_RJT to Beacon Off (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after firmware flash when (James Smart) [Orabug: 26283182] \n- lpfc: Vport creation is failing with Link (James Smart) [Orabug: 26283182] \n- lpfc: Null pointer dereference when (James Smart) [Orabug: 26283182] \n- lpfc: Fix return value of board_mode store (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix Port going offline after (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix spelling mistake 'entrys' (Colin Ian King) [Orabug: 26283182] \n- scsi: lpfc: Add MDS Diagnostic support. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix used-RPI accounting problem. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix panic on BFS configuration (James Smart) [Orabug: 26283182] \n- lpfc: Fix Express lane queue creation. (James Smart) [Orabug: 26283182] \n- lpfc: Fix driver usage of 128B WQEs when WQ_CREATE is (James Smart) [Orabug: 26283182] \n- lpfc: Add Fabric assigned WWN support. (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after issuing lip reset (James Smart) [Orabug: 26283182] \n- lpfc: Remove NULL ptr check before kfree. (James Smart) [Orabug: 26283182] \n- lpfc: Fix spelling in comments. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix PT2PT PRLI reject (James Smart) [Orabug: 26283182] \n- scsi: lpfc: correct rdp diag portnames (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix eh_deadline setting for sli3 adapters. (rkennedy) [Orabug: 26283182] \n- scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix missing spin_unlock on sql_list_lock (Colin Ian King) [Orabug: 26283182] \n- Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26402281] \n- blk-mq: dont redistribute hardware queues on a CPU hotplug event (Christoph Hellwig) [Orabug: 26039539] \n- RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351421] \n- xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26351649] \n- be2net: Update the driver version to 11.4.0.0 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix UE detection logic for BE3 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix offload features for Q-in-Q packets (Vlad Yasevich) [Orabug: 26403544] \n- benet: Use time_before_eq for time comparison (Karim Eshapa) [Orabug: 26403544] \n- be2net: Fix endian issue in logical link config command (Suresh Reddy) [Orabug: 26403544] \n- be2net: fix initial MAC setting (Ivan Vecera) [Orabug: 26403544] \n- drivers: net: generalize napi_complete_done() (Eric Dumazet) [Orabug: 26403544] \n- be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix unicast list filling (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix accesses to unicast list (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix non static symbol warnings (Wei Yongjun) [Orabug: 26403544] \n- be2net: Avoid redundant addition of mac address in HW (Suresh Reddy) [Orabug: 26403544] \n- be2net: Support UE recovery in BEx/Skyhawk adapters (Sriharsha Basavapatna) [Orabug: 26403544] \n- be2net: replace polling with sleeping in the FW completion path (Sathya Perla) [Orabug: 26403544] \n- be2net: support asymmetric rx/tx queue counts (Sathya Perla) [Orabug: 26403544] \n- net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26409533] \n- net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26415107] \n- dtrace: Add support for manual triggered cyclics (Tomas Jedlicka) [Orabug: 26384803] \n- dtrace: LOW level cyclics should use workqueues (Tomas Jedlicka) [Orabug: 26384779] \n- sparc64: add DAX2 support to dax driver (Allen Pais) [Orabug: 26317606] \n- uek-rpm: change memory allocator from slab to slub (Allen Pais) \n- arch/sparc: Avoid DCTI Couples (Allen Pais) [Orabug: 26413522] \n- drivers/usb: Skip auto handoff for TI and RENESAS usb controllers (Babu Moger) [Orabug: 26389756] \n- sparc-config: Enable timestamp in dmesg output. (Atish Patra) [Orabug: 26389709] \n- sparc64: rtrap must set PSTATE.mcde before handling outstanding user work (Anthony Yznaga) [Orabug: 26388591] \n- i40e: Correct the macros for setting the DMA attributes (Jack Vogel) [Orabug: 26386323] \n- sparc64: Exclude perf user callchain during critical sections (Dave Aldridge) [Orabug: 26386213] \n- sunvnet: restrict advertized checksum offloads to just IP (Shannon Nelson) [Orabug: 26338709] \n- sparc64: add ccb kill and info to DAX driver (Jonathan Helman) [Orabug: 26317602] \n- i40e: fix annoying message (Jesse Brandeburg) [Orabug: 26420290] \n- watchdog: Move hardlockup detector to separate file (Allen Pais) [Orabug: 26420310] \n- watchdog: Move shared definitions to nmi.h (Allen Pais) [Orabug: 26420310] \n- sparc64: Suppress kmalloc (DAX driver) warning due to allocation failure (Sanath Kumar) [Orabug: 26338830] \n- i40evf: Use le32_to_cpu before evaluating HW desc fields. (Tushar Dave) [Orabug: 26420345] \n- sparc64: revert pause instruction patch for atomic backoff and cpu_relax() (Babu Moger) [Orabug: 26309070] \n- SPARC64: Correct ATU IOTSB binding flow (Tushar Dave) [Orabug: 26419957] \n- SPARC64: Introduce IOMMU BYPASS method (Tushar Dave) [Orabug: 26420209] \n- i40e: Revert i40e temporary workaround (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable 64-bit DMA (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable sun4v dma ops to use IOMMU v2 APIs (Allen Pais) [Orabug: 21149316] \n- sparc64: Bind PCIe devices to use IOMMU v2 service (Allen Pais) [Orabug: 21149316] \n- sparc64: Initialize iommu_map_table and iommu_pool (Tushar Dave) [Orabug: 21149316] \n- sparc64: Add ATU (new IOMMU) support (Allen Pais) [Orabug: 21149316] \n- sparc64: Make FORCE_MAX_ZONEORDER to 13 for ATU (Allen Pais) [Orabug: 21149316] \n- Revert 'sparc64: bypass iommu to use 64bit address space' (Allen Pais) [Orabug: 21149316] \n- [PATCH] RDS: When RDS socket is closed, print unreleased MRs (Rama Nichanamatlu) [Orabug: 26261993] \n- IB/IPoIB: ibX: failed to create mcg debug file (Shamir Rabinovitch) [Orabug: 24711873] [Orabug: 25175533] \n- scsi: qedi: Fix memory leak in tmf response processing. (Dupuis, Chad) [Orabug: 25667174] \n- scsi: qedi: fix build error without DEBUG_FS (Arnd Bergmann) [Orabug: 25667174] \n- scsi: qedi: fix missing return error code check on call to qedi_setup_int (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() (Wei Yongjun) [Orabug: 25667174] \n- scsi: qedi: return via va_end to match corresponding va_start (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: fix build, depends on UIO (Randy Dunlap) [Orabug: 25667174] \n- scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. (Manish Rangankar) [Orabug: 25667174] \n- dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890}\n- Initialize fiblink list head during fib initialization (Dave Carroll) [Orabug: 26291272] \n- aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291272] \n- IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26409722] \n- bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] \n- bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] \n- bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] \n- IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 25908234] \n- bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397428] \n- i40e: remove FDIR_REQUIRES_REINIT driver flag (Jacob Keller) [Orabug: 26403617] \n- i40e: remove a useless goto statement (Jacob Keller) [Orabug: 26403617] \n- i40e: Check for new arq elements before leaving the adminq subtask loop (Christopher N Bednarz) [Orabug: 26403617] \n- i40e: use register for XL722 control register read/write (Paul M Stillwell Jr) [Orabug: 26403617] \n- i40e: Clean up handling of private flags (Alexander Duyck) [Orabug: 26403617] \n- i40evf: enforce descriptor write-back mechanism for VF (Preethi Banala) [Orabug: 26403617] \n- i40e: initialize params before notifying of l2_param_changes (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: Clean-up process_skb_fields (Alexander Duyck) [Orabug: 26403617] \n- i40e: removed no longer needed delays (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Fixed race conditions in VF reset (Robert Konklewski) [Orabug: 26403617] \n- i40e/i40evf: Fix use after free in Rx cleanup path (Alexander Duyck) [Orabug: 26403617] \n- i40e: fix configuration of RSS table with DCB (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: Do not enable NAPI on q_vectors that have no rings (Alexander Duyck) [Orabug: 26403617] \n- i40e: make use of hlist_for_each_entry_continue (Jacob Keller) [Orabug: 26403617] \n- i40e: document drivers use of ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: add support for SCTPv4 FDir filters (Jacob Keller) [Orabug: 26403617] \n- i40e: implement support for flexible word payload (Jacob Keller) [Orabug: 26403617] \n- i40e: add parsing of flexible filter fields from userdef (Jacob Keller) [Orabug: 26403617] \n- i40e: partition the ring_cookie to get VF index (Jacob Keller) [Orabug: 26403617] \n- i40e: allow changing input set for ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: restore default input set for each flow type (Jacob Keller) [Orabug: 26403617] \n- i40e: check current configured input set when adding ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: correctly honor the mask fields for ETHTOOL_SRXCLSRLINS (Jacob Keller) [Orabug: 26403617] \n- i40e: always remove old filter when adding new FDir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: explicitly fail on extended MAC field for ethtool_rx_flow_spec (Jacob Keller) [Orabug: 26403617] \n- i40e: add counters for UDP/IPv4 and IPv4 filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont re-enable ATR when flushing filters if SB has TCP4/IPv4 rules (Jacob Keller) [Orabug: 26403617] \n- i40e: reset fd_tcp_rule count when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: remove redundant check for fd_tcp_rule when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: exit ATR mode only when adding TCP/IPv4 filter succeeds (Jacob Keller) [Orabug: 26403617] \n- i40e: return immediately when failing to add fdir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: rework exit flow of i40e_add_fdir_ethtool (Jacob Keller) [Orabug: 26403617] \n- i40e: dont use arrays for (src|dst)_ip (Jacob Keller) [Orabug: 26403617] \n- i40e: send correct port number to AdminQ when enabling UDP tunnels (Jacob Keller) [Orabug: 26403617] \n- i40e: rename auto_disable_flags to hw_disabled_flags (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e/i40evf: Change version from 1.6.27 to 2.1.7 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Allow untrusted VFs to have more filters (Mitch Williams) [Orabug: 26403617] \n- i40e: Clarify steps in MAC/VLAN filters initialization routine (Filip Sadowski) [Orabug: 26403617] \n- i40e: fix RSS queues only operating on PF0 (Lihong Yang) [Orabug: 26403617] \n- i40e: fix ethtool to get EEPROM data from X722 interface (Lihong Yang) [Orabug: 26403617] \n- i40e: dont add more vectors to num_lan_msix than number of CPUs (Jacob Keller) [Orabug: 26403617] \n- i40e: KISS the client interface (Mitch Williams) [Orabug: 26403617] \n- i40e: fix up recent proxy and wol bits for X722_SUPPORT (Shannon Nelson) [Orabug: 26403617] \n- i40e: Acquire NVM lock before reads on all devices (Aaron Salter) [Orabug: 26403617] \n- scripts/spelling.txt: add 'varible' pattern and fix typo instances (Masahiro Yamada) [Orabug: 26403617] \n- i40e: Invoke softirqs after napi_reschedule (Benjamin Poirier) [Orabug: 26403617] \n- i40e: remove duplicate device id from PCI table (Carolyn Wyborny) [Orabug: 26403617] \n- i40e: mark the value passed to csum_replace_by_diff as __wsum (Jacob Keller) [Orabug: 26403617] \n- i40e: Error handling for link event (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: properly convert le16 value to CPU format (Jacob Keller) [Orabug: 26403617] \n- i40e: convert to cpu from le16 to generate switch_id correctly (Jacob Keller) [Orabug: 26403617] \n- i40e: refactor AQ CMD buffer debug printing (Alan Brady) [Orabug: 26403617] \n- i40e: Fix Adaptive ITR enabling (Carolyn Wyborny) [Orabug: 26403617] \n- i40evf: add comment (Mitch Williams) [Orabug: 26403617] \n- i40evf: free rings in remove function (Mitch Williams) [Orabug: 26403617] \n- i40e: remove unnecessary call to i40e_update_link_info (Jacob Keller) [Orabug: 26403617] \n- i40e: enable mc magic pkt wakeup during power down (Joshua Hay) [Orabug: 26403617] \n- i40e: fix disable overflow promiscuous mode (Alan Brady) [Orabug: 26403617] \n- i40e: Save more link abilities when using ethtool (Henry Tieman) [Orabug: 26403617] \n- i40e: avoid race condition when sending filters to firmware for addition (Jacob Keller) [Orabug: 26403617] \n- i40e: allow i40e_update_filter_state to skip broadcast filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont warn every time we clear an Rx timestamp register (Jacob Keller) [Orabug: 26403617] \n- i40e: Save link FEC info from link up event (Henry Tieman) [Orabug: 26403617] \n- i40e: Add bus number info to i40e_bus_info struct (Sudheer Mogilappagari) [Orabug: 26403617] \n- i40e: Clean up dead code (Mitch Williams) [Orabug: 26403617] \n- i40e/i40evf : Changed version from 1.6.25 to 1.6.27 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: update comment explaining where FDIR buffers are freed (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: eliminate i40e_pull_tail() (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Moves skb from i40e_rx_buffer to i40e_ring (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Limit DMA sync of RX buffers to actual packet size (Scott Peterson) [Orabug: 26403617] \n- i40evf: track outstanding client request (Mitch Williams) \n- i40e: dont check params until after checking for client instance (Jacob Keller) [Orabug: 26403617] \n- i40e: add interrupt rate limit verbosity (Alan Brady) [Orabug: 26403617] \n- i40e: refactor macro INTRL_USEC_TO_REG (Alan Brady) [Orabug: 26403617] \n- i40e: remove unused function (Mitch Williams) [Orabug: 26403617] \n- i40e: Remove FPK HyperV VF device ID (Jayaprakash Shanmugam) \n- i40e: Quick refactor to start moving data off stack and into Tx buffer info (Alexander Duyck) [Orabug: 26403617] \n- i40e: remove unnecessary __packed (Tushar Dave) [Orabug: 26403617] \n- i40evf: remove unused device ID (Mitch Williams) \n- i40e: Deprecating unused macro (Bimmy Pujari) [Orabug: 26403617] \n- i40e: when adding or removing MAC filters, correctly handle VLANs (Jacob Keller) [Orabug: 26403617] \n- i40e: avoid O(n^2) loop when deleting all filters (Jacob Keller) [Orabug: 26403617] \n- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: dont allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (Jacob Keller) [Orabug: 26403617] \n- i40e: Changed version from 1.6.21 to 1.6.25 (Bimmy Pujari) [Orabug: 26403617] \n- i40e/i40evf: Add support for mapping pages with DMA attributes (Alexander Duyck) [Orabug: 26396552] \n- aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26367703] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26388629] \n- dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26388629] \n- sparc64: Set valid bytes of misaligned no-fault loads (Rob Gardner) [Orabug: 26316944] \n- fs/fuse: Fix for correct number of numa nodes (Babu Moger) [Orabug: 26369428] \n- sparc64: delete old wrap code (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: new context wrap (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: add per-cpu mm of secondary contexts (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: redefine first version (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: combine activate_mm and switch_mm (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: reset mm cpumask after wrap (Pavel Tatashin) [Orabug: 26372254] \n- Revert 'sparc64: Restrict number of processes' (Pavel Tatashin) [Orabug: 26372230] \n- net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350974] \n- x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26361327] \n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645}\n- sparc64: broken %tick frequency on spitfire cpus (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: use prom interface to get %stick frequency (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize functions that access tick (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: add hot-patched and inlined get_tick() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: initialize time early (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: improve modularity tick options (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize loads in clock_sched() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: show time stamps from zero (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: access tick function from variable (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: remove trailing white spaces (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 26372235] \n- macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- sparc64: Add 16GB hugepage support (Nitin Gupta) [Orabug: 26319885] \n- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354404] \n- xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354404] \n- xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354404] \n- xfs: dont reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354404] \n- xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354404] \n- xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354404] \n- xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354404] \n- rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: various endian-ness fixes (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: remove cp_outgoing (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Take explicit refcounts on struct net (Sowmini Varadhan) [Orabug: 26235715] \n- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- dtrace: add kprobe-unsafe addresses to FBT blacklist (Kris Van Hees) [Orabug: 26324039] \n- dtrace: convert FBT blacklist to RB-tree (Kris Van Hees) [Orabug: 26324039] \n- e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (Konstantin Khlebnikov) [Orabug: 26338952] \n- e1000e: Dont return uninitialized stats (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: fix race condition around skb_tstamp_tx() (Jacob Keller) [Orabug: 26338952] \n- e1000e: Add Support for 38.4MHZ frequency (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Add Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Initial Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: fix timing for 82579 Gigabit Ethernet controller (Bernd Faust) [Orabug: 26338952] \n- e1000: Omit private ndo_get_stats function (Tobias Klauser) [Orabug: 26338952] \n- Revert 'e1000e: driver trying to free already-free irq' (Jeff Kirsher) [Orabug: 26338952] \n- e1000e: driver trying to free already-free irq (khalidm) [Orabug: 26338952] \n- e1000: use disable_hardirq() for e1000_netpoll() (WANG Cong) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: factor out systim sanitization (Jarod Wilson) [Orabug: 26338952] \n- e1000e: prevent division by zero if TIMINCA is zero (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: keep Rx/Tx HW_VLAN_CTAG in sync (Jarod Wilson) [Orabug: 26338952] \n- e1000e: keep VLAN interfaces functional after rxvlan off (Jarod Wilson) [Orabug: 26338952] \n- e1000e: dont modify SYSTIM registers during SIOCSHWTSTAMP ioctl (Jacob Keller) [Orabug: 26338952] \n- e1000e: mark shifted values as unsigned (Jacob Keller) [Orabug: 26338952] \n- e1000e: use BIT() macro for bit defines (Jacob Keller) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): do overflow check only if needed (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64 (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: Cleanup consistency in ret_val variable usage (Brian Walsh) [Orabug: 26338952] \n- e1000e: fix ethtool autoneg off for non-copper (Steve Shih) [Orabug: 26338952] \n- e1000: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000: Double Tx descriptors needed check for 82544 (Alexander Duyck) [Orabug: 26338952] \n- e1000: Do not overestimate descriptor counts in Tx pre-check (Alexander Duyck) [Orabug: 26338952] \n- e1000e: Initial support for KabeLake (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Clear ULP configuration register on ULP exit (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase PHY PLL clock gate timing (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase ULP timer (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Fix msi-x interrupt automask (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not write lsc to ics in msi-x mode (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not read ICR in Other interrupt (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Remove unreachable code (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Switch e1000e_up to void, drop code checking for error result (Alexander Duyck) [Orabug: 26338952] \n- e1000e: initial support for i219-LM (3) (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase timeout of polling bit RSPCIPHY (Raanan Avargil) [Orabug: 26338952] \n- e1000e: fix division by zero on jumbo MTUs (Dmitry Fleytman) [Orabug: 26338952] \n- e1000: Elementary checkpatch warnings and checks removed (Janusz Wolak) [Orabug: 26338952] \n- e1000: get rid of duplicate exit path (Jean Sacren) [Orabug: 26338952] \n- e1000: fix kernel-doc argument being missing (Jean Sacren) [Orabug: 26338952] \n- e1000e: clean up the local variable (Jean Sacren) [Orabug: 26338952] \n- e1000: fix a typo in the comment (Jean Sacren) [Orabug: 26338952] \n- e1000: clean up the checking logic (Jean Sacren) [Orabug: 26338952] \n- e1000: Remove checkpatch coding style errors (Janusz Wolak) [Orabug: 26338952] \n- e1000: fix data race between tx_ring->next_to_clean (Dmitriy Vyukov) [Orabug: 26338952] \n- e1000: make eeprom read/write scheduler friendly (Joern Engel) [Orabug: 26338952] \n- e1000e: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26338952] \n- e1000: remove dead e1000_init_eeprom_params calls (Francois Romieu) [Orabug: 26338952] \n- e1000e: Modify Tx/Rx configurations to avoid null pointer dereferences in e1000_open (Jia-Ju Bai) [Orabug: 26338952] \n- ixgbe: fix incorrect status check (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add missing configuration for rate select 1 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: always call setup_mac_link for multispeed fiber (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add write flush when configuring CS4223/7 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: correct CS4223/7 PHY identification (Emil Tantilov) [Orabug: 26339150] \n- ixgbevf: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add error checking to setting VF MAC (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Correct thermal sensor event check (Mark Rustad) [Orabug: 26339150] \n- ixgbe: enable L3/L4 filtering for Tx switched packets (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Remove MAC X550EM_X 1Gbase-t led_[on|off] support (Paul Greenwalt) [Orabug: 26339150] \n- ixgbevf: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Fix errors in retrieving RETA and RSS from PF (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add 1000Base-T device based on X550EM_X MAC (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Allow setting zero MAC address for VF (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: fix size of queue stats length (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: clean macvlan MAC filter table on VF reset (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Acquire PHY semaphore before device reset (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Fix output from ixgbe_dump (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: add check for VETO bit when configuring link for KR (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove unused define (Don Skidmore) [Orabug: 26339150] \n- ixgbe: do not use adapter->num_vfs when setting VFs via module parameter (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: return early instead of wrap block in if statement (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: move num_vfs_macvlans allocation into separate function (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add default setup_link for x550em_a MAC type (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: list X553 backplane speeds correctly (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Add X552 XFI backplane support (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Complete support for X553 sgmii (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Remove driver config for KX4 PHY (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove pr_cont uses (Joe Perches) [Orabug: 26339150] \n- ixgbe: Avoid Tx hang by not allowing more than the number of VFs supported. (Usha Ketineni) [Orabug: 26339150] \n- ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: update the rss key on h/w, when ethtool ask for it (Paolo Abeni) [Orabug: 26339150] \n- ixgbe: Dont bother clearing buffer memory for descriptor rings (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add private flag to control buffer mode (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add support for padding packet (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (Alexander Duyck) \n- ixgbe: Only DMA sync frame length (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Update version to reflect added functionality (Mark Rustad) [Orabug: 26339150] \n- ixgbe: prefix Data Center Bridge ops struct (Stephen Hemminger) [Orabug: 26339150] \n- ixgbe: Support 2.5Gb and 5Gb speed (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: Add PF support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: Add support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Implement support for firmware-controlled PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Implement firmware interface to access some PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Remove unused firmware version functions and method (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Fix issues with EEPROM access (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Configure advertised speeds correctly for KR/KX backplane (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: restore hw_addr on resume or error (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Yusuke Suzuki) [Orabug: 26339150] \n- ixgbevf: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: test for trust in macvlan adjustments for VF (Ken Cox) [Orabug: 26339150] \n- ixgbevf: handle race between close and suspend on shutdown (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: handle close/suspend race with netif_device_detach/present (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix reporting of 100Mb capability (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Reduce I2C retry count on X550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add bounds check for x540 LED functions (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: add mask for 64 RSS queues (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Report driver version to firmware for x550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: do not disable FEC from the driver (Emil Tantilov) [Orabug: 26339150] \n- net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26258518] \n- IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304670] \n- uek-config: disable CONFIG_MOUSE_PS2_VMMOUSE for ol6 (Ethan Zhao) [Orabug: 26264650] \n- igb: missing rtnl_unlock in igb_sriov_reinit() (Vasily Averin) [Orabug: 26242904] \n- igb: bump version to igb-5.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: bump version to igbvf-2.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igb: fix non static symbol warning (Wei Yongjun) [Orabug: 26242904] \n- igb: fix error code in igb_add_ethtool_nfc_entry() (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by VLAN priority (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by ethertype (Gangfeng Huang) [Orabug: 26242904] \n- igb: add support of RX network flow classification (Gangfeng Huang) [Orabug: 26242904] \n- igb: fix adjusting PTP timestamps for Tx/Rx latency (Kshitiz Gupta) [Orabug: 26242904] \n- igb: Only DMA sync frame length (Andrew Lunn) [Orabug: 26242904] \n- igb: call igb_ptp_suspend during suspend/resume cycle (Jacob Keller) [Orabug: 26242904] \n- igb: implement igb_ptp_suspend (Jacob Keller) [Orabug: 26242904] \n- igb: re-use igb_ptp_reset in igb_ptp_init (Jacob Keller) [Orabug: 26242904] \n- igb: introduce IGB_PTP_OVERFLOW_CHECK flag (Jacob Keller) [Orabug: 26242904] \n- igb: introduce ptp_flags variable and use it to replace IGB_FLAG_PTP (Jacob Keller) [Orabug: 26242904] \n- igbvf: use BIT() macro instead of shifts (Jacob Keller) [Orabug: 26242904] \n- igbvf: remove unused variable and dead code (Jacob Keller) [Orabug: 26242904] \n- igb: adjust PTP timestamps for Tx/Rx latency (Nathan Sullivan) [Orabug: 26242904] \n- igb: make igb_update_pf_vlvf static (Jacob Keller) [Orabug: 26242904] \n- igb: use BIT() macro or unsigned prefix (Jacob Keller) [Orabug: 26242904] \n- Revert 'igb: Fix a deadlock in igb_sriov_reinit' (Arika Chen) [Orabug: 26242904] \n- igb: Garbled output for 'ethtool -m' (Doron Shikmoni) [Orabug: 26242904] \n- igb: allow setting MAC address on i211 using a device tree blob (John Holland) [Orabug: 26242904] \n- igb: Fix sparse warning about passing __beXX into leXX_to_cpup (Alexander Duyck) [Orabug: 26242904] \n- igb: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [Orabug: 26242904] \n- igbvf: remove 'link is Up' message when registering mcast address (Jon Maxwell) [Orabug: 26242904] \n- igbvf: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: rename igb define to be more generic (Todd Fujinaka) [Orabug: 26242904] \n- igb: add conditions for I210 to generate periodic clock output (Roland Hii) [Orabug: 26242904] \n- igb: enable WoL for OEM devices regardless of EEPROM setting (Todd Fujinaka) [Orabug: 26242904] \n- igb: constify e1000_phy_operations structure (Julia Lawall) [Orabug: 26242904] \n- igb: When GbE link up, wait for Remote receiver status condition (Takuma Ueba) [Orabug: 26242904] \n- igb: Add workaround for VLAN tag stripping on 82576 (Alexander Duyck) [Orabug: 26242904] \n- igb: Enable use of 'bridge fdb add' to set unicast table entries (Alexander Duyck) [Orabug: 26242904] \n- igb: Drop unnecessary checks in transmit path (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for VLAN promiscuous with SR-IOV and NTUPLE (Alexander Duyck) [Orabug: 26242904] \n- igb: Clean-up configuration of VF port VLANs (Alexander Duyck) [Orabug: 26242904] \n- igb: Merge VLVF configuration into igb_vfta_set (Alexander Duyck) [Orabug: 26242904] \n- igb: Always enable VLAN 0 even if 8021q is not loaded (Alexander Duyck) [Orabug: 26242904] \n- igb: Do not factor VLANs into RLPML calculation (Alexander Duyck) [Orabug: 26242904] \n- igb: Allow asymmetric configuration of MTU versus Rx frame size (Alexander Duyck) [Orabug: 26242904] \n- igb: Refactor VFTA configuration (Alexander Duyck) [Orabug: 26242904] \n- igb: clean up code for setting MAC address (Alexander Duyck) [Orabug: 26242904] \n- igb/igbvf: dont give up (Mitch Williams) [Orabug: 26242904] \n- igb: Unpair the queues when changing the number of queues (Shota Suzuki) [Orabug: 26242904] \n- igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (Shota Suzuki) [Orabug: 26242904] \n- igb: Explicitly label self-test result indices (Joe Schultz) [Orabug: 26242904] \n- igb: Improve cable length function for I210, etc. (Joe Schultz) [Orabug: 26242904] \n- igb: Dont add PHY address to PCDL address (Aaron Sierra) [Orabug: 26242904] \n- igb: Remove GS40G specific defines/functions (Aaron Sierra) [Orabug: 26242904] \n- igb: improve handling of disconnected adapters (Jarod Wilson) [Orabug: 26242904] \n- igb: fix NULL derefs due to skipped SR-IOV enabling (Jan Beulich) [Orabug: 26242904] \n- igb: use the correct i210 register for EEMNGCTL (Todd Fujinaka) [Orabug: 26242904] \n- igb: dont unmap NULL hw_addr (Jarod Wilson) [Orabug: 26242904] \n- igb: add 88E1543 initialization code (Todd Fujinaka) [Orabug: 26242904] \n- net: igb: avoid using timespec (Arnd Bergmann) [Orabug: 26242904] \n- igb: assume MSI-X interrupts during initialization (Stefan Assmann) [Orabug: 26242904] \n- igbvf: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26242904] \n- igb: make sure SR-IOV init uses the right number of queues (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: clear buffer_info->dma after dma_unmap_single() (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix a memory leak in igb_probe (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Fix a deadlock in igb_sriov_reinit (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Teardown SR-IOV before unregister_netdev() (Alex Williamson) [Orabug: 26242904] \n- igb: add support for 1512 PHY (Todd Fujinaka) [Orabug: 26242904] \n- igb: implement high frequency periodic output signals (Richard Cochran) [Orabug: 26242904] \n- blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321954] \n- Documentation/sparc: Steps for sending break on sunhv console (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Send break twice from console to return to boot prom (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Migrate hvcons irq to panicked cpu (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Set cpu state to offline when stopped (Vijay Kumar) [Orabug: 26322031] \n- dtrace: io provider probes for nfs (Nicolas Droux) [Orabug: 26145701] \n- ctf: fix a variety of memory leaks and use-after-free bugs (Nick Alcock) [Orabug: 26323755] \n- DTrace: IP provider use-after-free for drop-out probe points (Alan Maguire) [Orabug: 25924594] \n- net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265801] \n- nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26284735] \n- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26284735] \n- percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26290757] \n- block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26290757] \n- vfio/pci: Fix unsigned comparison overflow (Alex Williamson) \n- restore mutex_lock() call to blk_mq_freeze_queue_start() (Dan Duval) [Orabug: 26266917] \n- sparc64: mm: fix copy_tsb to correctly copy huge page TSBs (Mike Kravetz) [Orabug: 26273004] \n- nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26284603] \n- nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26284626] \n- IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 26290377] \n- btrfs: fix clone / extent-same deadlocks (Mark Fasheh) [Orabug: 26093112] \n- btrfs: dont update mtime/ctime on deduped inodes (Mark Fasheh) [Orabug: 26093112] \n- btrfs: allow dedupe of same inode (Mark Fasheh) [Orabug: 26093112] \n- btrfs: fix deadlock with extent-same and readpage (Mark Fasheh) [Orabug: 26093112] \n- btrfs: pass unaligned length to btrfs_cmp_data() (Mark Fasheh) [Orabug: 26093112] \n- Fix Express lane queue creation. (James Smart) [Orabug: 26102276] \n- uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26185792] [Orabug: 25983319] \n- rds: tcp: fix memory leak in TIME_WAIT sockets (Sowmini Varadhan) [Orabug: 26189892] \n- rds: tcp: canonical connection order for all paths with index > 0 (Sowmini Varadhan) [Orabug: 25436912] \n- rds: tcp: allow progress of rds_conn_shutdown if the rds_connection is marked ERROR by an intervening FIN (Sowmini Varadhan) [Orabug: 25436912] \n- Backport multipath RDS from upstream to UEK4 (Sowmini Varadhan) [Orabug: 25436912]\n[4.1.12-103.2.1]\n- uek-rpm: enable bnxt driver for sparc (Allen Pais) [Orabug: 26222502] \n- uek-rpm: set CONFIG_FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 26222494] \n- sparc: Fix kernel BUG at arch/sparc/kernel/mdesc.c (Thomas Tai) \n- sparc64: allocate sufficient space for machine description (Thomas Tai) [Orabug: 26222471] \n- sparc64/mlx4_core: relaxed order for mlx4_core dma mappings (Shamir Rabinovitch) [Orabug: 26222434] \n- xsigo: UEK4-QU5: poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199200] \n- NVMe: During NVMe probe, get NVMe device information before mapping the device (Ashok Vairavan) [Orabug: 26194850] \n- sparc64: Fix an error code returned by a DAX ioctl (Sanath Kumar) [Orabug: 26190999] \n- sparc64: fix M8 ADI support (Anthony Yznaga) [Orabug: 26190997]\n[4.1.12-103.1.1]\n- Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088208] \n- scsi: megaraid_sas: Driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: array overflow in megasas_dump_frame() (Dan Carpenter) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Indentation and smatch warning fixes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Increase internal command pool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Bail out the driver load if ld_list_query fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: update can_queue only if the new value is less (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: avoid unaligned access in ioctl path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: big endian support changes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Big endian RDPQ mode fix (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: MR_TargetIdToLdGet u8 to u16 and avoid invalid raid-map access (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: In validate raid map, raid capability is not converted to cpu format for all lds (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: reduce size of fusion_context and use vmalloc if kmalloc fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add print in device removal path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: enhance debug logs in OCR context (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set residual bytes count during IO completion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 write performance for large io (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: change issue_dcmd to return void from int (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_get_request_descriptor always return valid desc (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Use DID_REQUEUE (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: RAID map is accessed for SYS PDs when use_seqnum_jbod_fp is not set (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Refactor MEGASAS_IS_LOGICAL macro using sdev (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: 32 bit descriptor fire cmd optimization (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 fast path code optimize (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: cpu select rework. (Shivasharan S) [Orabug: 26096381] \n- Revert 'scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth' (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: ldio_outstanding variable is not decremented in completion path (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: 128 MSIX Support (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: sd: Check for unaligned partial completion (Damien Le Moal) [Orabug: 26178369] \n- PCI/AER: include header file (Sudip Mukherjee) [Orabug: 25130845] \n- NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 25258071] \n- nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 25130845] \n- nvme.h: add AER constants (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 25130845] \n- nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 25130845] \n- NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 25130845] \n- NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25186219] \n- nvme: Limit command retries (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138123] \n- NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 25130845] \n- nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 25130845] \n- nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 25130845] \n- nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 25130845] \n- blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 25130845] \n- NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 25130845] \n- NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 25130845] \n- NVMe: Unbind driver on failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Delete only created queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 25130845] \n- nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 25130845] \n- NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 25130845] \n- nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 25130845] \n- nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 25130845] \n- nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 25130845] \n- nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 25130845] \n- NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 25130845] \n- NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: fix cntlid type (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 25130845] \n- nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 25130845] \n- NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 25130845] \n- block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 25130845] \n- nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 25130845] \n- nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 25130845] \n- block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 25130845] \n- nvme: rewrite discard support (Ming Lin) [Orabug: 25130845] \n- nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 25130845] \n- nvme: add missing lock nesting notation (Ming Lin) [Orabug: 25130845] \n- NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 25130845] \n- NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 25130845] \n- nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 25130845] \n- nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 25130845] \n- NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 25130845] \n- NVMe: Simplify device reset failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 25130845] \n- NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 25130845] \n- nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 25130845] \n- nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 25130845] \n- nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 25130845] \n- NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow request merges (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix io incapable return values (Keith Busch) [Orabug: 25130845] \n- nvme: split pci module out of core module (Ming Lin) [Orabug: 25130845] \n- nvme: split dev_list_lock (Ming Lin) [Orabug: 25130845] \n- nvme: move timeout variables to core.c (Ming Lin) [Orabug: 25130845] \n- nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 25130845] \n- nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 25130845] \n- nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 25130845] \n- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 25130845] \n- NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 25130845] \n- NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 25130845] \n- NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 25130845] \n- nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 25130845] \n- nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 25130845] \n- NVMe: Add pci error handlers (Keith Busch) [Orabug: 25130845] \n- nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 25130845] \n- nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 25130845] \n- nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify completion handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: special case AEN requests (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Simplify metadata setup (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 25130845] \n- nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 25130845] \n- nvme: simplify resets (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 25130845] \n- nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 25130845] \n- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 25130845] \n- nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 25130845] \n- nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 25130845] \n- nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 25130845] \n- nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use offset instead of a struct for registers (Christoph Hellwig) \n- nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 25130845] \n- nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 25130845] \n- block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 25130845] \n- block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 25130845] \n- nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 25130845] \n- nvme include linux types.h (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 25130845] \n- NVMe: Set affinity after allocating request queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 25130845] \n- NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 25130845] \n- Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 25130845] \n- Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- Revert 'nvme: Limit command retries' (Ashok Vairavan) \n- Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) \n- Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) \n- Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) \n- Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- forcedeth: enable forcedeth kernel option (Zhu Yanjun) [Orabug: 25571921] \n- ipmi: Edit ambiguous error message for unknown command (Atish Patra) [Orabug: 25461958] \n- kabi whitelist: Remove all ib_ symbols from the list. (Knut Omang) [Orabug: 25955825] \n- ext4: print ext4 mount option data_err=abort correctly (Ales Novak) [Orabug: 25691020] \n- IB/sa: Allocate SA query with kzalloc (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix netlink local service GFP crash (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix rdma netlink message flags (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Put netlink request into the request list before sending (Kaike Wan) [Orabug: 26124118] \n- IB/core: Fix a potential array overrun in CMA and SA agent (Yuval Shaia) [Orabug: 26124118] \n- IB/SA: Use correct free function (Mark Bloch) [Orabug: 26124118] \n- IB/sa: Route SA pathrecord query through netlink (Kaike Wan) [Orabug: 26124118] \n- IB/core: Add rdma netlink helper functions (Kaike Wan) [Orabug: 26124118] \n- IB/netlink: Add defines for local service requests through netlink (Kaike Wan) [Orabug: 26124118] \n- scsi: mpt3sas: remove redundant wmb (Sinan Kaya) [Orabug: 26096353] \n- scsi: mpt3sas: Updating driver version to v15.100.00.00 (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix for Crusader to achieve product targets with SAS devices. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix Firmware fault state 0x2100 during heavy 4K RR FIO stress test. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Added print to notify cable running at a degraded speed. (Chaitra P B) [Orabug: 26096353] \n- xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26072430] \n- qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 26021151] \n- Btrfs: dont BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25975316] \n- Btrfs: clarify do_chunk_alloc()s return value (Liu Bo) [Orabug: 25975316] \n- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25975316] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25955089] \n- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] \n- uek-rpm: configs: enable CONFIG_ACPI_NFIT (Todd Vierling) [Orabug: 25719149] \n- ipv6: Dont use ufo handling on later transformed packets (Jakub Sitnicki) [Orabug: 25533743] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- fs/file.c: __fget() and dup2() atomicity rules (Eric Dumazet) [Orabug: 25408921] \n- IB/ipoib: add get_settings in ethtool (Zhu Yanjun) [Orabug: 25048521] \n- RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26081079] \n- Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) \n- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] \n- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25975223] \n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895}\n- sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (Dave Kleikamp) [Orabug: 25491970] \n- sparc64: cache_line_size() returns larger value for cache line size. (chris hyser) \n- sparc64: fix inconsistent printing of handles in debug messages (Menno Lageman) \n- sparc64: set the ISCNTRLD bit for SP service handles (Menno Lageman) [Orabug: 25983868] \n- sparc64: DAX recursive lock removed (Rob Gardner) [Orabug: 26103487] \n- sparc/ftrace: Fix ftrace graph time measurement (Liam R. Howlett) [Orabug: 25995351] \n- sparc64: Increase max_phys_bits to 51 for M8. (Vijay Kumar) [Orabug: 25808647] \n- sparc64: 5-Level page table support for sparc (Vijay Kumar) [Orabug: 26076110] [Orabug: 25808647] \n- mm, gup: fix typo in gup_p4d_range() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: introduce __p4d_alloc() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: convert generic code to 5-level paging (Vijay Kumar) [Orabug: 25808647] \n(Vijay Kumar) [Orabug: 25808647] \n- arch, mm: convert all architectures to use 5level-fixup.h (Vijay Kumar) [Orabug: 25808647] \n- asm-generic: introduce __ARCH_USE_5LEVEL_HACK (Kirill A. Shutemov) [Orabug: 25808647] \n- asm-generic: introduce 5level-fixup.h (Kirill A. Shutemov) [Orabug: 25808647] \n- sparc64: prevent sunvdc from sending duplicate vdisk requests (Jag Raman) [Orabug: 25866770] \n- ldmvsw: stop the clean timer at beginning of remove (Shannon Nelson) [Orabug: 25748241] \n- sparc64: set CONFIG_EFI in config (Eric Snowberg) [Orabug: 26037358] \n- sparc64: /sys/firmware/efi missing during EFI boot (Eric Snowberg) [Orabug: 26037358] \n- Allow default value of npools used for iommu to be configured from cmdline (Allen Pais) \n- SPARC64: Add Linux vds driver Device ID support for Solaris guest boot (George Kennedy) [Orabug: 25836231] \n- sparc64: Remove locking of huge pages in DAX driver (Sanath Kumar) [Orabug: 25968141] \n- ldmvsw: unregistering netdev before disable hardware (Thomas Tai) \n- arch/sparc: Measure receiver forward progress to avoid send mondo timeout (Jane Chu) [Orabug: 25476541] \n- sparc64: update DAX submit to latest HV spec (Jonathan Helman) [Orabug: 25927558] \n- arch/sparc: increase CONFIG_NODES_SHIFT on SPARC to 5 (Jane Chu) [Orabug: 25577754] \n- arch/sparc: support NR_CPUS = 4096 (jane Chu) [Orabug: 25505750] \n- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 25973797] \n- sparc64: fix fault handling in NGbzero.S and GENbzero.S (Dave Aldridge) [Orabug: 25577560] \n- sparc64: modify sys_dax.h for new libdax (Jonathan Helman) [Orabug: 25927572] \n- bnx2x: Align RX buffers (Scott Wood) [Orabug: 25806778] \n- PCI: Fix unaligned accesses in VC code (David Miller) [Orabug: 25806778] \n- sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL (Daniel Jordan) [Orabug: 25830041] \n- lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined (Babu Moger) \n- config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc (Babu Moger) \n- sparc64: fix cdev_put() use-after-free when unbinding an LDom (Thomas Tai) [Orabug: 25911389] \n- sparc64: change DAX CCB_EXEC ENOBUFS print to debug (Jonathan Helman) [Orabug: 25927528] \n- xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 26107942] \n- xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 26107942] \n- xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 26107942] \n- xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 26107942] \n- xen-netfront: add rx page statistics (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 26107942] \n- xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 26107942] \n- xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 26107942] \n- include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 26107942] \n- xen-netback: fix type mismatch warning (Arnd Bergmann) \n- xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) \n- xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) \n- xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) \n- xen-netback: process guest rx packets in batches (David Vrabel) \n- xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) \n- xen-netback: refactor guest rx (David Vrabel) \n- xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) \n- xen-netback: separate guest side rx code into separate module (Paul Durrant) \n- x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 26107942] \n- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25970637] \n- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25970637] \n- RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 25920916] \n- mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 25912737] \n- sched/wait: Fix the signal handling fix (Peter Zijlstra) [Orabug: 25908266] \n- sparc64: Fix mapping of 64k pages with MAP_FIXED (Nitin Gupta) [Orabug: 25885991] \n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229}\n- net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar) [Orabug: 25873690] \n- Revert 'restrict /dev/mem to idle io memory ranges' (Chuck Anderson) [Orabug: 25832750] \n- I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25831471] \n- xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] \n- mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 25440329] \n- xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] \n- xen: events: Replace BUG() with BUG_ON() (Shyam Saini) \n- xen: remove stale xs_input_avail() from header (Juergen Gross) \n- xen: return xenstore command failures via response instead of rc (Juergen Gross) \n- xen: xenbus driver must not accept invalid transaction ids (Juergen Gross) \n- xen/evtchn: use rb_entry() (Geliang Tang) \n- xen/setup: Dont relocate p2m over existing one (Ross Lagerwall) \n- xen/balloon: Only mark a page as managed when it is released (Ross Lagerwall) \n- xen/scsifront: dont request a slot on the ring until request is ready (Juergen Gross) \n- xen/x86: Increase xen_e820_map to E820_X_MAX possible entries (Alex Thorlton) \n- x86: Make E820_X_MAX unconditionally larger than E820MAX (Alex Thorlton) \n- xen/pci: Bubble up error and fix description. (Konrad Rzeszutek Wilk) \n- xen: xenbus: set error code on failure (Pan Bian) \n- xen: set error code on failures (Pan Bian) \n- xen/events: use xen_vcpu_id mapping for EVTCHNOP_status (Vitaly Kuznetsov) \n- xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (Boris Ostrovsky) \n- tpm xen: Remove bogus tpm_chip_unregister (Jason Gunthorpe) \n- xen-scsifront: Add a missing call to kfree (Quentin Lambert) \n- xenfs: Use proc_create_mount_point() to create /proc/xen (Seth Forshee) \n- xen-netback: fix error handling output (Arnd Bergmann) \n- xen: make use of xenbus_read_unsigned() in xenbus (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pciback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-fbfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-scsifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pcifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-kbdfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-tpmfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkback (Juergen Gross) \n- xen: introduce xenbus_read_unsigned() (Juergen Gross) \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) \n- xenbus: check return value of xenbus_scanf() (Jan Beulich) \n- xenbus: prefer list_for_each() (Jan Beulich) \n- xenbus: advertise control feature flags (Juergen Gross) \n- xen/pciback: support driver_override (Juergen Gross) \n- xen/pciback: avoid multiple entries in slot list (Juergen Gross) \n- xen/pciback: simplify pcistub device handling (Juergen Gross) \n- x86/xen: add missing\n at end of printk warning message (Colin Ian King) \n- xen-netfront: avoid packet loss when ethernet header crosses page boundary (Vitaly Kuznetsov) \n- xen: Sync xen header (Juergen Gross) \n- xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() (Markus Elfring) \n- xen: Make VPMU init message look less scary (Juergen Gross) \n- xen: rename xen_pmu_init() in sys-hypervisor.c (Juergen Gross) \n- kexec: allow kdump with crash_kexec_post_notifiers (Petr Tesarik) \n- xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 (Jan Beulich) \n- proc: Allow creating permanently empty directories that serve as mount points (Eric W. Biederman) \n- xen: Resume PMU from non-atomic context (Boris Ostrovsky)\n[4.1.12-102]\n- Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 25829233] \n- Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 25829233] \n- Drivers: hv: vss: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: switch to using the hvutil_device_state state machine (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: process deferred messages when we complete the transaction (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: kvp: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Revert 'ipv4: use skb coalescing in defragmentation' (Florian Westphal) [Orabug: 25819103] \n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25802913] \n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583}\n- gfs2: fix slab corruption during mounting and umounting gfs file system (Thomas Tai) \n- gfs2: handle NULL rgd in set_rgrp_preferences (Abhi Das) [Orabug: 25791662] \n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644}\n- sched/wait: Fix signal handling in bit wait helpers (Peter Zijlstra) [Orabug: 25416990] \n- xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) \n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187}\n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25747721] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25747721] \n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669}\n[4.1.12-101]\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088}\n- tcp: fix potential memory corruption (Eric Dumazet) [Orabug: 25140382] \n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910}\n- xfs: Correctly lock inode when removing suid and file capabilities (Jan Kara) [Orabug: 24803533] \n- fs: Call security_ops->inode_killpriv on truncate (Jan Kara) [Orabug: 24803533] \n- fs: Provide function telling whether file_remove_privs() will do anything (Jan Kara) [Orabug: 24803533] \n- fs: Rename file_remove_suid() to file_remove_privs() (Jan Kara) [Orabug: 24803533] \n- IB/uverbs: Fix leak of XRC target QPs (Tariq Toukan) [Orabug: 24761732] \n- Some unsupported ioctls get logged unnecessarily (Venkat Venkatsubra) [Orabug: 24510137] \n- IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 25993951] \n- dtrace: improve io provider coverage (Nicolas Droux) [Orabug: 25816537]\n[4.1.12-100]\n- ol7/config: enable nf_tables packet duplication support (Ethan Zhao) [Orabug: 24694570] \n- netfilter: nf_dup: add missing dependencies with NF_CONNTRACK (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: nf_tables: add nft_dup expression (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: factor out packet duplication for IPv4/IPv6 (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: xt_TEE: get rid of WITH_CONNTRACK definition (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: move tee_active to core (Florian Westphal) [Orabug: 24694570] \n- ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags (Martin KaFai Lau) [Orabug: 24694570] \n- ext4: Fix data exposure after failed AIO DIO (Jan Kara) [Orabug: 24393811] \n- xfs: fold xfs_vm_do_dio into xfs_vm_direct_IO (Christoph Hellwig) [Orabug: 24393811] \n- xfs: dont use ioends for direct write completions (Christoph Hellwig) [Orabug: 24393811] \n- direct-io: always call ->end_io if non-NULL (Christoph Hellwig) [Orabug: 24393811] \n- Btrfs: send, fix failure to rename top level inode due to name collision (Robbie Ko) [Orabug: 25994280] \n- PCI: Check pref compatible bit for mem64 resource of PCIe device (Yinghai Lu) [Orabug: 22855133] \n- OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Keep resource idx order with bridge register number (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Reserve legacy mmio after PCI mmio (Yinghai Lu) [Orabug: 22855133] \n- PCI: Add pci_find_bus_resource() (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Use correct offset for bus address to resource (Yinghai Lu) [Orabug: 22855133] \n- PCI: Remove __pci_mmap_make_offset() (Yinghai Lu) [Orabug: 22855133] \n- PCI: Let pci_mmap_page_range() take resource address (Yinghai Lu) [Orabug: 22855133] \n- PCI: Fix proc mmap on sparc (Yinghai Lu) [Orabug: 22855133] \n- PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (Bjorn Helgaas) [Orabug: 22855133] \n- Revert 'sparc/PCI: Use correct bus address to resource offset' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Unify pci_register_region()' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Reserve legacy mmio after PCI mmio' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Keep resource idx order with bridge register number' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: kill wrong quirk about M7101' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Add has_mem64 for struct host_bridge' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Restore pref MMIO allocation logic for host bridge without mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc: Accommodate mem64_offset != mem_offset in pbm configuration' (Khalid Aziz) [Orabug: 22855133] \n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975482] \n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975482] \n- target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 25791789] \n- target: simplify backend driver registration (Christoph Hellwig) [Orabug: 25791789] \n- x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 25948913] \n- x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 25948913] \n- x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 25948913] \n- perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 25948913] \n- perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 25948913] \n- x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] \n- dtrace: proc:::exit should trigger only if thread group exits (Tomas Jedlicka) [Orabug: 25904298] \n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273}\n- ctf: prevent modules on the dedup blacklist from sharing any types at all (Nick Alcock) [Orabug: 26137220] \n- ctf: emit bitfields in in-memory order (Nick Alcock) [Orabug: 25815129] \n- ctf: bitfield support (Nick Alcock) [Orabug: 25815129] \n- ctf: emit file-scope static variables (Nick Alcock) [Orabug: 25962387] \n- ctf: speed up the dwarf2ctf duplicate detector some more (Nick Alcock) [Orabug: 25815306] \n- ctf: strdup() -> xstrdup() (Nick Alcock) [Orabug: 25815306] \n- ctf: speed up the dwarf2ctf duplicate detector (Nick Alcock) [Orabug: 25815306] \n- ctf: add module parameter to simple_dwfl_new() and adjust both callers (Nick Alcock) \n- ctf: fix the size of int and avoid duplicating it (Nick Alcock) [Orabug: 25815129] \n- ctf: allow overriding of DIE attributes: use it for parent bias (Nick Alcock) [Orabug: 25815129] \n- DTrace tcp/udp provider probes (Alan Maguire) [Orabug: 25815197] \n- dtrace: define DTRACE_PROBE_ENABLED to 0 when !CONFIG_DTRACE (Nick Alcock) [Orabug: 26145788] \n- dtrace: ensure limit is enforced even when pcs is NULL (Kris Van Hees) [Orabug: 25949692] \n- dtrace: make x86_64 FBT return probe detection less restrictive (Kris Van Hees) [Orabug: 25949048] \n- dtrace: support passing offset as arg0 to FBT return probes (Kris Van Hees) [Orabug: 25949086] \n- dtrace: make FBT entry probe detection less restrictive on x86_64 (Kris Van Hees) [Orabug: 25949030] \n- dtrace: adjust FBT entry probe dection for OL7 (Kris Van Hees) [Orabug: 25921361]\n[4.1.12-99]\n- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25999937] \n- qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Pramont) [Orabug: 25908317] \n- Revert 'be2net: fix MAC addr setting on privileged BE3 VFs' (Somasundaram Krishnasamy) [Orabug: 25870303] \n- Revert 'be2net: fix initial MAC setting' (Somasundaram Krishnasamy) [Orabug: 25802842] \n- xfs: track and serialize in-flight async buffers against unmount (Brian Foster) [Orabug: 25550712] \n- xfs: exclude never-released buffers from buftarg I/O accounting (Brian Foster) [Orabug: 25550712] \n- dm era: save spacemap metadata root after the pre-commit (Somasundaram Krishnasamy) [Orabug: 25547820] \n- Btrfs: incremental send, do not issue invalid rmdir operations (Robbie Ko) [Orabug: 26000657] \n- x86/platform/uv/BAU: Remove __ro_after_init declaration (Somasundaram Krishnasamy) [Orabug: 25920237] \n- x86/platform: Remove warning message for duplicate NMI handlers (Mike Travis) [Orabug: 25920237] \n- x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add wait_completion to bau_operations (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add status mmr location fields to bau_control (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add payload descriptor qualifier (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add uv_bau_version enumerated constants (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (Andrew Banman) [Orabug: 25920237] \n- fnic: Fixing sc abts status and flags assignment. (Satish Kharat) [Orabug: 25638880] \n- fnic: Adding debug IO, Abort latency counter and check condition count to fnic stats (Satish Kharat) [Orabug: 25638880] \n- fnic: Avoid false out-of-order detection for aborted command (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (Satish Kharat) [Orabug: 25638880] \n- fnic: minor white space changes (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Avoid sending reset to firmware when another reset is in progress (Satish Kharat) [Orabug: 25638880] \n- ovl: Do d_type check only if work dir creation was successful (Vivek Goyal) [Orabug: 25802620] \n- ovl: Ensure upper filesystem supports d_type (Vivek Goyal) [Orabug: 25802620] \n- sparc64: Add hardware capabilities for M8 (Dave Aldridge) [Orabug: 25555746] \n- sparc64: Stop performance counter before updating (Dave Aldridge) [Orabug: 25441707] \n- sparc64: Fix a race condition when stopping performance counters (Dave Aldridge) [Orabug: 25441707] \n- arch/sparc: Use new misaligned load instructions for memcpy and copy_from_user (Allen Pais) [Orabug: 25381567] \n- arch/sparc: Add a separate kernel memcpy functions for M8 (Allen Pais) [Orabug: 25381567] \n- sparc64: perf: make sure we do not set the 'picnht' bit in the PCR (Dave Aldridge) [Orabug: 24926097] \n- sparc64: perf: move M7 pmu event definitions to seperate file (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: add perf support for M8 devices (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: Fix the mapping between perf events and perf counters (Dave Aldridge) [Orabug: 23333572] \n- SPARC64: Enable IOMMU bypass for IB (Allen Pais) [Orabug: 25573557] \n- SPARC64: Introduce IOMMU BYPASS method (Allen Pais) [Orabug: 25573557] \n- PCI: Add PCI IDs for Infiniband (Tushar Dave) [Orabug: 25573557] \n- sched/fair: Disable the task group load_avg update for the root_task_group (Waiman Long) [Orabug: 25544560] \n- sched/fair: Move the cache-hot 'load_avg' variable into its own cacheline (Atish Patra) [Orabug: 25544560] \n- sched/fair: Avoid redundant idle_cpu() call in update_sg_lb_stats() (Waiman Long) [Orabug: 25544560] \n- sched/fair: Clean up load average references (Atish Patra) [Orabug: 25544560] \n- sched/fair: Provide runnable_load_avg back to cfs_rq (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Remove task and group entity load when they are dead (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Init cfs_rqs sched_entity load average (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Implement update_blocked_averages() for CONFIG_FAIR_GROUP_SCHED=n (Vincent Guittot) [Orabug: 25544560] \n- sched/fair: Rewrite runnable load and utilization average tracking (Atish Patra) [Orabug: 25544560] \n- sched/fair: Remove rqs runnable avg (Yuyang Du) [Orabug: 25544560] \n- sparc64: Allow enabling ADI on hugepages only (Khalid Aziz) [Orabug: 25969377] \n- sparc64: Save ADI tags on ADI enabled platforms only (Khalid Aziz) [Orabug: 25961592] \n- sparc64: increase FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 25448108] \n- sparc64: tsb size expansion (bob picco) [Orabug: 25448108] \n- sparc64: make tsb pointer computation symbolic (bob picco) [Orabug: 25448108] \n- sparc64: fix intermittent LDom hang waiting for vdc_port_up (Thomas Tai) \n- sparc64:block/sunvdc: Renamed bio variable name from req to bio (Vijay Kumar) [Orabug: 25128265] \n- sparc64:block/sunvdc: Added io stats accounting for bio based vdisk (Vijay Kumar) [Orabug: 25128265] \n- sparc64: Remove node restriction from PRIQ MSI assignments (chris hyser) [Orabug: 25110748] \n- blk-mq: Clean up all_q_list on request_queue deletion (chris hyser) [Orabug: 25569331] \n- sparc64: kern_addr_valid regression (bob picco) [Orabug: 25860542]\n[4.1.12-98]\n- sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25911008] \n- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25911008] [Orabug: 25931417] \n- sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997202] \n- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996411] \n- KVM: VMX: fix vmwrite to invalid VMCS (Radim Krcmar) \n- Revert 'i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter' (Brian Maly) [Orabug: 25877447] \n- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25888596] \n- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25835254] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- Revert 'sparc64: DAX request for non 4MB memory should return with unique errno' (Allen Pais) \n- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25852910] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25835133] \n- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25827254] \n- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25820395] \n- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25870705] \n- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25820812] \n- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 23072809] \n- sparc64: fix an issue when trying to bring hotplug cpus online (Dave Aldridge) [Orabug: 25667277] \n- sparc64: Fix memory corruption when THP is enabled (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix address range for page table free Orabug: 25704426 (Nitin Gupta) \n- sparc64: Add support for 2G hugepages (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix size check in huge_pte_alloc (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix build error in flush_tsb_user_page (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Add 64K page size support (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Remove xl-hugepages and add multi-page size support (Allen Pais) [Orabug: 25704426] \n- sparc64: do not dequeue stale VDS IO work entries (Jag Raman) [Orabug: 25455138] \n- SPARC64: Virtual Disk Device (vdsdev) Read-Only Option (options=ro) not working (George Kennedy) [Orabug: 23623853] \n- arch/sparc: Fix FPU register corruption with AES crypto test on M7 (Babu Moger) [Orabug: 25265878] \n- sunvnet: xoff not needed when removing port link (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: count multicast packets (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: track port queues correctly (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: add stats to track ldom to ldom packets and bytes (Shannon Nelson) [Orabug: 25190537] \n- ldmvsw: better use of link up and down on ldom vswitch (Shannon Nelson) [Orabug: 25525312] \n- dtrace: fix handling of save_stack_trace sentinel (x86 only) (Kris Van Hees) [Orabug: 25727046] \n- dtrace: DTrace walltime lock-free implementation (Tomas Jedlicka) [Orabug: 25715256]\n[4.1.12-97]\n- megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] \n- sparc64: Restrict number of processes (Sanath Kumar) [Orabug: 24523680] \n- SPARC64: vds_blk_rw() does not handle drives with q->limits.chunk_sectors > 0 (George Kennedy) [Orabug: 25373818] \n- sparc64: Improve boot time by per cpu map update (Atish Patra) [Orabug: 25496463] \n- arch/sparc: memblock resizes are not handled properly (Pavel Tatashin) [Orabug: 25415396] \n- SPARC64: LDOM vnet 'Got unexpected MCAST reply' (George Kennedy) [Orabug: 24954702] \n- ldmvsw: disable tso and gso for bridge operations (Shannon Nelson) [Orabug: 23293104] \n- ldmvsw: update and simplify version string (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove extra rcu_read_unlocks (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: straighten up message event handling logic (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: add memory barrier before check for tx enable (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: update version and version printing (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove unused variable in maybe_tx_wakeup (Sowmini Varadhan) [Orabug: 23293104] \n- sunvnet: make sunvnet common code dynamically loadable (Shannon Nelson) [Orabug: 23293104] \n- hwrng: n2 - update version info (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - support new hardware register layout (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - add device data descriptions (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - limit error spewage when self-test fails (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Anatoly Pugachev) [Orabug: 25127795] \n- tcp: fix tcp_fastopen unaligned access complaints on sparc (Shannon Nelson) [Orabug: 25163405] \n- vds: Add physical block support (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: Add missing hardware capabilities for M7 (Dave Aldridge) [Orabug: 25555746] \n- SPARC64: Fix vds_vtoc_set_default debug with large disks (George Kennedy) [Orabug: 25423802] \n- sparc64: VDC threads in guest domain do not resume after primary domain reboot (Jag Raman) [Orabug: 25519961] \n- sunvdc: Add support for setting physical sector size (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] \n- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 25641371] \n- SPARC64: VIO: Support for virtual-device MD node probing (Aaron Young) [Orabug: 24841906]\n[4.1.12-96]\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 257846022]\n[4.1.12-95]\n- PCI: hv: Microsoft changes in support of RHEL and UEK4 (Jake Oshins) [Orabug: 25507635] \n- Add the PCI Host driver into the UEK config files (Jack Vogel) [Orabug: 25507635]", "published": "2017-08-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3609.html", "cvelist": ["CVE-2016-10208", "CVE-2016-9604", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2017-1000380", "CVE-2016-8399", "CVE-2016-6213", "CVE-2017-9059", "CVE-2017-9074", "CVE-2016-10088", "CVE-2017-7645", "CVE-2017-9242", "CVE-2017-7273", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-7533", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-1000364", "CVE-2017-7308", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-12134", "CVE-2017-5986", "CVE-2016-10229", "CVE-2017-7477", "CVE-2016-1576", "CVE-2017-1000363", "CVE-2017-7187", "CVE-2017-9077", "CVE-2016-1575", "CVE-2016-9644", "CVE-2017-1000365", "CVE-2017-8890", "CVE-2017-8797", "CVE-2017-6347"], "lastseen": "2017-08-24T00:04:41"}], "redhat": [{"id": "RHSA-2017:2669", "type": "redhat", "title": "(RHSA-2017:2669) Important: kernel-rt security and bug fix update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues:\n\nCVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890 CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685\n\nDocumentation for these issues are available from the Technical Notes document linked to in the References section.\n\nRed Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).", "published": "2017-09-07T00:24:03", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:2669", "cvelist": ["CVE-2015-8839", "CVE-2016-10088", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7533", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "lastseen": "2017-09-06T21:27:25"}, {"id": "RHSA-2017:1842", "type": "redhat", "title": "(RHSA-2017:1842) Important: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues:\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "published": "2017-08-01T09:55:25", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:1842", "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "lastseen": "2017-08-31T03:32:38"}, {"id": "RHSA-2017:2077", "type": "redhat", "title": "(RHSA-2017:2077) Important: kernel-rt security, bug fix, and enhancement update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues:\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "published": "2017-08-01T09:57:19", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:2077", "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "lastseen": "2017-08-02T22:58:07"}, {"id": "RHSA-2017:0004", "type": "redhat", "title": "(RHSA-2017:0004) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash. (CVE-2016-8666, Important)\n\nBug Fix(es):\n\n* When a virtual machine (VM) with PCI-Passthrough interfaces was recreated, the operating system rebooted. This update fixes the race condition between the eventfd daemon and the virqfd daemon. As a result, the operating system no longer reboots in the described situation. (BZ#1391609)", "published": "2017-01-03T21:31:34", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0004", "cvelist": ["CVE-2016-8666"], "lastseen": "2017-01-03T17:59:26"}, {"id": "RHSA-2016:2047", "type": "redhat", "title": "(RHSA-2016:2047) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)", "published": "2016-10-10T22:39:49", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:2047", "cvelist": ["CVE-2016-7039", "CVE-2016-8666"], "lastseen": "2017-10-10T14:56:48"}, {"id": "RHSA-2016:2107", "type": "redhat", "title": "(RHSA-2016:2107) Important: kernel-rt security update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)\n\n* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important)\n\nRed Hat would like to thank Phil Oester for reporting CVE-2016-5195.", "published": "2016-10-26T12:56:09", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:2107", "cvelist": ["CVE-2016-5195", "CVE-2016-7039", "CVE-2016-8666"], "lastseen": "2017-10-10T14:57:00"}, {"id": "RHSA-2016:2110", "type": "redhat", "title": "(RHSA-2016:2110) Important: kernel-rt security update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)\n\n* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important)\n\nRed Hat would like to thank Phil Oester for reporting CVE-2016-5195.", "published": "2016-10-26T16:09:58", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:2110", "cvelist": ["CVE-2016-5195", "CVE-2016-7039", "CVE-2016-8666"], "lastseen": "2017-10-10T14:57:32"}, {"id": "RHSA-2017:0372", "type": "redhat", "title": "(RHSA-2017:0372) Important: kernel-aarch64 security and bug fix update", "description": "The kernel-aarch64 package contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)\n\n* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important)\n\nRed Hat would like to thank Phil Oester for reporting CVE-2016-5195.\n\nBug Fix(es):\n\n* Previously, the operating system did not support the Mellanox ConnectX-4 PCIe Network Interface Controllers (NIC) in Ethernet mode. This update enables Ethernet support in the mlx5 driver. As a result, the Mellanox ConnectX-4 PCIe NICs now work in Ethernet mode as expected. (BZ#1413108)\n\n* On the Qualcomm Datacenter Technologies server platform with Qualcomm Datacenter Technologies Centriq 2400 CPU (QDF2400v1) memory accesses sometimes allocated Translation Lookaside Buffer (TLB) entries using an incorrect Address Space ID (ASID). This could consequently result in memory corruption and crashes under certain conditions. The underlying source code has been modified to handle the TTBRx_EL1[ASID] and TTBRx_EL1[BADDR] fields separately using a reserved ASID, and the described problem no longer occurs. (BZ#1421765)", "published": "2017-03-02T20:22:03", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0372", "cvelist": ["CVE-2016-5195", "CVE-2016-7039", "CVE-2016-8666"], "lastseen": "2017-10-10T14:56:53"}, {"id": "RHSA-2017:0817", "type": "redhat", "title": "(RHSA-2017:0817) Moderate: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "published": "2017-03-21T12:09:43", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0817", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "lastseen": "2017-04-18T17:21:25"}, {"id": "RHSA-2017:0307", "type": "redhat", "title": "(RHSA-2017:0307) Moderate: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* The qlnic driver previously attempted to fetch pending transmission descriptors before all writes were complete, which lead to firmware hangs. With this update, the qlcnic driver has been fixed to complete all writes before the hardware fetches any pending transmission descriptors. As a result, the firmware no longer hangs with the qlcnic driver. (BZ#1403143)\n\n* Previously, when a NFS share was mounted, the file-system (FS) cache was incorrectly enabled even when the \"-o fsc\" option was not used in the mount command. Consequently, the cachefilesd service stored files in the NFS share even when not instructed to by the user. With this update, NFS does not use the FS cache if not instructed by the \"-o fsc\" option. As a result, NFS no longer enables caching if the \"-o fsc\" option is not used. (BZ#1399172)\n\n* Previously, an NFS client and NFS server got into a NFS4 protocol loop involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid counter got to the wraparound point by overflowing the value of 32 bits. This update fixes the NFS server to handle the current_fileid wraparound. As a result, the described NFS4 protocol loop no longer occurs. (BZ#1399174)\n\n* Previously, certain configurations of the Hewlett Packard Smart Array (HPSA) devices caused hardware to be set offline incorrectly when the HPSA driver was expected to wait for existing I/O operations to complete. Consequently, a kernel panic occurred. This update prevents the described problem. As a result, the kernel panic no longer occurs. (BZ#1399175)\n\n* Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398185)\n\n* Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397739)\n\n* When the \"punching hole\" feature of the fallocate utility was used on an ext4 file system inode with extent depth of 1, the extent tree of the inode sometimes became corrupted. With this update, the underlying source code has been fixed, and extent tree corruption no longer occurs in the described situation. (BZ#1397808)", "published": "2017-02-23T21:14:45", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0307", "cvelist": ["CVE-2016-9555", "CVE-2016-6136"], "lastseen": "2017-03-10T13:18:29"}], "centos": [{"id": "CESA-2017:1842", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:1842\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues:\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-August/004249.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "published": "2017-08-24T01:38:33", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004249.html", "cvelist": ["CVE-2016-9604", "CVE-2016-9806", "CVE-2016-7097", "CVE-2016-6213", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2016-10088", "CVE-2017-6001", "CVE-2015-8839", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-9075", "CVE-2014-7975", "CVE-2016-9685", "CVE-2017-1000379", "CVE-2015-8970", "CVE-2016-10147", "CVE-2016-9576", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-2596", "CVE-2016-9588", "CVE-2017-9076", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797", "CVE-2016-7042", "CVE-2016-8645", "CVE-2014-7970"], "lastseen": "2017-10-03T18:26:56"}, {"id": "CESA-2016:2047", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:2047\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/022120.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2047.html", "published": "2016-10-11T18:36:43", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-October/022120.html", "cvelist": ["CVE-2016-8666", "CVE-2016-7039"], "lastseen": "2017-10-10T18:03:18"}, {"id": "CESA-2017:0817", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:0817\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0817.html", "published": "2017-03-24T15:34:16", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "lastseen": "2017-10-03T18:25:20"}, {"id": "CESA-2017:0307", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:0307\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* The qlnic driver previously attempted to fetch pending transmission descriptors before all writes were complete, which lead to firmware hangs. With this update, the qlcnic driver has been fixed to complete all writes before the hardware fetches any pending transmission descriptors. As a result, the firmware no longer hangs with the qlcnic driver. (BZ#1403143)\n\n* Previously, when a NFS share was mounted, the file-system (FS) cache was incorrectly enabled even when the \"-o fsc\" option was not used in the mount command. Consequently, the cachefilesd service stored files in the NFS share even when not instructed to by the user. With this update, NFS does not use the FS cache if not instructed by the \"-o fsc\" option. As a result, NFS no longer enables caching if the \"-o fsc\" option is not used. (BZ#1399172)\n\n* Previously, an NFS client and NFS server got into a NFS4 protocol loop involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid counter got to the wraparound point by overflowing the value of 32 bits. This update fixes the NFS server to handle the current_fileid wraparound. As a result, the described NFS4 protocol loop no longer occurs. (BZ#1399174)\n\n* Previously, certain configurations of the Hewlett Packard Smart Array (HPSA) devices caused hardware to be set offline incorrectly when the HPSA driver was expected to wait for existing I/O operations to complete. Consequently, a kernel panic occurred. This update prevents the described problem. As a result, the kernel panic no longer occurs. (BZ#1399175)\n\n* Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398185)\n\n* Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397739)\n\n* When the \"punching hole\" feature of the fallocate utility was used on an ext4 file system inode with extent depth of 1, the extent tree of the inode sometimes became corrupted. With this update, the underlying source code has been fixed, and extent tree corruption no longer occurs in the described situation. (BZ#1397808)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022281.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0307.html", "published": "2017-02-24T20:45:23", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2017-February/022281.html", "cvelist": ["CVE-2016-9555", "CVE-2016-6136"], "lastseen": "2017-10-03T18:25:08"}, {"id": "CESA-2017:0086", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:0086\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668)\n\n* Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611)\n\n* Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023)\n\n* Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024)\n\n* Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot:\n\n \"Unknown Intel PCH (0xa149) detected.\"\n \"Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\"\n\nThe messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033)\n\n* Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022246.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0086.html", "published": "2017-01-19T13:30:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2017-January/022246.html", "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "lastseen": "2017-10-03T18:25:06"}], "amazon": [{"id": "ALAS-2016-762", "type": "amazon", "title": "Important: kernel", "description": "**Issue Overview:**\n\nThe IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to [CVE-2016-7039 __](<https://access.redhat.com/security/cve/CVE-2016-7039>). ([CVE-2016-8666 __](<https://access.redhat.com/security/cve/CVE-2016-8666>))\n\nLinux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. ([CVE-2016-7039 __](<https://access.redhat.com/security/cve/CVE-2016-7039>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-tools-devel-4.4.30-32.54.amzn1.i686 \n kernel-debuginfo-4.4.30-32.54.amzn1.i686 \n kernel-headers-4.4.30-32.54.amzn1.i686 \n kernel-tools-4.4.30-32.54.amzn1.i686 \n kernel-devel-4.4.30-32.54.amzn1.i686 \n perf-debuginfo-4.4.30-32.54.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.30-32.54.amzn1.i686 \n perf-4.4.30-32.54.amzn1.i686 \n kernel-4.4.30-32.54.amzn1.i686 \n kernel-tools-debuginfo-4.4.30-32.54.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.30-32.54.amzn1.noarch \n \n src: \n kernel-4.4.30-32.54.amzn1.src \n \n x86_64: \n kernel-4.4.30-32.54.amzn1.x86_64 \n kernel-devel-4.4.30-32.54.amzn1.x86_64 \n perf-debuginfo-4.4.30-32.54.amzn1.x86_64 \n kernel-tools-devel-4.4.30-32.54.amzn1.x86_64 \n kernel-tools-4.4.30-32.54.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.30-32.54.amzn1.x86_64 \n kernel-headers-4.4.30-32.54.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.30-32.54.amzn1.x86_64 \n perf-4.4.30-32.54.amzn1.x86_64 \n kernel-debuginfo-4.4.30-32.54.amzn1.x86_64 \n \n \n", "published": "2016-11-10T18:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-762.html", "cvelist": ["CVE-2016-8666", "CVE-2016-7039"], "lastseen": "2016-11-11T04:42:26"}, {"id": "ALAS-2017-786", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nThe sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2016-9576 __](<https://access.redhat.com/security/cve/CVE-2016-9576>).\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-tools-4.4.41-36.55.amzn1.i686 \n perf-4.4.41-36.55.amzn1.i686 \n perf-debuginfo-4.4.41-36.55.amzn1.i686 \n kernel-debuginfo-4.4.41-36.55.amzn1.i686 \n kernel-tools-debuginfo-4.4.41-36.55.amzn1.i686 \n kernel-devel-4.4.41-36.55.amzn1.i686 \n kernel-4.4.41-36.55.amzn1.i686 \n kernel-tools-devel-4.4.41-36.55.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.41-36.55.amzn1.i686 \n kernel-headers-4.4.41-36.55.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.41-36.55.amzn1.noarch \n \n src: \n kernel-4.4.41-36.55.amzn1.src \n \n x86_64: \n perf-4.4.41-36.55.amzn1.x86_64 \n kernel-devel-4.4.41-36.55.amzn1.x86_64 \n perf-debuginfo-4.4.41-36.55.amzn1.x86_64 \n kernel-tools-4.4.41-36.55.amzn1.x86_64 \n kernel-debuginfo-4.4.41-36.55.amzn1.x86_64 \n kernel-headers-4.4.41-36.55.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.41-36.55.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.41-36.55.amzn1.x86_64 \n kernel-4.4.41-36.55.amzn1.x86_64 \n kernel-tools-devel-4.4.41-36.55.amzn1.x86_64 \n \n \n", "published": "2017-01-19T16:30:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2017-786.html", "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "lastseen": "2017-01-20T00:59:39"}, {"id": "ALAS-2017-782", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. ([CVE-2016-8650 __](<https://access.redhat.com/security/cve/CVE-2016-8650>))\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. ([CVE-2016-9576 __](<https://access.redhat.com/security/cve/CVE-2016-9576>))\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. ([CVE-2016-9793 __](<https://access.redhat.com/security/cve/CVE-2016-9793>)) \n\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-debuginfo-4.4.39-34.54.amzn1.i686 \n kernel-headers-4.4.39-34.54.amzn1.i686 \n kernel-tools-debuginfo-4.4.39-34.54.amzn1.i686 \n kernel-tools-4.4.39-34.54.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.39-34.54.amzn1.i686 \n kernel-4.4.39-34.54.amzn1.i686 \n kernel-devel-4.4.39-34.54.amzn1.i686 \n kernel-tools-devel-4.4.39-34.54.amzn1.i686 \n perf-debuginfo-4.4.39-34.54.amzn1.i686 \n perf-4.4.39-34.54.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.39-34.54.amzn1.noarch \n \n src: \n kernel-4.4.39-34.54.amzn1.src \n \n x86_64: \n perf-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.39-34.54.amzn1.x86_64 \n kernel-4.4.39-34.54.amzn1.x86_64 \n kernel-devel-4.4.39-34.54.amzn1.x86_64 \n kernel-headers-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-4.4.39-34.54.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-devel-4.4.39-34.54.amzn1.x86_64 \n perf-debuginfo-4.4.39-34.54.amzn1.x86_64 \n kernel-debuginfo-4.4.39-34.54.amzn1.x86_64 \n \n \n", "published": "2017-01-04T17:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2017-782.html", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2016-9576"], "lastseen": "2017-01-05T01:58:51"}, {"id": "ALAS-2016-694", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nAn integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption. ([CVE-2016-3135 __](<https://access.redhat.com/security/cve/CVE-2016-3135>))\n\nIn the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is possible for a user-supplied ipt_entry structure to have a large next_offset field. This field is not bounds checked prior to writing a counter value at the supplied offset. ([CVE-2016-3134 __](<https://access.redhat.com/security/cve/CVE-2016-3134>))\n\nA weakness was found in the Linux ASLR implementation. Any user able to run 32-bit applications in a x86 machine can disable the ASLR by setting the RLIMIT_STACK resource to unlimited. ([CVE-2016-3672 __](<https://access.redhat.com/security/cve/CVE-2016-3672>))\n\nDestroying a network interface with a large number of IPv4 addresses keeps a rtnl_lock for a very long time, which can block many network-related operations. ([CVE-2016-3156 __](<https://access.redhat.com/security/cve/CVE-2016-3156>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n perf-4.4.8-20.46.amzn1.i686 \n kernel-4.4.8-20.46.amzn1.i686 \n kernel-devel-4.4.8-20.46.amzn1.i686 \n kernel-tools-4.4.8-20.46.amzn1.i686 \n perf-debuginfo-4.4.8-20.46.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.8-20.46.amzn1.i686 \n kernel-tools-debuginfo-4.4.8-20.46.amzn1.i686 \n kernel-debuginfo-4.4.8-20.46.amzn1.i686 \n kernel-tools-devel-4.4.8-20.46.amzn1.i686 \n kernel-headers-4.4.8-20.46.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.8-20.46.amzn1.noarch \n \n src: \n kernel-4.4.8-20.46.amzn1.src \n \n x86_64: \n kernel-debuginfo-common-x86_64-4.4.8-20.46.amzn1.x86_64 \n perf-debuginfo-4.4.8-20.46.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.8-20.46.amzn1.x86_64 \n kernel-tools-4.4.8-20.46.amzn1.x86_64 \n kernel-4.4.8-20.46.amzn1.x86_64 \n kernel-tools-devel-4.4.8-20.46.amzn1.x86_64 \n kernel-debuginfo-4.4.8-20.46.amzn1.x86_64 \n perf-4.4.8-20.46.amzn1.x86_64 \n kernel-devel-4.4.8-20.46.amzn1.x86_64 \n kernel-headers-4.4.8-20.46.amzn1.x86_64 \n \n \n", "published": "2016-04-27T16:15:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-694.html", "cvelist": ["CVE-2016-3156", "CVE-2016-3135", "CVE-2016-3672", "CVE-2016-3134"], "lastseen": "2016-09-28T21:03:58"}], "f5": [{"id": "F5:K54610514", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-10088", "description": "\nF5 Product Development has assigned ID 640766 and ID 640768 (BIG-IP), and ID 640766 and ID 640768 (BIG-IQ, Enterprise Manager, iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H54610514 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP AAM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP AFM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP Analytics| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP APM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP ASM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP DNS| 13.0.0 \n12.0.0 - 12.1.2| None| Low| Linux kernel \nBIG-IP Edge Gateway| 11.2.1| None| Low| Linux kernel \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP Link Controller| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP PEM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP PSM| 11.4.0 - 11.4.1| None| Low| Linux kernel \nBIG-IP WebAccelerator| 11.2.1| None| Low| Linux kernel \nBIG-IP WebSafe| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| None| Low \n\n| Linux kernel \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| Linux kernel \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Low| Linux kernel \nBIG-IQ Centralized Management| 5.0.0 - 5.2.0 \n4.6.0| None| Low| Linux kernel \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| Linux kernel \nF5 iWorkflow| 2.0.0 - 2.2.0| None| Low| Linux kernel \nLineRate| None| 3.0.0 - 3.1.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "published": "2017-01-28T02:39:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K54610514", "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "lastseen": "2017-07-03T23:58:30"}, {"id": "F5:K54095660", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-9555", "description": "\nF5 Product Development has assigned IDs 641319 and 648879 (BIG-IP), ID 641319-1 (BIG-IQ), ID 643805 (Enterprise Manager), and ID 646642 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable1| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable1| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable1| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable1| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable1| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable1| None \nEnterprise Manager| None| 3.1.1| Not vulnerable1| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable1| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable1| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable1| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable1| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable1| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| Linux kernel \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2017-02-23T01:21:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K54095660", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-06-08T00:16:29"}, {"id": "F5:K05513373", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-9576", "description": "\nF5 Product Development has assigned ID 640766 and 640768 (BIG-IP), and ID 640766 and 640768 (BIG-IQ, Enterprise Manager, iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H05513373 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP AAM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP AFM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP Analytics| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP APM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP ASM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP DNS| 12.0.0 - 12.1.2| None| Low| Linux kernel \nBIG-IP Edge Gateway| 11.2.1| None| Low| Linux kernel \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP Link Controller| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP PEM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP PSM| 11.4.0 - 11.4.1| None| Low| Linux kernel \nBIG-IP WebAccelerator| 11.2.1| None| Low| Linux kernel \nBIG-IP WebSafe| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| None| Low \n\n| Linux kernel \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| Linux kernel \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Low| Linux kernel \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Low| Linux kernel \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| Linux kernel \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Low| Linux kernel \nLineRate| None| 3.0.0 - 3.1.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| Linux Kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "published": "2017-01-28T02:28:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K05513373", "cvelist": ["CVE-2016-9576"], "lastseen": "2017-06-08T00:16:15"}], "debian": [{"id": "DSA-3804", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\n * [CVE-2016-9588](<https://security-tracker.debian.org/tracker/CVE-2016-9588>)\n\nJim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.\n\n * [CVE-2017-2636](<https://security-tracker.debian.org/tracker/CVE-2017-2636>)\n\nAlexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it: `echo>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false`\n\n * [CVE-2017-5669](<https://security-tracker.debian.org/tracker/CVE-2017-5669>)\n\nGareth Evans reported that privileged users can map memory at address 0 through the shmat() system call. This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.\n\n * [CVE-2017-5986](<https://security-tracker.debian.org/tracker/CVE-2017-5986>)\n\nAlexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial-of-service (crash). The initial fix for this was incorrect and introduced further security issues ([ CVE-2017-6353](<https://security-tracker.debian.org/tracker/CVE-2017-6353>)). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it: `echo>> /etc/modprobe.d/disable-sctp.conf install sctp false`\n\n * [CVE-2017-6214](<https://security-tracker.debian.org/tracker/CVE-2017-6214>)\n\nDmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call. This can be used by a remote attacker for denial-of-service (hang) against applications that read from TCP sockets with splice().\n\n * [CVE-2017-6345](<https://security-tracker.debian.org/tracker/CVE-2017-6345>)\n\nAndrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This can be used by a local user to cause a denial-of-service (crash). On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it: `echo>> /etc/modprobe.d/disable-llc2.conf install llc2 false`\n\n * [CVE-2017-6346](<https://security-tracker.debian.org/tracker/CVE-2017-6346>)\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial-of-service and possibly for privilege escalation.\n\n * [CVE-2017-6348](<https://security-tracker.debian.org/tracker/CVE-2017-6348>)\n\nDmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial-of-service (deadlock) via crafted operations on IrDA devices.\n\nFor the stable distribution (jessie), these problems have been fixed in version 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.", "published": "2017-03-08T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3804", "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "lastseen": "2017-10-05T13:07:19"}, {"id": "DSA-3607", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n * [CVE-2015-7515](<https://security-tracker.debian.org/tracker/CVE-2015-7515>), [CVE-2016-2184](<https://security-tracker.debian.org/tracker/CVE-2016-2184>), [CVE-2016-2185](<https://security-tracker.debian.org/tracker/CVE-2016-2185>), [CVE-2016-2186](<https://security-tracker.debian.org/tracker/CVE-2016-2186>), [CVE-2016-2187](<https://security-tracker.debian.org/tracker/CVE-2016-2187>), [CVE-2016-3136](<https://security-tracker.debian.org/tracker/CVE-2016-3136>), [CVE-2016-3137](<https://security-tracker.debian.org/tracker/CVE-2016-3137>), [CVE-2016-3138](<https://security-tracker.debian.org/tracker/CVE-2016-3138>), [CVE-2016-3140](<https://security-tracker.debian.org/tracker/CVE-2016-3140>)\n\nRalf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash).\n\n * [CVE-2016-0821](<https://security-tracker.debian.org/tracker/CVE-2016-0821>)\n\nSolar Designer noted that the list poisoning feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes.\n\n * [CVE-2016-1237](<https://security-tracker.debian.org/tracker/CVE-2016-1237>)\n\nDavid Sinquin discovered that nfsd does not check permissions when setting ACLs, allowing users to grant themselves permissions to a file by setting the ACL.\n\n * [CVE-2016-1583](<https://security-tracker.debian.org/tracker/CVE-2016-1583>)\n\nJann Horn of Google Project Zero reported that the eCryptfs filesystem could be used together with the proc filesystem to cause a kernel stack overflow. If the ecryptfs-utils package is installed, local users could exploit this, via the mount.ecryptfs_private program, for denial of service (crash) or possibly for privilege escalation.\n\n * [CVE-2016-2117](<https://security-tracker.debian.org/tracker/CVE-2016-2117>)\n\nJustin Yackoski of Cryptonite discovered that the Atheros L2 ethernet driver incorrectly enables scatter/gather I/O. A remote attacker could take advantage of this flaw to obtain potentially sensitive information from kernel memory.\n\n * [CVE-2016-2143](<https://security-tracker.debian.org/tracker/CVE-2016-2143>)\n\nMarcin Koscielnicki discovered that the fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash).\n\n * [CVE-2016-3070](<https://security-tracker.debian.org/tracker/CVE-2016-3070>)\n\nJan Stancek of Red Hat discovered a local denial of service vulnerability in AIO handling.\n\n * [CVE-2016-3134](<https://security-tracker.debian.org/tracker/CVE-2016-3134>)\n\nThe Google Project Zero team found that the netfilter subsystem does not sufficiently validate filter table entries. A user with the CAP_NET_ADMIN capability could use this for denial of service (crash) or possibly for privilege escalation. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this allows privilege escalation.\n\n * [CVE-2016-3156](<https://security-tracker.debian.org/tracker/CVE-2016-3156>)\n\nSolar Designer discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS.\n\n * [CVE-2016-3157](<https://security-tracker.debian.org/tracker/CVE-2016-3157>) / XSA-171 \n\nAndy Lutomirski discovered that the x86_64 (amd64) task switching implementation did not correctly update the I/O permission level when running as a Xen paravirtual (PV) guest. In some configurations this would allow local users to cause a denial of service (crash) or to escalate their privileges within the guest.\n\n * [CVE-2016-3672](<https://security-tracker.debian.org/tracker/CVE-2016-3672>)\n\nHector Marco and Ismael Ripoll noted that it was possible to disable Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs by removing the stack resource limit. This made it easier for local users to exploit security flaws in programs that have the setuid or setgid flag set.\n\n * [CVE-2016-3951](<https://security-tracker.debian.org/tracker/CVE-2016-3951>)\n\nIt was discovered that the cdc_ncm driver would free memory prematurely if certain errors occurred during its initialisation. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash) or possibly to escalate their privileges.\n\n * [CVE-2016-3955](<https://security-tracker.debian.org/tracker/CVE-2016-3955>)\n\nIgnat Korchagin reported that the usbip subsystem did not check the length of data received for a USB buffer. This allowed denial of service (crash) or privilege escalation on a system configured as a usbip client, by the usbip server or by an attacker able to impersonate it over the network. A system configured as a usbip server might be similarly vulnerable to physically present users.\n\n * [CVE-2016-3961](<https://security-tracker.debian.org/tracker/CVE-2016-3961>) / XSA-174 \n\nVitaly Kuznetsov of Red Hat discovered that Linux allowed the use of hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen paravirtualised (PV) guest, although Xen does not support huge pages. This allowed users with access to /dev/hugepages to cause a denial of service (crash) in the guest.\n\n * [CVE-2016-4470](<https://security-tracker.debian.org/tracker/CVE-2016-4470>)\n\nDavid Howells of Red Hat discovered that a local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem, leading to a denial of service (crash) or possibly to privilege escalation.\n\n * [CVE-2016-4482](<https://security-tracker.debian.org/tracker/CVE-2016-4482>), [CVE-2016-4485](<https://security-tracker.debian.org/tracker/CVE-2016-4485>), [CVE-2016-4486](<https://security-tracker.debian.org/tracker/CVE-2016-4486>), [CVE-2016-4569](<https://security-tracker.debian.org/tracker/CVE-2016-4569>), [CVE-2016-4578](<https://security-tracker.debian.org/tracker/CVE-2016-4578>), [CVE-2016-4580](<https://security-tracker.debian.org/tracker/CVE-2016-4580>), [CVE-2016-5243](<https://security-tracker.debian.org/tracker/CVE-2016-5243>), [CVE-2016-5244](<https://security-tracker.debian.org/tracker/CVE-2016-5244>)\n\nKangjie Lu reported that the USB devio, llc, rtnetlink, ALSA timer, x25, tipc, and rds facilities leaked information from the kernel stack.\n\n * [CVE-2016-4565](<https://security-tracker.debian.org/tracker/CVE-2016-4565>)\n\nJann Horn of Google Project Zero reported that various components in the InfiniBand stack implemented unusual semantics for the write() operation. On a system with InfiniBand drivers loaded, local users could use this for denial of service or privilege escalation.\n\n * [CVE-2016-4581](<https://security-tracker.debian.org/tracker/CVE-2016-4581>)\n\nTycho Andersen discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local user can take advantage of this flaw to cause a denial of service (system crash).\n\n * [CVE-2016-4805](<https://security-tracker.debian.org/tracker/CVE-2016-4805>)\n\nBaozeng Ding discovered a use-after-free in the generic PPP layer in the Linux kernel. A local user can take advantage of this flaw to cause a denial of service (system crash), or potentially escalate their privileges.\n\n * [CVE-2016-4913](<https://security-tracker.debian.org/tracker/CVE-2016-4913>)\n\nAl Viro found that the ISO9660 filesystem implementation did not correctly count the length of certain invalid name entries. Reading a directory containing such name entries would leak information from kernel memory. Users permitted to mount disks or disk images could use this to obtain sensitive information.\n\n * [CVE-2016-4997](<https://security-tracker.debian.org/tracker/CVE-2016-4997>) / [CVE-2016-4998](<https://security-tracker.debian.org/tracker/CVE-2016-4998>)\n\nJesse Hertz and Tim Newsham discovered that missing input sanitising in Netfilter socket handling may result in denial of service. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this also allows privilege escalation.\n\nFor the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.", "published": "2016-06-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3607", "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "lastseen": "2017-10-05T13:05:55"}], "exploitdb": [{"id": "EDB-ID:39669", "type": "exploitdb", "title": "Linux x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited", "description": "Linux x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited. CVE-2016-3672. Dos exploit for linux platform", "published": "2016-04-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/39669/", "cvelist": ["CVE-2016-3672"], "lastseen": "2016-04-06T21:00:22"}], "zdt": [{"id": "1337DAY-ID-25173", "type": "zdt", "title": "Linux/x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited", "description": "Exploit for linux platform in category dos / poc", "published": "2016-04-06T00:00:00", "cvss": {"score": 0, "vector": "NONE"}, "href": "http://0day.today/exploit/description/25173", "cvelist": ["CVE-2016-3672"], "lastseen": "2016-04-20T01:28:06"}]}}