openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-377.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(109103);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-1091", "CVE-2018-7740", "CVE-2018-8043");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)");
  script_summary(english:"Check for the openSUSE-2018-377 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive
various security and bugfixes.

The following security bugs were fixed :

  - CVE-2018-1091: In the flush_tmregs_to_thread function in
    arch/powerpc/kernel/ptrace.c, a guest kernel crash can
    be triggered from unprivileged userspace during a core
    dump on a POWER host due to a missing processor feature
    check and an erroneous use of transactional memory (TM)
    instructions in the core dump path, leading to a denial
    of service (bnc#1087231).

  - CVE-2018-8043: The unimac_mdio_probe function in
    drivers/net/phy/mdio-bcm-unimac.c did not validate
    certain resource availability, which allowed local users
    to cause a denial of service (NULL pointer dereference)
    (bnc#1084829).

  - CVE-2018-7740: The resv_map_release function in
    mm/hugetlb.c allowed local users to cause a denial of
    service (BUG) via a crafted application that made mmap
    system calls and has a large pgoff argument to the
    remap_file_pages system call (bnc#1084353).

The following non-security bugs were fixed :

  - acpica: Add header support for TPM2 table changes
    (bsc#1084452).

  - acpica: Add support for new SRAT subtable (bsc#1085981).

  - acpica: iasl: Update to IORT SMMUv3 disassembling
    (bsc#1085981).

  - acpi/IORT: numa: Add numa node mapping for smmuv3
    devices (bsc#1085981).

  - acpi, numa: fix pxm to online numa node associations
    (bnc#1012382).

  - acpi / PMIC: xpower: Fix power_table addresses
    (bnc#1012382).

  - acpi/processor: Fix error handling in
    __acpi_processor_start() (bnc#1012382).

  - acpi/processor: Replace racy task affinity logic
    (bnc#1012382).

  - agp/intel: Flush all chipset writes after updating the
    GGTT (bnc#1012382).

  - ahci: Add pci-id for the Highpoint Rocketraid 644L card
    (bnc#1012382).

  - alsa: aloop: Fix access to not-yet-ready substream via
    cable (bnc#1012382).

  - alsa: aloop: Sync stale timer before release
    (bnc#1012382).

  - alsa: firewire-digi00x: handle all MIDI messages on
    streaming packets (bnc#1012382).

  - alsa: hda: Add a power_save blacklist (bnc#1012382).

  - alsa: hda: add dock and led support for HP EliteBook 820
    G3 (bnc#1012382).

  - alsa: hda: add dock and led support for HP ProBook 640
    G2 (bnc#1012382).

  - alsa: hda/realtek - Always immediately update mute LED
    with pin VREF (bnc#1012382).

  - alsa: hda/realtek - Fix dock line-out volume on Dell
    Precision 7520 (bnc#1012382).

  - alsa: hda/realtek - Fix speaker no sound after system
    resume (bsc#1031717).

  - alsa: hda - Revert power_save option default value
    (git-fixes).

  - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats()
    (bnc#1012382).

  - alsa: usb-audio: Add a quirck for B&W PX headphones
    (bnc#1012382).

  - alsa: usb-audio: Fix parsing descriptor of UAC2
    processing unit (bnc#1012382).

  - apparmor: Make path_max parameter readonly
    (bnc#1012382).

  - arm64: Add missing Falkor part number for branch
    predictor hardening (bsc#1068032).

  - arm64 / cpuidle: Use new cpuidle macro for entering
    retention state (bsc#1084328).

  - arm64: mm: do not write garbage into TTBR1_EL1 register
    (bsc#1085487).

  - arm: 8668/1: ftrace: Fix dynamic ftrace with
    DEBUG_RODATA and !FRAME_POINTER (bnc#1012382).

  - arm: DRA7: clockdomain: Change the CLKTRCTRL of
    CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382).

  - arm: dts: Adjust moxart IRQ controller and flags
    (bnc#1012382).

  - arm: dts: am335x-pepper: Fix the audio CODEC's reset pin
    (bnc#1012382).

  - arm: dts: exynos: Correct Trats2 panel reset line
    (bnc#1012382).

  - arm: dts: koelsch: Correct clock frequency of X2 DU
    clock input (bnc#1012382).

  - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux
    (bnc#1012382).

  - arm: dts: omap3-n900: Fix the audio CODEC's reset pin
    (bnc#1012382).

  - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks
    (bnc#1012382).

  - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks
    (bnc#1012382).

  - arm: mvebu: Fix broken PL310_ERRATA_753970 selects
    (bnc#1012382).

  - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with
    SSIWSR.CONT (bnc#1012382).

  - ath10k: disallow DFS simulation if DFS channel is not
    enabled (bnc#1012382).

  - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382).

  - ath10k: update tdls teardown state to target
    (bnc#1012382).

  - ath: Fix updating radar flags for coutry code India
    (bnc#1012382).

  - batman-adv: handle race condition for claims between
    gateways (bnc#1012382).

  - bcache: do not attach backing with duplicate UUID
    (bnc#1012382).

  - blkcg: fix double free of new_blkg in blkcg_init_queue
    (bnc#1012382).

  - blk-throttle: make sure expire time isn't too big
    (bnc#1012382).

  - block: do not assign cmd_flags in __blk_rq_prep_clone
    (bsc#1088087).

  - block-mq: stop workqueue items in blk_mq_stop_hw_queue()
    (bsc#1084967).

  - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
    (bnc#1012382).

  - bluetooth: hci_qca: Avoid setup failure on missing
    rampatch (bnc#1012382).

  - bnx2x: Align RX buffers (bnc#1012382).

  - bonding: refine bond_fold_stats() wrap detection
    (bnc#1012382).

  - bpf: fix incorrect sign extension in check_alu_op()
    (bnc#1012382).

  - bpf: skip unnecessary capability check (bnc#1012382).

  - bpf, x64: implement retpoline for tail call
    (bnc#1012382).

  - bpf, x64: increase number of passes (bnc#1012382).

  - braille-console: Fix value returned by
    _braille_console_setup (bnc#1012382).

  - brcmfmac: fix P2P_DEVICE ethernet address generation
    (bnc#1012382).

  - bridge: check brport attr show in brport_show
    (bnc#1012382).

  - btrfs: alloc_chunk: fix DUP stripe size handling
    (bnc#1012382).

  - btrfs: Fix use-after-free when cleaning up fs_devs with
    a single stale device (bnc#1012382).

  - btrfs: improve delayed refs iterations (bsc#1076033).

  - btrfs: incremental send, fix invalid memory access
    (git-fixes).

  - btrfs: preserve i_mode if __btrfs_set_acl() fails
    (bnc#1012382).

  - btrfs: send, fix file hole not being preserved due to
    inline extent (bnc#1012382).

  - can: cc770: Fix queue stall & dropped RTR reply
    (bnc#1012382).

  - can: cc770: Fix stalls on rt-linux, remove redundant IRQ
    ack (bnc#1012382).

  - can: cc770: Fix use after free in cc770_tx_interrupt()
    (bnc#1012382).

  - ceph: only dirty ITER_IOVEC pages for direct read
    (bsc#1084898).

  - clk: bcm2835: Protect sections updating shared registers
    (bnc#1012382).

  - clk: ns2: Correct SDIO bits (bnc#1012382).

  - clk: qcom: msm8916: fix mnd_width for codec_digcodec
    (bnc#1012382).

  - clk: si5351: Rename internal plls to avoid name
    collisions (bnc#1012382).

  - coresight: Fix disabling of CoreSight TPIU
    (bnc#1012382).

  - coresight: Fixes coresight DT parse to get correct
    output port ID (bnc#1012382).

  - cpufreq: Fix governor module removal race (bnc#1012382).

  - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
    (bnc#1012382).

  - cpufreq/sh: Replace racy task affinity logic
    (bnc#1012382).

  - cpuidle: Add new macro to enter a retention idle state
    (bsc#1084328).

  - cros_ec: fix nul-termination for firmware build info
    (bnc#1012382).

  - crypto: cavium - fix memory leak on info (bsc#1086518).

  - dcache: Add cond_resched in shrink_dentry_list
    (bsc#1086194).

  - dccp: check sk for closed state in dccp_sendmsg()
    (bnc#1012382).

  - dmaengine: imx-sdma: add 1ms delay to ensure SDMA
    channel is stopped (bnc#1012382).

  - dmaengine: ti-dma-crossbar: Fix event mapping for
    TPCC_EVT_MUX_60_63 (bnc#1012382).

  - dm: Always copy cmd_flags when cloning a request
    (bsc#1088087).

  - driver: (adm1275) set the m,b and R coefficients
    correctly for power (bnc#1012382).

  - drm: Allow determining if current task is output poll
    worker (bnc#1012382).

  - drm/amdgpu/dce: Do not turn off DP sink when
    disconnected (bnc#1012382).

  - drm/amdgpu: Fail fb creation from imported dma-bufs.
    (v2) (bnc#1012382).

  - drm/amdgpu: Fix deadlock on runtime suspend
    (bnc#1012382).

  - drm/amdgpu: fix KV harvesting (bnc#1012382).

  - drm/amdgpu: Notify sbios device ready before send
    request (bnc#1012382).

  - drm/amdkfd: Fix memory leaks in kfd topology
    (bnc#1012382).

  - drm: Defer disabling the vblank IRQ until the next
    interrupt (for instant-off) (bnc#1012382).

  - drm/edid: set ELD connector type in drm_edid_to_eld()
    (bnc#1012382).

  - drm/i915/cmdparser: Do not check past the cmd length
    (bsc#1031717).

  - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap
    bit (bsc#1031717).

  - drm/msm: fix leak in failed get_pages (bnc#1012382).

  - drm/nouveau: Fix deadlock on runtime suspend
    (bnc#1012382).

  - drm/nouveau/kms: Increase max retries in scanout
    position queries (bnc#1012382).

  - drm/omap: DMM: Check for DMM readiness after successful
    transaction commit (bnc#1012382).

  - drm: qxl: Do not alloc fbdev if emulation is not
    supported (bnc#1012382).

  - drm/radeon: Do not turn off DP sink when disconnected
    (bnc#1012382).

  - drm/radeon: Fail fb creation from imported dma-bufs
    (bnc#1012382).

  - drm/radeon: Fix deadlock on runtime suspend
    (bnc#1012382).

  - drm/radeon: fix KV harvesting (bnc#1012382).

  - drm: udl: Properly check framebuffer mmap offsets
    (bnc#1012382).

  - drm/vmwgfx: Fix a destoy-while-held mutex problem
    (bnc#1012382).

  - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382).

  - e1000e: Avoid missed interrupts following ICR read
    (bsc#1075428).

  - e1000e: Avoid receiver overrun interrupt bursts
    (bsc#1075428).

  - e1000e: Fix check_for_link return value with autoneg off
    (bsc#1075428).

  - e1000e: Fix link check race condition (bsc#1075428).

  - e1000e: Fix queue interrupt re-raising in Other
    interrupt (bsc#1075428).

  - e1000e: fix timing for 82579 Gigabit Ethernet controller
    (bnc#1012382).

  - e1000e: Remove Other from EIAC (bsc#1075428).

  - EDAC, sb_edac: Fix out of bound writes during DIMM
    configuration on KNL (git-fixes 3286d3eb906c).

  - ext4: inplace xattr block update fails to deduplicate
    blocks (bnc#1012382).

  - f2fs: relax node version check for victim data in gc
    (bnc#1012382).

  - fib_semantics: Do not match route with mismatching
    tclassid (bnc#1012382).

  - fixup: sctp: verify size of a new chunk in
    _sctp_make_chunk() (bnc#1012382).

  - fs/aio: Add explicit RCU grace period when freeing
    kioctx (bnc#1012382).

  - fs/aio: Use RCU accessors for kioctx_table->table[]
    (bnc#1012382).

  - fs/hugetlbfs/inode.c: change put_page/unlock_page order
    in hugetlbfs_fallocate() (git-fixes, bsc#1083745).

  - fs: Teach path_connected to handle nfs filesystems with
    multiple roots (bnc#1012382).

  - genirq: Track whether the trigger type has been set
    (git-fixes).

  - genirq: Use irqd_get_trigger_type to compare the trigger
    type for shared IRQs (bnc#1012382).

  - hdlc_ppp: carrier detect ok, do not turn off negotiation
    (bnc#1012382).

  - hid: clamp input to logical range if no null state
    (bnc#1012382).

  - hid: reject input outside logical range only if null
    state is set (bnc#1012382).

  - hugetlbfs: fix offset overflow in hugetlbfs mmap
    (bnc#1084353).

  - hv_balloon: fix bugs in num_pages_onlined accounting
    (fate#323887).

  - hv_balloon: fix printk loglevel (fate#323887).

  - hv_balloon: simplify
    hv_online_page()/hv_page_online_one() (fate#323887).

  - i2c: i2c-scmi: add a MS HID (bnc#1012382).

  - i2c: xlp9xx: Check for Bus state before every transfer
    (bsc#1084310).

  - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310).

  - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN
    properly (bsc#1060799).

  - i2c: xlp9xx: return ENXIO on slave address NACK
    (bsc#1060799).

  - i40e: Acquire NVM lock before reads on all devices
    (bnc#1012382).

  - ia64: fix module loading for gcc-5.4 (bnc#1012382).

  - IB/ipoib: Avoid memory leak if the SA returns a
    different DGID (bnc#1012382).

  - IB/ipoib: Update broadcast object if PKey value was
    changed in index 0 (bnc#1012382).

  - IB/mlx4: Change vma from shared to private
    (bnc#1012382).

  - IB/mlx4: Take write semaphore when changing the vma
    struct (bnc#1012382).

  - ibmvfc: Avoid unnecessary port relogin (bsc#1085404).

  - ibmvnic: Fix reset return from closed state
    (bsc#1084610).

  - ibmvnic: Potential NULL dereference in
    clean_one_tx_pool() (bsc#1085224, git-fixes).

  - ibmvnic: Remove unused TSO resources in TX pool
    structure (bsc#1085224).

  - ibmvnic: Update TX pool cleaning routine (bsc#1085224).

  - IB/umem: Fix use of npages/nmap fields (bnc#1012382).

  - ieee802154: 6lowpan: fix possible NULL deref in
    lowpan_device_event() (bnc#1012382).

  - iio: st_pressure: st_accel: Initialise sensor platform
    data properly (bnc#1012382).

  - iio: st_pressure: st_accel: pass correct platform data
    to init (git-fixes).

  - ima: relax requiring a file signature for new files with
    zero length (bnc#1012382).

  - infiniband/uverbs: Fix integer overflows (bnc#1012382).

  - input: matrix_keypad - fix race when disabling
    interrupts (bnc#1012382).

  - input: qt1070 - add OF device ID table (bnc#1012382).

  - input: tsc2007 - check for presence and power down
    tsc2007 during probe (bnc#1012382).

  - iommu/omap: Register driver before setting IOMMU ops
    (bnc#1012382).

  - iommu/vt-d: clean up pr_irq if request_threaded_irq
    fails (bnc#1012382).

  - ip6_vti: adjust vti mtu according to mtu of lower device
    (bnc#1012382).

  - ipmi: do not probe ACPI devices if si_tryacpi is unset
    (bsc#1060799).

  - ipmi: Fix the I2C address extraction from SPMI tables
    (bsc#1060799).

  - ipmi_ssif: Fix logic around alert handling
    (bsc#1060799).

  - ipmi_ssif: remove redundant null check on array
    client->adapter->name (bsc#1060799).

  - ipmi_ssif: unlock on allocation failure (bsc#1060799).

  - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr
    (bsc#1060799).

  - ipmi: Use the proper default value for register size in
    ACPI (bsc#1060799).

  - ipmi/watchdog: fix wdog hang on panic waiting for ipmi
    response (bnc#1012382).

  - ipv6: fix access to non-linear packet in
    ndisc_fill_redirect_hdr_option() (bnc#1012382).

  - ipv6 sit: work around bogus gcc-8 -Wrestrict warning
    (bnc#1012382).

  - ipvlan: add L2 check for packets arriving via virtual
    devices (bnc#1012382).

  - irqchip/gic-v3-its: Add ACPI NUMA node mapping
    (bsc#1085981).

  - irqchip/gic-v3-its: Allow GIC ITS number more than
    MAX_NUMNODES (bsc#1085981).

  - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
    (bnc#1012382).

  - irqchip/gic-v3-its: Remove ACPICA version check for ACPI
    NUMA (bsc#1085981).

  - kbuild: disable clang's default use of
    -fmerge-all-constants (bnc#1012382).

  - kbuild: Handle builtin dtb file names containing hyphens
    (bnc#1012382).

  - kprobes/x86: Fix kprobe-booster not to boost far call
    instructions (bnc#1012382).

  - kprobes/x86: Fix to set RWX bits correctly before
    releasing trampoline (git-fixes).

  - kprobes/x86: Set kprobes pages read-only (bnc#1012382).

  - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED
    (bsc#1086499).

  - kvm: arm/arm64: vgic: Add missing irq_lock to
    vgic_mmio_read_pending (bsc#1086499).

  - kvm: arm/arm64: vgic: Do not populate multiple LRs with
    the same vintid (bsc#1086499).

  - kvm: arm/arm64: vgic-its: Check result of allocation
    before use (bsc#).

  - kvm: arm/arm64: vgic-its: Preserve the revious read from
    the pending table (bsc#1086499).

  - kvm: arm/arm64: vgic-v3: Tighten synchronization for
    guests using v2 on v3 (bsc#1086499).

  - kvm: mmu: Fix overlap between public and private
    memslots (bnc#1012382).

  - kvm: nVMX: fix nested tsc scaling (bsc1087999).

  - kvm: PPC: Book3S PR: Exit KVM on failed mapping
    (bnc#1012382).

  - kvm/x86: fix icebp instruction handling (bnc#1012382).

  - l2tp: do not accept arbitrary sockets (bnc#1012382).

  - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB
    SSDs (bnc#1012382).

  - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
    (bnc#1012382).

  - libata: disable LPM for Crucial BX100 SSD 500GB drive
    (bnc#1012382).

  - libata: Enable queued TRIM for Samsung SSD 860
    (bnc#1012382).

  - libata: fix length validation of ATAPI-relayed SCSI
    commands (bnc#1012382).

  - libata: Make Crucial BX100 500GB LPM quirk apply to all
    firmware versions (bnc#1012382).

  - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk
    to MU01 version (bnc#1012382).

  - libata: remove WARN() for DMA or PIO command without
    data (bnc#1012382).

  - lock_parent() needs to recheck if dentry got
    __dentry_kill'ed under it (bnc#1012382).

  - loop: Fix lost writes caused by missing flag
    (bnc#1012382).

  - lpfc: update version to 11.4.0.7-1 (bsc#1085383).

  - mac80211: do not parse encrypted management frames in
    ieee80211_frame_acked (bnc#1012382).

  - mac80211: do not WARN on bad WMM parameters from buggy
    APs (bsc#1031717).

  - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after
    PS_ENABLED (bnc#1012382).

  - mac80211: remove BUG() when interface type is invalid
    (bnc#1012382).

  - md-cluster: fix wrong condition check in
    raid1_write_request (bsc#1085402).

  - md/raid10: skip spare disk as 'first' disk
    (bnc#1012382).

  - md/raid10: wait up frozen array in
    handle_write_completed (bnc#1012382).

  - md/raid6: Fix anomily when recovering a single device in
    RAID6 (bnc#1012382).

  - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717).

  - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382).

  - media: c8sectpfe: fix potential NULL pointer dereference
    in c8sectpfe_timer_interrupt (bnc#1012382).

  - media: cpia2: Fix a couple off by one bugs
    (bnc#1012382).

  - media: cx25821: prevent out-of-bounds read on array card
    (bsc#1031717).

  - media/dvb-core: Race condition when writing to CAM
    (bnc#1012382).

  - media: i2c/soc_camera: fix ov6650 sensor getting wrong
    clock (bnc#1012382).

  - media: m88ds3103: do not call a non-initalized function
    (bnc#1012382).

  - media: [RESEND] media: dvb-frontends: Add delay to
    Si2168 restart (bnc#1012382).

  - media: s3c-camif: fix out-of-bounds array access
    (bsc#1031717).

  - mfd: palmas: Reset the POWERHOLD mux during power off
    (bnc#1012382).

  - mmc: avoid removing non-removable hosts during suspend
    (bnc#1012382).

  - mmc: dw_mmc: fix falling from idmac to PIO mode when
    dw_mci_reset occurs (bnc#1012382).

  - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
    (bnc#1012382).

  - mm: Fix false-positive VM_BUG_ON() in
    page_cache_(get,add)_speculative() (bnc#1012382).

  - mm/hugetlb.c: do not call region_abort if region_chg
    fails (bnc#1084353).

  - mm/vmalloc: add interfaces to free unmapped page table
    (bnc#1012382).

  - mpls, nospec: Sanitize array index in mpls_label_ok()
    (bnc#1012382).

  - mt7601u: check return value of alloc_skb (bnc#1012382).

  - mtd: nand: fix interpretation of NAND_CMD_NONE in
    nand_command[_lp]() (bnc#1012382).

  - mtd: nand: fsl_ifc: Fix nand waitfunc return value
    (bnc#1012382).

  - mtip32xx: use runtime tag to initialize command header
    (bnc#1012382).

  - net/8021q: create device with all possible features in
    wanted_features (bnc#1012382).

  - net: ethernet: arc: Fix a potential memory leak if an
    optional regulator is deferred (bnc#1012382).

  - net: ethernet: ti: cpsw: add check for in-band mode
    setting with RGMII PHY interface (bnc#1012382).

  - net/faraday: Add missing include of of.h (bnc#1012382).

  - net: fec: Fix unbalanced PM runtime calls (bnc#1012382).

  - netfilter: add back stackpointer size checks
    (bnc#1012382).

  - netfilter: bridge: ebt_among: add missing match size
    checks (bnc#1012382).

  - netfilter: IDLETIMER: be syzkaller friendly
    (bnc#1012382).

  - netfilter: ipv6: fix use-after-free Write in
    nf_nat_ipv6_manip_pkt (bnc#1012382).

  - netfilter: nat: cope with negative port range
    (bnc#1012382).

  - netfilter: use skb_to_full_sk in ip_route_me_harder
    (bnc#1012382).

  - netfilter: x_tables: fix missing timer initialization in
    xt_LED (bnc#1012382).

  - netfilter: xt_CT: fix refcnt leak on error path
    (bnc#1012382).

  - net: Fix hlist corruptions in inet_evict_bucket()
    (bnc#1012382).

  - net: fix race on decreasing number of TX queues
    (bnc#1012382).

  - net: ipv4: avoid unused variable warning for sysctl
    (git-fixes).

  - net: ipv4: do not allow setting net.ipv4.route.min_pmtu
    below 68 (bnc#1012382).

  - net: ipv6: send unsolicited NA after DAD (git-fixes).

  - net: ipv6: send unsolicited NA on admin up
    (bnc#1012382).

  - net/iucv: Free memory obtained by kzalloc (bnc#1012382).

  - netlink: avoid a double skb free in genlmsg_mcast()
    (bnc#1012382).

  - netlink: ensure to loop over all netns in
    genlmsg_multicast_allns() (bnc#1012382).

  - net: mpls: Pull common label check into helper
    (bnc#1012382).

  - net: Only honor ifindex in IP_PKTINFO if non-0
    (bnc#1012382).

  - net: systemport: Rewrite __bcm_sysport_tx_reclaim()
    (bnc#1012382).

  - net: xfrm: allow clearing socket xfrm policies
    (bnc#1012382).

  - nfc: nfcmrvl: double free on error path (bnc#1012382).

  - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h
    (bnc#1012382).

  - nfsd4: permit layoutget of executable-only files
    (bnc#1012382).

  - nfs: Fix an incorrect type in struct nfs_direct_req
    (bnc#1012382).

  - nospec: Allow index argument to have const-qualified
    type (bnc#1012382).

  - nospec: Include <asm/barrier.h> dependency
    (bnc#1012382).

  - nvme: do not send keep-alive frames during reset
    (bsc#1084223).

  - nvme: do not send keep-alives to the discovery
    controller (bsc#1086607).

  - nvme: expand nvmf_check_if_ready checks (bsc#1085058).

  - nvme/rdma: do no start error recovery twice
    (bsc#1084967).

  - nvmet_fc: prevent new io rqsts in possible isr
    completions (bsc#1083574).

  - of: fix of_device_get_modalias returned length when
    truncating buffers (bnc#1012382).

  - openvswitch: Delete conntrack entry clashing with an
    expectation (bnc#1012382).

  - Partial revert 'e1000e: Avoid receiver overrun interrupt
    bursts' (bsc#1075428).

  - pci: Add function 1 DMA alias quirk for Highpoint
    RocketRAID 644L (bnc#1012382).

  - pci: Add pci_reset_function_locked() (bsc#1084889).

  - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx
    devices (bsc#1084914).

  - pci: Avoid FLR for Intel 82579 NICs (bsc#1084889).

  - pci: Avoid slot reset if bridge itself is broken
    (bsc#1084918).

  - pci: Export pcie_flr() (bsc#1084889).

  - pci: hv: Fix 2 hang issues in hv_compose_msi_msg()
    (fate#323887, bsc#1087659, bsc#1087906).

  - pci: hv: Fix a comment typo in
    _hv_pcifront_read_config() (fate#323887, bsc#1087659).

  - pci: hv: Only queue new work items in
    hv_pci_devices_present() if necessary (fate#323887,
    bsc#1087659).

  - pci: hv: Remove the bogus test in hv_eject_device_work()
    (fate#323887, bsc#1087659).

  - pci: hv: Serialize the present and eject work items
    (fate#323887, bsc#1087659).

  - pci: Mark Haswell Power Control Unit as having
    non-compliant BARs (bsc#1086015).

  - pci/MSI: Stop disabling MSI/MSI-X in
    pci_device_shutdown() (bnc#1012382).

  - pci: Probe for device reset support during enumeration
    (bsc#1084889).

  - pci: Protect pci_error_handlers->reset_notify() usage
    with device_lock() (bsc#1084889).

  - pci: Protect restore with device lock to be consistent
    (bsc#1084889).

  - pci: Remove __pci_dev_reset() and pci_dev_reset()
    (bsc#1084889).

  - pci: Remove redundant probes for device reset support
    (bsc#1084889).

  - pci: Wait for up to 1000ms after FLR reset
    (bsc#1084889).

  - perf inject: Copy events when reordering events in pipe
    mode (bnc#1012382).

  - perf probe: Return errno when not hitting any event
    (bnc#1012382).

  - perf session: Do not rely on evlist in pipe mode
    (bnc#1012382).

  - perf sort: Fix segfault with basic block 'cycles' sort
    dimension (bnc#1012382).

  - perf tests kmod-path: Do not fail if compressed modules
    are not supported (bnc#1012382).

  - perf tools: Make perf_event__synthesize_mmap_events()
    scale (bnc#1012382).

  - perf/x86/intel: Do not accidentally clear high bits in
    bdw_limit_period() (bnc#1012382).

  - perf/x86/intel/uncore: Fix multi-domain pci CHA
    enumeration bug on Skylake servers (bsc#1086357).

  - pinctrl: Really force states during suspend/resume
    (bnc#1012382).

  - platform/chrome: Use proper protocol transfer function
    (bnc#1012382).

  - platform/x86: asus-nb-wmi: Add wapf4 quirk for the
    X302UA (bnc#1012382).

  - posix-timers: Protect posix clock array access against
    speculation (bnc#1081358).

  - power: supply: pda_power: move from timer to
    delayed_work (bnc#1012382).

  - ppp: prevent unregistered channels from connecting to
    PPP units (bnc#1012382).

  - pty: cancel pty slave port buf's work in tty_release
    (bnc#1012382).

  - pwm: tegra: Increase precision in PWM rate calculation
    (bnc#1012382).

  - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695
    FATE#321703 bsc#1019699 FATE#321702 bsc#1022604
    FATE#321747).

  - qed: Use after free in qed_rdma_free() (bsc#1019695
    FATE#321703 bsc#1019699 FATE#321702 bsc#1022604
    FATE#321747).

  - qeth: repair SBAL elements calculation (bnc#1085507,
    LTC#165484).

  - qlcnic: fix unchecked return value (bnc#1012382).

  - rcutorture/configinit: Fix build directory error message
    (bnc#1012382).

  - rdma/cma: Use correct size when writing netlink stats
    (bnc#1012382).

  - rdma/core: do not use invalid destination in determining
    port reuse (fate#321231 fate#321473 fate#322153
    fate#322149).

  - rdma/iwpm: Fix uninitialized error code in
    iwpm_send_mapinfo() (bnc#1012382).

  - rdma/mlx5: Fix integer overflow while resizing CQ
    (bnc#1012382).

  - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS
    (bnc#1012382).

  - rdma/ucma: Check that user does not overflow QP state
    (bnc#1012382).

  - rdma/ucma: Fix access to non-initialized CM_ID object
    (bnc#1012382).

  - rdma/ucma: Limit possible option size (bnc#1012382).

  - regmap: Do not use format_val in regmap_bulk_read
    (bsc#1031717).

  - regmap: Fix reversed bounds check in regmap_raw_write()
    (bsc#1031717).

  - regmap: Format data for raw write in regmap_bulk_write
    (bsc#1031717).

  - regmap-i2c: Off by one in
    regmap_i2c_smbus_i2c_read/write() (bsc#1031717).

  - regulator: anatop: set default voltage selector for pcie
    (bnc#1012382).

  - reiserfs: Make cancel_old_flush() reliable
    (bnc#1012382).

  - Revert 'ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux'
    (bnc#1012382).

  - Revert 'e1000e: Separate signaling for link check/link
    up' (bsc#1075428).

  - Revert 'genirq: Use irqd_get_trigger_type to compare the
    trigger type for shared IRQs' (bnc#1012382).

  - Revert 'ipvlan: add L2 check for packets arriving via
    virtual devices' (reverted in upstream).

  - Revert 'led: core: Fix brightness setting when setting
    delay_off=0' (bnc#1012382).

  - rndis_wlan: add return value validation (bnc#1012382).

  - rtc: cmos: Do not assume irq 8 for rtc when there are no
    legacy irqs (bnc#1012382).

  - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382).

  - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled
    (bnc#1012382).

  - s390/mm: fix local TLB flushing vs. detach of an mm
    address space (bnc#1088324, LTC#166470).

  - s390/mm: fix race on mm->context.flush_mm (bnc#1088324,
    LTC#166470).

  - s390/mm: no local TLB flush for clearing-by-ASCE IDTE
    (bnc#1088324, LTC#166470).

  - s390/qeth: apply takeover changes when mode is toggled
    (bnc#1085507, LTC#165490).

  - s390/qeth: do not apply takeover changes to RXIP
    (bnc#1085507, LTC#165490).

  - s390/qeth: fix double-free on IP add/remove race
    (bnc#1085507, LTC#165491).

  - s390/qeth: fix IPA command submission race
    (bnc#1012382).

  - s390/qeth: fix IP address lookup for L3 devices
    (bnc#1085507, LTC#165491).

  - s390/qeth: fix IP removal on offline cards (bnc#1085507,
    LTC#165491).

  - s390/qeth: fix SETIP command handling (bnc#1012382).

  - s390/qeth: free netdevice when removing a card
    (bnc#1012382).

  - s390/qeth: improve error reporting on IP add/removal
    (bnc#1085507, LTC#165491).

  - s390/qeth: lock IP table while applying takeover changes
    (bnc#1085507, LTC#165490).

  - s390/qeth: lock read device while queueing next buffer
    (bnc#1012382).

  - s390/qeth: on channel error, reject further cmd requests
    (bnc#1012382).

  - s390/qeth: update takeover IPs after configuration
    change (bnc#1085507, LTC#165490).

  - s390/qeth: when thread completes, wake up all waiters
    (bnc#1012382).

  - sched: act_csum: do not mangle TCP and UDP GSO packets
    (bnc#1012382).

  - sched: Stop resched_cpu() from sending IPIs to offline
    CPUs (bnc#1012382).

  - sched: Stop switched_to_rt() from sending IPIs to
    offline CPUs (bnc#1012382).

  - scsi: core: scsi_get_device_flags_keyed(): Always return
    device flags (bnc#1012382).

  - scsi: devinfo: apply to HP XP the same flags as Hitachi
    VSP (bnc#1012382).

  - scsi: dh: add new rdac devices (bnc#1012382).

  - scsi: lpfc: Add missing unlock in WQ full logic
    (bsc#1085383).

  - scsi: lpfc: Code cleanup for 128byte wqe data type
    (bsc#1085383).

  - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command
    (bsc#1085383).

  - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383).

  - scsi: lpfc: Fix SCSI lun discovery when port configured
    for both SCSI and NVME (bsc#1085383).

  - scsi: lpfc: Memory allocation error during driver
    start-up on power8 (bsc#1085383).

  - scsi: mac_esp: Replace bogus memory barrier with
    spinlock (bnc#1012382).

  - scsi: sg: check for valid direction before starting the
    request (bnc#1012382).

  - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382).

  - scsi: sg: fix static checker warning in
    sg_is_valid_dxfer (bnc#1012382).

  - scsi: sg: only check for dxfer_len greater than 256M
    (bnc#1012382 bsc#1064206).

  - scsi: virtio_scsi: always read VPD pages for multiqueue
    too (git-fixes).

  - scsi: virtio_scsi: Always try to read VPD pages
    (bnc#1012382).

  - sctp: fix dst refcnt leak in sctp_v4_get_dst
    (bnc#1012382).

  - sctp: fix dst refcnt leak in sctp_v6_get_dst()
    (bnc#1012382).

  - sctp: verify size of a new chunk in _sctp_make_chunk()
    (bnc#1012382).

  - selftests/x86: Add tests for the STR and SLDT
    instructions (bnc#1012382).

  - selftests/x86: Add tests for User-Mode Instruction
    Prevention (bnc#1012382).

  - selftests/x86/entry_from_vm86: Add test cases for POPF
    (bnc#1012382).

  - selftests/x86/entry_from_vm86: Exit with 1 if we fail
    (bnc#1012382).

  - selinux: check for address length in
    selinux_socket_bind() (bnc#1012382).

  - serial: 8250_pci: Add Brainboxes UC-260 4 port serial
    device (bnc#1012382).

  - serial: sh-sci: prevent lockup on full TTY buffers
    (bnc#1012382).

  - skbuff: Fix not waking applications when errors are
    enqueued (bnc#1012382).

  - sm501fb: do not return zero on failure path in
    sm501fb_start() (bnc#1012382).

  - solo6x10: release vb2 buffers in solo_stop_streaming()
    (bnc#1012382).

  - spi: dw: Disable clock after unregistering the host
    (bnc#1012382).

  - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO
    transfer (bnc#1012382).

  - spi: sun6i: disable/unprepare clocks on remove
    (bnc#1012382).

  - staging: android: ashmem: Fix lockdep issue during
    llseek (bnc#1012382).

  - staging: android: ashmem: Fix possible deadlock in
    ashmem_ioctl (bnc#1012382).

  - staging: comedi: fix comedi_nsamples_left (bnc#1012382).

  - staging: lustre: ptlrpc: kfree used instead of kvfree
    (bnc#1012382).

  - staging: ncpfs: memory corruption in ncp_read_kernel()
    (bnc#1012382).

  - staging: speakup: Replace BUG_ON() with WARN_ON()
    (bnc#1012382).

  - staging: unisys: visorhba: fix s-Par to boot with option
    CONFIG_VMAP_STACK set to y (bnc#1012382).

  - staging: wilc1000: add check for kmalloc allocation
    failure (bnc#1012382).

  - staging: wilc1000: fix unchecked return value
    (bnc#1012382).

  - Subject: af_iucv: enable control sends in case of
    SEND_SHUTDOWN (bnc#1085507, LTC#165135).

  - sysrq: Reset the watchdog timers while displaying
    high-resolution timers (bnc#1012382).

  - tcm_fileio: Prevent information leak for short reads
    (bnc#1012382).

  - tcp: remove poll() flakes with FastOpen (bnc#1012382).

  - tcp: sysctl: Fix a race to avoid unexpected 0 window
    from space (bnc#1012382).

  - team: Fix double free in error path (bnc#1012382).

  - test_firmware: fix setting old custom fw path back on
    exit (bnc#1012382).

  - time: Change posix clocks ops interfaces to use
    timespec64 (bnc#1012382).

  - timers, sched_clock: Update timeout for clock wrap
    (bnc#1012382).

  - tools/usbip: fixes build with musl libc toolchain
    (bnc#1012382).

  - tpm_i2c_infineon: fix potential buffer overruns caused
    by bit glitches on the bus (bnc#1012382).

  - tpm_i2c_nuvoton: fix potential buffer overruns caused by
    bit glitches on the bus (bnc#1012382).

  - tpm: st33zp24: fix potential buffer overruns caused by
    bit glitches on the bus (bnc#1012382).

  - tpm/tpm_crb: Use start method value from ACPI table
    directly (bsc#1084452).

  - tracing: probeevent: Fix to support minus offset from
    symbol (bnc#1012382).

  - tty/serial: atmel: add new version check for usart
    (bnc#1012382).

  - tty: vt: fix up tabstops properly (bnc#1012382).

  - uas: fix comparison for error code (bnc#1012382).

  - ubi: Fix race condition between ubi volume creation and
    udev (bnc#1012382).

  - udplite: fix partial checksum initialization
    (bnc#1012382).

  - usb: Do not print a warning if interface driver rebind
    is deferred at resume (bsc#1087211).

  - usb: dwc2: Make sure we disconnect the gadget state
    (bnc#1012382).

  - usb: gadget: bdc: 64-bit pointer capability check
    (bnc#1012382).

  - usb: gadget: dummy_hcd: Fix wrong power status bit
    clear/reset in dummy_hub_control() (bnc#1012382).

  - usb: gadget: f_fs: Fix use-after-free in
    ffs_fs_kill_sb() (bnc#1012382).

  - usb: gadget: udc: Add missing platform_device_put() on
    error in bdc_pci_probe() (bnc#1012382).

  - usb: quirks: add control message delay for 1b1c:1b20
    (bnc#1012382).

  - usb: storage: Add JMicron bridge 152d:2567 to
    unusual_devs.h (bnc#1012382).

  - usb: usbmon: Read text within supplied buffer size
    (bnc#1012382).

  - usb: usbmon: remove assignment from IS_ERR argument
    (bnc#1012382).

  - veth: set peer GSO values (bnc#1012382).

  - vgacon: Set VGA struct resource types (bnc#1012382).

  - video: ARM CLCD: fix dma allocation size (bnc#1012382).

  - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382).

  - video/hdmi: Allow 'empty' HDMI infoframes (bnc#1012382).

  - vxlan: vxlan dev should inherit lowerdev's gso_max_size
    (bnc#1012382).

  - wan: pc300too: abort path on failure (bnc#1012382).

  - watchdog: hpwdt: Check source of NMI (bnc#1012382).

  - watchdog: hpwdt: fix unused variable warning
    (bnc#1012382).

  - watchdog: hpwdt: SMBIOS check (bnc#1012382).

  - wil6210: fix memory access violation in
    wil_memcpy_from/toio_32 (bnc#1012382).

  - workqueue: Allow retrieval of current task's work struct
    (bnc#1012382).

  - x86/apic/vector: Handle legacy irq data correctly
    (bnc#1012382).

  - x86/boot/64: Verify alignment of the LOAD segment
    (bnc#1012382).

  - x86/build/64: Force the linker to use 2MB page size
    (bnc#1012382).

  - x86/entry/64: Do not use IST entry for #BP stack
    (bsc#1087088).

  - x86: i8259: export legacy_pic symbol (bnc#1012382).

  - x86/kaiser: Duplicate cpu_tss for an entry trampoline
    usage (bsc#1077560 bsc#1083836).

  - x86/kaiser: enforce trampoline stack alignment
    (bsc#1087260).

  - x86/kaiser: Remove a user mapping of cpu_tss structure
    (bsc#1077560 bsc#1083836).

  - x86/kaiser: Use a per-CPU trampoline stack for kernel
    entry (bsc#1077560).

  - x86/MCE: Serialize sysfs changes (bnc#1012382).

  - x86/mm: Fix vmalloc_fault to use pXd_large
    (bnc#1012382).

  - x86/mm: implement free pmd/pte page interfaces
    (bnc#1012382).

  - x86/module: Detect and skip invalid relocations
    (bnc#1012382).

  - x86/speculation: Remove Skylake C2 from Speculation
    Control microcode blacklist (bsc#1087845).

  - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
    (bnc#1012382).

  - x86/vm86/32: Fix POPF emulation (bnc#1012382).

  - xen-blkfront: fix mq start/stop race (bsc#1085042).

  - xen-netback: use skb to determine number of required
    guest Rx requests (bsc#1046610)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046610"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060799"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068032"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1073059"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1073069"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076033"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1077560"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081358"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083836"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084310"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084328"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084610"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084829"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084914"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084918"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084967"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085042"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085402"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085487"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085507"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085981"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086015"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086194"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086357"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086499"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086518"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086607"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087088"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087231"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087260"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087659"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088087"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088324"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.126-48.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-debug-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-debug-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-default-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-default-debuginfo-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-vanilla-4.4.126-48.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-vanilla-debuginfo-4.4.126-48.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
}