Search...

Virtuozzo 7 : readykernel-patch (VZA-2018-036)

2018-05-31T00:00:00

ID VIRTUOZZO_VZA-2018-036.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2018-05-31T00:00:00

Description

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :

It was found that _sctp_make_chunk() function did not check if the chunk length for INIT and INIT_ACK packets was within the allowed limits. A local attacker could exploit this to trigger a kernel crash.

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(110233);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id(
    "CVE-2018-5803"
  );

  script_name(english:"Virtuozzo 7 : readykernel-patch (VZA-2018-036)");
  script_summary(english:"Checks the readykernel output for the updated patch.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Virtuozzo host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerability :

  - It was found that _sctp_make_chunk() function did not
    check if the chunk length for INIT and INIT_ACK packets
    was within the allowed limits. A local attacker could
    exploit this to trigger a kernel crash.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://help.virtuozzo.com/customer/portal/articles/2941802");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-5803");
  # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-52.0-2.vl7/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b4db7cb");
  # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-52.0-2.vl7/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0a9c5d7d");
  # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-52.0-2.vl7/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?edba2ede");
  script_set_attribute(attribute:"solution", value:"Update the readykernel patch.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:readykernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Virtuozzo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list", "Host/readykernel-info");

  exit(0);
}

include("global_settings.inc");
include("readykernel.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/Virtuozzo/release");
if (isnull(release) || "Virtuozzo" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Virtuozzo");
os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver);

if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);

rk_info = get_kb_item("Host/readykernel-info");
if (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");

checks = make_list2(
  make_array(
    "kernel","vzkernel-3.10.0-693.11.6.vz7.40.4",
    "patch","readykernel-patch-40.4-52.0-2.vl7"
  ),
  make_array(
    "kernel","vzkernel-3.10.0-693.17.1.vz7.43.10",
    "patch","readykernel-patch-43.10-52.0-2.vl7"
  ),
  make_array(
    "kernel","vzkernel-3.10.0-693.21.1.vz7.46.7",
    "patch","readykernel-patch-46.7-52.0-2.vl7"
  )
);
readykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:"Virtuozzo-7");

JSON Vulners Source

Initial Source

{"id": "VIRTUOZZO_VZA-2018-036.NASL", "bulletinFamily": "scanner", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-036)", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2018-05-31T00:00:00", "modified": "2018-05-31T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/110233", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0a9c5d7d", "http://www.nessus.org/u?2b4db7cb", "http://www.nessus.org/u?edba2ede", "https://help.virtuozzo.com/customer/portal/articles/2941802", "https://access.redhat.com/security/cve/cve-2018-5803"], "cvelist": ["CVE-2018-5803"], "type": "nessus", "lastseen": "2021-01-06T09:13:36", "edition": 28, "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5803"]}, {"type": "f5", "idList": ["F5:K04337527"]}, {"type": "virtuozzo", "idList": ["VZA-2018-036", "VZA-2018-040", "VZA-2018-035", "VZA-2018-041", "VZA-2018-038"]}, {"type": "zdt", "idList": ["1337DAY-ID-29921"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2019-0641.NASL", "UBUNTU_USN-3697-2.NASL", "UBUNTU_USN-3697-1.NASL", "VIRTUOZZO_VZA-2018-038.NASL", "EULEROS_SA-2018-1260.NASL", "FEDORA_2018-2BCE10900E.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ALA_ALAS-2018-993.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "VIRTUOZZO_VZA-2018-035.NASL"]}, {"type": "amazon", "idList": ["ALAS-2018-993"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851762", "OPENVAS:1361412562310843531", "OPENVAS:1361412562310843535", "OPENVAS:1361412562310843530", "OPENVAS:1361412562310843574", "OPENVAS:1361412562310843572", "OPENVAS:1361412562311220181432", "OPENVAS:1361412562310874196", "OPENVAS:1361412562311220181260", "OPENVAS:1361412562310843573"]}, {"type": "fedora", "idList": ["FEDORA:AB52460321C9", "FEDORA:74245604D4DA", "FEDORA:AAF2F60D7C3E"]}, {"type": "redhat", "idList": ["RHSA-2019:0641", "RHSA-2018:3096", "RHSA-2018:3083", "RHSA-2018:1854"]}, {"type": "ubuntu", "idList": ["USN-3697-2", "USN-3697-1", "USN-3656-1", "USN-3698-2", "USN-3654-1", "USN-3654-2", "USN-3698-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3083", "ELSA-2018-4164", "ELSA-2018-1854", "ELSA-2018-4161"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2119-1", "OPENSUSE-SU-2018:1418-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C3D94F66B833B0AB95D359CF97DF9AA9"]}, {"type": "centos", "idList": ["CESA-2018:3083", "CESA-2018:1854"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DLA-1369-1:33F82"]}], "modified": "2021-01-06T09:13:36", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-06T09:13:36", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110233);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-5803\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-036)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2941802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b4db7cb\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a9c5d7d\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?edba2ede\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.11.6.vz7.40.4\",\n \"patch\",\"readykernel-patch-40.4-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.17.1.vz7.43.10\",\n \"patch\",\"readykernel-patch-43.10-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-52.0-2.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "naslFamily": "Virtuozzo Local Security Checks", "pluginID": "110233", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "scheme": null, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}

{"cve": [{"lastseen": "2021-02-02T06:52:40", "description": "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.", "edition": 17, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-12T16:29:00", "title": "CVE-2018-5803", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5803"], "modified": "2019-03-27T16:17:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:redhat:virtualization_host:4.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-5803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5803", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:57", "bulletinFamily": "software", "cvelist": ["CVE-2018-5803"], "description": "\nF5 Product Development has assigned CPF-24933 and CPF-24934 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | None | Not applicable | Not vulnerable | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | None \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-07-13T18:34:00", "published": "2018-07-13T18:34:00", "id": "F5:K04337527", "href": "https://support.f5.com/csp/article/K04337527", "title": "Linux kernel vulnerability CVE-2018-5803", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5803"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo 7.0 kernels 3.10.0-693.11.6.vz7.40.4 (7.0.6 HF3), 3.10.0-693.17.1.vz7.43.10 (7.0.7), 3.10.0-693.21.1.vz7.46.7 (7.0.7 HF2).\n**Vulnerability id:** CVE-2018-5803\nIt was found that _sctp_make_chunk() function did not check if the chunk length for INIT and INIT_ACK packets was within the allowed limits. A local attacker could exploit this to trigger a kernel crash.\n\n", "edition": 1, "modified": "2018-05-30T00:00:00", "published": "2018-05-30T00:00:00", "id": "VZA-2018-036", "href": "https://help.virtuozzo.com/customer/portal/articles/2941802", "title": "Kernel security update: CVE-2018-5803; Virtuozzo ReadyKernel patch 52.0 for Virtuozzo 7.0.6 HF3, 7.0.7, and 7.0.7 HF2", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-05T11:27:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5803"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to Virtuozzo 7.0 kernels 3.10.0-327.42.0.vz7.20.18 (7.0.3), 3.10.0-514.16.1.vz7.30.10 (7.0.4), 3.10.0-514.16.1.vz7.30.15 (7.0.4 HF3), 3.10.0-514.26.1.vz7.33.22 (7.0.5), and 3.10.0-693.1.1.vz7.37.30 (7.0.6).\n**Vulnerability id:** CVE-2018-5803\nIt was found that _sctp_make_chunk() function did not check if the chunk length for INIT and INIT_ACK packets was within the allowed limits. A local attacker could exploit this to trigger a kernel crash.\n\n", "edition": 1, "modified": "2018-05-30T00:00:00", "published": "2018-05-30T00:00:00", "id": "VZA-2018-035", "href": "https://help.virtuozzo.com/customer/portal/articles/2941801", "title": "Kernel security update: CVE-2018-5803; Virtuozzo ReadyKernel patch 52.0 for Virtuozzo 7.0.3, 7.0.4, 7.0.4 HF3, 7.0.5, and 7.0.6", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-05T11:28:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17450", "CVE-2017-17448", "CVE-2018-1130", "CVE-2017-17449", "CVE-2017-17807", "CVE-2018-5803"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the Virtuozzo 7.0 kernel 3.10.0-693.21.1.vz7.48.2 (7.0.7 HF3).\n**Vulnerability id:** CVE-2018-1130\nLinux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.\n\n**Vulnerability id:** CVE-2018-5803\nIt was found that _sctp_make_chunk() function did not check if the chunk length for INIT and INIT_ACK packets was within the allowed limits. A local attacker could exploit this to trigger a kernel crash.\n\n**Vulnerability id:** CVE-2017-17448\nIt was discovered that nfnl_cthelper_list structure was accessible to any user with CAP_NET_ADMIN capability in a network namespace. An unprivileged local user could exploit that to affect netfilter conntrack helpers on the host.\n\n**Vulnerability id:** CVE-2017-17449\nIt was discovered that a nlmon link inside a child network namespace was not restricted to that namespace. An unprivileged local user could exploit that to monitor system-wide netlink activity.\n\n**Vulnerability id:** CVE-2017-17807\nThe KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it.\n\n**Vulnerability id:** CVE-2017-17450\nnet/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. This allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all network namespaces.\n\n", "edition": 1, "modified": "2018-06-01T00:00:00", "published": "2018-06-01T00:00:00", "id": "VZA-2018-038", "href": "https://help.virtuozzo.com/customer/portal/articles/2942008", "title": "Kernel security update: CVE-2018-1130 and other; Virtuozzo ReadyKernel patch 52.0 for Virtuozzo 7.0.7 HF3", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-05T11:28:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-18203", "CVE-2017-2671", "CVE-2018-7757", "CVE-2018-10675", "CVE-2015-8830", "CVE-2012-6701", "CVE-2016-6786", "CVE-2018-5803", "CVE-2017-12190"], "description": "This update provides a new kernel 2.6.32-042stab131.1 for Virtuozzo 6.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-10675\nThe do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.\n\n**Vulnerability id:** CVE-2012-6701\nIt was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.\n\n**Vulnerability id:** CVE-2015-8830\nInteger overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.\n\n**Vulnerability id:** CVE-2016-8650\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.\n\n**Vulnerability id:** CVE-2017-2671\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n\n**Vulnerability id:** CVE-2017-6001\nIt was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.\n\n**Vulnerability id:** CVE-2017-7616\nIncorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.\n\n**Vulnerability id:** CVE-2017-7889\nThe mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.\n\n**Vulnerability id:** CVE-2017-12190\nIt was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n\n**Vulnerability id:** CVE-2017-18203\nThe Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.\n\n**Vulnerability id:** CVE-2018-5803\nAn error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n\n**Vulnerability id:** CVE-2018-7757\nMemory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.\n\n", "edition": 1, "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "VZA-2018-041", "href": "https://help.virtuozzo.com/customer/portal/articles/2945474", "title": "Important kernel security update: CVE-2018-10675 and other issues; new kernel 2.6.32-042stab131.1; Virtuozzo 6.0 Update 12 Hotfix 28 (6.0.12-3709)", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:27:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-18203", "CVE-2017-2671", "CVE-2018-7757", "CVE-2018-10675", "CVE-2015-8830", "CVE-2012-6701", "CVE-2016-6786", "CVE-2018-5803", "CVE-2017-12190"], "description": "This update provides a new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-10675\nThe do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.\n\n**Vulnerability id:** CVE-2012-6701\nIt was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.\n\n**Vulnerability id:** CVE-2015-8830\nInteger overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.\n\n**Vulnerability id:** CVE-2016-8650\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.\n\n**Vulnerability id:** CVE-2017-2671\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n\n**Vulnerability id:** CVE-2017-6001\nIt was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.\n\n**Vulnerability id:** CVE-2017-7616\nIncorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.\n\n**Vulnerability id:** CVE-2017-7889\nThe mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.\n\n**Vulnerability id:** CVE-2017-12190\nIt was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n\n**Vulnerability id:** CVE-2017-18203\nThe Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.\n\n**Vulnerability id:** CVE-2018-5803\nAn error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n\n**Vulnerability id:** CVE-2018-7757\nMemory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.\n\n", "edition": 1, "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "VZA-2018-040", "href": "https://help.virtuozzo.com/customer/portal/articles/2945473", "title": "Important kernel security update: CVE-2018-10675 and other issues; new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:13:36", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 28, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-05-31T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-035)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5803"], "modified": "2018-05-31T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2018-035.NASL", "href": "https://www.tenable.com/plugins/nessus/110232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110232);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-5803\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-035)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2941801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8a47bcc\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?582a2cb7\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d19de5d\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82bd7955\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fecc47bd\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.42.0.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-52.0-2.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.1.1.vz7.37.30\",\n \"patch\",\"readykernel-patch-37.30-52.0-2.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T01:22:11", "description": "Missing length check of payload in\nnet/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of\nservice :\n\nAn error in the '_sctp_make_chunk()' function\n(net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be\nexploited by a malicious local user to cause a kernel crash and a DoS.\n(CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel\nmishandles a mutex within libsas. This allows local users to cause a\ndenial of service (deadlock) by triggering certain error-handling\ncode. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of\nthe cifs protocol. This flaw allows an attacker controlling the server\nto kernel panic a client which has the CIFS server\nmounted.(CVE-2018-1066)", "edition": 25, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-04-20T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2018-993)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1066", "CVE-2017-18232", "CVE-2018-5803"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-993.NASL", "href": "https://www.tenable.com/plugins/nessus/109183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-993.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109183);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/05/11 12:23:25\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-1066\", \"CVE-2018-5803\");\n script_xref(name:\"ALAS\", value:\"2018-993\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2018-993)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing length check of payload in\nnet/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of\nservice :\n\nAn error in the '_sctp_make_chunk()' function\n(net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be\nexploited by a malicious local user to cause a kernel crash and a DoS.\n(CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel\nmishandles a mutex within libsas. This allows local users to cause a\ndenial of service (deadlock) by triggering certain error-handling\ncode. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of\nthe cifs protocol. This flaw allows an attacker controlling the server\nto kernel panic a client which has the CIFS server\nmounted.(CVE-2018-1066)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-993.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.93-41.60.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:16:42", "description": "The 4.15.8 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-14T00:00:00", "title": "Fedora 27 : kernel (2018-2bce10900e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7757", "CVE-2018-1065", "CVE-2018-5703", "CVE-2018-5803"], "modified": "2018-03-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-2BCE10900E.NASL", "href": "https://www.tenable.com/plugins/nessus/108307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2bce10900e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108307);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1065\", \"CVE-2018-5703\", \"CVE-2018-5803\", \"CVE-2018-7757\");\n script_xref(name:\"FEDORA\", value:\"2018-2bce10900e\");\n\n script_name(english:\"Fedora 27 : kernel (2018-2bce10900e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.15.8 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2bce10900e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1065\", \"CVE-2018-5703\", \"CVE-2018-5803\", \"CVE-2018-7757\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-2bce10900e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.15.8-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:38", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a\n null pointer dereference in dccp_write_xmit() function\n in net/dccp/output.c in that allows a local user to\n cause a denial of service by a number of certain\n crafted system calls.\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\n - It was discovered that nfnl_cthelper_list structure was\n accessible to any user with CAP_NET_ADMIN capability in\n a network namespace. An unprivileged local user could\n exploit that to affect netfilter conntrack helpers on\n the host.\n\n - It was discovered that a nlmon link inside a child\n network namespace was not restricted to that namespace.\n An unprivileged local user could exploit that to\n monitor system-wide netlink activity.\n\n - The KEYS subsystem in the Linux kernel omitted an\n access-control check when writing a key to the current\n task's default keyring, allowing a local user to bypass\n security checks to the keyring. This compromises the\n validity of the keyring for those who rely on it.\n\n - net/netfilter/xt_osf.c in the Linux kernel through\n 4.14.4 does not require the CAP_NET_ADMIN capability\n for add_callback and remove_callback operations. This\n allows local users to bypass intended access\n restrictions because the xt_osf_fingers data structure\n is shared across all network namespaces.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 35, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-06-04T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-038)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2017-17448", "CVE-2018-1130", "CVE-2017-17449", "CVE-2017-17807", "CVE-2018-5803"], "modified": "2018-06-04T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2018-038.NASL", "href": "https://www.tenable.com/plugins/nessus/110311", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110311);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-17448\",\n \"CVE-2017-17449\",\n \"CVE-2017-17450\",\n \"CVE-2017-17807\",\n \"CVE-2018-1130\",\n \"CVE-2018-5803\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-038)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a\n null pointer dereference in dccp_write_xmit() function\n in net/dccp/output.c in that allows a local user to\n cause a denial of service by a number of certain\n crafted system calls.\n\n - It was found that _sctp_make_chunk() function did not\n check if the chunk length for INIT and INIT_ACK packets\n was within the allowed limits. A local attacker could\n exploit this to trigger a kernel crash.\n\n - It was discovered that nfnl_cthelper_list structure was\n accessible to any user with CAP_NET_ADMIN capability in\n a network namespace. An unprivileged local user could\n exploit that to affect netfilter conntrack helpers on\n the host.\n\n - It was discovered that a nlmon link inside a child\n network namespace was not restricted to that namespace.\n An unprivileged local user could exploit that to\n monitor system-wide netlink activity.\n\n - The KEYS subsystem in the Linux kernel omitted an\n access-control check when writing a key to the current\n task's default keyring, allowing a local user to bypass\n security checks to the keyring. This compromises the\n validity of the keyring for those who rely on it.\n\n - net/netfilter/xt_osf.c in the Linux kernel through\n 4.14.4 does not require the CAP_NET_ADMIN capability\n for add_callback and remove_callback operations. This\n allows local users to bypass intended access\n restrictions because the xt_osf_fingers data structure\n is shared across all network namespaces.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2942008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-52.0-2.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9fc60951\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-52.0-2.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T05:43:54", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: net/rxrpc: overflow in decoding of krb5 principal\n(CVE-2017-7482)\n\n* kernel: Missing length check of payload in net/sctp/\nsm_make_chunk.c:_sctp_make_chunk() function allows denial of service\n(CVE-2018-5803)\n\n* kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko\n(CVE-2018-12929)\n\n* kernel: stack-based out-of-bounds write in\nntfs_end_buffer_async_read in the ntfs.ko (CVE-2018-12930)\n\n* kernel: stack-based out-of-bounds write in ntfs_attr_find in the\nntfs.ko (CVE-2018-12931)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Remove the NTFS module from the MRG 2.5.x realtime kernel\n(BZ#1674523)\n\n* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1674935)\n\nUsers of kernel-rt are advised to upgrade to these updated packages,\nwhich fix these bugs.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-28T00:00:00", "title": "RHEL 6 : MRG (RHSA-2019:0641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12930", "CVE-2017-7482", "CVE-2018-12931", "CVE-2018-12929", "CVE-2018-10902", "CVE-2018-5803"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2019-0641.NASL", "href": "https://www.tenable.com/plugins/nessus/123432", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0641. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123432);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2017-7482\", \"CVE-2018-10902\", \"CVE-2018-12929\", \"CVE-2018-12930\", \"CVE-2018-12931\", \"CVE-2018-5803\");\n script_xref(name:\"RHSA\", value:\"2019:0641\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2019:0641)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: net/rxrpc: overflow in decoding of krb5 principal\n(CVE-2017-7482)\n\n* kernel: Missing length check of payload in net/sctp/\nsm_make_chunk.c:_sctp_make_chunk() function allows denial of service\n(CVE-2018-5803)\n\n* kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko\n(CVE-2018-12929)\n\n* kernel: stack-based out-of-bounds write in\nntfs_end_buffer_async_read in the ntfs.ko (CVE-2018-12930)\n\n* kernel: stack-based out-of-bounds write in ntfs_attr_find in the\nntfs.ko (CVE-2018-12931)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Remove the NTFS module from the MRG 2.5.x realtime kernel\n(BZ#1674523)\n\n* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1674935)\n\nUsers of kernel-rt are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12931\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-7482\", \"CVE-2018-10902\", \"CVE-2018-12929\", \"CVE-2018-12930\", \"CVE-2018-12931\", \"CVE-2018-5803\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:0641\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0641\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.46.1.rt56.639.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:26:30", "description": "It was discovered that a NULL pointer dereference vulnerability\nexisted in the DCCP protocol implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation\nfor 64 bit Linux kernels did not properly initialize memory returned\nto user space in some situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability\nexisted in the SMBus driver for ACPI Embedded Controllers in the Linux\nkernel. A local attacker could use this to expose sensitive\ninformation (kernel pointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux\nkernel did not properly validate userspace provided payload lengths in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in\nthe floppy driver in the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2018-7757).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-03T00:00:00", "title": "Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3697-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7755", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-5750", "CVE-2018-11508", "CVE-2018-5803"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3697-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3697-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110898);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-1130\", \"CVE-2018-11508\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\", \"CVE-2018-7755\", \"CVE-2018-7757\");\n script_xref(name:\"USN\", value:\"3697-1\");\n\n script_name(english:\"Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3697-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a NULL pointer dereference vulnerability\nexisted in the DCCP protocol implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation\nfor 64 bit Linux kernels did not properly initialize memory returned\nto user space in some situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability\nexisted in the SMBus driver for ACPI Embedded Controllers in the Linux\nkernel. A local attacker could use this to expose sensitive\ninformation (kernel pointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux\nkernel did not properly validate userspace provided payload lengths in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in\nthe floppy driver in the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2018-7757).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3697-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1130\", \"CVE-2018-11508\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\", \"CVE-2018-7755\", \"CVE-2018-7757\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3697-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-1023-raspi2\", pkgver:\"4.13.0-1023.24\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-46-generic\", pkgver:\"4.13.0-46.51\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-46-generic-lpae\", pkgver:\"4.13.0-46.51\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-46-lowlatency\", pkgver:\"4.13.0-46.51\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic\", pkgver:\"4.13.0.46.49\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.13.0.46.49\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.13.0.46.49\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.13.0.1023.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-generic / linux-image-4.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T07:26:33", "description": "It was discovered that a NULL pointer dereference vulnerability\nexisted in the DCCP protocol implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation\nfor 64 bit Linux kernels did not properly initialize memory returned\nto user space in some situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability\nexisted in the SMBus driver for ACPI Embedded Controllers in the Linux\nkernel. A local attacker could use this to expose sensitive\ninformation (kernel pointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux\nkernel did not properly validate userspace provided payload lengths in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in\nthe floppy driver in the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2018-7757).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-03T00:00:00", "title": "Ubuntu 16.04 LTS : linux-oem vulnerabilities (USN-3697-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7755", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-5750", "CVE-2018-11508", "CVE-2018-5803"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-3697-2.NASL", "href": "https://www.tenable.com/plugins/nessus/110899", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3697-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110899);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-1130\", \"CVE-2018-11508\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\", \"CVE-2018-7755\", \"CVE-2018-7757\");\n script_xref(name:\"USN\", value:\"3697-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-oem vulnerabilities (USN-3697-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a NULL pointer dereference vulnerability\nexisted in the DCCP protocol implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation\nfor 64 bit Linux kernels did not properly initialize memory returned\nto user space in some situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability\nexisted in the SMBus driver for ACPI Embedded Controllers in the Linux\nkernel. A local attacker could use this to expose sensitive\ninformation (kernel pointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux\nkernel did not properly validate userspace provided payload lengths in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in\nthe floppy driver in the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2018-7757).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3697-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.13-oem and / or linux-image-oem\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1130\", \"CVE-2018-11508\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\", \"CVE-2018-7755\", \"CVE-2018-7757\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3697-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1031-oem\", pkgver:\"4.13.0-1031.35\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.13.0.1031.36\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-oem / linux-image-oem\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T08:53:50", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the Linux kernel's client-side\n implementation of the cifs protocol. This flaw allows\n an attacker controlling the server to kernel panic a\n client which has the CIFS server\n mounted.(CVE-2018-1066)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25,\n 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP packets\n length can be exploited to cause a kernel\n crash.(CVE-2018-5803)\n\n - Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c in the Linux kernel\n allows local users to cause a denial of service (kernel\n memory exhaustion) via multiple read accesses to files\n in the /sys/class/sas_phy directory.(CVE-2018-7757)\n\n - A race condition in the store_int_with_restart()\n function in arch/x86/kernel/cpu/mcheck/mce.c in the\n Linux kernel allows local users to cause a denial of\n service (panic) by leveraging root access to write to\n the check_interval file in a\n /sys/devices/system/machinecheck/machinecheck (cpu\n number) directory.(CVE-2018-7995)\n\n - ALSA sequencer core initializes the event pool on\n demand by invoking snd_seq_pool_init() when the first\n write happens and the pool is empty. A user can reset\n the pool size manually via ioctl concurrently, and this\n may lead to UAF or out-of-bound access.(CVE-2018-7566)\n\n - A flaw was found in the Linux kernel's implementation\n of 32-bit syscall interface for bridging. This allowed\n a privileged user to arbitrarily write to a limited\n range of kernel memory.(CVE-2018-1068)\n\n - A vulnerability was found in the Linux kernel's\n kernel/events/core.c:perf_cpu_time_max_percent_handler(\n ) function. Local privileged users could exploit this\n flaw to cause a denial of service due to integer\n overflow or possibly have unspecified other\n impact.(CVE-2017-18255)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c\n file in the Linux kernel allow a physically proximate\n attacker to cause a memory leak in the ATA command\n queue and, thus, denial of service by triggering\n certain failure conditions.(CVE-2018-10021)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 6.7, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-18T00:00:00", "title": "EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-18255", "CVE-2018-7566", "CVE-2018-1066", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-1068", "CVE-2018-5803"], "modified": "2018-09-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1260.NASL", "href": "https://www.tenable.com/plugins/nessus/117569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18255\",\n \"CVE-2018-10021\",\n \"CVE-2018-1066\",\n \"CVE-2018-1068\",\n \"CVE-2018-5803\",\n \"CVE-2018-7566\",\n \"CVE-2018-7757\",\n \"CVE-2018-7995\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the Linux kernel's client-side\n implementation of the cifs protocol. This flaw allows\n an attacker controlling the server to kernel panic a\n client which has the CIFS server\n mounted.(CVE-2018-1066)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25,\n 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP packets\n length can be exploited to cause a kernel\n crash.(CVE-2018-5803)\n\n - Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c in the Linux kernel\n allows local users to cause a denial of service (kernel\n memory exhaustion) via multiple read accesses to files\n in the /sys/class/sas_phy directory.(CVE-2018-7757)\n\n - A race condition in the store_int_with_restart()\n function in arch/x86/kernel/cpu/mcheck/mce.c in the\n Linux kernel allows local users to cause a denial of\n service (panic) by leveraging root access to write to\n the check_interval file in a\n /sys/devices/system/machinecheck/machinecheck (cpu\n number) directory.(CVE-2018-7995)\n\n - ALSA sequencer core initializes the event pool on\n demand by invoking snd_seq_pool_init() when the first\n write happens and the pool is empty. A user can reset\n the pool size manually via ioctl concurrently, and this\n may lead to UAF or out-of-bound access.(CVE-2018-7566)\n\n - A flaw was found in the Linux kernel's implementation\n of 32-bit syscall interface for bridging. This allowed\n a privileged user to arbitrarily write to a limited\n range of kernel memory.(CVE-2018-1068)\n\n - A vulnerability was found in the Linux kernel's\n kernel/events/core.c:perf_cpu_time_max_percent_handler(\n ) function. Local privileged users could exploit this\n flaw to cause a denial of service due to integer\n overflow or possibly have unspecified other\n impact.(CVE-2017-18255)\n\n - The code in the drivers/scsi/libsas/sas_scsi_host.c\n file in the Linux kernel allow a physically proximate\n attacker to cause a memory leak in the ATA command\n queue and, thus, denial of service by triggering\n certain failure conditions.(CVE-2018-10021)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1260\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d22ac81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.61.59.66_43\",\n \"kernel-devel-3.10.0-327.61.59.66_43\",\n \"kernel-headers-3.10.0-327.61.59.66_43\",\n \"kernel-tools-3.10.0-327.61.59.66_43\",\n \"kernel-tools-libs-3.10.0-327.61.59.66_43\",\n \"kernel-tools-libs-devel-3.10.0-327.61.59.66_43\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:08:59", "description": "Description of changes:\n\n[4.1.12-124.17.1.el7uek]\n- block: update integrity interval after queue limits change (Ritika \nSrivastava) [Orabug: 27586756]\n- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) \n[Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}\n- net/rds: Implement ARP flushing correctly (H&aring kon Bugge) [Orabug: \n28219857]\n- net/rds: Fix incorrect bigger vs. smaller IP address check (H&aring kon \nBugge) [Orabug: 28236599]\n- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish \nSamant) [Orabug: 28256391]\n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: \n28256487] {CVE-2017-11600} {CVE-2017-11600}\n\n[4.1.12-124.16.6.el7uek]\n- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]\n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris \nSalls) [Orabug: 28242475] {CVE-2017-7616}\n- xhci: Fix USB3 NULL pointer dereference at logical disconnect. \n(Mathias Nyman) [Orabug: 27426023]\n- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) \n[Orabug: 27718303]\n- mlx4_core: allocate ICM memory in page size chunks (Qing Huang) \n[Orabug: 27718303]\n- kernel/signal.c: avoid undefined behaviour in kill_something_info When \nrunning kill(72057458746458112, 0) in userspace I hit the following \nissue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}\n- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini \nVaradhan) [Orabug: 28085214]\n- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]\n- net/rds: Fix bug in failover_group parsing (H&aring kon Bugge) [Orabug: \n28198749]\n- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey \nKodanev) [Orabug: 28240074] {CVE-2018-5803}\n\n[4.1.12-124.16.5.el7uek]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric \nDumazet) [Orabug: 27896802] {CVE-2017-18017}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() \nwait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined \nbehaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] \n{CVE-2018-10087}\n- x86/bugs/module: Provide retpoline_modules_only parameter to fail \nnon-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-11T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4161)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7616", "CVE-2017-8824", "CVE-2018-1130", "CVE-2018-10087", "CVE-2017-18017", "CVE-2018-10124", "CVE-2018-5803", "CVE-2017-11600"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4161.NASL", "href": "https://www.tenable.com/plugins/nessus/110997", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4161.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110997);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2017-11600\", \"CVE-2017-18017\", \"CVE-2017-7616\", \"CVE-2017-8824\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1130\", \"CVE-2018-5803\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4161)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.12-124.17.1.el7uek]\n- block: update integrity interval after queue limits change (Ritika \nSrivastava) [Orabug: 27586756]\n- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) \n[Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}\n- net/rds: Implement ARP flushing correctly (H&aring kon Bugge) [Orabug: \n28219857]\n- net/rds: Fix incorrect bigger vs. smaller IP address check (H&aring kon \nBugge) [Orabug: 28236599]\n- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish \nSamant) [Orabug: 28256391]\n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: \n28256487] {CVE-2017-11600} {CVE-2017-11600}\n\n[4.1.12-124.16.6.el7uek]\n- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]\n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris \nSalls) [Orabug: 28242475] {CVE-2017-7616}\n- xhci: Fix USB3 NULL pointer dereference at logical disconnect. \n(Mathias Nyman) [Orabug: 27426023]\n- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) \n[Orabug: 27718303]\n- mlx4_core: allocate ICM memory in page size chunks (Qing Huang) \n[Orabug: 27718303]\n- kernel/signal.c: avoid undefined behaviour in kill_something_info When \nrunning kill(72057458746458112, 0) in userspace I hit the following \nissue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}\n- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini \nVaradhan) [Orabug: 28085214]\n- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]\n- net/rds: Fix bug in failover_group parsing (H&aring kon Bugge) [Orabug: \n28198749]\n- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey \nKodanev) [Orabug: 28240074] {CVE-2018-5803}\n\n[4.1.12-124.16.5.el7uek]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric \nDumazet) [Orabug: 27896802] {CVE-2017-18017}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() \nwait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined \nbehaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] \n{CVE-2018-10087}\n- x86/bugs/module: Provide retpoline_modules_only parameter to fail \nnon-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-July/007869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-July/007870.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-11600\", \"CVE-2017-18017\", \"CVE-2017-7616\", \"CVE-2017-8824\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1130\", \"CVE-2018-5803\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-4161\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.17.1.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.17.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.17.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.17.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.17.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.17.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.17.1.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:17:56", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - block: update integrity interval after queue limits\n change (Ritika Srivastava) [Orabug: 27586756]\n\n - dccp: check sk for closed state in dccp_sendmsg (Alexey\n Kodanev) [Orabug: 28001529] (CVE-2017-8824)\n (CVE-2018-1130)\n\n - net/rds: Implement ARP flushing correctly (H&aring kon\n Bugge) [Orabug: 28219857]\n\n - net/rds: Fix incorrect bigger vs. smaller IP address\n check (H&aring kon Bugge) [Orabug: 28236599]\n\n - ocfs2: Fix locking for res->tracking and\n dlm->tracking_list (Ashish Samant) [Orabug: 28256391]\n\n - xfrm: policy: check policy direction value (Vladis\n Dronov) [Orabug: 28256487] (CVE-2017-11600)\n (CVE-2017-11600)\n\n - add kernel param to pre-allocate NICs (Brian Maly)\n [Orabug: 27870400]\n\n - mm/mempolicy.c: fix error handling in set_mempolicy and\n mbind. (Chris Salls) [Orabug: 28242475] (CVE-2017-7616)\n\n - xhci: Fix USB3 NULL pointer dereference at logical\n disconnect. (Mathias Nyman) [Orabug: 27426023]\n\n - mlx4_core: restore optimal ICM memory allocation (Eric\n Dumazet) \n\n - mlx4_core: allocate ICM memory in page size chunks (Qing\n Huang) \n\n - kernel/signal.c: avoid undefined behaviour in\n kill_something_info When running kill(72057458746458112,\n 0) in userspace I hit the following issue. (mridula\n shastry) [Orabug: 28078687] (CVE-2018-10124)\n\n - rds: tcp: compute m_ack_seq as offset from ->write_seq\n (Sowmini Varadhan) [Orabug: 28085214]\n\n - ext4: fix bitmap position validation (Lukas Czerner)\n [Orabug: 28167032]\n\n - net/rds: Fix bug in failover_group parsing (H&aring kon\n Bugge) [Orabug: 28198749]\n\n - sctp: verify size of a new chunk in _sctp_make_chunk\n (Alexey Kodanev) [Orabug: 28240074] (CVE-2018-5803)\n\n - netfilter: xt_TCPMSS: add more sanity tests on\n tcph->doff (Eric Dumazet) [Orabug: 27896802]\n (CVE-2017-18017)\n\n - kernel/exit.c: avoid undefined behaviour when calling\n wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:\n UBSAN: Undefined behaviour in kernel/exit.c:1651:9\n (mridula shastry) [Orabug: 28049778] (CVE-2018-10087)\n\n - x86/bugs/module: Provide retpoline_modules_only\n parameter to fail non-retpoline modules (Konrad\n Rzeszutek Wilk) [Orabug: 28071992]", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-12T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7616", "CVE-2017-8824", "CVE-2018-1130", "CVE-2018-10087", "CVE-2017-18017", "CVE-2018-10124", "CVE-2018-5803", "CVE-2017-11600"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2018-0236.NASL", "href": "https://www.tenable.com/plugins/nessus/111021", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0236.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111021);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-11600\", \"CVE-2017-18017\", \"CVE-2017-7616\", \"CVE-2017-8824\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1130\", \"CVE-2018-5803\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - block: update integrity interval after queue limits\n change (Ritika Srivastava) [Orabug: 27586756]\n\n - dccp: check sk for closed state in dccp_sendmsg (Alexey\n Kodanev) [Orabug: 28001529] (CVE-2017-8824)\n (CVE-2018-1130)\n\n - net/rds: Implement ARP flushing correctly (H&aring kon\n Bugge) [Orabug: 28219857]\n\n - net/rds: Fix incorrect bigger vs. smaller IP address\n check (H&aring kon Bugge) [Orabug: 28236599]\n\n - ocfs2: Fix locking for res->tracking and\n dlm->tracking_list (Ashish Samant) [Orabug: 28256391]\n\n - xfrm: policy: check policy direction value (Vladis\n Dronov) [Orabug: 28256487] (CVE-2017-11600)\n (CVE-2017-11600)\n\n - add kernel param to pre-allocate NICs (Brian Maly)\n [Orabug: 27870400]\n\n - mm/mempolicy.c: fix error handling in set_mempolicy and\n mbind. (Chris Salls) [Orabug: 28242475] (CVE-2017-7616)\n\n - xhci: Fix USB3 NULL pointer dereference at logical\n disconnect. (Mathias Nyman) [Orabug: 27426023]\n\n - mlx4_core: restore optimal ICM memory allocation (Eric\n Dumazet) \n\n - mlx4_core: allocate ICM memory in page size chunks (Qing\n Huang) \n\n - kernel/signal.c: avoid undefined behaviour in\n kill_something_info When running kill(72057458746458112,\n 0) in userspace I hit the following issue. (mridula\n shastry) [Orabug: 28078687] (CVE-2018-10124)\n\n - rds: tcp: compute m_ack_seq as offset from ->write_seq\n (Sowmini Varadhan) [Orabug: 28085214]\n\n - ext4: fix bitmap position validation (Lukas Czerner)\n [Orabug: 28167032]\n\n - net/rds: Fix bug in failover_group parsing (H&aring kon\n Bugge) [Orabug: 28198749]\n\n - sctp: verify size of a new chunk in _sctp_make_chunk\n (Alexey Kodanev) [Orabug: 28240074] (CVE-2018-5803)\n\n - netfilter: xt_TCPMSS: add more sanity tests on\n tcph->doff (Eric Dumazet) [Orabug: 27896802]\n (CVE-2017-18017)\n\n - kernel/exit.c: avoid undefined behaviour when calling\n wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:\n UBSAN: Undefined behaviour in kernel/exit.c:1651:9\n (mridula shastry) [Orabug: 28049778] (CVE-2018-10087)\n\n - x86/bugs/module: Provide retpoline_modules_only\n parameter to fail non-retpoline modules (Konrad\n Rzeszutek Wilk) [Orabug: 28071992]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000872.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.17.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.17.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-04-08T07:46:49", "description": "Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). An error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. The vulnerability is confirmed in versions 4.15.0-r7 and 4.15.0. Other versions may also be affected.", "edition": 1, "published": "2018-03-02T00:00:00", "title": "Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5803"], "modified": "2018-03-02T00:00:00", "href": "https://0day.today/exploit/description/29921", "id": "1337DAY-ID-29921", "sourceData": "Linux Kernel \"_sctp_make_chunk()\" Denial of Service Vulnerability\r\n\r\n======================================================================\r\n1) Affected Software\r\n\r\n* Linux Kernel version 4.15.0.\r\n Other versions may also by affected.\r\n\r\n======================================================================\r\n2) Severity\r\n\r\nRating: Not critical\r\nImpact: Denial of Service\r\nWhere: Local System\r\n\r\n======================================================================\r\n3) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Linux Kernel, which\r\ncan be exploited by malicious, local users to cause a DoS (Denial of\r\nService).\r\n\r\nAn error in the \"_sctp_make_chunk()\" function\r\n(net/sctp/sm_make_chunk.c) when handling SCTP packets length can be\r\nexploited to cause a kernel crash.\r\n\r\nThe vulnerability is confirmed in versions 4.15.0-r7 and 4.15.0.\r\nOther versions may also be affected.\r\n\r\n======================================================================\r\n4) Solution\r\n\r\nFixed in the source code repository.\r\nhttps://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c\r\n\r\n======================================================================\r\n5) Time Table\r\n\r\n2018/02/07 - Linux Kernel team contacted with vulnerability details.\r\n2018/02/07 - Linux Kernel team advised reporting the vulnerability\r\n publicly via netdev mailing list.\r\n2018/02/07 - Public disclosure of the vulnerability on netdev mailing\r\n list.\r\n2018/02/09 - The vulnerability additionally reported on linux-sctp\r\n mailing list.\r\n2018/02/28 - Release of Secunia Advisory SA81331.\r\n2018/02/28 - Public disclosure of Secunia Research Advisory.\r\n\r\n======================================================================\r\n6) Credits\r\n\r\nJakub Jirasek, Secunia Research at Flexera.\r\n\r\nAdditionally reported by Alexey Kodanev.\n\n# 0day.today [2018-04-08] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/29921"}], "amazon": [{"lastseen": "2020-11-10T12:37:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1066", "CVE-2017-18232", "CVE-2018-5803"], "description": "**Issue Overview:**\n\nMissing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service: \nAn error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. ([CVE-2018-5803 __](<https://access.redhat.com/security/cve/CVE-2018-5803>))\n\nMishandling mutex within libsas allowing local Denial of Service \nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. ([CVE-2017-18232 __](<https://access.redhat.com/security/cve/CVE-2017-18232>))\n\nA flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.([CVE-2018-1066 __](<https://access.redhat.com/security/cve/CVE-2018-1066>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.9.93-41.60.amzn1.i686 \n kernel-4.9.93-41.60.amzn1.i686 \n kernel-tools-devel-4.9.93-41.60.amzn1.i686 \n perf-4.9.93-41.60.amzn1.i686 \n kernel-debuginfo-4.9.93-41.60.amzn1.i686 \n kernel-tools-debuginfo-4.9.93-41.60.amzn1.i686 \n kernel-devel-4.9.93-41.60.amzn1.i686 \n kernel-headers-4.9.93-41.60.amzn1.i686 \n kernel-tools-4.9.93-41.60.amzn1.i686 \n perf-debuginfo-4.9.93-41.60.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.93-41.60.amzn1.noarch \n \n src: \n kernel-4.9.93-41.60.amzn1.src \n \n x86_64: \n perf-4.9.93-41.60.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.93-41.60.amzn1.x86_64 \n perf-debuginfo-4.9.93-41.60.amzn1.x86_64 \n kernel-tools-4.9.93-41.60.amzn1.x86_64 \n kernel-4.9.93-41.60.amzn1.x86_64 \n kernel-devel-4.9.93-41.60.amzn1.x86_64 \n kernel-tools-devel-4.9.93-41.60.amzn1.x86_64 \n kernel-headers-4.9.93-41.60.amzn1.x86_64 \n kernel-debuginfo-4.9.93-41.60.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.93-41.60.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-04-19T04:44:00", "published": "2018-04-19T04:44:00", "id": "ALAS-2018-993", "href": "https://alas.aws.amazon.com/ALAS-2018-993.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7757", "CVE-2018-1065", "CVE-2018-5703", "CVE-2018-5803"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310874196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874196", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2bce10900e", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2bce10900e_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2bce10900e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874196\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:39:43 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-5703\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2bce10900e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2bce10900e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIROMCJPITHDEZCBQGKCWSV4OJVIDX35\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.8~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7755", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-5750", "CVE-2018-11508", "CVE-2018-5803"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-07-03T00:00:00", "id": "OPENVAS:1361412562310843574", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843574", "type": "openvas", "title": "Ubuntu Update for linux USN-3697-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3697_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3697-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843574\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 05:47:21 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2018-1130\", \"CVE-2018-11508\", \"CVE-2018-5750\", \"CVE-2018-5803\",\n \"CVE-2018-6927\", \"CVE-2018-7755\", \"CVE-2018-7757\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3697-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation for\n64 bit Linux kernels did not properly initialize memory returned to user\nspace in some situations. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability existed\nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A\nlocal attacker could use this to expose sensitive information (kernel\npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the\nfloppy driver in the Linux kernel. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-7757)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3697-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3697-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1023-raspi2\", ver:\"4.13.0-1023.24\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-46-generic\", ver:\"4.13.0-46.51\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-46-generic-lpae\", ver:\"4.13.0-46.51\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-46-lowlatency\", ver:\"4.13.0-46.51\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.13.0.46.49\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.13.0.46.49\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.13.0.46.49\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.13.0.1023.21\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7755", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-5750", "CVE-2018-11508", "CVE-2018-5803"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-07-03T00:00:00", "id": "OPENVAS:1361412562310843573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843573", "type": "openvas", "title": "Ubuntu Update for linux-oem USN-3697-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3697_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-oem USN-3697-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843573\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 05:47:03 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2018-1130\", \"CVE-2018-11508\", \"CVE-2018-5750\", \"CVE-2018-5803\",\n \"CVE-2018-6927\", \"CVE-2018-7755\", \"CVE-2018-7757\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-oem USN-3697-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-oem'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation for\n64 bit Linux kernels did not properly initialize memory returned to user\nspace in some situations. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability existed\nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A\nlocal attacker could use this to expose sensitive information (kernel\npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the\nfloppy driver in the Linux kernel. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-7757)\");\n script_tag(name:\"affected\", value:\"linux-oem on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3697-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3697-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1031-oem\", ver:\"4.13.0-1031.35\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.13.0.1031.36\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:39:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-18255", "CVE-2018-7566", "CVE-2018-1066", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-1068", "CVE-2018-5803"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181260", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1260)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1260\");\n script_version(\"2020-01-23T11:19:15+0000\");\n script_cve_id(\"CVE-2017-18255\", \"CVE-2018-10021\", \"CVE-2018-1066\", \"CVE-2018-1068\", \"CVE-2018-5803\", \"CVE-2018-7566\", \"CVE-2018-7757\", \"CVE-2018-7995\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:15 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1260)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1260\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1260\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1260 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066)\n\nIn the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)\n\nMemory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.(CVE-2018-7757)\n\nA race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck (cpu number) directory.(CVE-2018-7995)\n\nALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.(CVE-2018-7566)\n\nA flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.(CVE-2018-1068)\n\nA vulnerability was found in the Linux kernel's kernel/events/core.c:perf_cpu_time_max_percent_handler() function. Local privileged users could exploit this flaw to cause a denial of service due to integer overflow or possibly have unspecified other impact.(CVE-2017-18255)\n\nThe code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.61.59.66_43\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.61.59.66_43\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.61.59.66_43\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.61.59.66_43\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.61.59.66_43\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.61.59.66_43\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15265", "CVE-2018-7755", "CVE-2017-12193", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5750", "CVE-2017-12154", "CVE-2018-5803"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-07-03T00:00:00", "id": "OPENVAS:1361412562310843572", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843572", "type": "openvas", "title": "Ubuntu Update for linux USN-3698-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3698_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3698-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843572\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 05:46:26 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2017-12154\", \"CVE-2017-12193\", \"CVE-2017-15265\", \"CVE-2018-1130\",\n \"CVE-2018-3665\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\",\n \"CVE-2018-7755\", \"CVE-2018-7757\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3698-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the nested KVM implementation in the Linux kernel in\nsome situations did not properly prevent second level guests from reading\nand writing the hardware CR8 register. A local attacker in a guest could\nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nFan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array\nimplementation in the Linux kernel sometimes did not properly handle adding\na new entry. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12193)\n\nIt was discovered that a race condition existed in the ALSA subsystem of\nthe Linux kernel when creating and deleting a port via ioctl(). A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15265)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJulian Stecklina and Thomas Prescher discovered that FPU register states\n(such as MMX, SSE, and AVX registers) which are lazily restored are\npotentially vulnerable to a side channel attack. A local attacker could use\nthis to expose sensitive information. (CVE-2018-3665)\n\nWang Qize discovered that an information disclosure vulnerability existed\nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A\nlocal attacker could use this to expose sensitive information (kernel\npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the\nfloppy driver in the Linux kernel. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-7757)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3698-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3698-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-generic\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-generic-lpae\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-lowlatency\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-powerpc-e500\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-powerpc-e500mc\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-powerpc-smp\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-powerpc64-emb\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-153-powerpc64-smp\", ver:\"3.13.0-153.203\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.153.163\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:45:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8822", "CVE-2018-1000199", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2017-18257", "CVE-2018-7492", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-5803", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-05-25T00:00:00", "id": "OPENVAS:1361412562310851762", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851762", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:1418-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851762\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-25 05:47:55 +0200 (Fri, 25 May 2018)\");\n script_cve_id(\"CVE-2017-18257\", \"CVE-2018-1000199\", \"CVE-2018-10087\", \"CVE-2018-10124\",\n \"CVE-2018-1065\", \"CVE-2018-1130\", \"CVE-2018-3639\", \"CVE-2018-5803\",\n \"CVE-2018-7492\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:1418-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature\n in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).\n\n A new boot commandline option was introduced,\n 'spec_store_bypass_disable', which can have following values:\n\n - auto: Kernel detects whether your CPU model contains an implementation\n of Speculative Store Bypass and picks the most appropriate mitigation.\n\n - on: disable Speculative Store Bypass\n\n - off: enable Speculative Store Bypass\n\n - prctl: Control Speculative Store Bypass per thread via prctl.\n Speculative Store Bypass is enabled for a process by default. The\n state of the control is inherited on fork.\n\n - seccomp: Same as 'prctl' above, but all seccomp threads will disable\n SSB unless they explicitly opt out.\n\n The default is 'seccomp', meaning programs need explicit opt-in into the\n mitigation.\n\n Status can be queried via the\n /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:\n\n - 'Vulnerable'\n\n - 'Mitigation: Speculative Store Bypass disabled'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl'\n\n - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'\n\n - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed\n local users to cause a denial of service (integer overflow and loop) via\n crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP\n ioctl. (bnc#1088241)\n\n - CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference\n in dccp_write_xmit() function in net/dccp/output.c in that allowed a\n local user to cause a denial of service by a number of certain crafted\n system calls (bnc#1092904).\n\n - CVE-2018-5803: An error in the _sctp_make_chunk() function when handling\n SCTP, packet length could have been exploited by a malicious local user\n to cause a kernel crash and a DoS. (bnc#1083900).\n\n - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule\n blob that contains a jump but lacks a user-defined chain, which allowed\n local users to cause a denial of service (NULL pointer dereference) by\n leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to\n arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in\n net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in\n net/ipv6/netfilter/ip6_tables.c (bnc#1083650).\n\n - CVE-2018-7492: A NULL pointer dereference was found in the\n net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1418-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00099.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-debug\", rpm:\"kselftests-kmp-debug~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-debug-debuginfo\", rpm:\"kselftests-kmp-debug-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-default\", rpm:\"kselftests-kmp-default~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-default-debuginfo\", rpm:\"kselftests-kmp-default-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-vanilla\", rpm:\"kselftests-kmp-vanilla~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-vanilla-debuginfo\", rpm:\"kselftests-kmp-vanilla-debuginfo~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.132~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310843535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843535", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3656-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3656_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-raspi2 USN-3656-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843535\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:41:11 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2017-17975\", \"CVE-2017-18193\", \"CVE-2017-18222\", \"CVE-2018-1065\", \"CVE-2018-1068\", \"CVE-2018-1130\", \"CVE-2018-5803\", \"CVE-2018-7480\", \"CVE-2018-7757\", \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3656-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Tuba Yavuz discovered that a double-free error existed in the USBTV007\ndriver of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS\nEthernet Device driver in the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nvalidate that rules containing jumps contained user-defined chains. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not\nproperly validate ebtables offsets. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer\nsubsystem of the Linux kernel when setting up a request queue. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check\nhandler in the Linux kernel. A local privileged attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-7995)\n\nEyal Itkin discovered that the USB displaylink video adapter driver in the\nLinux kernel did not properly validate mmap offsets sent from userspace. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory) or possibly execute arbitrary code. (CVE-2018-8781)\n\nSi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3656-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3656-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1090-raspi2\", ver:\"4.4.0-1090.98\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1093-snapdragon\", ver:\"4.4.0-1093.98\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1090.90\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1093.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:42:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10878", "CVE-2018-18690", "CVE-2018-10881", "CVE-2018-5848", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-18386", "CVE-2018-16658", "CVE-2018-14633", "CVE-2018-5803", "CVE-2018-1092", "CVE-2018-1000026"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181432", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1432)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1432\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2018-1000026\", \"CVE-2018-10878\", \"CVE-2018-10881\", \"CVE-2018-1092\", \"CVE-2018-14633\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-5803\", \"CVE-2018-5848\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1432)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1432\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1432\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1432 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)\n\nLinux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.(CVE-2018-1000026)\n\nThe Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.(CVE-2018-1092)\n\nIn the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ie_len argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5848)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-18386) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-05-22T00:00:00", "id": "OPENVAS:1361412562310843530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843530", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3654-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3654_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3654-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843530\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-22 12:40:57 +0200 (Tue, 22 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2017-17975\", \"CVE-2017-18193\", \"CVE-2017-18222\",\n \"CVE-2018-1065\", \"CVE-2018-1068\", \"CVE-2018-1130\", \"CVE-2018-5803\",\n \"CVE-2018-7480\", \"CVE-2018-7757\", \"CVE-2018-7995\", \"CVE-2018-8781\",\n \"CVE-2018-8822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3654-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\nthe target host.\");\n script_tag(name:\"insight\", value:\"USN-3654-1 fixed vulnerabilities and added\nmitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the\ncorresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu\n16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn and Ken Johnson discovered that microprocessors utilizing\nspeculative execution of a memory read may allow unauthorized memory\nreads via a sidechannel attack. This flaw is known as Spectre\nVariant 4. A local attacker could use this to expose sensitive\ninformation, including kernel memory. (CVE-2018-3639)\n\nTuba Yavuz discovered that a double-free error existed in the USBTV007\ndriver of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS\nEthernet Device driver in the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nvalidate that rules containing jumps contained user-defined chains. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not\nproperly validate ebtables offsets. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer\nsubsystem of the Linux kernel when setting up a request queue. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhau ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3654-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3654-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1022-aws\", ver:\"4.4.0-1022.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-generic\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-generic-lpae\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-lowlatency\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc-e500mc\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc-smp\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc64-emb\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc64-smp\", ver:\"4.4.0-127.153~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1022.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.127.107\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-05-22T00:00:00", "id": "OPENVAS:1361412562310843531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843531", "type": "openvas", "title": "Ubuntu Update for linux USN-3654-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3654_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3654-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843531\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-22 12:41:50 +0200 (Tue, 22 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2017-17975\", \"CVE-2017-18193\", \"CVE-2017-18222\",\n \"CVE-2018-1065\", \"CVE-2018-1068\", \"CVE-2018-1130\", \"CVE-2018-5803\",\n \"CVE-2018-7480\", \"CVE-2018-7757\", \"CVE-2018-7995\", \"CVE-2018-8781\",\n \"CVE-2018-8822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3654-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn and Ken Johnson discovered that\nmicroprocessors utilizing speculative execution of a memory read may allow\nunauthorized memory reads via a sidechannel attack. This flaw is known as Spectre\nVariant 4. A local attacker could use this to expose sensitive\ninformation, including kernel memory. (CVE-2018-3639)\n\nTuba Yavuz discovered that a double-free error existed in the USBTV007\ndriver of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS\nEthernet Device driver in the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nvalidate that rules containing jumps contained user-defined chains. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not\nproperly validate ebtables offsets. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer\nsubsystem of the Linux kernel when setting up a request queue. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check\nhandler in the Linux kernel. A local privileged attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitr ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3654-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3654-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1026-kvm\", ver:\"4.4.0-1026.31\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1060-aws\", ver:\"4.4.0-1060.69\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-generic\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-generic-lpae\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-lowlatency\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc-e500mc\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc-smp\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc64-emb\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-127-powerpc64-smp\", ver:\"4.4.0-127.153\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1060.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1026.25\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.127.133\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1065", "CVE-2018-5703", "CVE-2018-5803", "CVE-2018-7757"], "description": "The kernel meta package ", "modified": "2018-03-13T23:26:22", "published": "2018-03-13T23:26:22", "id": "FEDORA:AAF2F60D7C3E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.8-300.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-04-18T01:31:51", "published": "2018-04-18T01:31:51", "id": "FEDORA:74245604D4DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.17-300.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-04-29T05:16:13", "published": "2018-04-29T05:16:13", "id": "FEDORA:AB52460321C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.4-200.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7482", "CVE-2018-10902", "CVE-2018-12929", "CVE-2018-12930", "CVE-2018-12931", "CVE-2018-5803"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: net/rxrpc: overflow in decoding of krb5 principal (CVE-2017-7482)\n\n* kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko (CVE-2018-12929)\n\n* kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko (CVE-2018-12930)\n\n* kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko (CVE-2018-12931)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Remove the NTFS module from the MRG 2.5.x realtime kernel (BZ#1674523)\n\n* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1674935)\n\nUsers of kernel-rt are advised to upgrade to these updated packages, which fix these bugs.", "modified": "2019-03-26T11:39:59", "published": "2019-03-26T11:37:53", "id": "RHSA-2019:0641", "href": "https://access.redhat.com/errata/RHSA-2019:0641", "type": "redhat", "title": "(RHSA-2019:0641) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-8650", "CVE-2017-12190", "CVE-2017-15121", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)\n\n* kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Null pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.", "modified": "2018-06-19T08:01:12", "published": "2018-06-19T06:11:08", "id": "RHSA-2018:1854", "href": "https://access.redhat.com/errata/RHSA-2018:1854", "type": "redhat", "title": "(RHSA-2018:1854) Important: kernel security and bug fix update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:47", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "modified": "2019-02-01T18:41:33", "published": "2018-10-30T08:16:59", "id": "RHSA-2018:3083", "href": "https://access.redhat.com/errata/RHSA-2018:3083", "type": "redhat", "title": "(RHSA-2018:3083) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:32:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "modified": "2019-02-01T19:38:43", "published": "2018-10-30T08:18:28", "id": "RHSA-2018:3096", "href": "https://access.redhat.com/errata/RHSA-2018:3096", "type": "redhat", "title": "(RHSA-2018:3096) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:22:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7755", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-5750", "CVE-2018-11508", "CVE-2018-5803"], "description": "It was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation for \n64 bit Linux kernels did not properly initialize memory returned to user \nspace in some situations. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability existed \nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A \nlocal attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the \nfloppy driver in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)", "edition": 7, "modified": "2018-07-02T00:00:00", "published": "2018-07-02T00:00:00", "id": "USN-3697-1", "href": "https://ubuntu.com/security/notices/USN-3697-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:40:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7755", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-5750", "CVE-2018-11508", "CVE-2018-5803"], "description": "It was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJann Horn discovered that the 32 bit adjtimex() syscall implementation for \n64 bit Linux kernels did not properly initialize memory returned to user \nspace in some situations. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-11508)\n\nWang Qize discovered that an information disclosure vulnerability existed \nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A \nlocal attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the \nfloppy driver in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)", "edition": 6, "modified": "2018-07-02T00:00:00", "published": "2018-07-02T00:00:00", "id": "USN-3697-2", "href": "https://ubuntu.com/security/notices/USN-3697-2", "title": "Linux kernel (OEM) vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15265", "CVE-2018-7755", "CVE-2017-12193", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5750", "CVE-2017-12154", "CVE-2018-5803"], "description": "It was discovered that the nested KVM implementation in the Linux kernel in \nsome situations did not properly prevent second level guests from reading \nand writing the hardware CR8 register. A local attacker in a guest could \nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nFan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array \nimplementation in the Linux kernel sometimes did not properly handle adding \na new entry. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2017-12193)\n\nIt was discovered that a race condition existed in the ALSA subsystem of \nthe Linux kernel when creating and deleting a port via ioctl(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15265)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJulian Stecklina and Thomas Prescher discovered that FPU register states \n(such as MMX, SSE, and AVX registers) which are lazily restored are \npotentially vulnerable to a side channel attack. A local attacker could use \nthis to expose sensitive information. (CVE-2018-3665)\n\nWang Qize discovered that an information disclosure vulnerability existed \nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A \nlocal attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the \nfloppy driver in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)", "edition": 5, "modified": "2018-07-02T00:00:00", "published": "2018-07-02T00:00:00", "id": "USN-3698-1", "href": "https://ubuntu.com/security/notices/USN-3698-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:49", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15265", "CVE-2018-7755", "CVE-2017-12193", "CVE-2018-6927", "CVE-2018-7757", "CVE-2018-1130", "CVE-2018-3665", "CVE-2018-5750", "CVE-2017-12154", "CVE-2018-5803"], "description": "USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that the nested KVM implementation in the Linux kernel in \nsome situations did not properly prevent second level guests from reading \nand writing the hardware CR8 register. A local attacker in a guest could \nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nFan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array \nimplementation in the Linux kernel sometimes did not properly handle adding \na new entry. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2017-12193)\n\nIt was discovered that a race condition existed in the ALSA subsystem of \nthe Linux kernel when creating and deleting a port via ioctl(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15265)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nJulian Stecklina and Thomas Prescher discovered that FPU register states \n(such as MMX, SSE, and AVX registers) which are lazily restored are \npotentially vulnerable to a side channel attack. A local attacker could use \nthis to expose sensitive information. (CVE-2018-3665)\n\nWang Qize discovered that an information disclosure vulnerability existed \nin the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A \nlocal attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2018-5750)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that an information leak vulnerability existed in the \nfloppy driver in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2018-7755)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)", "edition": 6, "modified": "2018-07-02T00:00:00", "published": "2018-07-02T00:00:00", "id": "USN-3698-2", "href": "https://ubuntu.com/security/notices/USN-3698-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803"], "description": "Tuba Yavuz discovered that a double-free error existed in the USBTV007 \ndriver of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS \nEthernet Device driver in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not \nvalidate that rules containing jumps contained user-defined chains. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nproperly validate ebtables offsets. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer \nsubsystem of the Linux kernel when setting up a request queue. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check \nhandler in the Linux kernel. A local privileged attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-7995)\n\nEyal Itkin discovered that the USB displaylink video adapter driver in the \nLinux kernel did not properly validate mmap offsets sent from userspace. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory) or possibly execute arbitrary code. (CVE-2018-8781)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS \nimplementation in the Linux kernel. A remote attacker controlling a \nmalicious NCPFS server could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-8822)", "edition": 6, "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "USN-3656-1", "href": "https://ubuntu.com/security/notices/USN-3656-1", "title": "Linux kernel (Raspberry Pi 2, Snapdragon) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-18T01:44:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803", "CVE-2018-3639"], "description": "USN-3654-1 fixed vulnerabilities and added mitigations in the Linux \nkernel for Ubuntu 16.04 LTS. This update provides the corresponding \nupdates for the Linux Hardware Enablement (HWE) kernel from Ubuntu \n16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn and Ken Johnson discovered that microprocessors utilizing \nspeculative execution of a memory read may allow unauthorized memory \nreads via a sidechannel attack. This flaw is known as Spectre \nVariant 4. A local attacker could use this to expose sensitive \ninformation, including kernel memory. (CVE-2018-3639)\n\nTuba Yavuz discovered that a double-free error existed in the USBTV007 \ndriver of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS \nEthernet Device driver in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not \nvalidate that rules containing jumps contained user-defined chains. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nproperly validate ebtables offsets. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer \nsubsystem of the Linux kernel when setting up a request queue. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check \nhandler in the Linux kernel. A local privileged attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-7995)\n\nEyal Itkin discovered that the USB displaylink video adapter driver in the \nLinux kernel did not properly validate mmap offsets sent from userspace. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory) or possibly execute arbitrary code. (CVE-2018-8781)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS \nimplementation in the Linux kernel. A remote attacker controlling a \nmalicious NCPFS server could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-8822)", "edition": 7, "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "USN-3654-2", "href": "https://ubuntu.com/security/notices/USN-3654-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-18T01:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803", "CVE-2018-3639"], "description": "Jann Horn and Ken Johnson discovered that microprocessors utilizing \nspeculative execution of a memory read may allow unauthorized memory \nreads via a sidechannel attack. This flaw is known as Spectre \nVariant 4. A local attacker could use this to expose sensitive \ninformation, including kernel memory. (CVE-2018-3639)\n\nTuba Yavuz discovered that a double-free error existed in the USBTV007 \ndriver of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS \nEthernet Device driver in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not \nvalidate that rules containing jumps contained user-defined chains. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nproperly validate ebtables offsets. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe DCCP protocol implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel \ndid not properly validate userspace provided payload lengths in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer \nsubsystem of the Linux kernel when setting up a request queue. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check \nhandler in the Linux kernel. A local privileged attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-7995)\n\nEyal Itkin discovered that the USB displaylink video adapter driver in the \nLinux kernel did not properly validate mmap offsets sent from userspace. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory) or possibly execute arbitrary code. (CVE-2018-8781)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS \nimplementation in the Linux kernel. A remote attacker controlling a \nmalicious NCPFS server could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-8822)", "edition": 7, "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "USN-3654-1", "href": "https://ubuntu.com/security/notices/USN-3654-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7616", "CVE-2017-8824", "CVE-2018-1130", "CVE-2018-10087", "CVE-2017-18017", "CVE-2018-10124", "CVE-2018-5803", "CVE-2017-11600"], "description": "[4.1.12-124.17.1]\n- block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756] \n- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}\n- net/rds: Implement ARP flushing correctly (Hakon Bugge) [Orabug: 28219857] \n- net/rds: Fix incorrect bigger vs. smaller IP address check (Hakon Bugge) [Orabug: 28236599] \n- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391] \n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] {CVE-2017-11600} {CVE-2017-11600}\n[4.1.12-124.16.6]\n- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400] \n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] {CVE-2017-7616}\n- xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023] \n- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) [Orabug: 27718303] \n- mlx4_core: allocate ICM memory in page size chunks (Qing Huang) [Orabug: 27718303] \n- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}\n- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214] \n- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032] \n- net/rds: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198749] \n- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240074] {CVE-2018-5803}\n[4.1.12-124.16.5]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] {CVE-2017-18017}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] {CVE-2018-10087}\n- x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]", "edition": 4, "modified": "2018-07-10T00:00:00", "published": "2018-07-10T00:00:00", "id": "ELSA-2018-4161", "href": "http://linux.oracle.com/errata/ELSA-2018-4161.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2017-7616", "CVE-2017-17741", "CVE-2017-18203", "CVE-2016-2548", "CVE-2018-1000199", "CVE-2016-2547", "CVE-2017-8824", "CVE-2016-2544", "CVE-2018-1130", "CVE-2018-8781", "CVE-2017-1000410", "CVE-2016-2545", "CVE-2018-3665", "CVE-2018-10323", "CVE-2016-2549", "CVE-2015-8575", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-5803", "CVE-2017-11600"], "description": "kernel-uek\n[3.8.13-118.22.1]\n- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) {CVE-2017-18203}\n- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27986407] {CVE-2018-8781}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488] {CVE-2018-10087}\n- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) {CVE-2018-10124}\n- bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130293] {CVE-2015-8575}\n- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220402] {CVE-2017-8824} {CVE-2018-1130}\n- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240075] {CVE-2018-5803}\n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242478] {CVE-2017-7616}\n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264121] {CVE-2017-11600} {CVE-2017-11600}\n- x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665}\n- KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741}\n- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323}\n- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410}\n- ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549}\n- ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548}\n- ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545}\n- ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543}\n- ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544}\n- ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384}\n- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199}\n- Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608]", "edition": 4, "modified": "2018-07-10T00:00:00", "published": "2018-07-10T00:00:00", "id": "ELSA-2018-4164", "href": "http://linux.oracle.com/errata/ELSA-2018-4164.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10940", "CVE-2018-10878", "CVE-2016-4913", "CVE-2018-13405", "CVE-2017-0861", "CVE-2017-17805", "CVE-2018-10881", "CVE-2018-5344", "CVE-2018-1118", "CVE-2018-5848", "CVE-2018-7757", "CVE-2017-10661", "CVE-2018-1130", "CVE-2018-1120", "CVE-2018-8781", "CVE-2018-5391", "CVE-2015-8830", "CVE-2017-18232", "CVE-2018-7740", "CVE-2017-18208", "CVE-2018-10322", "CVE-2018-10883", "CVE-2017-18344", "CVE-2018-10902", "CVE-2018-5803", "CVE-2018-1092", "CVE-2018-1000026", "CVE-2018-1094", "CVE-2018-10879", "CVE-2018-14634"], "description": "[3.10.0-957]\n- [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059]\n[3.10.0-956]\n- [block] blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug (Ming Lei) [1619988]\n- [nvme] nvme-pci: unquiesce dead controller queues (Ming Lei) [1632424]\n[3.10.0-955]\n- [netdrv] net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow (Alaa Hleihel) [1633652]\n- [netdrv] net/mlx5e: Fix traffic between VF and representor (Alaa Hleihel) [1633652]\n- [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1632050]\n[3.10.0-954]\n- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625991] {CVE-2018-14634}\n- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625991] {CVE-2018-14634}\n- [kernel] revert 'sched/topology: Introduce NUMA identity node sched domain' (Gustavo Duarte) [1620031]\n- [powerpc] revert 'powernv: Add a virtual irqchip for opal events' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv: Reorder OPAL subsystem initialisation' (Gustavo Duarte) [1617966]\n- [char] revert 'ipmi/powernv: Convert to irq event interface' (Gustavo Duarte) [1617966]\n- [tty] revert 'hvc: Convert to using interrupts instead of opal events' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/eeh: Update the EEH code to use the opal irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/opal: Convert opal message events to opal irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/elog: Convert elog to opal irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/opal-dump: Convert to irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'opal: Remove events notifier' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv: Increase opal-irqchip initcall priority' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'opal-irqchip: Fix double endian conversion' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'opal-irqchip: Fix deadlock introduced by 'Fix double endian conversion'' (Gustavo Duarte) [1617966]\n- [sound] alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (Jaroslav Kysela) [1611958]\n- [sound] alsa: hda/realtek - Fix the problem of two front mics on more machines (Jaroslav Kysela) [1611958]\n- [sound] alsa: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (Jaroslav Kysela) [1611958]\n[3.10.0-953]\n- [cdrom] information leak in cdrom_ioctl_media_changed() (Sanskriti Sharma) [1578207] {CVE-2018-10940}\n- [mm] mlock: remove lru_add_drain_all() (Oleksandr Natalenko) [1624765]\n- [block] blk-mq: fix race between updating nr_hw_queues and switching io sched (Ming Lei) [1619988]\n- [block] blk-mq: avoid to map CPU into stale hw queue (Ming Lei) [1619988]\n- [block] blk-mq: fix sysfs inflight counter (Ming Lei) [1548261]\n- [block] blk-mq: count allocated but not started requests in iostats inflight (Ming Lei) [1548261]\n- [block] fix a crash caused by wrong API (Ming Lei) [1548261]\n- [block] blk-mq: enable checking two part inflight counts at the same time (Ming Lei) [1548261]\n- [block] blk-mq: provide internal in-flight variant (Ming Lei) [1548261]\n- [block] make part_in_flight() take an array of two ints (Ming Lei) [1548261]\n- [block] pass in queue to inflight accounting (Ming Lei) [1548261]\n- [x86] Mark Intel Cascade Lake supported (Steve Best) [1584343]\n[3.10.0-952]\n- [netdrv] mlx5e: IPoIB, Use priv stats in completion rx flow (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB child devices (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB netdevices (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: IPoIB, Initialize max_opened_tc in mlx5i_init flow (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: Present SW stats when state is not opened (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: Avoid reset netdev stats on configuration changes (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: Use bool as return type for mlx5e_xdp_handle (Alaa Hleihel) [1618609]\n- [netdrv] net: aquantia: memory corruption on jumbo frames (Igor Russkikh) [1628238]\n- [kernel] revert 'platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143]\n- [x86] revert 'mm: probe memory block size for generic x86 64bit' (Baoquan He) [1625143]\n- [x86] revert 'mm: Use 2GB memory block size on large-memory x86-64 systems' (Baoquan He) [1625143]\n- [x86] revert 'mm: Streamline and restore probe_memory_block_size()' (Baoquan He) [1625143]\n- [x86] revert 'mm/memory_hotplug: determine block size based on the end of boot memory' (Baoquan He) [1625143]\n- [mm] revert 'memory_hotplug: do not fail offlining too early' (Baoquan He) [1625143]\n- [mm] revert 'memory_hotplug: remove timeout from __offline_memory' (Baoquan He) [1625143]\n- [kernel] revert 'x86/platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143]\n[3.10.0-951]\n- [fs] fanotify: fix logic of events on child (Miklos Szeredi) [1597738]\n- [fs] cifs: add a check for session expiry (Leif Sahlberg) [1626358]\n- [fs] xfs: completely disable per-inode DAX behavior (Eric Sandeen) [1623150]\n- [fs] fs: get_rock_ridge_filename(): handle malformed NM entries (Bill O'Donnell) [1340778] {CVE-2016-4913}\n- [md] fix 'allow faster resync only on non-rotational media' underneath dm (Nigel Croxon) [1561162]\n- [md] Revert 'allow faster resync only on non-rotational media' (Nigel Croxon) [1561162]\n- [mm] madvise: fix madvise() infinite loop under special circumstances (Rafael Aquini) [1552982] {CVE-2017-18208}\n- [infiniband] srpt: Support HCAs with more than two ports (Don Dutile) [1616192]\n- [infiniband] overflow.h: Add allocation size calculation helpers (Don Dutile) [1616192]\n- [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1607907]\n- [kernel] revert cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1626943]\n- [s390] sclp: Change SCLP console default buffer-full behavior (Hendrik Brueckner) [1625350]\n- [x86] kvm: Take out __exit annotation in vmx_exit() (Waiman Long) [1626560]\n- [x86] mark coffeelake-s 8+2 as supported (David Arcari) [1575457]\n- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1619602]\n- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1619602]\n[3.10.0-950]\n- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613711] {CVE-2017-18344}\n- [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593087] {CVE-2018-10902}\n- [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600953] {CVE-2018-13405}\n- [fs] pnfs: Layoutreturn must free the layout after the layout-private data (Scott Mayhew) [1625517]\n- [fs] sunrpc: Ensure we always close the socket after a connection shuts down (Steve Dickson) [1614950]\n- [fs] xfs: remove filestream item xfs_inode reference (Brian Foster) [1518623]\n- [mm] set IORESOURCE_SYSTEM_RAM to system RAM to fix memory hot-add failure (Larry Woodman) [1628349]\n- [firmware] efivars: Protect DataSize and Data in efivar_entry.var (Lenny Szubowicz) [1597868]\n[3.10.0-949]\n- [scsi] libsas: fix memory leak in sas_smp_get_phy_events() (Tomas Henzl) [1558582] {CVE-2018-7757}\n- [vhost] fix info leak due to uninitialized memory (Jason Wang) [1573705] {CVE-2018-1118}\n- [pci] Fix calculation of bridge window's size and alignment (Myron Stowe) [1623800]\n- [md] dm thin metadata: try to avoid ever aborting transactions (Mike Snitzer) [1614151]\n- [crypto] api: fix finding algorithm currently being tested (Herbert Xu) [1618701]\n- [sound] alsa: hda/realtek: Fix HP Headset Mic can't record (Jaroslav Kysela) [1622721]\n- [sound] alsa: hda/realtek - Fixup for HP x360 laptops with B&O speakers (Jaroslav Kysela) [1622721]\n- [sound] alsa: hda/realtek - Fixup mute led on HP Spectre x360 (Jaroslav Kysela) [1622721]\n- [target] scsi: tcmu: use u64 for dev_size (Xiubo Li) [1603363]\n- [target] scsi: tcmu: use match_int for dev params (Xiubo Li) [1603363]\n- [target] scsi: tcmu: do not set max_blocks if data_bitmap has been setup (Xiubo Li) [1603363]\n- [target] scsi: tcmu: unmap if dev is configured (Xiubo Li) [1603363]\n- [target] scsi: tcmu: check if dev is configured before block/reset (Xiubo Li) [1603363]\n- [target] scsi: tcmu: use lio core se_device configuration helper (Xiubo Li) [1603363]\n- [target] scsi: target: add helper to check if dev is configured (Xiubo Li) [1603363]\n- [target] scsi: tcmu: initialize list head (Xiubo Li) [1603363]\n- [target] scsi: target_core_user: fix double unlock (Xiubo Li) [1603363]\n- [s390] arch: Set IORESOURCE_SYSTEM_RAM flag for resources (Gary Hook) [1627889]\n- [x86] efi-bgrt: Switch all pr_err() to pr_notice() for invalid BGRT (Lenny Szubowicz) [1464241]\n- [x86] efi/bgrt: Don't ignore the BGRT if the 'valid' bit is 0 (Lenny Szubowicz) [1464241]\n- [x86] efi: Preface all print statements with efi* tag (Lenny Szubowicz) [1464241]\n- [x86] efi-bgrt: Switch pr_err() to pr_debug() for invalid BGRT (Lenny Szubowicz) [1464241]\n- [x86] efi-bgrt: Add error handling; inform the user when ignoring the BGRT (Lenny Szubowicz) [1464241]\n- [x86] efi: Check status field to validate BGRT header (Lenny Szubowicz) [1464241]\n[3.10.0-948]\n- [gpu] drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Fix deadlocks in nouveau_connector_detect() (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Reset MST branching unit before enabling (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Only write DP_MSTM_CTRL when needed (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/kms/nv50-: ensure window updates are submitted when flushing mst disables (Lyude Paul) [1597881 1571927]\n- [vfio] vfio-pci: Disable binding to PFs with SR-IOV enabled (Alex Williamson) [1583487]\n- [mm] partially revert: remove per-zone hashtable of bitlock waitqueues (Jeff Moyer) [1623980]\n- [security] selinux: mark unsupported policy capabilities as reserved (Paul Moore) [1600850]\n- [x86] intel_rdt: Fix MBA resource initialization (Prarit Bhargava) [1610239]\n[3.10.0-947]\n- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] avoid skb_warn_bad_offload on IS_ERR (Andrea Claudi) [1624702]\n- [net] ipv4: fix incorrectly registered callback for sysctl_fib_multipath_hash_policy (Ivan Vecera) [1624356]\n- [net] ipset: list:set: Decrease refcount synchronously on deletion and replace (Stefano Brivio) [1593732]\n- [netdrv] cfg80211: let's wmm_rule be part of reg_rule structure (Stanislaw Gruszka) [1620108]\n- [netdrv] nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command (Stanislaw Gruszka) [1620108]\n- [netdrv] iwlwifi: mvm: remove division by size of sizeof(struct ieee80211_wmm_rule) (Stanislaw Gruszka) [1620108]\n- [hv] vmbus: don't return values for uninitalized channels (Vitaly Kuznetsov) [1615500]\n- [md] dm raid: bump target version, update comments and documentation (Mike Snitzer) [1573988]\n- [md] dm raid: fix RAID leg rebuild errors (Mike Snitzer) [1573988]\n- [md] dm raid: fix rebuild of specific devices by updating superblock (Mike Snitzer) [1626094]\n- [md] dm raid: fix stripe adding reshape deadlock (Mike Snitzer) [1613039 1514539]\n- [md] dm raid: fix reshape race on small devices (Mike Snitzer) [1573988 1586123]\n- [acpi] acpica: reference counts: increase max to 0x4000 for large servers (Frank Ramsay) [1618758]\n- [gpu] drm/i915/cfl: Add a new CFL PCI ID (Rob Clark) [1533336]\n- [gpu] drm/i915/aml: Introducing Amber Lake platform (Rob Clark) [1533336]\n- [gpu] drm/i915/whl: Introducing Whiskey Lake platform (Rob Clark) [1533336]\n- [gpu] drm/nouveau/kms/nv50-: allocate push buffers in vidmem on pascal (Ben Skeggs) [1584963]\n- [gpu] drm/nouveau/fb/gp100-: disable address remapper (Ben Skeggs) [1584963]\n- [mm] kernel error swap_info_get: Bad swap offset entry (Mikulas Patocka) [1622747]\n- [s390] detect etoken facility (Hendrik Brueckner) [1625349]\n- [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1625349]\n- [x86] spec_ctrl: Don't turn off IBRS on idle with enhanced IBRS (Waiman Long) [1614143]\n- [x86] speculation: Support Enhanced IBRS on future CPUs (Waiman Long) [1614143]\n[3.10.0-946]\n- [netdrv] qed: Add new TLV to request PF to update MAC in bulletin board (Harish Patil) [1460150]\n- [netdrv] qed: use trust mode to allow VF to override forced MAC (Harish Patil) [1460150]\n- [netdrv] hv_netvsc: Fix napi reschedule while receive completion is busy (Mohammed Gamal) [1614503]\n- [netdrv] hv_netvsc: remove unneeded netvsc_napi_complete_done() (Mohammed Gamal) [1614503]\n- [scsi] qedi: Add the CRC size within iSCSI NVM image (Chad Dupuis) [1611573]\n- [char] ipmi: Move BT capabilities detection to the detect call (Frank Ramsay) [1618778]\n- [x86] kvm: update master clock before computing kvmclock_offset (Marcelo Tosatti) [1594034]\n[3.10.0-945]\n- [samples] bpf: Additional changes (Jiri Olsa) [1619721]\n- [samples] bpf: Add v4.16 sources (Jiri Olsa) [1619721]\n- [tools] perf python: Fix pyrf_evlist__read_on_cpu() interface (Jiri Olsa) [1620774]\n- [tools] perf mmap: Store real cpu number in 'struct perf_mmap' (Jiri Olsa) [1620774]\n- [netdrv] cxgb4: update 1.20.8.0 as the latest firmware supported (Arjun Vynipadath) [1622551]\n- [netdrv] cxgb4: update latest firmware version supported (Arjun Vynipadath) [1622551]\n- [netdrv] mlx5e: Fix null pointer access when setting MTU of vport representor (Erez Alfasi) [1625195]\n- [netdrv] mlx5e: Support configurable MTU for vport representors (Erez Alfasi) [1625195]\n- [netdrv] mlx5e: Save MTU in channels params (Erez Alfasi) [1625195]\n- [netdrv] be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros) [1625703]\n- [netdrv] virtio-net: set netdevice mtu correctly (Mohammed Gamal) [1610416]\n- [netdrv] i40e: Prevent deleting MAC address from VF when set by PF (Stefan Assmann) [1614161]\n- [netdrv] i40evf: cancel workqueue sync for adminq when a VF is removed (Stefan Assmann) [1615829]\n- [netdrv] i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled (Stefan Assmann) [1616149]\n- [netdrv] i40e: fix condition of WARN_ONCE for stat strings (Stefan Assmann) [1609173]\n- [uio] Revert 'use request_threaded_irq instead' (Xiubo Li) [1560418]\n- [fs] seq_file: fix out-of-bounds read (Paolo Abeni) [1620002]\n- [md] RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (Nigel Croxon) [1530776]\n- [md] allow faster resync only on non-rotational media (Nigel Croxon) [1561162]\n- [nvdimm] libnvdimm: fix ars_status output length calculation (Jeff Moyer) [1616304]\n- [cpufreq] Fix possible circular locking dependency (Waiman Long) [1529668]\n- [mm] memcg: delay memcg id freeing (Aristeu Rozanski) [1607249]\n- [mm] mlock: fix mlock accounting (Rafael Aquini) [1610652]\n- [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1588002]\n- [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1588002]\n- [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1588002]\n- [x86] apic: Future-proof the TSC_DEADLINE quirk for SKX (Steve Best) [1624090]\n[3.10.0-944]\n- [net] ipvs: Fix panic due to non-linear skb (Davide Caratti) [1623088]\n- [net] ipv4: remove BUG_ON() from fib_compute_spec_dst (Lorenzo Bianconi) [1496779]\n- [net] ipv6: fix cleanup ordering for ip6_mr failure (Xin Long) [1622218]\n- [net] ipv6: reorder icmpv6_init() and ip6_mr_init() (Xin Long) [1622218]\n- [x86] subject: x86/efi: Access EFI MMIO data as unencrypted when SEV is active (Gary Hook) [1361286]\n- [x86] boot: Fix boot failure when SMP MP-table is based at 0 (Gary Hook) [1361286]\n- [x86] resource: Fix resource_size.cocci warnings (Gary Hook) [1361286]\n- [x86] kvm: Clear encryption attribute when SEV is active (Gary Hook) [1361286]\n- [x86] kvm: Decrypt shared per-cpu variables when SEV is active (Gary Hook) [1361286]\n- [kernel] percpu: Introduce DEFINE_PER_CPU_DECRYPTED (Gary Hook) [1361286]\n- [x86] Add support for changing memory encryption attribute in early boot (Gary Hook) [1361286]\n- [x86] io: Unroll string I/O when SEV is active (Gary Hook) [1361286]\n- [x86] boot: Add early boot support when running with SEV active (Gary Hook) [1361286]\n- [x86] mm: Add DMA support for SEV memory encryption (Gary Hook) [1361286]\n- [x86] mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages (Gary Hook) [1361286]\n- [kernel] resource: Provide resource struct in resource walk callback (Gary Hook) [1361286]\n- [kernel] resource: Consolidate resource walking code (Gary Hook) [1361286]\n- [x86] efi: Access EFI data as encrypted when SEV is active (Gary Hook) [1361286]\n- [x86] mm: Include SEV for encryption memory attribute changes (Gary Hook) [1361286]\n- [x86] mm: Use encrypted access of boot related data with SEV (Gary Hook) [1361286]\n- [x86] mm: Add Secure Encrypted Virtualization (SEV) support (Gary Hook) [1361286]\n- [documentation] x86: Add AMD Secure Encrypted Virtualization (SEV) description (Gary Hook) [1361286]\n- [x86] mm: Remove unnecessary TLB flush for SME in-place encryption (Gary Hook) [1361286]\n- [x86] kexec: Remove walk_iomem_res() call with GART type (Gary Hook) [1361286]\n- [kernel] resource: Change walk_system_ram() to use System RAM type (Gary Hook) [1361286]\n- [kernel] kexec: Set IORESOURCE_SYSTEM_RAM for System RAM (Gary Hook) [1361286]\n- [x86] arch: Set IORESOURCE_SYSTEM_RAM flag for System RAM (Gary Hook) [1361286]\n- [x86] Set System RAM type and descriptor (Gary Hook) [1361286]\n- [kernel] resource: Handle resource flags properly (Gary Hook) [1361286]\n- [kernel] resource: Add System RAM resource type (Gary Hook) [1361286]\n[3.10.0-943]\n- [fs] timerfd: Protect the might cancel mechanism proper (Bill O'Donnell) [1485407] {CVE-2017-10661}\n- [fs] exec.c: Add missing 'audit_bprm()' call in 'exec_binprm()' (Bhupesh Sharma) [1496408]\n- [fs] gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated (Robert S Peterson) [1600142]\n- [fs] gfs2: improve debug information when lvb mismatches are found (Robert S Peterson) [1600142]\n- [fs] gfs2: fix memory leak in rgrp lvbs (Robert S Peterson) [1600142]\n- [fs] gfs2: cleanup: call gfs2_rgrp_ondisk2lvb from gfs2_rgrp_out (Robert S Peterson) [1600142]\n- [fs] gfs2: Fix MAGIC check in LVBs (Robert S Peterson) [1600142]\n- [fs] gfs2: Do not reset flags on active reservations (Robert S Peterson) [1600142]\n- [fs] cifs: Fix stack out-of-bounds in smb(2, 3)_create_lease_buf() (Leif Sahlberg) [1598755]\n- [fs] cifs: store the leaseKey in the fid on SMB2_open (Leif Sahlberg) [1598755]\n- [fs] nfsd: further refinement of content of /proc/fs/nfsd/versions (Steve Dickson) [1614603]\n- [fs] nfsd: fix configuration of supported minor versions (Steve Dickson) [1614603]\n- [fs] nfsd: Fix display of the version string (Steve Dickson) [1614603]\n- [fs] nfsd: correctly range-check v4.x minor version when setting versions (Steve Dickson) [1614603]\n- [fs] ext4: Close race between direct IO and ext4_break_layouts() (Eric Sandeen) [1616301]\n- [fs] xfs: Close race between direct IO and xfs_break_layouts() (Eric Sandeen) [1616301]\n- [fs] ext4: handle layout changes to pinned DAX mappings (Eric Sandeen) [1614153]\n- [fs] dax: dax_layout_busy_page() warn on !exceptional (Eric Sandeen) [1614153]\n- [gpu] makefile: bump drm backport version (Rob Clark) [1600569]\n- [gpu] drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (Rob Clark) [1600569]\n- [gpu] amd/dc/dce100: On dce100, set clocks to 0 on suspend (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: fix swapped emit_ib_size in vce3 (Rob Clark) [1600569]\n- [gpu] drm/amd/powerplay: correct vega12 thermal support as true (Rob Clark) [1600569]\n- [gpu] drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (Rob Clark) [1600569]\n- [gpu] drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier (Rob Clark) [1600569]\n- [gpu] drm/dp/mst: Fix off-by-one typo when dump payload table (Rob Clark) [1600569]\n- [gpu] drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (Rob Clark) [1600569]\n- [gpu] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (Rob Clark) [1600569]\n- [gpu] drm/atomic: Handling the case when setting old crtc for plane (Rob Clark) [1600569]\n- [gpu] drm/amd/display: Fix dim display on DCE11 (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: Remove VRAM from shared bo domains (Rob Clark) [1600569]\n- [gpu] drm/radeon: fix mode_valid's return type (Rob Clark) [1600569]\n- [gpu] drm/amd/display: remove need of modeset flag for overlay planes (V2) (Rob Clark) [1600569]\n- [gpu] drm/amd/display: Do not program interrupt status on disabled crtc (Rob Clark) [1600569]\n- [gpu] drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2) (Rob Clark) [1600569]\n- [gpu] drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs (Rob Clark) [1600569]\n- [gpu] drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Avoid looping through fake MST connectors (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Remove bogus crtc check in pmops_runtime_idle (Rob Clark) [1600569]\n- [gpu] revert 'drm/amd/display: Don't return ddc result and read_bytes in same return value' (Rob Clark) [1600569]\n- [gpu] drm/i915: Fix hotplug irq ack on i965/g4x (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: Reserve VM root shared fence slot for command submission (v3) (Rob Clark) [1600569]\n- [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1609717]\n[3.10.0-942]\n- [mm] fix devmem_is_allowed() for sub-page System RAM intersections (Joe Lawrence) [1524322]\n- [pci] Delay after FLR of Intel DC P3700 NVMe (Alex Williamson) [1592654]\n- [pci] Disable Samsung SM961/PM961 NVMe before FLR (Alex Williamson) [1542494]\n- [pci] Export pcie_has_flr() (Alex Williamson) [1592654 1542494]\n- [nvdimm] libnvdimm: Export max available extent (Jeff Moyer) [1611761]\n- [nvdimm] libnvdimm: Use max contiguous area for namespace size (Jeff Moyer) [1611761]\n- [mm] ipc/shm.c add ->pagesize function to shm_vm_ops (Jeff Moyer) [1609834]\n- [kernel] mm: disallow mappings that conflict for devm_memremap_pages() (Jeff Moyer) [1616044]\n- [kernel] memremap: fix softlockup reports at teardown (Jeff Moyer) [1616187]\n- [kernel] memremap: add scheduling point to devm_memremap_pages (Jeff Moyer) [1616187]\n- [mm] page_alloc: add scheduling point to memmap_init_zone (Jeff Moyer) [1616187]\n- [mm] memory_hotplug: add scheduling point to __add_pages (Jeff Moyer) [1616187]\n- [acpi] nfit: Fix scrub idle detection (Jeff Moyer) [1616041]\n- [x86] asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (Jeff Moyer) [1608674]\n- [nvdimm] libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: advertise a write cache for nfit_test (Jeff Moyer) [1608674]\n- [tools] x86, nfit_test: Add unit test for memcpy_mcsafe() (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: allow custom error code injection (Jeff Moyer) [1608674]\n- [tools] libnvdimm, testing: update the default smart ctrl_temperature (Jeff Moyer) [1608674]\n- [tools] libnvdimm, testing: Add emulation for smart injection commands (Jeff Moyer) [1608674]\n- [tools] nfit_test: prevent parsing error of nfit_test.0 (Jeff Moyer) [1608674]\n- [tools] nfit_test: fix buffer overrun, add sanity check (Jeff Moyer) [1608674]\n- [tools] nfit_test: improve structure offset handling (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: force nfit_test to depend on instrumented modules (Jeff Moyer) [1608674]\n- [tools] libnvdimm/nfit_test: adding support for unit testing enable LSS status (Jeff Moyer) [1612421]\n- [tools] libnvdimm/nfit_test: add firmware download emulation (Jeff Moyer) [1612420]\n- [kernel] jiffies: add time comparison functions for 64 bit jiffies (Jeff Moyer) [1612420]\n- [tools] testing/nvdimm: smart alarm/threshold control (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: unit test clear-error commands (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: stricter bounds checking for error injection commands (Jeff Moyer) [1608674]\n- [tools] nfit_test: when clearing poison, also remove badrange entries (Jeff Moyer) [1608674]\n- [tools] nfit_test: add error injection DSMs (Jeff Moyer) [1612417]\n- [nvdimm] pmem: Switch to copy_to_iter_mcsafe() (Jeff Moyer) [1608674]\n- [fs] dax: Report bytes remaining in dax_iomap_actor() (Jeff Moyer) [1608674]\n- [lib] uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (Jeff Moyer) [1608674]\n- [net] x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Add write-protection-fault handling (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Return bytes remaining (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Remove loop unrolling (Jeff Moyer) [1608674]\n- [net] dax: Introduce a ->copy_to_iter dax operation (Jeff Moyer) [1608674]\n- [kernel] dax: remove default copy_from_iter fallback (Jeff Moyer) [1539264]\n- [fs] filesystem-dax: convert to dax_copy_from_iter() (Jeff Moyer) [1608674]\n- [md] dm log writes: record metadata flag for better flags record (Jeff Moyer) [1539264]\n- [md] dax, dm: allow device-mapper to operate without dax support (Jeff Moyer) [1539264]\n- [md] dm log writes: fix max length used for kstrndup (Jeff Moyer) [1539264]\n- [md] dm log writes: add support for DAX (Jeff Moyer) [1539264]\n- [md] dm log writes: add support for inline data buffers (Jeff Moyer) [1539264]\n- [md] dm log writes: fix >512b sectorsize support (Jeff Moyer) [1539264]\n- [md] dm log writes: don't use all the cpu while waiting to log blocks (Jeff Moyer) [1539264]\n- [md] dm log writes: fix check of kthread_run() return value (Jeff Moyer) [1539264]\n- [md] dm log writes: fix bug with too large bios (Jeff Moyer) [1539264]\n- [md] dm log writes: move IO accounting earlier to fix error path (Jeff Moyer) [1539264]\n- [md] dm log writes: use ULL suffix for 64-bit constants (Jeff Moyer) [1539264]\n- [md] dm: add log writes target (Jeff Moyer) [1539264]\n- [md] dm: add ->copy_from_iter() dax operation support (Jeff Moyer) [1539264]\n- [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1621969]\n- [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1621969]\n- [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1621969]\n- [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1621969]\n- [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1621969]\n- [powerpc] iommu: Do not call PageTransHuge() on tail pages (David Gibson) [1594347]\n- [powerpc] kvm: book3s hv: Migrate pinned pages out of CMA (David Gibson) [1594347]\n[3.10.0-941]\n- [tools] power turbostat: Allow for broken ACPI LPIT tables (Prarit Bhargava) [1614083]\n- [base] pm/runtime: Avoid false-positive warnings from might_sleep_if() (Paul Lai) [1615223]\n- [md] dm thin: stop no_space_timeout worker when switching to write-mode (Mike Snitzer) [1620251]\n- [netdrv] mlx5e: Only allow offloading decap egress (egdev) flows (Erez Alfasi) [1619641]\n- [netdrv] mlx5-core: Mark unsupported devices (Don Dutile) [1621824 1621810]\n- [netdrv] bnx2x: disable GSO where gso_size is too big for hardware (Jonathan Toppins) [1546760] {CVE-2018-1000026}\n- [net] create skb_gso_validate_mac_len() (Jonathan Toppins) [1546760] {CVE-2018-1000026}\n- [scsi] target: iscsi: cxgbit: fix max iso npdu calculation (Arjun Vynipadath) [1613307]\n- [scsi] csiostor: update csio_get_flash_params() (Arjun Vynipadath) [1613307]\n- [scsi] lpfc: Correct MDS diag and nvmet configuration (Dick Kennedy) [1616104]\n- [qla2xxx] Mark NVMe/FC initiator mode usage as technology preview (Ewan Milne) [1620258]\n- [nvme-fc] Take NVMe/FC initiator out of technology preview (Ewan Milne) [1620258]\n- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1610560]\n- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1610560]\n- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1610560]\n- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1610560]\n- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1610560]\n- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1610560]\n- [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1620041]\n- [powerpc] kdump: Handle crashkernel memory reservation failure (Pingfan Liu) [1621945]\n- [powerpc] ftrace: Match dot symbols when searching functions on ppc64 (Jerome Marchand) [1613136]\n- [x86] entry/64: Restore TRACE_IRQS_IRETQ in paranoid_exit (Scott Wood) [1561777]\n[3.10.0-940]\n- [net] sched: Fix missing res info when create new tc_index filter (Hangbin Liu) [1607687]\n- [net] sched: fix NULL pointer dereference when delete tcindex filter (Hangbin Liu) [1607687]\n- [net] dev: advertise the new ifindex when the netns iface changes (Michael Cambria) [1584287]\n- [net] dev: always advertise the new nsid when the netns iface changes (Michael Cambria) [1584287]\n- [net] Zero ifla_vf_info in rtnl_fill_vfinfo() (Hangbin Liu) [1614178]\n- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1619793]\n- [net] tc: ensure that offloading callback is called for MQPRIO qdisc (Ivan Vecera) [1618579]\n- [thunderbolt] move tb3 to full support status (Jarod Wilson) [1620372]\n- [kernel] x86/platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867]\n- [mm] memory_hotplug: remove timeout from __offline_memory (Baoquan He) [1601867]\n- [mm] memory_hotplug: do not fail offlining too early (Baoquan He) [1601867]\n- [x86] mm/memory_hotplug: determine block size based on the end of boot memory (Baoquan He) [1601867]\n- [x86] mm: Streamline and restore probe_memory_block_size() (Baoquan He) [1601867]\n- [x86] mm: Use 2GB memory block size on large-memory x86-64 systems (Baoquan He) [1601867]\n- [x86] mm: probe memory block size for generic x86 64bit (Baoquan He) [1601867]\n- [x86] revert platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867]\n[3.10.0-939]\n- [nvme] rdma: Fix command completion race at error recovery (David Milburn) [1610641]\n- [infiniband] revert vmw_pvrdma: Call ib_umem_release on destroy QP path (Don Dutile) [1618625]\n- [infiniband] iw_cxgb4: correctly enforce the max reg_mr depth (Arjun Vynipadath) [1613317]\n- [netdrv] net: aquantia: Fix IFF_ALLMULTI flag functionality (Igor Russkikh) [1608762]\n- [uio] fix possible circular locking dependency (Xiubo Li) [1613195]\n- [tools] power turbostat: Fix logical node enumeration to allow for non-sequential physical nodes (Prarit Bhargava) [1612902]\n- [tools] bpf selftest: Disable unsupported verifier tests (Jiri Olsa) [1615222]\n- [tools] bpf: fix panic due to oob in bpf_prog_test_run_skb (Jiri Olsa) [1615222]\n- [net] bpf: Align packet data properly in program testing framework (Jiri Olsa) [1615222]\n- [net] bpf: Do not dereference user pointer in bpf_test_finish() (Jiri Olsa) [1615222]\n- [tools] bpf: migrate ebpf ld_abs/ld_ind tests to test_verifier (Jiri Olsa) [1615222]\n- [tools] bpf: add verifier tests for accesses to map values (Jiri Olsa) [1615222]\n- [kernel] bpf: allow map helpers access to map values directly (Jiri Olsa) [1615222]\n- [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1613248]\n- [kernel] percpu_ref: Update doc to dissuade users from depending on internal RCU grace periods (Prarit Bhargava) [1603603]\n- [kernel] percpu: READ_ONCE() now implies smp_read_barrier_depends() (Prarit Bhargava) [1603603]\n- [kernel] locking/barriers: Add implicit smp_read_barrier_depends() to READ_ONCE() (Prarit Bhargava) [1603603]\n- [kernel] compiler, atomics, kasan: Provide READ_ONCE_NOCHECK() (Prarit Bhargava) [1603603]\n- [kernel] percpu-refcount: init ->confirm_switch member properly (Prarit Bhargava) [1603603]\n- [kernel] percpu, locking: revert ('percpu: Replace smp_read_barrier_depends() with lockless_dereference()') (Prarit Bhargava) [1603603]\n- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1614515]\n- [x86] intel_rdt: Enable CMT and MBM on new Skylake stepping (Jiri Olsa) [1517736]\n[3.10.0-938]\n- [netdrv] mlx5e: Properly check if hairpin is possible between two functions (Alaa Hleihel) [1611567]\n- [netdrv] bnx2x: Fix invalid memory access in rss hash config path (Jonathan Toppins) [1615290]\n- [netdrv] iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (Stanislaw Gruszka) [1616290]\n- [netdrv] ibmvnic: Update firmware error reporting with cause string (Steve Best) [1614652]\n- [netdrv] ibmvnic: Remove code to request error information (Steve Best) [1614652]\n- [scsi] fcoe: hold disc_mutex when traversing rport lists (Chris Leech) [1608481]\n- [scsi] libfc: hold disc_mutex in fc_disc_stop_rports() (Chris Leech) [1608481]\n- [scsi] libfc: fixup lockdep annotations (Chris Leech) [1608481]\n- [scsi] libfc: fixup 'sleeping function called from invalid context' (Chris Leech) [1608481]\n- [scsi] libfc: Add lockdep annotations (Chris Leech) [1608481]\n- [scsi] libiscsi: fix possible NULL pointer dereference in case of TMF (Chris Leech) [1613262]\n- [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1609890]\n- [scsi] hpsa: correct enclosure sas address (Joseph Szczypek) [1613021]\n- [scsi] lpfc: Remove lpfc_enable_pbde as module parameter (Dick Kennedy) [1613975]\n- [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1554777]\n- [scsi] lpfc: Fix driver crash when re-registering NVME rports (Dick Kennedy) [1613955]\n- [scsi] lpfc: Correct LCB ACCept payload (Dick Kennedy) [1613959]\n- [x86] boot/kaslr: Skip specified number of 1GB huge pages when doing physical randomization (KASLR) (Baoquan He) [1451428]\n- [x86] boot/kaslr: Add two new functions for 1GB huge pages handling (Baoquan He) [1451428]\n- [x86] platform/uv: Add kernel parameter to set memory block size (Frank Ramsay) [1595892]\n- [x86] platform/uv: Use new set memory block size function (Frank Ramsay) [1595892]\n- [x86] platform/uv: Add adjustable set memory block size function (Frank Ramsay) [1595892]\n[3.10.0-937]\n- [fs] dax: use __pagevec_lookup in dax_layout_busy_page (Eric Sandeen) [1505291]\n- [fs] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (Leif Sahlberg) [1598765]\n- [fs] libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (Ilya Dryomov) [1614858]\n- [fs] libceph: check authorizer reply/challenge length before reading (Ilya Dryomov) [1614858]\n- [fs] libceph: implement CEPHX_V2 calculation mode (Ilya Dryomov) [1614858]\n- [fs] libceph: add authorizer challenge (Ilya Dryomov) [1614858]\n- [fs] libceph: factor out encrypt_authorizer() (Ilya Dryomov) [1614858]\n- [fs] libceph: factor out __ceph_x_decrypt() (Ilya Dryomov) [1614858]\n- [fs] libceph: factor out __prepare_write_connect() (Ilya Dryomov) [1614858]\n- [fs] libceph: store ceph_auth_handshake pointer in ceph_connection (Ilya Dryomov) [1614858]\n- [fs] nfsv4.0: Remove transport protocol name from non-UCS client ID (Steve Dickson) [1592911]\n- [fs] nfsv4.0: Remove cl_ipaddr from non-UCS client ID (Steve Dickson) [1592911]\n- [fs] aio: properly check iovec sizes (Jeff Moyer) [1337518] {CVE-2015-8830}\n- [fs] cifs: fix up section mismatch (Jeff Moyer) [1609877]\n- [fs] skip LAYOUTRETURN if layout is invalid (Steve Dickson) [1589995]\n- [fs] gfs2: Special-case rindex for gfs2_grow (Andreas Grunbacher) [1608687]\n- [fs] ext4: Fix WARN_ON_ONCE in ext4_commit_super() (Lukas Czerner) [1596766]\n- [fs] cachefiles: Wait rather than BUG'ing on Unexpected object collision (David Howells) [1356390]\n- [fs] cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (David Howells) [1356390]\n- [fs] fscache: Fix reference overput in fscache_attach_object() error handling (David Howells) [1356390]\n- [fs] cachefiles: Fix refcounting bug in backing-file read monitoring (David Howells) [1356390]\n- [fs] fscache: Allow cancelled operations to be enqueued (David Howells) [1356390]\n- [fs] ext4: avoid running out of journal credits when appending to an inline file (Lukas Czerner) [1609759] {CVE-2018-10883}\n- [fs] jbd2: don't mark block as modified if the handle is out of credits (Lukas Czerner) [1609759] {CVE-2018-10883}\n- [fs] ext4: check for allocation block validity with block group locked (Lukas Czerner) [1597702]\n- [fs] ext4: fix check to prevent initializing reserved inodes (Lukas Czerner) [1597702]\n- [fs] ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Lukas Czerner) [1597702]\n- [fs] ext4: add more mount time checks of the superblock (Lukas Czerner) [1597702]\n- [fs] ext4: fix bitmap position validation (Lukas Czerner) [1597702]\n- [fs] ext4: add more inode number paranoia checks (Lukas Czerner) [1597702]\n- [fs] ext4: clear i_data in ext4_inode_info when removing inline data (Lukas Czerner) [1597702]\n- [fs] ext4: include the illegal physical block in the bad map ext4_error msg (Lukas Czerner) [1597702]\n- [fs] ext4: verify the depth of extent tree in ext4_find_extent() (Lukas Czerner) [1597702]\n- [fs] ext4: only look at the bg_flags field if it is valid (Lukas Czerner) [1597702]\n- [fs] ext4: don't update checksum of new initialized bitmaps (Lukas Czerner) [1597702]\n- [fs] ext4: add validity checks for bitmap block numbers (Lukas Czerner) [1597702]\n- [fs] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (Lukas Czerner) [1597702]\n- [fs] ext4: always check block group bounds in ext4_init_block_bitmap() (Lukas Czerner) [1597702]\n- [fs] ext4: always verify the magic number in xattr blocks (Lukas Czerner) [1597702]\n- [fs] ext4: add corruption check in ext4_xattr_set_entry() (Lukas Czerner) [1597702]\n- [net] netlink: make sure -EBUSY won't escape from netlink_insert (Davide Caratti) [1608701]\n- [net] netfilter: nf_conntrack: don't resize NULL or freed hashtable (Davide Caratti) [1601662]\n- [net] ethtool: Ensure new ring parameters are within bounds during SRINGPARAM (Ivan Vecera) [1608318]\n- [net] ipv6: make DAD fail with enhanced DAD when nonce length differs (Jarod Wilson) [1608002]\n- [net] ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses (Jarod Wilson) [1608002]\n- [net] ipv6: send unsolicited NA after DAD (Jarod Wilson) [1608002]\n- [net] ipv6: display hw address of source machine during ipv6 DAD failure (Jarod Wilson) [1608002]\n- [net] ipv6: send NS for DAD when link operationally up (Jarod Wilson) [1608002]\n- [net] ipv6: avoid dad-failures for addresses with NODAD (Jarod Wilson) [1608002]\n- [net] ipv6: send unsolicited NA if enabled for all interfaces (Jarod Wilson) [1608002]\n- [net] ipv6: send unsolicited NA on admin up (Jarod Wilson) [1608002]\n- [net] ipv6: addrconf: fix generation of new temporary addresses (Jarod Wilson) [1608002]\n- [net] ipv6: addrconf: Implemented enhanced DAD (RFC7527) (Jarod Wilson) [1608002]", "edition": 70, "modified": "2018-11-05T00:00:00", "published": "2018-11-05T00:00:00", "id": "ELSA-2018-3083", "href": "http://linux.oracle.com/errata/ELSA-2018-3083.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-5753", "CVE-2016-8650", "CVE-2017-5754", "CVE-2017-7895", "CVE-2016-7910", "CVE-2017-1000111", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2017-6001", "CVE-2017-18203", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-14106", "CVE-2017-9075", "CVE-2017-8824", "CVE-2017-13166", "CVE-2018-1130", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-1000112", "CVE-2017-5715", "CVE-2015-8830", "CVE-2012-6701", "CVE-2017-6214", "CVE-2017-1000364", "CVE-2017-7541", "CVE-2017-1000410", "CVE-2017-7308", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-15121", "CVE-2017-18017", "CVE-2018-5803", "CVE-2017-8890", "CVE-2017-12190", "CVE-2018-3639"], "description": "[2.6.32-754.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-754]\n- [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639}\n- [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360]\n- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639}\n- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494]\n- [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351]\n- [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148]\n- [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130}\n- [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130}\n[2.6.32-753]\n- [x86] vm86-32: Properly set up vm86-32 stack for task switching (Waiman Long) [1572865]\n- [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts (Waiman Long) [1571362]\n- [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman Long) [1571362]\n[2.6.32-752]\n- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1572487]\n- [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117]\n- [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357]\n- [net] security: export security_sk_clone (Marcelo Leitner) [1571357]\n[2.6.32-751]\n- [md] dm thin: fix regression that caused discards to be disabled if passdown was (Mike Snitzer) [1569377]\n- [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959]\n- [s390] correct nospec auto detection init order (Hendrik Brueckner) [1554959]\n- [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959]\n- [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959]\n- [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1554959]\n- [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1554959]\n- [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1554959]\n- [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1554959]\n- [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1554959]\n- [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1554959]\n- [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959]\n- [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1554959]\n- [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1554959]\n- [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1568241]\n- [net] sctp: verify size of a new chunk in _sctp_make_chunk() (Stefano Brivio) [1551908] {CVE-2018-5803}\n[2.6.32-750]\n- [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi) [1387473] {CVE-2017-15121}\n- [documentation] kdump: fix documentation about panic_on_warn to match r (Pingfan Liu) [1555196]\n- [fs] Provide sane values for nlink (Leif Sahlberg) [1554342]\n[2.6.32-749]\n- [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1561788]\n- [powerpc] Move default security feature flags (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1561788]\n- [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1561788]\n- [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788]\n- [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1561786]\n- [x86] pti/32: Dont use trampoline stack on Xen PV (Waiman Long) [1562725]\n- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1562725]\n- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725]\n- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1562725]\n- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1562725]\n- [x86] entry: Remove extra argument in call instruction (Waiman Long) [1562552]\n- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1557562 1562552]\n- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845]\n- [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1558845]\n- [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1558845]\n- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1558845]\n- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1558845]\n[2.6.32-748]\n- [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh Sharma) [1494380]\n- [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh Sharma) [1494380]\n- [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380]\n- [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma) [1494380]\n- [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380]\n- [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]\n- [s390] mmap: randomize mmap base for bottom up direction (Bhupesh Sharma) [1494380]\n- [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]\n- [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]\n- [fs] binfmt_elf: create Kconfig variable for PIE randomization (Bhupesh Sharma) [1494380]\n- [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate (Bhupesh Sharma) [1494380]\n- [fs] binfmt_elf: fix PIE execution with randomization disabled (Bhupesh Sharma) [1494380]\n- [acpi] acpica: Support calling _REG methods within ACPI interpreter (Lenny Szubowicz) [1522849]\n- [acpi] acpica: Function to test if ACPI interpreter already entered (Lenny Szubowicz) [1522849]\n- [acpi] acpica: Function to test if ACPI mutex held by this thread (Lenny Szubowicz) [1522849]\n[2.6.32-747]\n- [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S Peterson) [1559928]\n- [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S Peterson) [1559928]\n- [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil Horman) [1530378]\n- [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1559386]\n- [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1554631]\n- [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1554631]\n- [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1554630]\n- [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1554630]\n- [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630]\n[2.6.32-746]\n- [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike Snitzer) [1551999] {CVE-2017-18203}\n- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1557562]\n- [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1550599] {CVE-2017-5754}\n- [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony Camuso) [1484525]\n- [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525]\n- [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony Camuso) [1484525]\n- [ipmi] use smi_num for init_name (Tony Camuso) [1484525]\n- [ipmi] move platform device creation earlier in the initialization (Tony Camuso) [1484525]\n- [ipmi] clean up printks (Tony Camuso) [1484525]\n- [ipmi] cleanup error return (Tony Camuso) [1484525]\n- [md] raid0: apply base queue limits *before* disk_stack_limits (Xiao Ni) [1417294]\n- [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294]\n- [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni) [1417294]\n- [md] raid0: access mddev->queue (request queue member) conditionally because it is not set when accessed from dm-raid (Xiao Ni) [1417294]\n[2.6.32-745]\n- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1550599] {CVE-2017-5754}\n- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548432] {CVE-2017-13166}\n- [scsi] lpfc: Fix crash from memory alloc at interrupt level with GFP_KERNEL set (Dick Kennedy) [1540706]\n[2.6.32-744]\n- [dm] io: fix duplicate bio completion due to missing ref count (Mikulas Patocka) [1334224]\n- [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1399822]\n- [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822]\n- [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1399822]\n[2.6.32-743]\n- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548432] {CVE-2017-13166}\n- [kernel] cgroup: initialize xattr before calling d_instantiate() (Aristeu Rozanski) [1533523]\n- [fs] ext*: Dont clear SGID when inheriting ACLs (Andreas Grunbacher) [1473482]\n- [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076]\n- [fs] export __block_write_full_page (Robert S Peterson) [1331076]\n- [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei) [1462959]\n- [block] call blk_queue_enter() before allocating request (Ming Lei) [1462959]\n- [block] introduce blk_queue_enter() (Ming Lei) [1462959]\n- [mm] shmem: replace_page must flush_dcache and others (Waiman Long) [1412337]\n- [mm] shmem: replace page if mapping excludes its zone (Waiman Long) [1412337]\n- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Restore segments before int registers (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1550599] {CVE-2017-5754}\n[2.6.32-742]\n- [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero (Dave Anderson) [1405879]\n- [fs] proc: Resolve performance issues with multiple /proc/stat reads (Prarit Bhargava) [1544565]\n- [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900]\n- [fs] dcache: prevent multiple shrink_dcache_parent() on the same dentry (Miklos Szeredi) [1269288]\n- [fs] fifo: do not restart open() if it already found a partner (Miklos Szeredi) [1482983]\n- [audit] reinstate check for failed execve (Denys Vlasenko) [1488822]\n- [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri Olsa) [1427324]\n- [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980]\n- [lib] prevent BUG in kfree() due to memory exhaustion in __sg_alloc_table() (Larry Woodman) [1454453]\n- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1212959]\n- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1212959]\n- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1212959]\n- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1212959]\n- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1212959]\n- [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1495167]\n- [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1495167]\n- [fs] gfs2: Defer deleting inodes under memory pressure (Andreas Grunbacher) [1255872]\n- [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks asynchronously (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872]\n- [fs] add set_nlink() (Andreas Grunbacher) [1255872]\n- [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher) [1255872]\n- [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas Grunbacher) [1255872]\n- [fs] revert 'gfs2: Wait for iopen glock dequeues' (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Fixup to 'Clear gl_object if gfs2_create_inode fails' (Andreas Grunbacher) [1506281]\n- [scsi] dual scan thread bug fix (Ewan Milne) [1508512]\n- [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512]\n- [scsi] bnx2fc: Fix check in SCSI completion handler for timed out request (Chad Dupuis) [1538168]\n[2.6.32-741]\n- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543091] {CVE-2017-18017}\n- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543091] {CVE-2017-18017}\n- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543091] {CVE-2017-18017}\n- [net] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (Hangbin Liu) [1470559]\n- [net] sctp: use the right sk after waking up from wait_buf sleep (Hangbin Liu) [1470559]\n- [net] sctp: do not free asoc when it is already dead in sctp_sendmsg (Hangbin Liu) [1470559]\n- [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1535024]\n- [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1535024]\n- [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1535024]\n- [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1535024]\n- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1532167]\n- [net] revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (Jesper Brouer) [1508504]\n- [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [1542773]\n- [scsi] hpsa: update driver version (Joseph Szczypek) [1541517]\n- [scsi] hpsa: correct resets on retried commands (Joseph Szczypek) [1541517]\n- [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517]\n[2.6.32-740]\n- [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1535645]\n- [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1535645]\n- [x86] retpoline: Dont use kernel indirect thunks in vsyscalls (Waiman Long) [1535645]\n- [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1535645]\n- [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645]\n- [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1535645]\n- [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1535645]\n- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1535645]\n- [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645]\n- [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1535645]\n- [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645]\n- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1535645]\n- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1535645]\n- [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1535645]\n- [x86] Use IBRS for firmware update path (Waiman Long) [1535645]\n- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1535645]\n- [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1535645]\n- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645]\n- [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645]\n- [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1535645]\n- [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1535645]\n- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645]\n- [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645]\n- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1535645]\n- [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645]\n- [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1535645]\n- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1535645]\n- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1535645]\n- [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645]\n- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1535645]\n- [x86] mce: Make machine check speculation protected (Waiman Long) [1535645]\n- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1535645]\n- [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1535645]\n- [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1535645]\n- [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1535645]\n- [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1535645]\n- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1535645]\n- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1535645]\n- [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645]\n- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1535645]\n- [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645]\n- [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645]\n- [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1535645]\n- [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645]\n- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1535645]\n- [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1535645]\n- [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645]\n- [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1535645]\n- [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm (Waiman Long) [1535645]\n- [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1535645]\n- [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1535645]\n- [x86] alternatives: Document macros (Waiman Long) [1535645]\n- [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1535645]\n- [x86] alternatives: Add instruction padding (Waiman Long) [1535645]\n- [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman Long) [1535645]\n- [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645]\n- [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1535645]\n- [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645]\n[2.6.32-739]\n- [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543]\n- [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1538543]\n- [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542]\n- [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1538542]\n- [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1538542]\n- [s390] add ppa to system call and program check path (Hendrik Brueckner) [1538542]\n- [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542]\n- [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542]\n[2.6.32-738]\n- [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] Revert 'entry: Use retpoline for syscalls indirect calls' (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has been restored (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] Revert 'mm/kaiser: Disable global pages by default with KAISER' (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Use retpoline for syscalls indirect calls (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] x86: clear registers on VM exit (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796] {CVE-2017-5715}\n- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Dont switch to trampoline stack in paranoid_exit (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519802] {CVE-2017-5754}\n- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753}\n- [fs] udf: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [netdrv] p54: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519789] {CVE-2017-5753}\n- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] Add another set of MSR accessor functions (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] Separate out entry text section (Waiman Long) [1519802] {CVE-2017-5754}\n- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519802] {CVE-2017-5754}\n- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519802] {CVE-2017-5754}\n- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519802] {CVE-2017-5754}\n[2.6.32-737]\n- [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592]\n- [fs] gfs2: Special case the rindex in gfs2_write_alloc_required() (Andrew Price) [1384184]\n- [scsi] scsi_dh_alua: fix race condition that causes multipath to hang (Mike Snitzer) [1500192]\n- [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang) [1281754]\n- [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594]\n- [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594]\n[2.6.32-736]\n- [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben Skeggs) [1468825]\n- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626] {CVE-2017-1000410}\n- [scsi] storvsc: do not assume SG list is continuous when doing bounce buffers (for 4.1 and prior) (Cathy Avery) [1533175]\n[2.6.32-735]\n- [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: remove redundant test on len (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1538340]\n[2.6.32-734]\n- [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1518669]\n- [hv] vss: Operation timeouts should match host expectation (Mohammed Gamal) [1511431]\n- [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431]\n- [hv] utils: Check VSS daemon is listening before a hot backup (Mohammed Gamal) [1511431]\n- [hv] utils: Continue to poll VSS channel after handling requests (Mohammed Gamal) [1511431]\n- [md] dm: clear all discard attributes in queue_limits when discards are disabled (Mike Snitzer) [1433297]\n- [md] dm: discard support requires all targets in a table support discards (Mike Snitzer) [1433297]\n- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817] {CVE-2017-8824}\n- [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139]\n- [net] sctp: fix src address selection if using secondary addresses for ipv6 (Xin Long) [1445919]\n- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1470559]\n- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559]\n- [net] tcp: fix race during timewait sk creation (Florian Westphal) [1205025]\n[2.6.32-733]\n- [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1532786]\n- [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca) [1459263]\n- [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1520860]\n- [s390] fix transactional execution control register handling (Hendrik Brueckner) [1520862]\n- [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1408108]\n[2.6.32-732]\n- [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [988988]\n- [mm] dont return 0 too early from find_get_pages() (Ian Kent) [988988]\n- [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1503322]\n- [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105]\n- [fs] gfs2: Withdraw for IO errors writing to the journal or statfs (Robert S Peterson) [1505956]\n- [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Ken Cox) [1523856]\n[2.6.32-731]\n- [kernel] fix __wait_on_atomic_t() to call the action func if the counter != 0 (David Howells) [1418631]\n- [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631]\n- [fs] fscache: clear outstanding writes when disabling a cookie (David Howells) [1418631]\n- [fs] fscache: initialise stores_lock in netfs cookie (David Howells) [1418631]\n- [fs] cachefiles: fix attempt to read i_blocks after deleting file (David Howells) [1418631]\n- [fs] cachefiles: fix race between inactivating and culling a cache object (David Howells) [1418631]\n- [fs] fscache: make check_consistency callback return int (David Howells) [1418631]\n- [fs] fscache: wake write waiter after invalidating writes (David Howells) [1418631]\n- [fs] cachefiles: provide read-and-reset release counters for cachefilesd (David Howells) [1418631]\n- [s390] disassembler: increase show_code buffer size (Hendrik Brueckner) [1516654]\n- [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski) [1424630]\n- [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting success (Scott Mayhew) [1205448]\n- [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif Sahlberg) [1494999]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447168]\n[2.6.32-730]\n- [scsi] avoid a permanent stop of the scsi devices request queue (Ewan Milne) [1513455]\n- [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590] {CVE-2017-12190}\n- [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming Lei) [1503590] {CVE-2017-12190}\n[2.6.32-729]\n- [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1504260]\n[2.6.32-728]\n- [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do lru_add_drain_all (Waiman Long) [1463754]\n- [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun Vynipadath) [1446952]\n- [netdrv] chelsio : Fixes the issue seen on initiator while stopping the target (Sai Vemuri) [1442097]\n- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991]\n- [netdrv] cxgb4vf: dont offload Rx checksums for IPv6 fragments (Davide Caratti) [1427036]\n- [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu Madhani) [1408549]\n[2.6.32-727]\n- [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1492220]\n- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1492220]\n[2.6.32-726]\n- [s390] qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1467962]\n[2.6.32-725]\n- [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1497000]\n- [ipmi] create hardware-independent softdep for ipmi_devintf (Tony Camuso) [1457915]\n[2.6.32-724]\n- [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1435787]\n- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1435787]\n- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1435787]\n- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787]\n- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1435787]\n- [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1435787]\n[2.6.32-723]\n- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n- [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n[2.6.32-722]\n- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152]\n- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476124] {CVE-2017-11176}\n[2.6.32-721]\n- [char] ipmi: use rcu lock around call to intf->handlers->sender() (Tony Camuso) [1466034]\n- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481943] {CVE-2017-1000111}\n- [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1484946] {CVE-2017-7308}\n- [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1484946] {CVE-2017-7308}\n- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492961] {CVE-2017-1000253}\n- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492961] {CVE-2017-1000253}\n[2.6.32-720]\n- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488340] {CVE-2017-14106}\n- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488340] {CVE-2017-14106}\n- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477006] {CVE-2017-7542}\n- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477006] {CVE-2017-7542}\n- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481529] {CVE-2017-1000112}\n- [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112}\n- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112}\n[2.6.32-719]\n- [fs] nfs: dont disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1459636]\n- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490062] {CVE-2017-1000251}\n[2.6.32-718]\n- [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1477288]\n- [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1477288]\n[2.6.32-717]\n- [video] efifb: allow user to disable write combined mapping (Dave Airlie) [1465097]\n[2.6.32-716]\n- [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1441773]\n- [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541}\n- [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1441169]\n[2.6.32-715]\n- [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1466530]\n[2.6.32-714]\n- [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1464541]\n- [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1464541]\n- [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1464541]\n- [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1464541]\n[2.6.32-713]\n- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n[2.6.32-712]\n- [mm] backport upstream large stack guard patch to RHEL6 (Larry Woodman) [1464237 1452730] {CVE-2017-1000364}\n- [mm] revert 'enlarge stack guard gap' (Larry Woodman) [1452730] {CVE-2017-1000364}\n- [mm] revert 'allow JVM to implement its own stack guard pages' (Larry Woodman) [1464237]\n[2.6.32-711]\n- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1459978]\n- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1452358]\n[2.6.32-710]\n- [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1464237]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364}\n[2.6.32-709]\n- [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add support for firmware updates for additional processors (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add support for updating flash more securely (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Request firmware reset after successful firwmare update (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add installed-package firmware version reporting via Ethtool GDRVINFO (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Reset embedded processor after applying firmware upgrade (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via Ethtool FLASHDEV (Jonathan Toppins) [1439450]\n- [net] sctp: do not inherit ipv6_(mc|ac|fl)_list from parent (Florian Westphal) [1455612] {CVE-2017-9075}\n- [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077}\n- [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal) [1455612] {CVE-2017-8890}\n- [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket (Florian Westphal) [1455612]\n[2.6.32-708]\n- [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave Wysochanski) [1458421]\n- [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno E. O. Meneguele) [1443539] {CVE-2017-7616}\n- [s390] zfcp: fix use-after-'free' in FC ingress path after TMF (Hendrik Brueckner) [1421762]\n- [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305]\n- [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don Dutile) [1417305]\n- [block] make blk_cleanup_queue() wait until request_fn finished (Don Dutile) [1417305]\n[2.6.32-707]\n- [kernel] audit: acquire creds selectively to reduce atomic op overhead (Paul Moore) [1454847]\n- [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326]\n- [s390] zfcp: do not trace pure benign residual HBA responses at default level (Hendrik Brueckner) [1421760]\n- [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1421761]\n[2.6.32-706]\n- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030]\n- [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio Lombardi) [1393672]\n[2.6.32-705]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1446755] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1446755] {CVE-2017-7895}\n- [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] remove confusing comment and move put_ctx() (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] restructure perf syscall point of no return (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440]\n[2.6.32-704]\n- [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1448170]\n- [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1441909]\n[2.6.32-703]\n- [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [869942]\n- [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942]\n[2.6.32-702]\n- [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1440361]\n- [net] ping: implement proper locking (Jakub Sitnicki) [1438999] {CVE-2017-2671}\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430578] {CVE-2017-6214}\n- [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes Frederic Sowa) [1412331]\n[2.6.32-701]\n- [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1146727]\n- [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1434560]\n[2.6.32-700]\n- [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1431508]\n- [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1436527]\n- [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398456] {CVE-2016-8650}\n- [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517] {CVE-2015-8830}\n- [fs] vfs: make AIO use the proper rw_verify_area() area helpers (Mateusz Guzik) [1337535] {CVE-2012-6701}\n[2.6.32-699]\n- [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1429881]\n- [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1429881]\n[2.6.32-698]\n- [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762]\n- [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762]\n- [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1250762]\n- [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1250762]\n[2.6.32-697]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418549] {CVE-2016-7910}\n- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1425749]\n- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1360930]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429918] {CVE-2017-2636}", "edition": 71, "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "ELSA-2018-1854", "href": "http://linux.oracle.com/errata/ELSA-2018-1854.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-05-25T00:20:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2018-1000199", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2017-18257", "CVE-2018-7492", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-5803", "CVE-2018-3639"], "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature\n in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).\n\n A new boot commandline option was introduced,\n "spec_store_bypass_disable", which can have following values:\n\n - auto: Kernel detects whether your CPU model contains an implementation\n of Speculative Store Bypass and picks the most appropriate mitigation.\n - on: disable Speculative Store Bypass\n - off: enable Speculative Store Bypass\n - prctl: Control Speculative Store Bypass per thread via prctl.\n Speculative Store Bypass is enabled for a process by default. The\n state of the control is inherited on fork.\n - seccomp: Same as "prctl" above, but all seccomp threads will disable\n SSB unless they explicitly opt out.\n\n The default is "seccomp", meaning programs need explicit opt-in into the\n mitigation.\n\n Status can be queried via the\n /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:\n\n - "Vulnerable"\n - "Mitigation: Speculative Store Bypass disabled"\n - "Mitigation: Speculative Store Bypass disabled via prctl"\n - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"\n\n - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed\n local users to cause a denial of service (integer overflow and loop) via\n crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP\n ioctl. (bnc#1088241)\n - CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference\n in dccp_write_xmit() function in net/dccp/output.c in that allowed a\n local user to cause a denial of service by a number of certain crafted\n system calls (bnc#1092904).\n - CVE-2018-5803: An error in the _sctp_make_chunk() function when handling\n SCTP, packet length could have been exploited by a malicious local user\n to cause a kernel crash and a DoS. (bnc#1083900).\n - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule\n blob that contains a jump but lacks a user-defined chain, which allowed\n local users to cause a denial of service (NULL pointer dereference) by\n leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to\n arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in\n net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in\n net/ipv6/netfilter/ip6_tables.c (bnc#1083650).\n - CVE-2018-7492: A NULL pointer dereference was found in the\n net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to\n cause a system panic and a denial-of-service, related to RDS_GET_MR and\n RDS_GET_MR_FOR_DEST (bnc#1082962).\n - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c\n had an integer-overflow vulnerability allowing local users with access\n to the udldrmfb driver to obtain full read and write permissions on\n kernel physical pages, resulting in a code execution in kernel space\n (bnc#1090643).\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c\n might have allowed local users to cause a denial of service via an\n INT_MIN argument (bnc#1089752).\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have\n allowed local users to cause a denial of service by triggering an\n attempted use of the -INT_MIN value (bnc#1089608).\n - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel\n function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious\n NCPFS servers to crash the kernel or execute code (bnc#1086162).\n - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could\n lead to memory corruption, possibly a denial of service or privilege\n escalation (bsc#1089895).\n\n The following non-security bugs were fixed:\n\n - acpica: Disassembler: Abort on an invalid/unknown AML opcode\n (bnc#1012382).\n - acpica: Events: Add runtime stub support for event APIs (bnc#1012382).\n - acpi / hotplug / PCI: Check presence of slot itself in get_slot_status()\n (bnc#1012382).\n - acpi, PCI, irq: remove redundant check for null string pointer\n (bnc#1012382).\n - acpi / scan: Send change uevent with offine environmental data\n (bsc#1082485).\n - acpi / video: Add quirk to force acpi-video backlight on Samsung 670Z5E\n (bnc#1012382).\n - alsa: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).\n - alsa: aloop: Mark paused device as inactive (bnc#1012382).\n - alsa: asihpi: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: control: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382).\n - alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).\n - alsa: hda: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: hda - New VIA controller suppor no-snoop path (bnc#1012382).\n - alsa: hda/realtek - Add some fixes for ALC233 (bnc#1012382).\n - alsa: hdspm: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: line6: Use correct endpoint type for midi output (bnc#1012382).\n - alsa: opl3: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382).\n - alsa: pcm: Avoid potential races between OSS ioctls and read/write\n (bnc#1012382).\n - alsa: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).\n - alsa: pcm: Fix endless loop for XRUN recovery in OSS emulation\n (bnc#1012382).\n - alsa: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382).\n - alsa: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382).\n - alsa: pcm: potential uninitialized return values (bnc#1012382).\n - alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams\n (bnc#1012382).\n - alsa: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()\n (bnc#1012382).\n - alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation\n (bnc#1012382).\n - alsa: rawmidi: Fix missing input substream checks in compat ioctls\n (bnc#1012382).\n - alsa: rme9652: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()\n (bnc#1012382).\n - alsa: seq: oss: Fix unbalanced use lock for synth MIDI device\n (bnc#1012382).\n - alsa: seq: oss: Hardening for potential Spectre v1 (bnc#1012382).\n - alsa: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).\n - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support\n (bsc#1068032).\n - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382).\n - arm64: capabilities: Handle duplicate entries for a capability\n (bsc#1068032).\n - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early\n (bsc#1068032).\n - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313).\n - arm64: fix smccc compilation (bsc#1068032).\n - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage\n (bnc#1012382).\n - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032).\n - arm64: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032).\n - arm64: kvm: Increment PC after handling an SMC trap (bsc#1068032).\n - arm64: kvm: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support\n (bsc#1068032).\n - arm64: mm: fix thinko in non-global page table attribute check\n (bsc#1088050).\n - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032).\n - arm: amba: Do not read past the end of sysfs "driver_override" buffer\n (bnc#1012382).\n - arm: amba: Fix race condition with driver_override (bnc#1012382).\n - arm: amba: Make driver_override output consistent with other buses\n (bnc#1012382).\n - arm/arm64: kvm: Add PSCI_VERSION helper (bsc#1068032).\n - arm/arm64: kvm: Add smccc accessors to PSCI code (bsc#1068032).\n - arm/arm64: kvm: Advertise SMCCC v1.1 (bsc#1068032).\n - arm/arm64: kvm: Consolidate the PSCI include files (bsc#1068032).\n - arm/arm64: kvm: Implement PSCI 1.0 support (bsc#1068032).\n - arm/arm64: kvm: Turn kvm_psci_version into a static inline (bsc#1068032).\n - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032).\n - arm/arm64: smccc: Make function identifiers an unsigned quantity\n (bsc#1068032).\n - arm: davinci: da8xx: Create DSP device only when assigned memory\n (bnc#1012382).\n - arm: dts: am57xx-beagle-x15-common: Add overide powerhold property\n (bnc#1012382).\n - arm: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382).\n - arm: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382).\n - arm: dts: dra7: Add power hold and power controller properties to palmas\n (bnc#1012382).\n - arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382).\n - arm: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382).\n - arm: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc\n node (bnc#1012382).\n - arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382).\n - arp: fix arp_filter on l3slave devices (bnc#1012382).\n - arp: honour gratuitous ARP _replies_ (bnc#1012382).\n - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio\n (bnc#1012382).\n - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382).\n - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).\n - ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382).\n - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()\n (bnc#1012382).\n - ata: libahci: properly propagate return value of platform_get_irq()\n (bnc#1012382).\n - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode\n (bnc#1012382).\n - ath10k: rebuild crypto header in rx data frames (bnc#1012382).\n - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382).\n - ath9k_hw: check if the chip failed to wake up (bnc#1012382).\n - atm: zatm: Fix potential Spectre v1 (bnc#1012382).\n - audit: add tty field to LOGIN event (bnc#1012382).\n - autofs: mount point create should honour passed in mode (bnc#1012382).\n - bcache: segregate flash only volume write streams (bnc#1012382).\n - bcache: stop writeback thread after detaching (bnc#1012382).\n - bdi: Fix oops in wb_workfn() (bnc#1012382).\n - blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718)\n - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init()\n (bsc#1085058).\n - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382).\n - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058).\n - block/loop: fix deadlock after loop_set_status (bnc#1012382).\n - block: sanity check for integrity intervals (bsc#1091728).\n - bluetooth: Fix missing encryption refresh on Security Request\n (bnc#1012382).\n - bluetooth: Send HCI Set Event Mask Page 2 command only when needed\n (bnc#1012382).\n - bna: Avoid reading past end of buffer (bnc#1012382).\n - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382).\n - bonding: do not set slave_dev npinfo before slave_enable_netpoll in\n bond_enslave (bnc#1012382).\n - bonding: Do not update slave->link until ready to commit (bnc#1012382).\n - bonding: fix the err path for dev hwaddr sync in bond_enslave\n (bnc#1012382).\n - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave\n (bnc#1012382).\n - bonding: process the err returned by dev_set_allmulti properly in\n bond_enslave (bnc#1012382).\n - bpf: map_get_next_key to return first key on NULL (bnc#1012382).\n - btrfs: fix incorrect error return ret being passed to mapping_set_error\n (bnc#1012382).\n - btrfs: Fix wrong first_key parameter in replace_path (Followup fix for\n bsc#1084721).\n - btrfs: Only check first key for committed tree blocks (bsc#1084721).\n - btrfs: Validate child tree block's level and first key (bsc#1084721).\n - bus: brcmstb_gisb: correct support for 64-bit address output\n (bnc#1012382).\n - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382).\n - can: kvaser_usb: Increase correct stats counter in\n kvaser_usb_rx_can_msg() (bnc#1012382).\n - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN\n (bnc#1012382).\n - cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382).\n - ceph: adding protection for showing cap reservation info (bsc#1089115).\n - ceph: always update atime/mtime/ctime for new inode (bsc#1089115).\n - ceph: check if mds create snaprealm when setting quota (fate#324665\n bsc#1089115).\n - ceph: do not check quota for snap inode (fate#324665 bsc#1089115).\n - ceph: fix invalid point dereference for error case in mdsc destroy\n (bsc#1089115).\n - ceph: fix root quota realm check (fate#324665 bsc#1089115).\n - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115).\n - ceph: quota: add counter for snaprealms with quota (fate#324665\n bsc#1089115).\n - ceph: quota: add initial infrastructure to support cephfs quotas\n (fate#324665 bsc#1089115).\n - ceph: quota: cache inode pointer in ceph_snap_realm (fate#324665\n bsc#1089115).\n - ceph: quota: do not allow cross-quota renames (fate#324665 bsc#1089115).\n - ceph: quota: report root dir quota usage in statfs (fate#324665\n bsc#1089115).\n - ceph: quota: support for ceph.quota.max_bytes (fate#324665 bsc#1089115).\n - ceph: quota: support for ceph.quota.max_files (fate#324665 bsc#1089115).\n - ceph: quota: update MDS when max_bytes is approaching (fate#324665\n bsc#1089115).\n - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382).\n - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684).\n - cifs: do not allow creating sockets except with SMB1 posix exensions\n (bnc#1012382).\n - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734).\n - cifs: silence lockdep splat in cifs_relock_file() (bnc#1012382).\n - cifs: Use file_dentry() (bsc#1093008).\n - clk: bcm2835: De-assert/assert PLL reset signal when appropriate\n (bnc#1012382).\n - clk: Fix __set_clk_rates error print-string (bnc#1012382).\n - clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382).\n - clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382).\n - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382).\n - clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace\n is enabled (bsc#1090225).\n - cpumask: Add helper cpumask_available() (bnc#1012382).\n - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).\n - crypto: ahash - Fix early termination in hash walk (bnc#1012382).\n - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short\n one (bnc#1012382).\n - cx25840: fix unchecked return values (bnc#1012382).\n - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).\n - cxgb4: Fix queue free path of ULD drivers (bsc#1022743 FATE#322540).\n - cxgb4: FW upgrade fixes (bnc#1012382).\n - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages\n (bnc#1012382).\n - dccp: initialize ireq->ir_mark (bnc#1012382).\n - dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382).\n - dmaengine: imx-sdma: Handle return value of clk_prepare_enable\n (bnc#1012382).\n - dm ioctl: remove double parentheses (bnc#1012382).\n - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override\n property definition (bnc#1012382).\n - Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382).\n - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (FATE#321732).\n - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4\n (bnc#1024296,FATE#321265).\n - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow\n tests (bnc#1012382).\n - drm/omap: fix tiled buffer stride calculations (bnc#1012382).\n - drm/radeon: Fix PCIe lane width calculation (bnc#1012382).\n - drm/virtio: fix vq wait_event condition (bnc#1012382).\n - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).\n - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382).\n - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382).\n - EDAC, mv64x60: Fix an error handling path (bnc#1012382).\n - Enable uinput driver (bsc#1092566).\n - esp: Fix memleaks on error paths (git-fixes).\n - ext4: add validity checks for bitmap block numbers (bnc#1012382).\n - ext4: bugfix for mmaped pages in mpage_release_unused_pages()\n (bnc#1012382).\n - ext4: do not allow r/w mounts if metadata blocks overlap the superblock\n (bnc#1012382).\n - ext4: do not update checksum of new initialized bitmaps (bnc#1012382).\n - ext4: fail ext4_iget for root directory if unallocated (bnc#1012382).\n - ext4: fix bitmap position validation (bnc#1012382).\n - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()\n (bnc#1012382).\n - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).\n - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()\n (bnc#1012382).\n - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382).\n - ext4: set h_journal if there is a failure starting a reserved handle\n (bnc#1012382).\n - fanotify: fix logic of events on child (bnc#1012382).\n - firmware/psci: Expose PSCI conduit (bsc#1068032).\n - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032).\n - fix race in drivers/char/random.c:get_reg() (bnc#1012382).\n - frv: declare jiffies to be located in the .data section (bnc#1012382).\n - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382).\n - fs/proc: Stop trying to report thread stacks (bnc#1012382).\n - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382).\n - genirq: Use cpumask_available() for check of cpumask variable\n (bnc#1012382).\n - getname_kernel() needs to make sure that ->name != ->iname in long case\n (bnc#1012382).\n - gpio: label descriptors using the device name (bnc#1012382).\n - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).\n - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382).\n - HID: core: Fix size as type u32 (bnc#1012382).\n - HID: Fix hid_report_len usage (bnc#1012382).\n - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device\n (bnc#1012382).\n - HID: i2c-hid: fix size check and type usage (bnc#1012382).\n - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes).\n - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382).\n - hypfs_kill_super(): deal with failed allocations (bnc#1012382).\n - i40iw: Free IEQ resources (bsc#969476 FATE#319648 bsc#969477\n FATE#319816).\n - IB/core: Fix possible crash to access NULL netdev (bsc#966191\n FATE#320230 bsc#966186 FATE#320228).\n - IB/core: Generate GID change event regardless of RoCE GID table property\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 FATE#320230\n bsc#966186 FATE#320228).\n - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - IB/mlx5: Set the default active rate and width to QDR and 4X\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - IB/mlx5: Use unlimited rate when static rate is not supported\n (bnc#1012382).\n - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).\n - ibmvnic: Clear pending interrupt after device reset (bsc#1089644).\n - ibmvnic: Define vnic_login_client_data name field as unsized array\n (bsc#1089198).\n - ibmvnic: Disable irqs before exiting reset from closed state\n (bsc#1084610).\n - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).\n - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600).\n - ibmvnic: Fix DMA mapping mistakes (bsc#1088600).\n - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600).\n - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).\n - ibmvnic: Fix reset scheduler error handling (bsc#1088600).\n - ibmvnic: Fix statistics buffers memory leak (bsc#1093990).\n - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).\n - ibmvnic: Handle all login error conditions (bsc#1089198).\n - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600).\n - ib/srp: Fix completion vector assignment algorithm (bnc#1012382).\n - ib/srp: Fix srp_abort() (bnc#1012382).\n - ib/srpt: Fix abort handling (bnc#1012382).\n - ib/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()\n (bnc#1024296,FATE#321265).\n - iio: hi8435: avoid garbage event at first enable (bnc#1012382).\n - iio: hi8435: cleanup reset gpio (bnc#1012382).\n - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382).\n - input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes).\n - input: ALPS - fix trackstick button handling on V8 devices (git-fixes).\n - input: ALPS - fix TrackStick support for SS5 hardware (git-fixes).\n - input: ALPS - fix two-finger scroll breakage in right side on ALPS\n touchpad (git-fixes).\n - input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook\n Pro (bnc#1012382).\n - input: drv260x - fix initializing overdrive voltage (bnc#1012382).\n - input: elan_i2c - check if device is there before really probing\n (bnc#1012382).\n - input: elan_i2c - clear INT before resetting controller (bnc#1012382).\n - input: elantech - force relative mode on a certain module (bnc#1012382).\n - input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list\n (bnc#1012382).\n - input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad\n (bnc#1012382).\n - input: leds - fix out of bound access (bnc#1012382).\n - input: mousedev - fix implicit conversion warning (bnc#1012382).\n - iommu/vt-d: Fix a potential memory leak (bnc#1012382).\n - ip6_gre: better validate user provided tunnel names (bnc#1012382).\n - ip6_tunnel: better validate user provided tunnel names (bnc#1012382).\n - ipc/shm: fix use-after-free of shm file via remap_file_pages()\n (bnc#1012382).\n - ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062,\n bsc#1060799).\n - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871).\n - ipsec: check return value of skb_to_sgvec always (bnc#1012382).\n - ip_tunnel: better validate user provided tunnel names (bnc#1012382).\n - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382).\n - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382).\n - ipv6: sit: better validate user provided tunnel names (bnc#1012382).\n - ipv6: the entire IPv6 header chain must fit the first fragment\n (bnc#1012382).\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).\n - iw_cxgb4: print mapped ports correctly (bsc#321658 FATE#1005778\n bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - jbd2: fix use after free in kjournald2() (bnc#1012382).\n - jbd2: if the journal is aborted then do not allow update of the log tail\n (bnc#1012382).\n - jffs2_kill_sb(): deal with failed allocations (bnc#1012382).\n - jiffies.h: declare jiffies and jiffies_64 with\n ____cacheline_aligned_in_smp (bnc#1012382).\n - kABI: add tty include to audit.c (kabi).\n - kABI: protect hid report functions (kabi).\n - kABI: protect jiffies types (kabi).\n - kABI: protect skb_to_sgvec* (kabi).\n - kABI: protect sound/timer.h include in sound pcm.c (kabi).\n - kABI: protect struct ath10k_hw_params (kabi).\n - kABI: protect struct cstate (kabi).\n - kABI: protect struct _lowcore (kabi).\n - kABI: protect tty include in audit.h (kabi).\n - kabi/severities: Ignore kgr_shadow_* kABI changes\n - kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).\n - kexec_file: do not add extra alignment to efi memmap (bsc#1044596).\n - keys: DNS: limit the length of option strings (bnc#1012382).\n - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread\n (bsc#1094033, fate#313296).\n - kGraft: fix small race in reversion code (bsc#1083125).\n - kobject: do not use WARN for registration failures (bnc#1012382).\n - kvm: Fix nopvspin static branch init usage (bsc#1056427).\n - kvm: Introduce nopvspin kernel parameter (bsc#1056427).\n - kvm: nVMX: Fix handling of lmsw instruction (bnc#1012382).\n - kvm: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382).\n - kvm: s390: Enable all facility bits that are known good for passthrough\n (FATE#324071 LTC#158956 bnc#1012382 bsc#1073059 bsc#1076805).\n - kvm: SVM: do not zero out segment attributes if segment is unusable or\n not present (bnc#1012382).\n - l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382).\n - l2tp: fix missing print session offset info (bnc#1012382).\n - lan78xx: Correctly indicate invalid OTP (bnc#1012382).\n - leds: pca955x: Correct I2C Functionality (bnc#1012382).\n - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).\n - libceph, ceph: change permission for readonly debugfs entries\n (bsc#1089115).\n - libceph: fix misjudgement of maximum monitor number (bsc#1089115).\n - libceph: reschedule a tick in finish_hunting() (bsc#1089115).\n - libceph: un-backoff on tick when we have a authenticated session\n (bsc#1089115).\n - libceph: validate con->state at the top of try_write() (bsc#1089115).\n - livepatch: Allow to call a custom callback when freeing shadow variables\n (bsc#1082299 fate#313296).\n - livepatch: Initialize shadow variables safely by a custom callback\n (bsc#1082299 fate#313296).\n - llc: delete timers synchronously in llc_sk_free() (bnc#1012382).\n - llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382).\n - llc: hold llc_sap before release_sock() (bnc#1012382).\n - llist: clang: introduce member_address_is_nonnull() (bnc#1012382).\n - lockd: fix lockd shutdown race (bnc#1012382).\n - lockd: lost rollback of set_grace_period() in lockd_down_net()\n (git-fixes).\n - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).\n - mac80211: allow not sending MIC up from driver for HW crypto\n (bnc#1012382).\n - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).\n - mac80211: bail out from prep_connection() if a reconfig is ongoing\n (bnc#1012382).\n - mceusb: sporadic RX truncation corruption fix (bnc#1012382).\n - md: document lifetime of internal rdev pointer (bsc#1056415).\n - md: fix two problems with setting the "re-add" device state\n (bsc#1089023).\n - md: only allow remove_and_add_spares when no sync_thread running\n (bsc#1056415).\n - md raid10: fix NULL deference in handle_write_completed() (git-fixes).\n - md/raid10: reset the 'first' at the end of loop (bnc#1012382).\n - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382).\n - media: videobuf2-core: do not go out of the buffer range (bnc#1012382).\n - mei: remove dev_err message on an unsupported ioctl (bnc#1012382).\n - mISDN: Fix a sleep-in-atomic bug (bnc#1012382).\n - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382).\n - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit\n systems (bsc#1088267).\n - mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382).\n - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382).\n - mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382).\n - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block\n (bnc#1012382).\n - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382).\n - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block\n (bnc#1012382).\n - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382).\n - neighbour: update neigh timestamps iff update is effective (bnc#1012382).\n - net: af_packet: fix race in PACKET_{R|T}X_RING (bnc#1012382).\n - net: atm: Fix potential Spectre v1 (bnc#1012382).\n - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized\n ndata" (bnc#1012382).\n - net: cdc_ncm: Fix TX zero padding (bnc#1012382).\n - net: emac: fix reset timeout with AR8035 phy (bnc#1012382).\n - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow\n control (bnc#1012382).\n - netfilter: bridge: ebt_among: add more missing match size checks\n (bnc#1012382).\n - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize\n (bnc#1012382).\n - netfilter: ctnetlink: Make some parameters integer to avoid enum\n mismatch (bnc#1012382).\n - netfilter: nf_nat_h323: fix logical-not-parentheses warning\n (bnc#1012382).\n - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382).\n - net: fix deadlock while clearing neighbor proxy table (bnc#1012382).\n - net: fix possible out-of-bound read in skb_network_protocol()\n (bnc#1012382).\n - net: fix rtnh_ok() (bnc#1012382).\n - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).\n - net: fool proof dev_valid_name() (bnc#1012382).\n - net: freescale: fix potential null pointer dereference (bnc#1012382).\n - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511).\n - net: hns: Fix ethtool private flags (bsc#1085511).\n - net: ieee802154: fix net_device reference release too early\n (bnc#1012382).\n - net: initialize skb->peeked when cloning (bnc#1012382).\n - net/ipv6: Fix route leaking between VRFs (bnc#1012382).\n - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382).\n - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).\n - netlink: make sure nladdr has correct size in netlink_connect()\n (bnc#1012382).\n - net: llc: add lock_sock in llc_ui_bind to avoid a race condition\n (bnc#1012382).\n - net/mlx4: Check if Granular QoS per VF has been enabled before updating\n QP qos_vport (bnc#1012382).\n - net/mlx4_core: Fix memory leak while delete slave's resources\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382).\n - net/mlx4_en: Fix mixed PFC and Global pause user control requests\n (bsc#1015336 FATE#321685 bsc#1015337 FATE#321686 bsc#1015340\n FATE#321687).\n - net/mlx4: Fix the check in attaching steering rules (bnc#1012382).\n - net/mlx5: avoid build warning for uniprocessor (bnc#1012382).\n - net/mlx5e: Add error print in ETS init (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Check support before TC swap in ETS init (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5e: E-Switch, Use the name of static array instead of its address\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Fix error handling in load one (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382).\n - net: move somaxconn init from sysctl code (bnc#1012382).\n - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support\n (bnc#1012382).\n - net: qca_spi: Fix alignment issues in rx path (bnc#1012382).\n - net sched actions: fix dumping which requires several messages to user\n space (bnc#1012382).\n - net/sched: fix NULL dereference in the error path of tcf_bpf_init()\n (bnc#1012382).\n - net: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).\n - net: validate attribute sizes in neigh_dump_table() (bnc#1012382).\n - net: x25: fix one potential use-after-free issue (bnc#1012382).\n - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()\n (bnc#1012382).\n - nfsv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION\n (bnc#1012382).\n - nfsv4.1: Work around a Linux server bug.. (bnc#1012382).\n - nospec: Kill array_index_nospec_mask_check() (bnc#1012382).\n - nospec: Move array_index_nospec() parameter checking into separate macro\n (bnc#1012382).\n - nvme: target: fix buffer overflow (FATE#321732 FATE#321590 bsc#993388).\n - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).\n - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources\n (bsc#1070404).\n - ovl: filter trusted xattr for non-admin (bnc#1012382).\n - packet: fix bitfield update race (bnc#1012382).\n - parisc: Fix out of array access in match_pci_device() (bnc#1012382).\n - parport_pc: Add support for WCH CH382L PCI-E single parallel port card\n (bnc#1012382).\n - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382).\n - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699).\n - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348).\n - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382).\n - percpu: include linux/sched.h for cond_resched() (bnc#1012382).\n - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382).\n - perf/core: Fix locking for children siblings group read (git-fixes).\n - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]\n (bnc#1012382).\n - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).\n - perf header: Set proper module name when build-id event found\n (bnc#1012382).\n - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382).\n - perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382).\n - perf intel-pt: Fix overlap detection to identify consecutive buffers\n correctly (bnc#1012382).\n - perf intel-pt: Fix sync_switch (bnc#1012382).\n - perf intel-pt: Fix timestamp following overflow (bnc#1012382).\n - perf probe: Add warning message if there is unexpected event name\n (bnc#1012382).\n - perf: Remove superfluous allocation error check (bnc#1012382).\n - perf report: Ensure the perf DSO mapping matches what libdw sees\n (bnc#1012382).\n - perf: Return proper values for user stack errors (bnc#1012382).\n - perf tests: Decompress kernel module before objdump (bnc#1012382).\n - perf tools: Fix copyfile_offset update of output offset (bnc#1012382).\n - perf trace: Add mmap alias for s390 (bnc#1012382).\n - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr\n (bnc#1012382).\n - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*\n (bnc#1012382).\n - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()\n (bnc#1012382).\n - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver\n (bnc#1012382).\n - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in\n alloc_pid() (bnc#1012382).\n - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill\n (bsc#1093035).\n - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()\n (bnc#1012382).\n - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently\n (bnc#1012382).\n - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).\n - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032,\n bsc#1080157).\n - powerpc/64s: Enable barrier_nospec based on firmware settings\n (bsc#1068032, bsc#1080157).\n - powerpc/64s: Enhance the information in cpu_show_meltdown()\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc/64s: Enhance the information in cpu_show_spectre_v1()\n (bsc#1068032).\n - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).\n - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087,\n bsc#1091041).\n - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032,\n bsc#1080157).\n - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032,\n bsc#1075087, bsc#1091041).\n - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE]\n (bnc#1012382).\n - powerpc: conditionally compile platform-specific serial drivers\n (bsc#1066223).\n - powerpc/crash: Remove the test for cpu_online in the IPI callback\n (bsc#1088242).\n - powerpc: Do not send system reset request through the oops path\n (bsc#1088242).\n - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382).\n - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).\n - powerpc/fadump: exclude memory holes while reserving memory in second\n kernel (bsc#1092772).\n - powerpc/lib: Fix off-by-one in alternate feature patching (bnc#1012382).\n - powerpc/mm: allow memory hotplug into a memoryless node (bsc#1090663).\n - powerpc/mm: Allow memory hotplug into an offline node (bsc#1090663).\n - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087,\n bsc#1091041).\n - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops\n (bnc#1012382).\n - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382).\n - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()\n (bnc#1012382).\n - powerpc/powernv: Set or clear security feature flags (bsc#1068032,\n bsc#1075087, bsc#1091041).\n - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032,\n bsc#1075087, bsc#1091041).\n - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032,\n bsc#1075087, bsc#1091041).\n - powerpc/pseries: Restore default security feature flags on setup\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc/pseries: Set or clear security feature flags (bsc#1068032,\n bsc#1075087, bsc#1091041).\n - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032,\n bsc#1075087, bsc#1091041).\n - powerpc/rfi-flush: Differentiate enabled and patched flush types\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - powerpc: signals: Discard transaction state from signal frames\n (bsc#1094059).\n - powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382).\n - powerpc: System reset avoid interleaving oops using die synchronisation\n (bsc#1088242).\n - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032,\n bsc#1080157).\n - pppoe: check sockaddr length in pppoe_connect() (bnc#1012382).\n - pptp: remove a buggy dst release in pptp_connect() (bnc#1012382).\n - qlge: Avoid reading past end of buffer (bnc#1012382).\n - r8152: add Linksys USB3GIGV1 id (bnc#1012382).\n - r8169: fix setting driver_data after register_netdev (bnc#1012382).\n - radeon: hide pointless #warning when compile testing (bnc#1012382).\n - random: use a tighter cap in credit_entropy_bits_safe() (bnc#1012382).\n - random: use lockless method of accessing and updating f->reg_idx\n (bnc#1012382).\n - ray_cs: Avoid reading past end of buffer (bnc#1012382).\n - rdma/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack\n access (FATE#321732).\n - rdma/mlx5: Protect from NULL pointer derefence (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - rdma/mlx5: Protect from shift operand overflow (bnc#1012382).\n - rdma/qedr: fix QP's ack timeout configuration (bsc#1022604 FATE#321747).\n - rdma/qedr: Fix QP state initialization race (bsc#1022604 FATE#321747).\n - rdma/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604\n FATE#321747).\n - rdma/rxe: Fix an out-of-bounds read (FATE#322149).\n - rdma/ucma: Allow resolving address w/o specifying source address\n (bnc#1012382).\n - rdma/ucma: Check AF family prior resolving address (bnc#1012382).\n - rdma/ucma: Check that device exists prior to accessing it (bnc#1012382).\n - rdma/ucma: Check that device is connected prior to access it\n (bnc#1012382).\n - rdma/ucma: Do not allow join attempts for unsupported AF family\n (bnc#1012382).\n - rdma/ucma: Do not allow setting RDMA_OPTION_IB_PATH without an RDMA\n device (bnc#1012382).\n - rdma/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382).\n - rdma/ucma: Fix use-after-free access in ucma_close (bnc#1012382).\n - rdma/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382).\n - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path\n (bnc#1012382).\n - regulator: gpio: Fix some error handling paths in\n 'gpio_regulator_probe()' (bsc#1091960).\n - resource: fix integer overflow at reallocation (bnc#1012382).\n - Revert "alsa: pcm: Fix mutex unbalance in OSS emulation ioctls" (kabi).\n - Revert "alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams"\n (kabi).\n - Revert "arm: dts: am335x-pepper: Fix the audio CODEC's reset pin"\n (bnc#1012382).\n - Revert "arm: dts: omap3-n900: Fix the audio CODEC's reset pin"\n (bnc#1012382).\n - Revert "ath10k: rebuild crypto header in rx data frames" (kabi).\n - Revert "ath10k: send (re)assoc peer command when NSS changed"\n (bnc#1012382).\n - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"\n (bnc#1012382).\n - Revert "cpufreq: Fix governor module removal race" (bnc#1012382).\n - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"\n (bnc#1012382).\n - Revert "kvm: Fix stack-out-of-bounds read in write_mmio" (bnc#1083635).\n - Revert "mac80211: Add RX flag to indicate ICV stripped" (kabi).\n - Revert "mac80211: allow not sending MIC up from driver for HW crypto"\n (kabi).\n - Revert "mac80211: allow same PN for AMSDU sub-frames" (kabi).\n - Revert "mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase\n block." (kabi).\n - Revert "mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug."\n (kabi).\n - Revert "mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase\n block." (kabi).\n - Revert "mtip32xx: use runtime tag to initialize command header"\n (bnc#1012382).\n - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"\n (bnc#1012382).\n - Revert "perf tests: Decompress kernel module before objdump"\n (bnc#1012382).\n - Revert "xhci: plat: Register shutdown for xhci_plat" (bnc#1012382).\n - rfkill: gpio: fix memory leak in probe error path (bnc#1012382).\n - rpc_pipefs: fix double-dput() (bnc#1012382).\n - rpm/config.sh: build against SP3 in OBS as well.\n - rtc: interface: Validate alarm-time before handling rollover\n (bnc#1012382).\n - rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382).\n - rtc: snvs: fix an incorrect check of return value (bnc#1012382).\n - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bnc#1012382).\n - rxrpc: check return value of skb_to_sgvec always (bnc#1012382).\n - s390: add automatic detection of the spectre defense (bnc#1012382).\n - s390: add optimized array_index_mask_nospec (bnc#1012382).\n - s390: add options to change branch prediction behaviour for the kernel\n (bnc#1012382 bsc#1068032).\n - s390: add sysfs attributes for spectre (bnc#1012382).\n - s390/alternative: use a copy of the facility bit mask (bnc#1012382).\n - s390/cio: update chpid descriptor after resource accessibility event\n (bnc#1012382).\n - s390: correct module section names for expoline code revert\n (bnc#1012382).\n - s390: correct nospec auto detection init order (bnc#1012382).\n - s390/dasd: fix hanging safe offline (bnc#1012382).\n - s390/dasd: fix IO error for newly defined devices (bnc#1093144,\n LTC#167398).\n - s390: do not bypass BPENTER for interrupt system calls (bnc#1012382).\n - s390: enable CPU alternatives unconditionally (bnc#1012382).\n - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382).\n - s390: introduce execute-trampolines for branches (bnc#1012382).\n - s390/ipl: ensure loadparm valid flag is set (bnc#1012382).\n - s390: move nobp parameter functions to nospec-branch.c (bnc#1012382).\n - s390: move _text symbol to address higher than zero (bnc#1012382).\n - s390/qdio: do not merge ERROR output buffers (bnc#1012382).\n - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382).\n - s390/qeth: consolidate errno translation (bnc#1093144, LTC#167507).\n - s390/qeth: fix MAC address update sequence (bnc#1093144, LTC#167609).\n - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093144, LTC#167507).\n - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)\n (bnc#1012382).\n - s390: report spectre mitigation via syslog (bnc#1012382).\n - s390: run user space and KVM guests with modified branch prediction\n (bnc#1012382).\n - s390: scrub registers on kernel entry and KVM exit (bnc#1012382).\n - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1012382).\n - sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382).\n - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()\n (bnc#1012382).\n - scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382).\n - scsi: libsas: initialize sas_phy status according to response of\n DISCOVER (bnc#1012382).\n - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865).\n - scsi: lpfc: Correct missing remoteport registration during link bounces\n (bsc#1088865).\n - scsi: lpfc: Correct target queue depth application changes (bsc#1088865).\n - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts\n (bsc#1088865).\n - scsi: lpfc: Fix Abort request WQ selection (bsc#1088865).\n - scsi: lpfc: Fix driver not recovering NVME rports during target link\n faults (bsc#1088865).\n - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload\n (bsc#1088865).\n - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865).\n - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865).\n - scsi: lpfc: Fix NULL pointer reference when resetting adapter\n (bsc#1088865).\n - scsi: lpfc: Fix nvme remoteport registration race conditions\n (bsc#1088865).\n - scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865).\n - scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865).\n - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending"\n flag (bnc#1012382).\n - scsi: mptsas: Disable WRITE SAME (bnc#1012382).\n - scsi: sd: Defer spinning up drive while SANITIZE is in progress\n (bnc#1012382).\n - sctp: do not check port in sctp_inet6_cmp_addr (bnc#1012382).\n - sctp: do not leak kernel memory to user space (bnc#1012382).\n - sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382).\n - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6\n (bnc#1012382).\n - selftests/powerpc: Fix TM resched DSCR test with some compilers\n (bnc#1012382).\n - selinux: do not check open permission on sockets (bnc#1012382).\n - selinux: Remove redundant check for unknown labeling behavior\n (bnc#1012382).\n - selinux: Remove unnecessary check of array base in selinux_set_mapping()\n (bnc#1012382).\n - serial: 8250: omap: Disable DMA for console UART (bnc#1012382).\n - serial: mctrl_gpio: Add missing module license (bnc#1012382).\n - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init\n (bnc#1012382).\n - serial: sh-sci: Fix race condition causing garbage during shutdown\n (bnc#1012382).\n - sh_eth: Use platform device for printing before register_netdev()\n (bnc#1012382).\n - sit: reload iphdr in ipip6_rcv (bnc#1012382).\n - skbuff: only inherit relevant tx_flags (bnc#1012382).\n - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow\n (bnc#1012382).\n - sky2: Increase D3 delay to sky2 stops working after suspend\n (bnc#1012382).\n - slip: Check if rstate is initialized before uncompressing (bnc#1012382).\n - soreuseport: initialise timewait reuseport field (bnc#1012382).\n - sparc64: ldc abort during vds iso boot (bnc#1012382).\n - spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382).\n - staging: comedi: ni_mio_common: ack ai fifo error interrupts\n (bnc#1012382).\n - staging: ion : Donnot wakeup kswapd in ion system alloc (bnc#1012382).\n - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before\n calling hfa384x_drvr_setconfig16, also fixes relative sparse warning\n (bnc#1012382).\n - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock\n (bsc#1088810).\n - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153).\n - tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382).\n - target: prefer dbroot of /etc/target over /var/target (bsc#1087274).\n - target: transport should handle st FM/EOM/ILI reads (bsc#1081599).\n - tcp: better validation of received ack sequences (bnc#1012382).\n - tcp: do not read out-of-bounds opsize (bnc#1012382).\n - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).\n - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets\n (bnc#1012382).\n - team: avoid adding twice the same option to the event list (bnc#1012382).\n - team: fix netconsole setup over team (bnc#1012382).\n - test_firmware: fix setting old custom fw path back on exit, second try\n (bnc#1012382).\n - thermal: imx: Fix race condition in imx_thermal_probe() (bnc#1012382).\n - thermal: power_allocator: fix one race condition issue for\n thermal_instances list (bnc#1012382).\n - thunderbolt: Resume control channel after hibernation image is created\n (bnc#1012382).\n - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382).\n - tracepoint: Do not warn on ENOMEM (bnc#1012382).\n - tracing: Fix regex_match_front() to not over compare the test string\n (bnc#1012382).\n - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).\n - tty: Do not call panic() at tty_ldisc_init() (bnc#1012382).\n - tty: make n_tty_read() always abort if hangup is in progress\n (bnc#1012382).\n - tty: n_gsm: Allow ADM response in addition to UA for control dlci\n (bnc#1012382).\n - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set\n (bnc#1012382).\n - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode\n (bnc#1012382).\n - tty: provide tty_name() even without CONFIG_TTY (bnc#1012382).\n - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382).\n - ubi: fastmap: Do not flush fastmap work on detach (bnc#1012382).\n - ubi: Fix error for write access (bnc#1012382).\n - ubifs: Check ubifs_wbuf_sync() return code (bnc#1012382).\n - ubi: Reject MLC NAND (bnc#1012382).\n - um: Use POSIX ucontext_t instead of struct ucontext (bnc#1012382).\n - Update config files, add expoline for s390x (bsc#1089393).\n - Update\n patches.fixes/0001-md-raid10-fix-NULL-deference-in-handle_write_complet.pat\n ch (bsc#1056415).\n - Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch\n (bsc#1043598, bsc#1036215).\n - Update\n patches.suse/powerpc-powernv-Support-firmware-disable-of-RFI-flus.patch\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - Update\n patches.suse/powerpc-pseries-Support-firmware-disable-of-RFI-flus.patch\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - Update\n patches.suse/powerpc-rfi-flush-Move-the-logic-to-avoid-a-redo-int.patch\n (bsc#1068032, bsc#1075087, bsc#1091041).\n - Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994\n bsc#1075091 bnc#1085958).\n - usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382\n bsc#1092888).\n - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).\n - usb: chipidea: properly handle host or gadget initialization failure\n (bnc#1012382).\n - usb: core: Add quirk for HP v222w 16GB Mini (bnc#1012382).\n - usb: dwc2: Improve gadget state disconnection handling (bnc#1012382).\n - usb: dwc3: keystone: check return value (bnc#1012382).\n - usb: dwc3: pci: Properly cleanup resource (bnc#1012382).\n - usb: ene_usb6250: fix first command execution (bnc#1012382).\n - usb: ene_usb6250: fix SCSI residue overwriting (bnc#1012382).\n - usb:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw\n (bnc#1012382).\n - usb: gadget: align buffer size when allocating for OUT endpoint\n (bnc#1012382).\n - usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382).\n - usb: gadget: define free_ep_req as universal function (bnc#1012382).\n - usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382).\n - usb: gadget: fix request length error for isoc transfer (git-fixes).\n - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align\n (bnc#1012382).\n - usb: Increment wakeup count on remote wakeup (bnc#1012382).\n - usbip: usbip_host: fix to hold parent lock for device_attach() calls\n (bnc#1012382).\n - usbip: vhci_hcd: Fix usb device and sockfd leaks (bnc#1012382).\n - usb: musb: gadget: misplaced out of bounds check (bnc#1012382).\n - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).\n - usb: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382).\n - usb: serial: cp210x: add ID for NI USB serial console (bnc#1012382).\n - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382).\n - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator\n (bnc#1012382).\n - usb: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster\n (bnc#1012382).\n - usb: serial: option: adding support for ublox R410M (bnc#1012382).\n - usb: serial: option: Add support for Quectel EP06 (bnc#1012382).\n - usb: serial: option: reimplement interface masking (bnc#1012382).\n - usb: serial: simple: add libtransistor console (bnc#1012382).\n - usb: serial: visor: handle potential invalid device configuration\n (bnc#1012382).\n - vfb: fix video mode and line_length being set when loaded (bnc#1012382).\n - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382).\n - vfio/pci: Virtualize Maximum Read Request Size (bnc#1012382).\n - vfio-pci: Virtualize PCIe & AF FLR (bnc#1012382).\n - vhost: correctly remove wait queue during poll failure (bnc#1012382).\n - virtio: add ability to iterate over vqs (bnc#1012382).\n - virtio_console: free buffers after reset (bnc#1012382).\n - virtio_net: check return value of skb_to_sgvec always (bnc#1012382).\n - virtio_net: check return value of skb_to_sgvec in one more location\n (bnc#1012382).\n - vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382).\n - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi\n (bnc#1012382).\n - vmxnet3: ensure that adapter is in proper state during force_close\n (bnc#1012382).\n - vrf: Fix use after free and double free in vrf_finish_output\n (bnc#1012382).\n - vt: change SGR 21 to follow the standards (bnc#1012382).\n - vti6: better validate user provided tunnel names (bnc#1012382).\n - vxlan: dont migrate permanent fdb entries during learn (bnc#1012382).\n - watchdog: f71808e_wdt: Fix WD_EN register read (bnc#1012382).\n - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).\n - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679).\n - wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382).\n - writeback: fix the wrong congested state variable definition\n (bnc#1012382).\n - writeback: safer lock nesting (bnc#1012382).\n - x86/asm: Do not use RBP as a temporary register in\n csum_partial_copy_generic() (bnc#1012382).\n - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).\n - x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK\n (bsc#1093215).\n - x86/bugs: Respect retpoline command line option (bsc#1068032).\n - x86/hweight: Do not clobber %rdi (bnc#1012382).\n - x86/hweight: Get rid of the special calling convention (bnc#1012382).\n - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds (bnc#1012382).\n - x86/platform/UV: Add references to access fixed UV4A HUB MMRs\n (bsc#1076263 #fate#322814).\n - x86/platform/uv/BAU: Replace hard-coded values with MMR definitions\n (bsc#1076263 #fate#322814).\n - x86/platform/UV: Fix critical UV MMR address error (bsc#1076263\n - x86/platform/UV: Fix GAM MMR changes in UV4A (bsc#1076263 #fate#322814).\n - x86/platform/UV: Fix GAM MMR references in the UV x2apic code\n (bsc#1076263 #fate#322814).\n - x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1091325).\n - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263 #fate#322814).\n - x86/platform/UV: Fix UV4A support on new Intel Processors (bsc#1076263\n #fate#322814).\n - x86/platform/uv: Skip UV runtime services mapping in the\n efi_runtime_disabled case (bsc#1089925).\n - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (bsc#1076263\n #fate#322814).\n - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bnc#1012382).\n - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bnc#1012382).\n - x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382).\n - xen: avoid type warning in xchg_xen_ulong (bnc#1012382).\n - xen-netfront: Fix hang on device removal (bnc#1012382).\n - xfrm: fix state migration copy replay sequence numbers (bnc#1012382).\n - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit\n systems (bnc#1012382).\n - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).\n - xfrm_user: uncoditionally validate esn replay attribute struct\n (bnc#1012382).\n - xfs: always verify the log tail during recovery (bsc#1036215).\n - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).\n - xfs: detect and trim torn writes during log recovery (bsc#1036215).\n - xfs: fix log recovery corruption error due to tail overwrite\n (bsc#1036215).\n - xfs: fix recovery failure when log record header wraps log end\n (bsc#1036215).\n - xfs: handle -EFSCORRUPTED during head/tail verification (bsc#1036215).\n - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).\n - xfs: refactor and open code log record crc check (bsc#1036215).\n - xfs: refactor log record start detection into a new helper (bsc#1036215).\n - xfs: return start block of first bad log record during recovery\n (bsc#1036215).\n - xfs: support a crc verification only log record pass (bsc#1036215).\n - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019).\n\n - watchdog: hpwdt: condition early return of NMI handler on iLO5\n (bsc#1085185).\n - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).\n - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).\n - watchdog: hpwdt: Update Module info and copyright (bsc#1085185).\n\n", "edition": 1, "modified": "2018-05-24T21:06:58", "published": "2018-05-24T21:06:58", "id": "OPENSUSE-SU-2018:1418-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00099.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-30T13:53:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000200", "CVE-2017-5753", "CVE-2018-13053", "CVE-2018-1108", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-1118", "CVE-2018-5848", "CVE-2018-1130", "CVE-2018-1120", "CVE-2018-8781", "CVE-2018-9385", "CVE-2017-5715", "CVE-2018-7492", "CVE-2018-1000204", "CVE-2018-1093", "CVE-2018-10323", "CVE-2018-12233", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-5803", "CVE-2018-1092", "CVE-2018-1094"], "description": "The openSUSE Leap 15 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function\n could have result in local attackers being able to crash the kernel or\n potentially elevate privileges because kmalloc_array is not used\n (bnc#1100418)\n - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow\n via a large relative timeout because ktime_add_safe was not used\n (bnc#1099924)\n - CVE-2018-9385: Prevent overread of the "driver_override" buffer\n (bsc#1100491)\n - CVE-2018-13405: The inode_init_owner function allowed local users to\n create files with an unintended group ownership allowing attackers to\n escalate privileges by making a plain file executable and SGID\n (bnc#1100416)\n - CVE-2017-5753: Systems with microprocessors utilizing speculative\n execution and branch prediction may have allowed unauthorized disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bsc#1068032).\n - CVE-2018-1118: Linux kernel vhost did not properly initialize memory in\n messages passed between virtual guests and the host operating system.\n This could have allowed local privileged users to read some kernel\n memory contents when reading from the /dev/vhost-net device file\n (bsc#1092472).\n - CVE-2018-12233: A memory corruption bug in JFS could have been triggered\n by calling setxattr twice with two different extended attribute names on\n the same file. This vulnerability could be triggered by an unprivileged\n user with the ability to create files and execute programs (bsc#1097234)\n - CVE-2018-5848: In the function wmi_set_ie(), the length validation code\n did not handle unsigned integer overflow properly. As a result, a large\n value of the 'ie_len' argument could have caused a buffer overflow\n (bnc#1097356)\n - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the\n SG_IO ioctl (bsc#1096728)\n - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory\n containing command line arguments (or environment strings), an attacker\n could have caused utilities from psutils or procps (such as ps, w) to\n block indefinitely (denial of service) or for some controlled time (as a\n synchronization primitive for other attacks) (bsc#1093158).\n - CVE-2018-1094: The ext4_fill_super function did not always initialize\n the crc32c checksum driver, which allowed attackers to cause a denial of\n service (ext4_xattr_inode_hash NULL pointer dereference and system\n crash) via a crafted ext4 image (bsc#1087007).\n - CVE-2018-1092: The ext4_iget function mishandled the case of a root\n directory with a zero i_links_count, which allowed attackers to cause a\n denial of service (ext4_process_freed_data NULL pointer dereference and\n OOPS) via a crafted ext4 image (bsc#1087012).\n - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to\n cause a denial of service (out-of-bounds read and system crash) via a\n crafted ext4 image because balloc.c and ialloc.c do not validate bitmap\n block numbers (bsc#1087095).\n - CVE-2018-1000200: Prevent NULL pointer dereference which could have\n resulted in an out of memory (OOM) killing of large mlocked processes\n (bsc#1090150).\n - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function\n that allowed a local user to cause a denial of service by a number of\n certain crafted system calls (bsc#1092904)\n - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when\n handling SCTP packets length that could have been exploited to cause a\n kernel crash (bnc#1083900)\n - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c\n __rds_rdma_map() function that allowed local attackers to cause a system\n panic and a denial-of-service, related to RDS_GET_MR and\n RDS_GET_MR_FOR_DEST (bsc#1082962)\n - CVE-2018-1108: Prevent weakness in the implementation of random seed\n data. Programs, early in the boot sequence, could have used the data\n allocated for the seed (bsc#1090818).\n - CVE-2018-10323: The xfs_bmap_extents_to_btree function allowed local\n users to cause a denial of service (xfs_bmapi_write NULL pointer\n dereference) via a crafted xfs image (bsc#1090717).\n - CVE-2018-8781: The udl_fb_mmap function had an integer-overflow\n vulnerability allowing local users with access to the udldrmfb driver to\n obtain full read and write permissions on kernel physical pages,\n resulting in a code execution in kernel space (bsc#1090643)\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c\n might have allowed local users to cause a denial of service via an\n INT_MIN argument (bnc#1089752)\n - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have\n allowed local users to cause a denial of service by triggering an\n attempted use of the\n -INT_MIN value (bnc#1089608)\n - CVE-2017-5715: Prevent unauthorized disclosure of information to an\n attacker with local user access caused by speculative execution and\n indirect branch prediction (bsc#1068032)\n\n The following non-security bugs were fixed:\n\n - 1wire: family module autoload fails because of upper/lower case mismatch\n (bsc#1051510).\n - 8021q: fix a memory leak for VLAN 0 device (networking-stable-18_01_12).\n - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()\n (networking-stable-18_05_15).\n - 8139too: revisit napi_complete_done() usage (networking-stable-17_10_09).\n - 9p/trans_virtio: discard zero-length reply (bsc#1052766).\n - ACPI / APEI: Replace ioremap_page_range() with fixmap (bsc#1051510).\n - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices\n (bsc#1051510).\n - ACPI / NUMA: ia64: Parse all entries of SRAT memory affinity table\n (bnc#1088796, ).\n - ACPI / bus: Do not call _STA on battery devices with unmet dependencies\n (bsc#1051510).\n - ACPI / button: make module loadable when booted in non-ACPI mode\n (bsc#1051510).\n - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()\n (bsc#1051510).\n - ACPI / scan: Initialize watchdog before PNP (bsc#1073960).\n - ACPI / scan: Send change uevent with offine environmental data\n (bsc#1082485).\n - ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE\n devs (bsc#1051510).\n - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E\n (bsc#1051510).\n - ACPI / video: Default lcd_only to true on Win8-ready and newer machines\n (bsc#1051510).\n - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_\n (bsc#1051510).\n - ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (bsc#1051510).\n - ACPI / watchdog: properly initialize resources (bsc#1051510).\n - ACPI: EC: Fix debugfs_create_*() usage (bsc#1051510).\n - ACPI: acpi_pad: Fix memory leak in power saving threads (bsc#1051510).\n - ACPI: processor_perflib: Do not send _PPC change notification if not\n ready (bsc#1051510).\n - ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs\n (bsc#1051510).\n - ACPICA: ACPI 6.0A: Changes to the NFIT ACPI table (bsc#1091424).\n - ACPICA: Events: add a return on failure from acpi_hw_register_read\n (bsc#1051510).\n - ACPICA: Fix memory leak on unusual memory leak (bsc#1051510).\n - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c\n (bsc#1051510).\n - ALSA: aloop: Add missing cable lock to ctl API callbacks (bsc#1051510).\n - ALSA: aloop: Mark paused device as inactive (bsc#1051510).\n - ALSA: asihpi: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: caiaq: Add yet more sanity checks for invalid EPs (bsc#1051510).\n - ALSA: control: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: control: fix a redundant-copy issue (bsc#1051510).\n - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr (bsc#1051510).\n - ALSA: dice: fix OUI for TC group (bsc#1051510).\n - ALSA: dice: fix error path to destroy initialized stream data\n (bsc#1051510).\n - ALSA: dice: fix kernel NULL pointer dereference due to invalid\n calculation for array index (bsc#1051510).\n - ALSA: emu10k1: Fix kABI breakage (bsc#1093027).\n - ALSA: emu10k1: add a IOMMU workaround (bsc#1093027).\n - ALSA: emu10k1: add optional debug printouts with DMA addresses\n (bsc#1093027).\n - ALSA: emu10k1: make sure synth DMA pages are allocated with DMA\n functions (bsc#1093027).\n - ALSA: emu10k1: remove reserved_page (bsc#1093027).\n - ALSA: emu10k1: use dma_set_mask_and_coherent() (bsc#1093027).\n - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1051510).\n - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()\n (bsc#1051510).\n - ALSA: hda - New VIA controller suppor no-snoop path (bsc#1051510).\n - ALSA: hda - Skip jack and others for non-existing PCM streams\n (bsc#1051510).\n - ALSA: hda/ca0132 - use ARRAY_SIZE (bsc#1051510).\n - ALSA: hda/ca0132: Add DSP Volume set and New mixers for SBZ + R3Di\n (bsc#1096696).\n - ALSA: hda/ca0132: Add PCI region2 iomap for SBZ (bsc#1096696).\n - ALSA: hda/ca0132: Add dsp setup + gpio functions for r3di (bsc#1096696).\n - ALSA: hda/ca0132: Add extra exit functions for R3Di and SBZ\n (bsc#1096696).\n - ALSA: hda/ca0132: Add new control changes for SBZ + R3Di (bsc#1096696).\n - ALSA: hda/ca0132: Add pincfg for SBZ + R3Di, add fp hp auto-detect\n (bsc#1096696).\n - ALSA: hda/ca0132: Delete pointless assignments to struct auto_pin_cfg\n fields (bsc#1051510).\n - ALSA: hda/ca0132: Delete redundant UNSOL event requests (bsc#1051510).\n - ALSA: hda/ca0132: Do not test for QUIRK_NONE (bsc#1051510).\n - ALSA: hda/ca0132: Fix DMic data rate for Alienware M17x R4 (bsc#1051510).\n - ALSA: hda/ca0132: R3Di and SBZ quirk entires + alt firmware loading\n (bsc#1096696).\n - ALSA: hda/ca0132: Restore PCM Analog Mic-In2 (bsc#1051510).\n - ALSA: hda/ca0132: Restore behavior of QUIRK_ALIENWARE (bsc#1051510).\n - ALSA: hda/ca0132: add alt_select_in/out for R3Di + SBZ (bsc#1096696).\n - ALSA: hda/ca0132: add ca0132_alt_set_vipsource (bsc#1096696).\n - ALSA: hda/ca0132: add dsp setup related commands for the sbz\n (bsc#1096696).\n - ALSA: hda/ca0132: add extra init functions for r3di + sbz (bsc#1096696).\n - ALSA: hda/ca0132: add the ability to set src_id on scp commands\n (bsc#1096696).\n - ALSA: hda/ca0132: constify parameter table for effects (bsc#1096696).\n - ALSA: hda/ca0132: constify read-only members of string array\n (bsc#1096696).\n - ALSA: hda/ca0132: constify templates for control element set\n (bsc#1096696).\n - ALSA: hda/ca0132: fix array_size.cocci warnings (bsc#1096696).\n - ALSA: hda/ca0132: fix build failure when a local macro is defined\n (bsc#1051510).\n - ALSA: hda/ca0132: make array ca0132_alt_chmaps static (bsc#1051510).\n - ALSA: hda/ca0132: merge strings just for printk (bsc#1096696).\n - ALSA: hda/ca0132: update core functions for sbz + r3di (bsc#1096696).\n - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).\n - ALSA: hda/conexant - Add hp-mic-fix model string (bsc#1092975).\n - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1051510).\n - ALSA: hda/realtek - Add shutup hint (bsc#1051510).\n - ALSA: hda/realtek - Add some fixes for ALC233 (bsc#1051510).\n - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1051510).\n - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs\n (bsc#1051510).\n - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1051510).\n - ALSA: hda/realtek - Fix the problem of two front mics on more machines\n (bsc#1051510).\n - ALSA: hda/realtek - Fixup for HP x360 laptops with BO speakers\n (bsc#1096705).\n - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1096705).\n - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*()\n (bsc#1096705).\n - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1051510).\n - ALSA: hda/realtek - adjust the location of one mic (bsc#1051510).\n - ALSA: hda/realtek - change the location for one of two front mics\n (bsc#1051510).\n - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1051510).\n - ALSA: hda: Add ASRock H81M-HDS to the power_save blacklist (bsc#1051510).\n - ALSA: hda: Add Clevo W35xSS_370SS to the power_save blacklist\n (bsc#1051510).\n - ALSA: hda: Add Gigabyte P55A-UD3 and Z87-D3HP to the power_save\n blacklist (bsc#1051510).\n - ALSA: hda: Add Icelake PCI ID (bsc#1051510).\n - ALSA: hda: Add Intel NUC5i7RY to the power_save blacklist (bsc#1051510).\n - ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist (bsc#1051510).\n - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist\n (bsc#1051510).\n - ALSA: hda: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: hda: add dock and led support for HP EliteBook 830 G5\n (bsc#1051510).\n - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1051510).\n - ALSA: hdspm: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: hiface: Add sanity checks for invalid EPs (bsc#1051510).\n - ALSA: line6: Add yet more sanity checks for invalid EPs (bsc#1051510).\n - ALSA: line6: Use correct endpoint type for midi output (bsc#1051510).\n - ALSA: line6: add support for POD HD DESKTOP (bsc#1051510).\n - ALSA: line6: add support for POD HD500X (bsc#1051510).\n - ALSA: line6: remove unnecessary initialization to PODHD500X\n (bsc#1051510).\n - ALSA: opl3: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: pcm: Avoid potential races between OSS ioctls and read/write\n (bsc#1051510).\n - ALSA: pcm: Check PCM state at xfern compat ioctl (bsc#1051510).\n - ALSA: pcm: Fix UAF at PCM release via PCM timer access (bsc#1051510).\n - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation\n (bsc#1051510).\n - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls (bsc#1051510).\n - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams\n (bsc#1051510).\n - ALSA: pcm: potential uninitialized return values (bsc#1051510).\n - ALSA: rawmidi: Fix missing input substream checks in compat ioctls\n (bsc#1051510).\n - ALSA: rme9652: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl\n (bsc#1051510).\n - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()\n (bsc#1051510).\n - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device\n (bsc#1051510).\n - ALSA: seq: oss: Hardening for potential Spectre v1 (bsc#1051510).\n - ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl\n (bsc#1051510).\n - ALSA: timer: Fix pause event notification (bsc#1051510).\n - ALSA: usb-audio: Add "Keep Interface" control (bsc#1089467).\n - ALSA: usb-audio: Add a quirk for Nura's first gen headset (bsc#1051510).\n - ALSA: usb-audio: Add keep_iface flag (bsc#1089467).\n - ALSA: usb-audio: Add native DSD support for Luxman DA-06 (bsc#1051510).\n - ALSA: usb-audio: Add native DSD support for Mytek DACs (bsc#1051510).\n - ALSA: usb-audio: Add native DSD support for TEAC UD-301 (bsc#1051510).\n - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M\n (bsc#1051510).\n - ALSA: usb-audio: Add sample rate quirk for Plantronics P610\n (bsc#1051510).\n - ALSA: usb-audio: Add sanity checks for invalid EPs (bsc#1051510).\n - ALSA: usb-audio: Allow to override the longname string (bsc#1091678).\n - ALSA: usb-audio: Apply vendor ID matching for sample rate quirk\n (bsc#1051510).\n - ALSA: usb-audio: Avoid superfluous usb_set_interface() calls\n (bsc#1089467).\n - ALSA: usb-audio: Change the semantics of the enable option (bsc#1051510).\n - ALSA: usb-audio: Disable the quirk for Nura headset (bsc#1051510).\n - ALSA: usb-audio: FIX native DSD support for TEAC UD-501 DAC\n (bsc#1051510).\n - ALSA: usb-audio: Generic DSD detection for XMOS-based implementations\n (bsc#1051510).\n - ALSA: usb-audio: Give proper vendor/product name for Dell WD15 Dock\n (bsc#1091678).\n - ALSA: usb-audio: Initialize Dell Dock playback volumes (bsc#1089467).\n - ALSA: usb-audio: Integrate native DSD support for ITF-USB based DACs\n (bsc#1051510).\n - ALSA: usb-audio: Remove explicitly listed Mytek devices (bsc#1051510).\n - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).\n - ALSA: usb-audio: Support changing input on Sound Blaster E1\n (bsc#1051510).\n - ALSA: usb-audio: add boot quirk for Axe-Fx III (bsc#1051510).\n - ALSA: usb-audio: add more quirks for DSD interfaces (bsc#1051510).\n - ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk (bsc#1051510).\n - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ (bsc#1051510).\n - ALSA: usx2y: Add sanity checks for invalid EPs (bsc#1051510).\n - ALSA: usx2y: Fix invalid stream URBs (bsc#1051510).\n - ALSA: vmaster: Propagate slave error (bsc#1051510).\n - ASoC: Intel: Skylake: Disable clock gating during firmware and library\n download (bsc#1051510).\n - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bsc#1051510).\n - ASoC: Intel: sst: remove redundant variable dma_dev_name (bsc#1051510).\n - ASoC: adau17x1: Handling of DSP_RUN register during fw setup\n (bsc#1051510).\n - ASoC: cirrus: i2s: Fix LRCLK configuration (bsc#1051510).\n - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bsc#1051510).\n - ASoC: cs35l35: Add use_single_rw to regmap config (bsc#1051510).\n - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it\n (bsc#1051510).\n - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio\n (bsc#1051510).\n - ASoC: hdmi-codec: Fix module unloading caused kernel crash (bsc#1051510).\n - ASoC: hdmi-codec: fix spelling mistake: "deteced" -> "detected"\n (bsc#1051510).\n - ASoC: hdmi-codec: remove multi detection support (bsc#1051510).\n - ASoC: omap: Remove OMAP_MUX dependency from Nokia N810 audio support\n (bsc#1051510).\n - ASoC: rockchip: Fix dai_name for HDMI codec (bsc#1051510).\n - ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs (bsc#1051510).\n - ASoC: rsnd: mark PM functions __maybe_unused (bsc#1051510).\n - ASoC: rt5514: Add the missing register in the readable table\n (bsc#1051510).\n - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined\n (bsc#1051510).\n - ASoC: samsung: odroid: Drop requirement of clocks in the sound node\n (bsc#1051510).\n - ASoC: samsung: odroid: Fix 32000 sample rate handling (bsc#1051510).\n - ASoC: samsung: odroid: Fix EPLL frequency values (bsc#1051510).\n - ASoC: ssm2602: Replace reg_default_raw with reg_default (bsc#1051510).\n - ASoC: topology: Check widget kcontrols before deref (bsc#1051510).\n - ASoC: topology: Check widget kcontrols before deref (bsc#1051510).\n - ASoC: topology: Fix bugs of freeing soc topology (bsc#1051510).\n - ASoC: topology: Fix kcontrol name string handling (bsc#1051510).\n - ASoC: topology: create TLV data for dapm widgets (bsc#1051510).\n - ASoC: topology: fix some tiny memory leaks (bsc#1051510).\n - Bluetooth: Add a new 04ca:3015 QCA_ROME device (bsc#1051510).\n - Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504).\n - Bluetooth: Fix missing encryption refresh on Security Request\n (bsc#1051510).\n - Bluetooth: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for BTUSB_QCA_ROME\n (bsc#1051510).\n - Bluetooth: btrtl: Fix a error code in rtl_load_config() (bsc#1051510).\n - Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table\n (bsc#1051510).\n - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB\n (bsc#1051510).\n - Bluetooth: btusb: Add device ID for RTL8822BE (bsc#1051510).\n - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome\n chipsets (bsc#1051510).\n - Bluetooth: btusb: add ID for LiteOn 04ca:3016 (bsc#1051510).\n - Bluetooth: hci_bcm: Add 6 new ACPI HIDs (bsc#1051510).\n - Bluetooth: hci_bcm: Add active_low irq polarity quirk for Asus T100CHI\n (bsc#1051510).\n - Bluetooth: hci_bcm: Add support for BCM2E72 (bsc#1051510).\n - Bluetooth: hci_bcm: Add support for MINIX Z83-4 based devices\n (bsc#1051510).\n - Bluetooth: hci_bcm: Fix setting of irq trigger type (bsc#1051510).\n - Bluetooth: hci_bcm: Handle empty packet after firmware loading\n (bsc#1051510).\n - Bluetooth: hci_bcm: Make bcm_request_irq fail if no IRQ resource\n (bsc#1051510).\n - Bluetooth: hci_bcm: Remove DMI quirk for the MINIX Z83-4 (bsc#1051510).\n - Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being\n active-low (bsc#1051510).\n - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw\n loader (bsc#1051510).\n - Btrfs: Fix race condition between delayed refs and blockgroup removal\n (bsc#1086224).\n - Btrfs: Fix wrong first_key parameter in replace_path (follow up fix for\n bsc#1084721).\n - Btrfs: Only check first key for committed tree blocks (bsc#1084721).\n - Btrfs: Take trans lock before access running trans in check_delayed_ref\n (bsc#1097105).\n - Btrfs: Validate child tree block's level and first key (bsc#1084721).\n - Btrfs: fix copy_items() return value when logging an inode (bsc#1097105).\n - Btrfs: fix xattr loss after power failure (bsc#1097105).\n - Btrfs: push relocation recovery into a helper thread (bsc#1086467).\n - Btrfs: qgroups, fix rescan worker running races (bsc#1091101).\n - Btrfs: return error value if create_io_em failed in cow_file_range\n (bsc#1097105).\n - Btrfs: suspend qgroups during relocation recovery (bsc#1086467).\n - Btrfs: use btrfs_op instead of bio_op in __btrfs_map_block (bsc#1099918).\n - Btrfs: use spinlock to protect ->caching_block_groups list (bsc#1083684).\n - Correct bug reference in the patch (bnc#1095155)\n - Delete\n patches.arch/powerpc64-ftrace-Use-the-generic-version-of-ftrace_r.patch\n (bsc#1088804).\n - Downgrade printk level for MMC SDHCI host version error (bsc#1097941).\n - Enable uniput driver (bsc#1092566).\n - Fix copy_in_user() declaration (bsc#1052766).\n - Fix kABI breakage due to acpi_ec gpe field change (bsc#1051510).\n - Fix kABI breakage due to snd_usb_audio_quirk profile_name addition\n (bsc#1091678).\n - Fix kABI breakage due to sound/timer.h inclusion (bsc#1051510).\n - Fix kABI breakage for iwl_fw_runtime_ops change (bsc#1051510).\n - Fix kABI breakage for iwlwifi (bsc#1051510).\n - Fix kABI breakage of iio_buffer (bsc#1051510).\n - Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1100734).\n - Fix kABI incompatibility by snd_pcm_oss_runtime.rw_ref addition\n (bsc#1051510).\n - Fix the build error in adau17x1 soc driver (bsc#1051510)\n - Fix the build of da9063_wdt module (bsc#1100843) Backport the missing\n prerequisite commit, move the previous fixes into the sorted section and\n refresh.\n - GFS2: Take inode off order_write list when setting jdata flag\n (bsc#1052766).\n - HID: add backlight level quirk for Asus ROG laptops (bsc#1101324).\n - HID: cp2112: fix broken gpio_direction_input callback (bsc#1051510).\n - HID: debug: check length before copy_to_user() (bsc#1051510).\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device\n (bsc#1051510).\n - HID: i2c-hid: Fix "incomplete report" noise (bsc#1051510).\n - HID: i2c-hid: fix size check and type usage (bsc#1051510).\n - HID: intel-ish-hid: Enable Gemini Lake ish driver (bsc#1073765,).\n - HID: intel-ish-hid: use put_device() instead of kfree() (bsc#1051510).\n - HID: intel_ish-hid: ipc: register more pm callbacks to support\n hibernation (bsc#1051510).\n - HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice (bsc#1051510).\n - HID: roccat: prevent an out of bounds read in\n kovaplus_profile_activated() (bsc#1051510).\n - HID: wacom: Add support for One by Wacom (CTL-472 / CTL-672)\n (bsc#1100633).\n - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large\n (bsc#1051510).\n - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bsc#1051510).\n - HID: wacom: EKR: ensure devres groups at higher indexes are released\n (bsc#1051510).\n - HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE)\n events (bsc#1051510).\n - HID: wacom: Release device resource data obtained by devres_alloc()\n (bsc#1051510).\n - HID: wacom: bluetooth: send exit report for recent Bluetooth devices\n (bsc#1051510).\n - IB/Hfi1: Read CCE Revision register to verify the device is responsive\n (bsc#1096793 ).\n - IB/core: Generate GID change event regardless of RoCE GID table property\n (bsc#1046306 ).\n - IB/core: Refer to RoCE port property instead of GID table property\n (bsc#1046306 ).\n - IB/cq: Do not force IB_POLL_DIRECT poll context for ib_process_cq_direct\n (bsc#1046306 ).\n - IB/hfi1 Use correct type for num_user_context (bsc#1096793 ).\n - IB/hfi1: Add a safe wrapper for _rcd_get_by_index (bsc#1096793 ).\n - IB/hfi1: Add tx_opcode_stats like the opcode_stats (bsc#1096793 ).\n - IB/hfi1: Complete check for locally terminated smp (bsc#1096793 ).\n - IB/hfi1: Compute BTH only for RDMA_WRITE_LAST/SEND_LAST packet\n (bsc#1096793 ).\n - IB/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times\n (bsc#1096793 ).\n - IB/hfi1: Create common functions for affinity CPU mask operations\n (bsc#1096793 ).\n - IB/hfi1: Do not allocate PIO send contexts for VNIC (bsc#1096793 ).\n - IB/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793 ).\n - IB/hfi1: Do not override given pcie_pset value (bsc#1096793 ).\n - IB/hfi1: Ensure VL index is within bounds (bsc#1096793 ).\n - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used\n (bsc#1060463 ).\n - IB/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793\n ).\n - IB/hfi1: Fix for early release of sdma context (bsc#1096793 ).\n - IB/hfi1: Fix handling of FECN marked multicast packet (bsc#1060463 ).\n - IB/hfi1: Fix loss of BECN with AHG (bsc#1096793 ).\n - IB/hfi1: Fix memory leak in exception path in get_irq_affinity()\n (bsc#1096793 ).\n - IB/hfi1: Fix serdes loopback set-up (bsc#1096793 ).\n - IB/hfi1: Handle initial value of 0 for CCTI setting (bsc#1096793 ).\n - IB/hfi1: Inline common calculation (bsc#1096793 ).\n - IB/hfi1: Insure int mask for in-kernel receive contexts is clear\n (bsc#1096793 ).\n - IB/hfi1: Look up ibport using a pointer in receive path (bsc#1096793 ).\n - IB/hfi1: Optimize kthread pointer locking when queuing CQ entries\n (bsc#1096793 ).\n - IB/hfi1: Optimize packet type comparison using 9B and bypass code paths\n (bsc#1096793 ).\n - IB/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793 ).\n - IB/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793 ).\n - IB/hfi1: Race condition between user notification and driver state\n (bsc#1096793 ).\n - IB/hfi1: Re-order IRQ cleanup to address driver cleanup race\n (bsc#1060463 ).\n - IB/hfi1: Refactor assign_ctxt() IOCTL (bsc#1096793 ).\n - IB/hfi1: Refactor get_base_info (bsc#1096793 ).\n - IB/hfi1: Refactor get_ctxt_info (bsc#1096793 ).\n - IB/hfi1: Refactor get_user() IOCTLs (bsc#1096793 ).\n - IB/hfi1: Refactor hfi_user_exp_rcv_clear() IOCTLs (bsc#1096793 ).\n - IB/hfi1: Refactor hfi_user_exp_rcv_invalid() IOCTLs (bsc#1096793 ).\n - IB/hfi1: Refactor hfi_user_exp_rcv_setup() IOCTL (bsc#1096793 ).\n - IB/hfi1: Remove unused hfi1_cpulist variables (bsc#1096793 ).\n - IB/hfi1: Reorder incorrect send context disable (bsc#1096793 ).\n - IB/hfi1: Return correct value for device state (bsc#1096793 ).\n - IB/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793 ).\n - IB/hfi1: Set port number for errorinfo MAD response (bsc#1096793 ).\n - IB/hfi1: Show fault stats in both TX and RX directions (bsc#1096793 ).\n - IB/hfi1: Update HFI to use the latest PCI API (bsc#1096793 ).\n - IB/hfi1: Use after free race condition in send context error path\n (bsc#1096793 ).\n - IB/hfi1: Validate PKEY for incoming GSI MAD packets (bsc#1096793 ).\n - IB/ipoib: Avoid memory leak if the SA returns a different DGID\n (bsc#1046307 ).\n - IB/ipoib: Change number of TX wqe to 64 (bsc#1096793 ).\n - IB/ipoib: Fix for notify send CQ failure messages (bsc#1096793 ).\n - IB/ipoib: Fix for potential no-carrier state (bsc#1046307 ).\n - IB/ipoib: Get rid of the tx_outstanding variable in all modes\n (bsc#1096793 ).\n - IB/ipoib: Use NAPI in UD/TX flows (bsc#1096793 ).\n - IB/mlx4: Fix integer overflow when calculating optimal MTT size\n (bsc#1071218).\n - IB/mlx4: Move mlx4_uverbs_ex_query_device_resp to include/uapi/\n (bsc#1071218).\n - IB/mlx5: Enable ECN capable bits for UD RoCE v2 QPs (bsc#1046305 ).\n - IB/mlx5: Respect new UMR capabilities (bsc#1093205).\n - IB/mlx5: Set the default active rate and width to QDR and 4X\n (bsc#1046305 ).\n - IB/mlx5: Use unlimited rate when static rate is not supported\n (bsc#1046305 ).\n - IB/mlx5:: pr_err() and mlx5_ib_dbg() strings should end with newlines\n (bsc#1093205).\n - IB/rdmavt: Add trace for RNRNAK timer (bsc#1096793 ).\n - IB/rdmavt: Allocate CQ memory on the correct node (bsc#1058717 ).\n - IB/rdmavt: No need to cancel RNRNAK retry timer when it is running\n (bsc#1096793 ).\n - IB/rdmavt: Use correct numa node for SRQ allocation (bsc#1096793 ).\n - IB/srp: Fix completion vector assignment algorithm (bsc#1046306 ).\n - IB/srp: Fix srp_abort() (bsc#1046306 ).\n - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()\n (bsc#1046306 ).\n - IB/uverbs: Fix validating mandatory attributes (bsc#1046306 ).\n - IB/{hfi1, qib}: Add handling of kernel restart (bsc#1096793 ).\n - IB/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure\n (bsc#1096793 ).\n - IB/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793\n ).\n - Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude\n 7370 (bsc#1051510).\n - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook\n Pro (bsc#1051510).\n - Input: atmel_mxt_ts - fix the firmware update (bsc#1051510).\n - Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bsc#1051510).\n - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bsc#1051510).\n - Input: elan_i2c_smbus - fix corrupted stack (bsc#1051510).\n - Input: elan_i2c_smbus - fix more potential stack buffer overflows\n (bsc#1051510).\n - Input: elantech - enable middle button of touchpads on ThinkPad P52\n (bsc#1051510).\n - Input: elantech - fix V4 report decoding for module with middle key\n (bsc#1051510).\n - Input: goodix - add new ACPI id for GPD Win 2 touch screen (bsc#1051510).\n - Input: goodix - disable IRQs while suspended (bsc#1051510).\n - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list\n (bsc#1051510).\n - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad\n (bsc#1051510).\n - Input: leds - fix out of bound access (bsc#1051510).\n - Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI\n (bsc#1051510).\n - Input: synaptics - Lenovo Thinkpad X1 Carbon G5 (2017) with Elantech\n trackpoints should use RMI (bsc#1051510).\n - Input: synaptics - add Intertouch support on X1 Carbon 6th and X280\n (bsc#1051510).\n - Input: synaptics - add Lenovo 80 series ids to SMBus (bsc#1051510).\n - Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes\n (bsc#1051510).\n - Input: synaptics-rmi4 - fix an unchecked out of memory error path\n (bsc#1051510).\n - Input: synaptics: Add intertouch blacklist for Thinkpad Helix\n (bsc#1090457).\n - Input: xpad - add GPD Win 2 Controller USB IDs (bsc#1051510).\n - Input: xpad - fix GPD Win 2 controller name (bsc#1051510).\n - Input: xpad - sync supported devices with 360Controller (bsc#1051510).\n - Input: xpad - sync supported devices with XBCD (bsc#1051510).\n - KABI: hide ftrace_enabled in paca (bsc#1088804).\n - KEYS: DNS: limit the length of option strings\n (networking-stable-18_04_26).\n - KEYS: Use individual pages in big_key for crypto buffers (bsc#1051510).\n - KVM: MMU: consider host cache mode in MMIO page check (bsc#1087213).\n - KVM: PPC: Book3S HV: Fix ppc_breakpoint_available compile error\n (bsc#1061840).\n - KVM: PPC: Book3S HV: Handle migration with POWER9 disabled DAWR\n (bsc#1061840).\n - KVM: PPC: Book3S HV: Return error from h_set_dabr() on POWER9\n (bsc#1061840).\n - KVM: PPC: Book3S HV: Return error from h_set_mode(SET_DAWR) on POWER9\n (bsc#1061840).\n - KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode\n (bsc#1061840).\n - KVM: arm64: Fix HYP idmap unmap when using 52bit PA (bsc#1089074).\n - MD: Free bioset when md_run fails (bsc#1093023).\n - Move upstreamed ideapad-laptop patch to sorted section (bsc#1093035)\n - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bsc#1090888).\n - NFC: fix device-allocation error return (bsc#1051510).\n - NFC: llcp: Limit size of SDP URI (bsc#1051510).\n - NFC: pn533: do not send USB data off of the stack (bsc#1051510).\n - NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"\n (bsc#1098983).\n - NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..")\n (git-fixes).\n - PCI/ASPM: Add L1 Substates definitions (bsc#1051510).\n - PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics\n (bsc#1051510).\n - PCI/DPC: Do not enable DPC if AER control is not allowed by the BIOS\n (bsc#1093184).\n - PCI/PME: Handle invalid data when reading Root Status (bsc#1051510).\n - PCI: Add ACS quirk for Intel 300 series (bsc#1051510).\n - PCI: Add ACS quirk for Intel 7th and 8th Gen mobile (bsc#1051510).\n - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L\n (bsc#1051510).\n - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 (bsc#1051510).\n - PCI: Add function 1 DMA alias quirk for Marvell 9128 (bsc#1051510).\n - PCI: Create SR-IOV virtfn/physfn links before attaching driver\n (bsc#1051510).\n - PCI: Detach driver before procfs and sysfs teardown on device remove\n (bsc#1051510).\n - PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken\n (bsc#1051510).\n - PCI: Remove messages about reassigning resources (bsc#1051510).\n - PCI: Restore config space on runtime resume despite being unbound\n (bsc#1051510).\n - PCI: aardvark: Fix PCIe Max Read Request Size setting (bsc#1051510).\n - PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() (bsc#1051510).\n - PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()\n (bsc#1051510).\n - PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode\n (bsc#1051510).\n - PCI: designware-ep: Fix find_first_zero_bit() usage (bsc#1051510).\n - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg()\n (bnc#1094541).\n - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on\n resume (bsc#1051510).\n - PCI: shpchp: Enable bridge bus mastering if MSI is enabled (bsc#1051510).\n - PM / OPP: Add missing of_node_put(np) (bsc#1051510).\n - PM / OPP: Call notifier without holding opp_table->lock (bsc#1051510).\n - PM / OPP: Move error message to debug level (bsc#1051510).\n - PM / devfreq: Fix potential NULL pointer dereference in governor_store\n (bsc#1051510).\n - PM / s2idle: Clear the events_check_enabled flag (bsc#1051510).\n - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1051510).\n - PM: docs: Drop an excess character from devices.rst (bsc#1051510).\n - Pass x86 as architecture on x86_64 and i386 (bsc#1093118).\n - RDMA/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes\n (bsc#1086283 ).\n - RDMA/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283\n ).\n - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack\n access (bsc#1046306 ).\n - RDMA/core: Reduce poll batch for direct cq polling (bsc#1046306 ).\n - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint\n (bsc#1084001).\n - RDMA/mlx4: Fix uABI structure layouts for 32/64 compat (bsc#1071218).\n - RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory\n (bsc#1046305 ).\n - RDMA/mlx5: Protect from NULL pointer derefence (bsc#1046305 ).\n - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bsc#1058513 ).\n - RDMA/rxe: Fix an out-of-bounds read (bsc#1050662 ).\n - RDMA/ucma: Allow resolving address w/o specifying source address\n (bsc#1046306 ).\n - RDMA/ucma: Introduce safer rdma_addr_size() variants (bsc#1046306 ).\n - RDMAVT: Fix synchronization around percpu_ref (bsc#1058717 ).\n - RDS: Check cmsg_len before dereferencing CMSG_DATA\n (networking-stable-17_12_31).\n - Refresh patches.suse/btrfs-use-kvzalloc-to-allocate-btrfs_fs_info.patch\n - Fixed References (bsc#1062897).\n - Remove the old fallback for iTCO/WDAT conflict (bsc#1073960) Now the\n upstream fix is included, so let's rip off the old trickery.\n - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"\n (bsc#1051510).\n - Revert "Remove patces for bug 1087405 due to regression" This reverts\n commit f91a2ea5192d9e933c41600da5d1543155df381c.\n - Revert "ath10k: send (re)assoc peer command when NSS changed"\n (bsc#1051510).\n - Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available."\n (bsc#1093604).\n - Revert "kernel-binary: do not package extract-cert when not signing\n modules" This reverts commit 10a8bc496a553b8069d490a8ae7508bdb19f58d9.\n - Revert "rt2800: use TXOP_BACKOFF for probe frames" (bsc#1051510).\n - Revert "scsi: core: return BLK_STS_OK for DID_OK in\n __scsi_error_from_host_byte()" (bsc#1099918).\n - Revert "scsi: make 'state' device attribute pollable" (bsc#1085341).\n - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).\n - USB: serial: pl2303: new device id for Chilitag (bsc#1087092).\n - USB: serial: simple: add Motorola Tetra driver (bsc#1087092).\n - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw\n (bsc#1090888).\n - Update config files, add CONFIG_EXPOLINE_AUTO=y for s390x (bsc#1090098).\n - Update config files: disable CONFIG_RT_GROUP_SCHED again (bsc#1100734)\n - Update config files: fix for Cherrytrail devices (bsc#1068546)\n - Update for above change\n patches.drivers/0003-md-cluster-Suspend-writes-in-RAID10-if-within-range.pa\n tch (bsc#1093023).\n - Update\n patches.fixes/vti-fix-use-after-free-in-vti_tunnel_xmit-vti6_tnl_x.patch\n (bsc#1076830 networking-stable-17_10_09).\n - Update patches.suse/ceph-don-t-check-quota-for-snap-inode.patch\n (bsc#1089115).\n - Update patches.suse/ceph-fix-root-quota-realm-check.patch (bsc#1089115).\n - Update\n patches.suse/ceph-quota-add-counter-for-snaprealms-with-quota.patch\n (bsc#1089115).\n - Update\n patches.suse/ceph-quota-add-initial-infrastructure-to-support-cephfs-quotas\n .patch (bsc#1089115).\n - Update\n patches.suse/ceph-quota-cache-inode-pointer-in-ceph_snap_realm.patch\n (bsc#1089115).\n - Update patches.suse/ceph-quota-don-t-allow-cross-quota-renames.patch\n (bsc#1089115).\n - Update patches.suse/ceph-quota-support-for-ceph-quota-max_bytes.patch\n (bsc#1089115).\n - Update patches.suse/ceph-quota-support-for-ceph-quota-max_files.patch\n (bsc#1089115).\n - Update\n patches.suse/ceph-quota-update-mds-when-max_bytes-is-approaching.patch\n (bsc#1089115).\n - X.509: fix BUG_ON() when hash algorithm is unsupported (bsc#1051510).\n - X.509: fix NULL dereference when restricting key with unsupported_sig\n (bsc#1051510).\n - X.509: fix comparisons of ->pkey_algo (bsc#1051510).\n - X.509: reject invalid BIT STRING for subjectPublicKey (bsc#1051510).\n - acpi, nfit: quiet invalid block-aperture-region warnings (bsc#1091781).\n - acpi, nfit: rework NVDIMM leaf method detection (bsc#1091782).\n - acpi: Add helper for deactivating memory region (bsc#1100132).\n - acpi: nfit: Add support for detect platform CPU cache flush on power\n loss (bsc#1091424).\n - acpi: nfit: add persistent memory control flag for nd_region\n (bsc#1091424).\n - adding missing rcu_read_unlock in ipxip6_rcv\n (networking-stable-17_12_31).\n - af_netlink: ensure that NLMSG_DONE never fails in dumps\n (networking-stable-17_11_20).\n - afs: Connect up the CB.ProbeUuid (bsc#1052766).\n - afs: Fix missing error handling in afs_write_end() (bsc#1052766).\n - allow_unsupported: add module tainting on feature use ().\n - amd-xgbe: Add pre/post auto-negotiation phy hooks\n (networking-stable-18_04_26).\n - amd-xgbe: Improve KR auto-negotiation and training\n (networking-stable-18_04_26).\n - amd-xgbe: Only use the SFP supported transceiver signals\n (networking-stable-18_04_26).\n - amd-xgbe: Restore PCI interrupt enablement setting on resume\n (networking-stable-18_03_07).\n - apparmor: fix dangling symlinks to policy rawdata after replacement\n (bsc#1095893).\n - apparmor: fix display of .ns_name for containers (bsc#1095893).\n - apparmor: fix logging of the existence test for signals (bsc#1095893).\n - apparmor: fix memory leak on buffer on error exit path (bsc#1095893).\n - arch/*: Kconfig: fix documentation for NMI watchdog (bsc#1099918).\n - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308).\n - arm64: Add 'ssbd' command-line option (bsc#1085308).\n - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308).\n - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2\n (bsc#1085308).\n - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1\n (bsc#1085308).\n - arm64: Update config files. (bsc#1089762) Set NR_CPUS to 256.\n - arm64: alternatives: Add dynamic patching feature (bsc#1085308).\n - arm64: fix endianness annotation for\n __apply_alternatives()/get_alt_insn() (bsc#1085308).\n - arm64: ssbd: Add global mitigation state accessor (bsc#1085308).\n - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308).\n - arm64: ssbd: Introduce thread flag to control userspace mitigation\n (bsc#1085308).\n - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308).\n - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation\n (bsc#1085308).\n - arp: fix arp_filter on l3slave devices (networking-stable-18_04_10).\n - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)\n (bsc#1051510).\n - ath10k: correct target assert problem due to CE5 stuck (bsc#1051510).\n - ath10k: search all IEs for variant before falling back (bsc#1051510).\n - ath9k: fix crash in spectral scan (bsc#1051510).\n - auxdisplay: fix broken menu (bsc#1051510).\n - auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM\n (bsc#1051510).\n - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bsc#1051510).\n - backlight: as3711_bl: Fix Device Tree node lookup (bsc#1051510).\n - backlight: max8925_bl: Fix Device Tree node lookup (bsc#1051510).\n - backlight: tdo24m: Fix the SPI CS between transfers (bsc#1051510).\n - backlight: tps65217_bl: Fix Device Tree node lookup (bsc#1051510).\n - bcache: Add __printf annotation to __bch_check_keys() (bsc#1093023).\n - bcache: Annotate switch fall-through (bsc#1093023).\n - bcache: Fix a compiler warning in bcache_device_init() (bsc#1093023).\n - bcache: Fix indentation (bsc#1093023).\n - bcache: Fix kernel-doc warnings (bsc#1093023).\n - bcache: Fix, improve efficiency of closure_sync() (bsc#1093023).\n - bcache: Reduce the number of sparse complaints about lock imbalances\n (bsc#1093023).\n - bcache: Remove an unused variable (bsc#1093023).\n - bcache: Suppress more warnings about set-but-not-used variables\n (bsc#1093023).\n - bcache: Use PTR_ERR_OR_ZERO() (bsc#1093023).\n - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1093023).\n - bcache: add backing_request_endio() for bi_end_io (bsc#1093023).\n - bcache: add io_disable to struct cached_dev (bsc#1093023).\n - bcache: add journal statistic (bsc#1093023).\n - bcache: add stop_when_cache_set_failed option to backing device\n (bsc#1093023).\n - bcache: add wait_for_kthread_stop() in bch_allocator_thread()\n (bsc#1093023).\n - bcache: allow quick writeback when backing idle (bsc#1093023).\n - bcache: closures: move control bits one bit right (bsc#1093023).\n - bcache: comment on direct access to bvec table (bsc#1093023).\n - bcache: correct flash only vols (check all uuids) (bsc#1093023).\n - bcache: count backing device I/O error for writeback I/O (bsc#1093023).\n - bcache: fix cached_dev->count usage for bch_cache_set_error()\n (bsc#1093023).\n - bcache: fix error return value in memory shrink (bsc#1093023).\n - bcache: fix for allocator and register thread race (bsc#1093023).\n - bcache: fix for data collapse after re-attaching an attached device\n (bsc#1093023).\n - bcache: fix high CPU occupancy during journal (bsc#1093023).\n - bcache: fix inaccurate io state for detached bcache devices\n (bsc#1093023).\n - bcache: fix incorrect sysfs output value of strip size (bsc#1093023).\n - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1093023).\n - bcache: fix misleading error message in bch_count_io_errors()\n (bsc#1093023).\n - bcache: fix unmatched generic_end_io_acct() and generic_start_io_acct()\n (bsc#1093023).\n - bcache: fix using of loop variable in memory shrink (bsc#1093023).\n - bcache: fix writeback target calc on large devices (bsc#1093023).\n - bcache: fix wrong return value in bch_debug_init() (bsc#1093023).\n - bcache: mark closure_sync() __sched (bsc#1093023).\n - bcache: move closure debug file into debug directory (bsc#1093023).\n - bcache: properly set task state in bch_writeback_thread() (bsc#1093023).\n - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set\n (bsc#1093023).\n - bcache: reduce cache_set devices iteration by devices_max_used\n (bsc#1093023).\n - bcache: ret IOERR when read meets metadata error (bsc#1093023).\n - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n\n (bsc#1093023).\n - bcache: return attach error when no cache set exist (bsc#1093023).\n - bcache: segregate flash only volume write streams (bsc#1093023).\n - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1093023).\n - bcache: set dc->io_disable to true in conditional_stop_bcache_device()\n (bsc#1093023).\n - bcache: set error_limit correctly (bsc#1093023).\n - bcache: set writeback_rate_update_seconds in range [1, 60] seconds\n (bsc#1093023).\n - bcache: stop dc->writeback_rate_update properly (bsc#1093023).\n - bcache: stop writeback thread after detaching (bsc#1093023).\n - bcache: store disk name in struct cache and struct cached_dev\n (bsc#1093023).\n - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set\n (bsc#1093023).\n - bcache: writeback: properly order backing device IO (bsc#1093023).\n - bdi: Fix oops in wb_workfn() (bsc#1052766).\n - bdi: wake up concurrent wb_shutdown() callers (bsc#1052766).\n - be2net: Fix HW stall issue in Lancer (bsc#1086288 ).\n - be2net: Fix error detection logic for BE3 (bsc#1050252 ).\n - be2net: Handle transmit completion errors in Lancer (bsc#1086288 ).\n - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request\n (bsc#1052766).\n - bfq: Re-enable auto-loading when built as a module (bsc#1099918).\n - bio-integrity: move the bio integrity profile check earlier in\n bio_integrity_prep (bsc#1093023).\n - bitmap: fix memset optimization on big-endian systems (bsc#1051510).\n - bitops: Introduce assign_bit() (bsc#1093023).\n - blacklist.conf: blacklist further commits not needed (bsc#1085933,\n bsc#1085938, bsc#1085939)\n - blacklist.conf: blacklist stable fix 880cd276dff1 ("mm, slab: memcg_link\n the SLAB's kmem_cache"), bsc#1097471\n - blacklist.conf: blacklist tools specific change bsc#1085941\n - blk-mq-debugfs: fix device sched directory for default scheduler\n (bsc#1099918).\n - blk-mq: do not keep offline CPUs mapped to hctx 0 (bsc#1099918).\n - blk-mq: make sure hctx->next_cpu is set correctly (bsc#1099918).\n - blk-mq: make sure that correct hctx->next_cpu is set (bsc#1099918).\n - blk-mq: reinit q->tag_set_list entry only after grace period\n (bsc#1099918).\n - blk-mq: simplify queue mapping and schedule with each possisble CPU\n (bsc#1099918).\n - block, bfq: add missing invocations of bfqg_stats_update_io_add/remove\n (bsc#1099918).\n - block, bfq: fix occurrences of request finish method's old name\n (bsc#1099918).\n - block, bfq: put async queues for root bfq groups too (bsc#1052766).\n - block/loop: fix deadlock after loop_set_status (bsc#1052766).\n - block/swim: Remove extra put_disk() call from error path (bsc#1099918).\n - block: Add comment to submit_bio_wait() (bsc#1093023).\n - block: Fix __bio_integrity_endio() documentation (bsc#1099918).\n - block: Fix cloning of requests with a special payload (bsc#1099918).\n - block: Set BIO_TRACE_COMPLETION on new bio during split (bsc#1052766).\n - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout()\n (bsc#1099918).\n - block: factor out __blkdev_issue_zero_pages() (bsc#1099918).\n - block: sed-opal: Fix a couple off by one bugs (bsc#1099918).\n - bnx2x: Collect the device debug information during Tx timeout\n (bsc#1086323 ).\n - bnx2x: Deprecate pci_get_bus_and_slot() (bsc#1086323 ).\n - bnx2x: Replace doorbell barrier() with wmb() (bsc#1086323 ).\n - bnx2x: Use NETIF_F_GRO_HW (bsc#1086323 ).\n - bnx2x: Use pci_ari_enabled() instead of local copy (bsc#1086323 ).\n - bnx2x: fix slowpath null crash (bsc#1086323 ).\n - bnx2x: fix spelling mistake: "registeration" -> "registration"\n (bsc#1086323 ).\n - bnx2x: use the right constant (bsc#1086323 ).\n - bnxt_en: Add BCM5745X NPAR device IDs (bsc#1086282 ).\n - bnxt_en: Add IRQ remapping logic (bsc#1086282 ).\n - bnxt_en: Add TC to hardware QoS queue mapping logic (bsc#1086282 ).\n - bnxt_en: Add ULP calls to stop and restart IRQs (bsc#1086282 ).\n - bnxt_en: Add cache line size setting to optimize performance\n (bsc#1086282 ).\n - bnxt_en: Add extended port statistics support (bsc#1086282 ).\n - bnxt_en: Add support for ndo_set_vf_trust (bsc#1086282 ).\n - bnxt_en: Add the new firmware API to query hardware resources\n (bsc#1086282 ).\n - bnxt_en: Adjust default rings for multi-port NICs (bsc#1086282 ).\n - bnxt_en: Always forward VF MAC address to the PF (bsc#1086282 ).\n - bnxt_en: Change IRQ assignment for RDMA driver (bsc#1086282 ).\n - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282\n ).\n - bnxt_en: Check the lengths of encapsulated firmware responses\n (bsc#1086282 ).\n - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only\n (bsc#1086282 ).\n - bnxt_en: Display function level rx/tx_discard_pkts via ethtool\n (bsc#1086282 ).\n - bnxt_en: Do not allow VF to read EEPROM (bsc#1086282 ).\n - bnxt_en: Do not reserve rings on VF when min rings were not provisioned\n by PF (bsc#1086282 ).\n - bnxt_en: Do not set firmware time from VF driver on older firmware\n (bsc#1086282 ).\n - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs\n (bsc#1086282 ).\n - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282 ).\n - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282 ).\n - bnxt_en: Fix ethtool -x crash when device is down (bsc#1086282 ).\n - bnxt_en: Fix firmware message delay loop regression (bsc#1086282 ).\n - bnxt_en: Fix memory fault in bnxt_ethtool_init() (bsc#1050242 ).\n - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282 ).\n - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282\n ).\n - bnxt_en: Forward VF MAC address to the PF (bsc#1086282 ).\n - bnxt_en: Ignore src port field in decap filter nodes (bsc#1050242 ).\n - bnxt_en: Implement new method for the PF to assign SRIOV resources\n (bsc#1086282 ).\n - bnxt_en: Implement new method to reserve rings (bsc#1086282 ).\n - bnxt_en: Improve resource accounting for SRIOV (bsc#1086282 ).\n - bnxt_en: Improve ring allocation logic (bsc#1086282 ).\n - bnxt_en: Improve valid bit checking in firmware response message\n (bsc#1086282 ).\n - bnxt_en: Include additional hardware port statistics in ethtool -S\n (bsc#1086282 ).\n - bnxt_en: Increase RING_IDLE minimum threshold to 50 (bsc#1086282 ).\n - bnxt_en: Need to include RDMA rings in bnxt_check_rings() (bsc#1086282 ).\n - bnxt_en: Pass complete VLAN TCI to the stack (bsc#1086282 ).\n - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is\n supported (bsc#1086282 ).\n - bnxt_en: Refactor bnxt_close_nic() (bsc#1086282 ).\n - bnxt_en: Refactor bnxt_need_reserve_rings() (bsc#1086282 ).\n - bnxt_en: Refactor hardware resource data structures (bsc#1086282 ).\n - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282 ).\n - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282 ).\n - bnxt_en: Reserve RSS and L2 contexts for VF (bsc#1086282 ).\n - bnxt_en: Reserve completion rings and MSIX for bnxt_re RDMA driver\n (bsc#1086282 ).\n - bnxt_en: Reserve resources for RFS (bsc#1086282 ).\n - bnxt_en: Reserve rings at driver open if none was reserved at probe time\n (bsc#1086282 ).\n - bnxt_en: Reserve rings in bnxt_set_channels() if device is down\n (bsc#1086282 ).\n - bnxt_en: Restore MSIX after disabling SRIOV (bsc#1086282 ).\n - bnxt_en: Set initial default RX and TX ring numbers the same in combined\n mode (bsc#1086282 ).\n - bnxt_en: Simplify ring alloc/free error messages (bsc#1086282 ).\n - bnxt_en: Support max-mtu with VF-reps (bsc#1086282 ).\n - bnxt_en: Update firmware interface to 1.9.0 (bsc#1086282 ).\n - bnxt_en: Update firmware interface to 1.9.1.15 (bsc#1086282 ).\n - bnxt_en: Use a dedicated VNIC mode for RDMA (bsc#1086282 ).\n - bnxt_en: close and open NIC, only when the interface is in running state\n (bsc#1086282 ).\n - bnxt_en: do not allow wildcard matches for L2 flows (bsc#1050242 ).\n - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter\n (bsc#1086282 ).\n - bnxt_en: fix clear flags in ethtool reset handling (bsc#1050242 ).\n - bnxt_en: reduce timeout on initial HWRM calls (bsc#1086282 ).\n - bonding: discard lowest hash bit for 802.3ad layer3+4\n (networking-stable-17_11_20).\n - bonding: do not set slave_dev npinfo before slave_enable_netpoll in\n bond_enslave (networking-stable-18_04_26).\n - bonding: fix the err path for dev hwaddr sync in bond_enslave\n (networking-stable-18_04_10).\n - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave\n (networking-stable-18_04_10).\n - bonding: process the err returned by dev_set_allmulti properly in\n bond_enslave (networking-stable-18_04_10).\n - bonding: send learning packets for vlans on slave\n (networking-stable-18_05_15).\n - bpf, ppc64: fix out of bounds access in tail call (bsc#1083647).\n - bpf, x64: fix memleak when not converging after image (bsc#1083647).\n - bpf: add schedule points in percpu arrays management (bsc#1083647).\n - bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp\n skbs (bsc#1076830).\n - bpf: fix mlock precharge on arraymaps (bsc#1083647).\n - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (bsc#1086282 ).\n - bpf: properly enforce index mask to prevent out-of-bounds speculation\n (bsc#1098425).\n - brcmfmac: Fix check for ISO3166 code (bsc#1051510).\n - brd: fix overflow in __brd_direct_access (bsc#1052766).\n - bridge: check iface upper dev when setting master via ioctl\n (networking-stable-18_05_15).\n - can: af_can: can_pernet_init(): add missing error handling for kzalloc\n returning NULL (bsc#1051510).\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bsc#1051510).\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once\n (bsc#1051510).\n - can: c_can: do not indicate triple sampling support for D_CAN\n (bsc#1051510).\n - can: cc770: Fix queue stall and dropped RTR reply (bsc#1051510).\n - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack\n (bsc#1051510).\n - can: cc770: Fix use after free in cc770_tx_interrupt() (bsc#1051510).\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bsc#1051510).\n - can: esd_usb2: Fix can_dlc value for received RTR, frames (bsc#1051510).\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bsc#1051510).\n - can: flex_can: Correct the checking for frame length in\n flexcan_start_xmit() (bsc#1051510).\n - can: flexcan: fix VF610 state transition issue (bsc#1051510).\n - can: flexcan: fix i.MX28 state transition issue (bsc#1051510).\n - can: flexcan: fix i.MX6 state transition issue (bsc#1051510).\n - can: flexcan: fix p1010 state transition issue (bsc#1051510).\n - can: flexcan: fix state transition regression (bsc#1051510).\n - can: flexcan: implement error passive state quirk (bsc#1051510).\n - can: flexcan: rename legacy error state quirk (bsc#1051510).\n - can: gs_usb: fix busy loop if no more TX context is available\n (bsc#1051510).\n - can: gs_usb: fix return value of the "set_bittiming" callback\n (bsc#1051510).\n - can: hi311x: Acquire SPI lock on ->do_get_berr_counter (bsc#1051510).\n - can: hi311x: Work around TX complete interrupt erratum (bsc#1051510).\n - can: ifi: Check core revision upon probe (bsc#1051510).\n - can: ifi: Fix transmitter delay calculation (bsc#1051510).\n - can: ifi: Repair the error handling (bsc#1051510).\n - can: kvaser_usb: Correct return value in printout (bsc#1051510).\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()\n (bsc#1051510).\n - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bsc#1051510).\n - can: kvaser_usb: Increase correct stats counter in\n kvaser_usb_rx_can_msg() (bsc#1051510).\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bsc#1051510).\n - can: kvaser_usb: free buf in error paths (bsc#1051510).\n - can: kvaser_usb: ratelimit errors if incomplete messages are received\n (bsc#1051510).\n - can: mcba_usb: cancel urb on -EPROTO (bsc#1051510).\n - can: mcba_usb: fix device disconnect bug (bsc#1051510).\n - can: peak/pci: fix potential bug when probe() fails (bsc#1051510).\n - can: peak/pcie_fd: fix echo_skb is occupied! bug (bsc#1051510).\n - can: peak/pcie_fd: fix potential bug in restarting tx queue\n (bsc#1051510).\n - can: peak/pcie_fd: remove useless code when interface starts\n (bsc#1051510).\n - can: peak: Add support for new PCIe/M2 CAN FD interfaces (bsc#1051510).\n - can: peak: fix potential bug in packet fragmentation (bsc#1051510).\n - can: sun4i: fix loopback mode (bsc#1051510).\n - can: sun4i: handle overrun in RX FIFO (bsc#1051510).\n - can: ti_hecc: Fix napi poll return value for repoll (bsc#1051510).\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bsc#1051510).\n - can: vxcan: improve handling of missing peer name attribute\n (bsc#1051510).\n - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN\n (networking-stable-18_04_13).\n - cdrom: information leak in cdrom_ioctl_media_changed() (bsc#1051510).\n - ceph: adding protection for showing cap reservation info (bsc#1089115).\n - ceph: always update atime/mtime/ctime for new inode (bsc#1089115).\n - ceph: change variable name to follow common rule (bsc#1089115).\n - ceph: check if mds create snaprealm when setting quota (bsc#1089115).\n - ceph: do not wait on writeback when there is no more dirty pages\n (bsc#1089115).\n - ceph: filter out used flags when printing unused open flags\n (bsc#1089115).\n - ceph: fix alignment of rasize (bsc#1098236).\n - ceph: fix dentry leak in splice_dentry() (bsc#1098236).\n - ceph: fix invalid point dereference for error case in mdsc destroy\n (bsc#1089115).\n - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115).\n - ceph: fix st_nlink stat for directories (bsc#1093904).\n - ceph: fix use-after-free in ceph_statfs() (bsc#1098236).\n - ceph: fix wrong check for the case of updating link count (bsc#1098236).\n - ceph: keep consistent semantic in fscache related option combination\n (bsc#1089115).\n - ceph: mark the cap cache as unreclaimable (bsc#1089115).\n - ceph: optimize mds session register (bsc#1089115).\n - ceph: optimize memory usage (bsc#1089115).\n - ceph: optimizing cap allocation (bsc#1089115).\n - ceph: optimizing cap reservation (bsc#1089115).\n - ceph: prevent i_version from going back (bsc#1098236).\n - ceph: quota: report root dir quota usage in statfs (bsc#1089115).\n - ceph: release unreserved caps if having enough available caps\n (bsc#1089115).\n - ceph: return proper bool type to caller instead of pointer (bsc#1089115).\n - ceph: support file lock on directory (bsc#1098236).\n - ceph: use seq_show_option for string type options (bsc#1089115).\n - cfg80211: clear wep keys after disconnection (bsc#1051510).\n - cfg80211: further limit wiphy names to 64 bytes (bsc#1051510).\n - cfg80211: limit wiphy names to 128 bytes (bsc#1051510).\n - cgroup: Fix deadlock in cpu hotplug path (Git-fixes).\n - cgroup: Reinit cgroup_taskset structure before cgroup_migrate_execute()\n returns (Git-fixes).\n - cifs: Check for timeout on Negotiate stage (bsc#1091171).\n - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734).\n - config: arm64: enable Spectre-v4 per-thread mitigation\n - coresight: Fix disabling of CoreSight TPIU (bsc#1051510).\n - cpufreq: intel_pstate: Add HWP boost utility and sched util hooks\n (bsc#1066110).\n - cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0\n (bsc#1051510).\n - cpufreq: intel_pstate: HWP boost performance on IO wakeup (bsc#1066110).\n - cpufreq: intel_pstate: New sysfs entry to control HWP boost\n (bsc#1066110).\n - cpufreq: intel_pstate: enable boost for Skylake Xeon (bsc#1066110).\n - cpufreq: schedutil: Avoid using invalid next_freq (git-fixes).\n - cpuidle: fix broadcast control when broadcast can not be entered\n (Git-fixes).\n - cros_ec: fix nul-termination for firmware build info (bsc#1051510).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bsc#1051510).\n - crypto: aes-generic - build with -Os on gcc-7+ (bsc#1051510).\n - crypto: aes-generic - fix aes-generic regression on powerpc\n (bsc#1051510).\n - crypto: af_alg - fix possible uninit-value in alg_bind() (bsc#1051510).\n - crypto: ahash - Fix early termination in hash walk (bsc#1051510).\n - crypto: arm,arm64 - Fix random regeneration of S_shipped (bsc#1051510).\n - crypto: atmel-aes - fix the keys zeroing on errors (bsc#1051510).\n - crypto: caam - Fix null dereference at error path (bsc#1051510).\n - crypto: caam - fix DMA mapping dir for generated IV (bsc#1051510).\n - crypto: caam - fix IV DMA mapping and updating (bsc#1051510).\n - crypto: caam - fix incorrect define (bsc#1051510).\n - crypto: caam - strip input zeros from RSA input buffer (bsc#1051510).\n - crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510).\n - crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510).\n - crypto: cavium - Fix fallout from CONFIG_VMAP_STACK (bsc#1089141).\n - crypto: cavium - Fix smp_processor_id() warnings (bsc#1089141).\n - crypto: cavium - Fix statistics pending request value (bsc#1089141).\n - crypto: cavium - Limit result reading attempts (bsc#1089141).\n - crypto: cavium - Prevent division by zero (bsc#1089141).\n - crypto: ccp - Fix sparse, use plain integer as NULL pointer (git-fixes\n 200664d5237f).\n - crypto: drbg - set freed buffers to NULL (bsc#1051510).\n - crypto: lrw - Free rctx->ext with kzfree (bsc#1051510).\n - crypto: omap-sham - fix memleak (bsc#1051510).\n - crypto: qat - remove unused and redundant pointer vf_info (bsc#1051510).\n - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bsc#1051510).\n - crypto: vmx - Remove overly verbose printk from AES XTS init\n (bsc#1051510).\n - crypto: vmx - Remove overly verbose printk from AES init routines\n (bsc#1051510).\n - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short\n one (bsc#1051510).\n - cxgb4: Correct ntuple mask validation for hash filters (bsc#1064802\n bsc#1066129).\n - cxgb4: fix error return code in adap_init0() (bsc#1064802 bsc#1066129).\n - cxgb4: fix offset in collecting TX rate limit info (bsc#1073513).\n - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages\n (bsc#1046542 ).\n - dax, dm: allow device-mapper to operate without dax support\n (bsc#1093023).\n - dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() (bsc#1101315).\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state\n (networking-stable-18_01_28).\n - dccp: fix tasklet usage (networking-stable-18_05_15).\n - delayacct: Account blkio completion on the correct task (bsc#1052766).\n - dell_rbu: make firmware payload memory uncachable (bsc#1087978).\n - device-dax: allow MAP_SYNC to succeed (bsc#1052766).\n - devlink: Remove redundant free on error path\n (networking-stable-18_03_28).\n - direct-io: Prevent NULL pointer access in submit_page_section\n (bsc#1052766).\n - disable\n patches.drivers/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch\n Backport of mainline commit b7493e91c11a ("s390/qeth: use Read device to\n query hypervisor for MAC") changes assigned MAC address (and breaks\n networking) on one of our machines and it's not clear which address is\n actually correct (bsc#1094575). Disable the patch for now with a marker\n so that we prevent releasing a maintenance update incompatible with GM.\n Once the bug is resolved, we will either reenable the patch or drop it.\n - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594).\n - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542).\n - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542).\n - dm btree: fix serious bug in btree_split_beneath() (bsc#1093023).\n - dm bufio: add missed destroys of client mutex (bsc#1093023).\n - dm bufio: check result of register_shrinker() (bsc#1093023).\n - dm bufio: delete outdated comment (bsc#1093023).\n - dm bufio: do not embed a bio in the dm_buffer structure (bsc#1093023).\n - dm bufio: eliminate unnecessary labels in dm_bufio_client_create()\n (bsc#1093023).\n - dm bufio: fix buffer alignment (bsc#1093023).\n - dm bufio: fix integer overflow when limiting maximum cache size\n (bsc#1093023).\n - dm bufio: fix shrinker scans when (nr_to_scan lower than retain_target)\n (bsc#1093023).\n - dm bufio: get rid of slab cache name allocations (bsc#1093023).\n - dm bufio: move dm-bufio.h to include/linux/ (bsc#1093023).\n - dm bufio: relax alignment constraint on slab cache (bsc#1093023).\n - dm bufio: remove code that merges slab caches (bsc#1093023).\n - dm bufio: reorder fields in dm_buffer structure (bsc#1093023).\n - dm bufio: support non-power-of-two block sizes (bsc#1093023).\n - dm bufio: use REQ_OP_READ and REQ_OP_WRITE (bsc#1093023).\n - dm bufio: use slab cache for dm_buffer structure allocations\n (bsc#1093023).\n - dm cache background tracker: limit amount of background work that may be\n issued at once (bsc#1093023).\n - dm cache policy smq: allocate cache blocks in order (bsc#1093023).\n - dm cache policy smq: change max background work from 10240 to 4096\n blocks (bsc#1093023).\n - dm cache policy smq: handle races with queuing background_work\n (bsc#1093023).\n - dm cache policy smq: take origin idle status into account when queuing\n writebacks (bsc#1093023).\n - dm cache: convert dm_cache_metadata.ref_count from atomic_t to\n refcount_t (bsc#1093023).\n - dm cache: fix race condition in the writeback mode overwrite_bio\n optimisation (bsc#1093023).\n - dm cache: lift common migration preparation code to alloc_migration()\n (bsc#1093023).\n - dm cache: pass cache structure to mode functions (bsc#1093023).\n - dm cache: remove all obsolete writethrough-specific code (bsc#1093023).\n - dm cache: remove usused deferred_cells member from struct cache\n (bsc#1093023).\n - dm cache: simplify get_per_bio_data() by removing data_size argument\n (bsc#1093023).\n - dm cache: submit writethrough writes in parallel to origin and cache\n (bsc#1093023).\n - dm crypt: allow unaligned bv_offset (bsc#1093023).\n - dm crypt: fix crash by adding missing check for auth key size\n (bsc#1093023).\n - dm crypt: fix error return code in crypt_ctr() (bsc#1093023).\n - dm crypt: fix memory leak in crypt_ctr_cipher_old() (bsc#1093023).\n - dm crypt: limit the number of allocated pages (bsc#1093023).\n - dm crypt: reject sector_size feature if device length is not aligned to\n it (bsc#1093023).\n - dm crypt: remove BIOSET_NEED_RESCUER flag (bsc#1093023).\n - dm crypt: wipe kernel key copy after IV initialization (bsc#1093023).\n - dm flakey: check for null arg_name in parse_features() (bsc#1093023).\n - dm integrity: allow unaligned bv_offset (bsc#1093023).\n - dm integrity: count and display checksum failures (bsc#1093023).\n - dm integrity: do not check integrity for failed read operations\n (bsc#1093023).\n - dm integrity: do not store cipher request on the stack (bsc#1093023).\n - dm integrity: fail early if required HMAC key is not available\n (bsc#1093023).\n - dm integrity: make blk_integrity_profile structure const (bsc#1093023).\n - dm integrity: optimize writing dm-bufio buffers that are partially\n changed (bsc#1093023).\n - dm integrity: use init_completion instead of\n COMPLETION_INITIALIZER_ONSTACK (bsc#1093023).\n - dm integrity: use kvfree for kvmalloc'd memory (bsc#1099918).\n - dm io: remove BIOSET_NEED_RESCUER flag from bios bioset (bsc#1093023).\n - dm ioctl: constify ioctl lookup table (bsc#1093023).\n - dm log writes: add support for DAX (bsc#1093023).\n - dm log writes: add support for inline data buffers (bsc#1093023).\n - dm log writes: do not use all the cpu while waiting to log blocks\n (bsc#1093023).\n - dm log writes: fix >512b sectorsize support (bsc#1093023).\n - dm log writes: fix max length used for kstrndup (bsc#1093023).\n - dm log writes: record metadata flag for better flags record\n (bsc#1093023).\n - dm mpath: fix bio-based multipath queue_if_no_path handling\n (bsc#1099918).\n - dm raid: add component device size checks to avoid runtime failure\n (bsc#1093023).\n - dm raid: avoid passing array_in_sync variable to raid_status() callees\n (bsc#1093023).\n - dm raid: bump target version to reflect numerous fixes (bsc#1093023).\n - dm raid: consume sizes after md_finish_reshape() completes changing them\n (bsc#1093023).\n - dm raid: correct resizing state relative to reshape space in ctr\n (bsc#1093023).\n - dm raid: display a consistent copy of the MD status via raid_status()\n (bsc#1093023).\n - dm raid: do not use 'const' in function return (bsc#1099918).\n - dm raid: ensure 'a' chars during reshape (bsc#1093023).\n - dm raid: fix deadlock caused by premature md_stop_writes() (bsc#1093023).\n - dm raid: fix incorrect status output at the end of a "recover" process\n (bsc#1093023).\n - dm raid: fix incorrect sync_ratio when degraded (bsc#1093023).\n - dm raid: fix nosync status (bsc#1093023).\n - dm raid: fix panic when attempting to force a raid to sync (bsc#1093023).\n - dm raid: fix parse_raid_params() variable range issue (bsc#1093023).\n - dm raid: fix raid set size revalidation (bsc#1093023).\n - dm raid: fix raid_resume() to keep raid set frozen as needed\n (bsc#1093023).\n - dm raid: fix rs_get_progress() synchronization state/ratio (bsc#1093023).\n - dm raid: make raid_sets symbol static (bsc#1093023).\n - dm raid: simplify rs_get_progress() (bsc#1093023).\n - dm raid: small cleanup and remove unsed "struct raid_set" member\n (bsc#1093023).\n - dm raid: stop keeping raid set frozen altogether (bsc#1093023).\n - dm raid: use rs_is_raid*() (bsc#1093023).\n - dm raid: validate current raid sets redundancy (bsc#1093023).\n - dm rq: do not update rq partially in each ending bio (bsc#1093023).\n - dm rq: make dm-sq requeuing behavior consistent with dm-mq behavior\n (bsc#1093023).\n - dm space map metadata: use ARRAY_SIZE (bsc#1093023).\n - dm stripe: get rid of a Variable Length Array (VLA) (bsc#1093023).\n - dm table: fix regression from improper dm_dev_internal.count refcount_t\n conversion (bsc#1093023).\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bsc#1093023).\n - dm thin: fix trailing semicolon in __remap_and_issue_shared_cell\n (bsc#1093023).\n - dm zoned: avoid triggering reclaim from inside dmz_map() (bsc#1099918).\n - dm zoned: ignore last smaller runt zone (bsc#1093023).\n - dm-crypt: do not clear bvec->bv_page in crypt_free_buffer_pages()\n (bsc#1093023).\n - dm-crypt: do not mess with BIP_BLOCK_INTEGRITY (bsc#1093023).\n - dm-raid: fix a race condition in request handling (bsc#1093023).\n - dm: backfill missing calls to mutex_destroy() (bsc#1093023).\n - dm: clear all discard attributes in queue_limits when discards are\n disabled (bsc#1093023).\n - dm: convert DM printk macros to pr_ level macros (bsc#1099918).\n - dm: convert dm_dev_internal.count from atomic_t to refcount_t\n (bsc#1093023).\n - dm: convert table_device.count from atomic_t to refcount_t (bsc#1093023).\n - dm: correctly handle chained bios in dec_pending() (bsc#1093023).\n - dm: discard support requires all targets in a table support discards\n (bsc#1093023).\n - dm: do not set 'discards_supported' in targets that do not need it\n (bsc#1093023).\n - dm: ensure bio submission follows a depth-first tree walk (bsc#1093023).\n - dm: ensure bio-based DM's bioset and io_pool support targets' maximum\n IOs (bsc#1093023).\n - dm: fix __send_changing_extent_only() to send first bio and chain\n remainder (bsc#1093023).\n - dm: fix comment above dm_accept_partial_bio (bsc#1093023).\n - dm: fix printk() rate limiting code (bsc#1099918).\n - dm: fix various targets to dm_register_target after module __init\n resources created (bsc#1093023).\n - dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE (bsc#1093023).\n - dm: move dm_table_destroy() to same header as dm_table_create()\n (bsc#1093023).\n - dm: remove BIOSET_NEED_RESCUER based dm_offload infrastructure\n (bsc#1093023).\n - dm: remove stale comment blocks (bsc#1093023).\n - dm: remove unused 'num_write_bios' target interface (bsc#1093023).\n - dm: remove unused macro DM_MOD_NAME_SIZE (bsc#1093023).\n - dm: rename 'bio' member of dm_io structure to 'orig_bio' (bsc#1093023).\n - dm: safely allocate multiple bioset bios (bsc#1093023).\n - dm: set QUEUE_FLAG_DAX accordingly in dm_table_set_restrictions()\n (bsc#1093023).\n - dm: simplify start of block stats accounting for bio-based (bsc#1093023).\n - dm: small cleanup in dm_get_md() (bsc#1093023).\n - dm: use bio_split() when splitting out the already processed bio\n (bsc#1099918).\n - dmaengine: at_hdmac: fix potential NULL pointer dereference in\n atc_prep_dma_interleaved (bsc#1051510).\n - dmaengine: at_xdmac: fix rare residue corruption (bsc#1051510).\n - dmaengine: dmatest: fix container_of member in dmatest_callback\n (bsc#1051510).\n - dmaengine: dmatest: move callback wait queue to thread context\n (bsc#1051510).\n - dmaengine: dmatest: warn user when dma test times out (bsc#1051510).\n - dmaengine: edma: Align the memcpy acnt array size with the transfer\n (bsc#1051510).\n - dmaengine: ioat: Fix error handling path (bsc#1051510).\n - dmaengine: jz4740: disable/unprepare clk if probe fails (bsc#1051510).\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type\n (bsc#1051510).\n - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63\n (bsc#1051510).\n - dmaengine: ti-dma-crossbar: Fix possible race condition with dma_inuse\n (bsc#1051510).\n - docs: disable KASLR when debugging kernel (bsc#1051510).\n - dpaa_eth: increment the RX dropped counter when needed\n (networking-stable-18_03_28).\n - dpaa_eth: remove duplicate increment of the tx_errors counter\n (networking-stable-18_03_28).\n - dpaa_eth: remove duplicate initialization (networking-stable-18_03_28).\n - drbd: Fix drbd_request_prepare() discard handling (bsc#1099918).\n - driver core: Do not ignore class_dir_create_and_add() failure\n (bsc#1051510).\n - driver core: Move device_links_purge() after bus_remove_device()\n (bsc#1099918).\n - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (bsc#1046306 ).\n - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4\n (bsc#1046306 ).\n - drivers: net: bnx2x: use setup_timer() helper (bsc#1086323 ).\n - drm/amd/powerplay: Fix enum mismatch (bsc#1051510).\n - drm/amdgpu/sdma: fix mask in emit_pipeline_sync (bsc#1051510).\n - drm/amdgpu/si: implement get/set pcie_lanes asic callback (bsc#1051510).\n - drm/amdgpu: Add APU support in vi_set_uvd_clocks (bsc#1051510).\n - drm/amdgpu: Add APU support in vi_set_vce_clocks (bsc#1051510).\n - drm/amdgpu: Add an ATPX quirk for hybrid laptop (bsc#1051510).\n - drm/amdgpu: Fix PCIe lane width calculation (bsc#1051510).\n - drm/amdgpu: Fix always_valid bos multiple LRU insertions (bsc#1051510).\n - drm/amdgpu: Fix deadlock on runtime suspend (bsc#1051510).\n - drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array\n (bsc#1051510).\n - drm/amdgpu: adjust timeout for ib_ring_tests(v2) (bsc#1051510).\n - drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini\n (bsc#1051510).\n - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders\n (bsc#1051510).\n - drm/amdkfd: fix clock counter retrieval for node without GPU\n (bsc#1051510).\n - drm/armada: fix leak of crtc structure (bsc#1051510).\n - drm/ast: Fixed 1280x800 Display Issue (bsc#1051510).\n - drm/atmel-hlcdc: check stride values in the first plane (bsc#1051510).\n - drm/atomic: Clean old_state/new_state in\n drm_atomic_state_default_clear() (bsc#1051510).\n - drm/atomic: Clean private obj old_state/new_state in\n drm_atomic_state_default_clear() (bsc#1051510).\n - drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback\n (bsc#1051510).\n - drm/bridge: tc358767: do no fail on hi-res displays (bsc#1051510).\n - drm/bridge: tc358767: filter out too high modes (bsc#1051510).\n - drm/bridge: tc358767: fix 1-lane behavior (bsc#1051510).\n - drm/bridge: tc358767: fix AUXDATAn registers access (bsc#1051510).\n - drm/bridge: tc358767: fix DP0_MISC register set (bsc#1051510).\n - drm/bridge: tc358767: fix timing calculations (bsc#1051510).\n - drm/bridge: vga-dac: Fix edid memory leak (bsc#1051510).\n - drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl()\n (bsc#1051510).\n - drm/exynos/dsi: mask frame-done interrupt (bsc#1051510).\n - drm/exynos: Allow DRM_EXYNOS on s5pv210 (bsc#1051510).\n - drm/exynos: Fix default value for zpos plane property (bsc#1051510).\n - drm/exynos: fix comparison to bitshift when dealing with a mask\n (bsc#1051510).\n - drm/exynos: g2d: use monotonic timestamps (bsc#1051510).\n - drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() (bsc#1051510).\n - drm/hisilicon: Ensure LDI regs are properly configured (bsc#1051510).\n - drm/i915/audio: Fix audio detection issue on GLK (bsc#1051510).\n - drm/i915/audio: set minimum CD clock to twice the BCLK (bsc#1095265).\n - drm/i915/bios: filter out invalid DDC pins from VBT child devices\n (bsc#1051510).\n - drm/i915/execlists: Use rmb() to order CSB reads (bsc#1051510).\n - drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk (bsc#1051510).\n - drm/i915/glk: Add MODULE_FIRMWARE for Geminilake (bsc#1095265).\n - drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path\n (bsc#1051510).\n - drm/i915/gvt: throw error on unhandled vfio ioctls (bsc#1051510).\n - drm/i915/lvds: Move acpi lid notification registration to registration\n phase (bsc#1051510).\n - drm/i915/psr: Chase psr.enabled only under the psr.lock (bsc#1051510).\n - drm/i915/userptr: reject zero user_size (bsc#1051510).\n - drm/i915: Adjust eDP's logical vco in a reliable place (bsc#1095265).\n - drm/i915: Apply batch location restrictions before pinning (bsc#1051510).\n - drm/i915: Call i915_perf_fini() on init_hw error unwind (bsc#1051510).\n - drm/i915: Disable LVDS on Radiant P845 (bsc#1051510).\n - drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value\n (bsc#1051510).\n - drm/i915: Do not request a bug report for unsafe module parameters\n (bsc#1051510).\n - drm/i915: Enable display WA#1183 from its correct spot (bsc#1051510).\n - drm/i915: Enable provoking vertex fix on Gen9 systems (bsc#1051510).\n - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state\n (bsc#1051510).\n - drm/i915: Fix context ban and hang accounting for client (bsc#1051510).\n - drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log\n (bsc#1051510).\n - drm/i915: Remove stale asserts from i915_gem_find_active_request()\n (bsc#1051510).\n - drm/i915: Remove stale asserts from i915_gem_find_active_request()\n (bsc#1051510).\n - drm/i915: Remove unbannable context spam from reset (bsc#1051510).\n - drm/i915: Restore planes after load detection (bsc#1051510).\n - drm/i915: Restore planes after load detection (bsc#1051510).\n - drm/i915: Try GGTT mmapping whole object as partial (bsc#1051510).\n - drm/imx: move arming of the vblank event to atomic_flush (bsc#1051510).\n - drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()'\n (bsc#1051510).\n - drm/meson: Fix some error handling paths in 'meson_drv_bind_master()'\n (bsc#1051510).\n - drm/meson: fix vsync buffer update (bsc#1051510).\n - drm/msm/dsi: use correct enum in dsi_get_cmd_fmt (bsc#1051510).\n - drm/msm: Fix possible null dereference on failure of get_pages()\n (bsc#1051510).\n - drm/msm: do not deref error pointer in the msm_fbdev_create error path\n (bsc#1100209).\n - drm/msm: fix leak in failed get_pages (bsc#1051510).\n - drm/nouveau/bar/gf100: add config option to limit BAR2 to 16MiB\n (bsc#1095094).\n - drm/nouveau/bios/iccsense: rails for power sensors have a mask of 0xf8\n for version 0x10 (bsc#1095094).\n - drm/nouveau/bios/init: add a new devinit script interpreter entry-point\n (bsc#1095094).\n - drm/nouveau/bios/init: add or/link args separate from output path\n (bsc#1095094).\n - drm/nouveau/bios/init: bump script offset to 32-bits (bsc#1095094).\n - drm/nouveau/bios/init: remove internal use of nvbios_init.bios\n (bsc#1095094).\n - drm/nouveau/bios/init: rename 'crtc' to 'head' (bsc#1095094).\n - drm/nouveau/bios/init: rename nvbios_init() to nvbios_devinit()\n (bsc#1095094).\n - drm/nouveau/bios/volt: Parse min and max for Version 0x40 (bsc#1095094).\n - drm/nouveau/bios: Demote missing fp table message to NV_DEBUG\n (bsc#1095094).\n - drm/nouveau/bl: fix backlight regression (bsc#1095094).\n - drm/nouveau/devinit: use new devinit script interpreter entry-point\n (bsc#1095094).\n - drm/nouveau/disp/dp: determine a failsafe link training rate\n (bsc#1095094).\n - drm/nouveau/disp/dp: determine link bandwidth requirements from head\n state (bsc#1095094).\n - drm/nouveau/disp/dp: no need for lt_state except during manual link\n training (bsc#1095094).\n - drm/nouveau/disp/dp: only check for re-train when the link is active\n (bsc#1095094).\n - drm/nouveau/disp/dp: remove DP_PWR method (bsc#1095094).\n - drm/nouveau/disp/dp: store current link configuration in nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/dp: train link only when actively displaying an image\n (bsc#1095094).\n - drm/nouveau/disp/dp: use cached link configuration when checking link\n status (bsc#1095094).\n - drm/nouveau/disp/dp: use new devinit script interpreter entry-point\n (bsc#1095094).\n - drm/nouveau/disp/g84-: Extend NVKM HDMI power control method to set\n InfoFrames (bsc#1095094).\n - drm/nouveau/disp/g84-: port OR HDMI control to nvkm_ior (bsc#1095094).\n - drm/nouveau/disp/g84-gt200: Use supplied HDMI InfoFrames (bsc#1095094).\n - drm/nouveau/disp/g94-: port OR DP drive setting control to nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/g94-: port OR DP lane mapping to nvkm_ior (bsc#1095094).\n - drm/nouveau/disp/g94-: port OR DP link power control to nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/g94-: port OR DP link setup to nvkm_ior (bsc#1095094).\n - drm/nouveau/disp/g94-: port OR DP training pattern control to nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/gf119-: avoid creating non-existent heads (bsc#1095094).\n - drm/nouveau/disp/gf119-: port OR DP VCPI control to nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/gf119: Use supplied HDMI InfoFrames (bsc#1095094).\n - drm/nouveau/disp/gf119: add missing drive vfunc ptr (bsc#1095094).\n - drm/nouveau/disp/gk104-: Use supplied HDMI InfoFrames (bsc#1095094).\n - drm/nouveau/disp/gm200-: allow non-identity mapping of SOR != macro\n links (bsc#1095094).\n - drm/nouveau/disp/gt215-: port HDA ELD controls to nvkm_ior (bsc#1095094).\n - drm/nouveau/disp/gt215: Use supplied HDMI InfoFrames (bsc#1095094).\n - drm/nouveau/disp/nv04: avoid creation of output paths (bsc#1095094).\n - drm/nouveau/disp/nv50-: avoid creating ORs that are not present on HW\n (bsc#1095094).\n - drm/nouveau/disp/nv50-: execute supervisor on its own workqueue\n (bsc#1095094).\n - drm/nouveau/disp/nv50-: fetch head/OR state at beginning of supervisor\n (bsc#1095094).\n - drm/nouveau/disp/nv50-: implement a common supervisor 1.0 (bsc#1095094).\n - drm/nouveau/disp/nv50-: implement a common supervisor 2.0 (bsc#1095094).\n - drm/nouveau/disp/nv50-: implement a common supervisor 2.1 (bsc#1095094).\n - drm/nouveau/disp/nv50-: implement a common supervisor 2.2 (bsc#1095094).\n - drm/nouveau/disp/nv50-: implement a common supervisor 3.0 (bsc#1095094).\n - drm/nouveau/disp/nv50-: port OR manual sink detection to nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/nv50-: port OR power state control to nvkm_ior\n (bsc#1095094).\n - drm/nouveau/disp/nv50-gt21x: remove workaround for dp->tmds hotplug\n issues (bsc#1095094).\n - drm/nouveau/disp: Add mechanism to convert HDMI InfoFrames to hardware\n format (bsc#1095094).\n - drm/nouveau/disp: Silence DCB warnings (bsc#1095094).\n - drm/nouveau/disp: add tv encoders to output resource mapping\n (bsc#1095094).\n - drm/nouveau/disp: common implementation of scanoutpos method in\n nvkm_head (bsc#1095094).\n - drm/nouveau/disp: delay output path / connector construction until\n oneinit() (bsc#1095094).\n - drm/nouveau/disp: fork off some new hw-specific implementations\n (bsc#1095094).\n - drm/nouveau/disp: identity-map display paths to output resources\n (bsc#1095094).\n - drm/nouveau/disp: introduce acquire/release display path methods\n (bsc#1095094).\n - drm/nouveau/disp: introduce input/output resource abstraction\n (bsc#1095094).\n - drm/nouveau/disp: introduce object to track per-head functions/state\n (bsc#1095094).\n - drm/nouveau/disp: move vblank_{get,put} methods into nvkm_head\n (bsc#1095094).\n - drm/nouveau/disp: remove hw-specific customisation of output paths\n (bsc#1095094).\n - drm/nouveau/disp: rename nvkm_output to nvkm_outp (bsc#1095094).\n - drm/nouveau/disp: rename nvkm_output_dp to nvkm_dp (bsc#1095094).\n - drm/nouveau/disp: s/nvkm_connector/nvkm_conn/ (bsc#1095094).\n - drm/nouveau/disp: shuffle functions around (bsc#1095094).\n - drm/nouveau/falcon: use a more reasonable msgqueue timeout value\n (bsc#1095094).\n - drm/nouveau/fb/gf100-: zero mmu debug buffers (bsc#1095094).\n - drm/nouveau/fb/ram/nv40-: use new devinit script interpreter entry-point\n (bsc#1095094).\n - drm/nouveau/fbcon: fix oops without fbdev emulation (bsc#1094751).\n - drm/nouveau/hwmon: Add config for all sensors and their settings\n (bsc#1095094).\n - drm/nouveau/hwmon: Add nouveau_hwmon_ops structure with\n .is_visible/.read_string (bsc#1095094).\n - drm/nouveau/hwmon: Change permissions to numeric (bsc#1095094).\n - drm/nouveau/hwmon: Remove old code, add .write/.read operations\n (bsc#1095094).\n - drm/nouveau/hwmon: expose the auto_point and pwm_min/max attrs\n (bsc#1095094).\n - drm/nouveau/kms/nv04-nv40: improve overlay error detection, fix pitch\n setting (bsc#1095094).\n - drm/nouveau/kms/nv04-nv40: prevent undisplayable framebuffers from\n creation (bsc#1095094).\n - drm/nouveau/kms/nv04-nv4x: fix exposed format list (bsc#1095094).\n - drm/nouveau/kms/nv04: use new devinit script interpreter entry-point\n (bsc#1095094).\n - drm/nouveau/kms/nv10-nv40: add NV21 support to overlay (bsc#1095094).\n - drm/nouveau/mc/gf100: add pmu to reset mask (bsc#1095094).\n - drm/nouveau/mpeg: print more debug info when rejecting dma objects\n (bsc#1095094).\n - drm/nouveau/pmu/fuc: do not use movw directly anymore (bsc#1051510).\n - drm/nouveau/pmu/gt215-: abstract detection of whether reset is needed\n (bsc#1095094).\n - drm/nouveau/pmu/gt215: fix reset (bsc#1095094).\n - drm/nouveau/tegra: Do not leave GPU in reset (bsc#1095094).\n - drm/nouveau/tegra: Skip manual unpowergating when not necessary\n (bsc#1095094).\n - drm/nouveau/therm/gm200: Added (bsc#1095094).\n - drm/nouveau/therm: fix spelling mistake on array thresolds (bsc#1095094).\n - drm/nouveau/tmr: remove nvkm_timer_alarm_cancel() (bsc#1095094).\n - drm/nouveau: Clean up nv50_head_atomic_check_mode() and fix blankus\n calculation (bsc#1095094).\n - drm/nouveau: Convert nouveau to use new iterator macros, v2\n (bsc#1095094).\n - drm/nouveau: Drop drm_vblank_cleanup (bsc#1095094).\n - drm/nouveau: Enable stereoscopic 3D output over HDMI (bsc#1095094).\n - drm/nouveau: Fix deadlock in nv50_mstm_register_connector()\n (bsc#1051510).\n - drm/nouveau: Fix deadlock on runtime suspend (bsc#1051510).\n - drm/nouveau: Fix merge commit (bsc#1095094).\n - drm/nouveau: Handle drm_atomic_helper_swap_state failure (bsc#1095094).\n - drm/nouveau: Handle frame-packing mode geometry and timing effects\n (bsc#1095094).\n - drm/nouveau: Pass mode-dependent AVI and Vendor HDMI InfoFrames to NVKM\n (bsc#1095094).\n - drm/nouveau: Skip vga_fini on non-PCI device (bsc#1095094).\n - drm/nouveau: Use the drm_driver.dumb_destroy default (bsc#1095094).\n - drm/nouveau: silence suspend/resume debugging messages (bsc#1095094).\n - drm/nouveau: use drm_for_each_connector_iter() (bsc#1095094).\n - drm/omap: DMM: Check for DMM readiness after successful transaction\n commit (bsc#1051510).\n - drm/omap: fix possible NULL ref issue in tiler_reserve_2d (bsc#1051510).\n - drm/omap: fix uninitialized ret variable (bsc#1051510).\n - drm/omap: handle alloc failures in omap_connector (bsc#1051510).\n - drm/omap: silence unititialized variable warning (bsc#1051510).\n - drm/panel: simple: Fix the bus format for the Ontat panel (bsc#1051510).\n - drm/psr: Fix missed entry in PSR setup time table (bsc#1051510).\n - drm/qxl: Call qxl_bo_unref outside atomic context (bsc#1051510).\n - drm/radeon: Fix PCIe lane width calculation (bsc#1051510).\n - drm/radeon: Fix deadlock on runtime suspend (bsc#1051510).\n - drm/radeon: add PX quirk for Asus K73TK (bsc#1051510).\n - drm/radeon: make MacBook Pro d3_delay quirk more generic (bsc#1051510).\n - drm/rockchip: Clear all interrupts before requesting the IRQ\n (bsc#1051510).\n - drm/rockchip: Respect page offset for PRIME mmap calls (bsc#1051510).\n - drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM enable\n (bsc#1051510).\n - drm/sun4i: Fix dclk_set_phase (bsc#1051510).\n - drm/sun4i: Fix error path handling (bsc#1051510).\n - drm/tegra: Shutdown on driver unbind (bsc#1051510).\n - drm/tilcdc: ensure nonatomic iowrite64 is not used (bsc#1051510).\n - drm/vc4: Fix memory leak during BO teardown (bsc#1051510).\n - drm/vc4: Fix scaling of uni-planar formats (bsc#1051510).\n - drm/virtio: fix vq wait_event condition (bsc#1051510).\n - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros (bsc#1051510).\n - drm/vmwgfx: Fix a buffer object leak (bsc#1051510).\n - drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful\n (bsc#1051510).\n - drm/vmwgfx: Unpin the screen object backup buffer when not used\n (bsc#1051510).\n - drm: Allow determining if current task is output poll worker\n (bsc#1051510).\n - drm: Match sysfs name in link removal to link creation (bsc#1051510).\n - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs\n (bsc#1051510).\n - drm: nouveau: remove dead code and pointless local lut storage\n (bsc#1095094).\n - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 (bsc#1051510).\n - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 (bsc#1051510).\n - drm: set FMODE_UNSIGNED_OFFSET for drm files (bsc#1051510).\n - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes\n (bsc#1075876).\n - eCryptfs: do not pass up plaintext names when using filename encryption\n (bsc#1052766).\n - earlycon: Use a pointer table to fix __earlycon_table stride\n (bsc#1099918).\n - efi/esrt: Use memunmap() instead of kfree() to free the remapping\n (bsc#1051510).\n - emulex/benet: Constify *be_misconfig_evt_port_state (bsc#1086288 ).\n - ethernet/broadcom: Use zeroing memory allocator than allocator/memset\n (bsc#1086282 ).\n - ethernet: Use octal not symbolic permissions (bsc#1086288 ).\n - ethtool: do not print warning for applications using legacy API\n (networking-stable-18_01_12).\n - etnaviv: fix gem object list corruption (bsc#1051510).\n - etnaviv: fix submit error path (bsc#1051510).\n - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).\n - ext4: add bounds checking to ext4_xattr_find_entry() (bsc#1052766).\n - ext4: do not update checksum of new initialized bitmaps (bsc#1052766).\n - ext4: eliminate sleep from shutdown ioctl (bsc#1052766).\n - ext4: fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).\n - ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin()\n (bsc#1079747).\n - ext4: fix unsupported feature message formatting (bsc#1098435).\n - ext4: move call to ext4_error() into ext4_xattr_check_block()\n (bsc#1052766).\n - ext4: pass -ESHUTDOWN code to jbd2 layer (bsc#1052766).\n - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bsc#1052766).\n - ext4: protect i_disksize update by i_data_sem in direct write path\n (bsc#1052766).\n - ext4: set h_journal if there is a failure starting a reserved handle\n (bsc#1052766).\n - ext4: shutdown should not prevent get_write_access (bsc#1052766).\n - extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO\n (bsc#1051510).\n - f2fs: avoid hungtask when GC encrypted block if io_bits is set\n (bsc#1052766).\n - f2fs: expose some sectors to user in inline data or dentry case\n (bsc#1052766).\n - f2fs: fix a panic caused by NULL flush_cmd_control (bsc#1086400).\n - f2fs: fix heap mode to reset it back (bsc#1052766).\n - f2fs: fix to clear CP_TRIMMED_FLAG (bsc#1052766).\n - f2fs: fix to wake up all sleeping flusher (bsc#1099918).\n - fanotify: fix logic of events on child (bsc#1052766).\n - fbdev: controlfb: Add missing modes to fix out of bounds access\n (bsc#1051510).\n - fealnx: Fix building error on MIPS (networking-stable-17_11_20).\n - fib_semantics: Do not match route with mismatching tclassid\n (networking-stable-18_03_07).\n - firewire-ohci: work around oversized DMA reads on JMicron controllers\n (bsc#1051510).\n - firmware: add helper to unregister pm ops (bsc#1085937).\n - firmware: always enable the reboot notifier (bsc#1085937).\n - firmware: dmi_scan: Fix UUID length safety check (bsc#1051510).\n - firmware: dmi_scan: Fix handling of empty DMI strings (bsc#1051510).\n - firmware: fix capturing errors on fw_cache_init() on early init\n (bsc#1085937).\n - firmware: fix checking for return values for fw_add_devm_name()\n (bsc#1051510).\n - firmware: fix detecting error on register_reboot_notifier()\n (bsc#1085936).\n - firmware: move kill_requests_without_uevent() up above (bsc#1085937).\n - firmware: provide helpers for registering the syfs loader (bsc#1085937).\n - firmware: share fw fallback killing on reboot/suspend (bsc#1085937).\n - fix kabi breaker in md.h (git-fixes).\n - flow_dissector: properly cap thoff field (networking-stable-18_01_28).\n - fs/aio: Add explicit RCU grace period when freeing kioctx (bsc#1088722).\n - fs/aio: Use RCU accessors for kioctx_table->table[] (bsc#1088722).\n - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099142).\n - fs/fat/inode.c: fix sb_rdonly() change (bsc#1052766).\n - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bsc#1052766).\n - fs: Teach path_connected to handle nfs filesystems with multiple roots\n (git-fixes).\n - fsnotify: Fix fsnotify_mark_connector race (bsc#1052766).\n - fsnotify: Hide kABI changes in fsnotify_mark_connector (bsc#1052766).\n - ftrace: Fix selftest goto location on error (bsc#1099918).\n - fuse: fix READDIRPLUS skipping an entry (bsc#1088690).\n - geneve: Fix function matching VNI and tunnel ID on big-endian\n (bsc#1051510).\n - geneve: fix fill_info when link down (bsc#1051510).\n - gfs2: Fix debugfs glocks dump (bsc#1052766).\n - gpio: No NULL owner (bsc#1051510).\n - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bsc#1051510).\n - gpio: davinci: Assign first bank regs for unbanked case (bsc#1051510).\n - gpio: fix "gpio-line-names" property retrieval (bsc#1051510).\n - gpio: fix aspeed_gpio unmask irq (bsc#1051510).\n - gpio: fix error path in lineevent_create (bsc#1051510).\n - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510).\n - gpio: label descriptors using the device name (bsc#1051510).\n - gpio: stmpe: i2c transfer are forbiden in atomic context (bsc#1051510).\n - gpioib: do not free unrequested descriptors (bsc#1051510).\n - gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle\n (bsc#1051510).\n - gpu: ipu-v3: prg: avoid possible array underflow (bsc#1051510).\n - gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle\n (bsc#1051510).\n - hdlc_ppp: carrier detect ok, do not turn off negotiation\n (networking-stable-18_03_07).\n - hv_netvsc: Fix a network regression after ifdown/ifup (bsc#1094420).\n - hwmon: (ina2xx) Fix access to uninitialized mutex (bsc#1051510).\n - hwmon: (ina2xx) Make calibration register value fixed (bsc#1051510).\n - hwmon: (jc42) optionally try to disable the SMBUS timeout (bsc#1051510).\n - hwmon: (nct6775) Fix writing pwmX_mode (bsc#1051510).\n - hwmon: (pmbus/adm1275) Accept negative page register values\n (bsc#1051510).\n - hwmon: (pmbus/max8688) Accept negative page register values\n (bsc#1051510).\n - hwtracing: stm: fix build error on some arches (bsc#1051510).\n - i2c: designware: fix poll-after-enable regression (bsc#1051510).\n - i2c: i801: Restore configuration at shutdown (bsc#1051510).\n - i2c: i801: Save register SMBSLVCMD value only once (bsc#1051510).\n - i2c: ismt: Separate I2C block read from SMBus block read (bsc#1051510).\n - i2c: mv64xxx: Apply errata delay only in standard mode (bsc#1051510).\n - i2c: pmcmsp: fix error return from master_xfer (bsc#1051510).\n - i2c: pmcmsp: return message count on master_xfer success (bsc#1051510).\n - i2c: viperboard: return message count on master_xfer success\n (bsc#1051510).\n - i40e: Close client on suspend and restore client MSIx on resume\n (bsc#1088821).\n - i40e: Do not allow use more TC queue pairs than MSI-X vectors exist\n (bsc#1094978).\n - i40e: Fix attach VF to VM issue (bsc#1056658 bsc#1056662 ).\n - i40e: Fix the number of queues available to be mapped for use\n (bsc#1094978).\n - i40e: program fragmented IPv4 filter input set (bsc#1056658 bsc#1056662\n ).\n - i40evf: Do not schedule reset_task when device is being removed\n (bsc#1056658 bsc#1056662 ).\n - i40evf: do not rely on netif_running() outside rtnl_lock() (bsc#1056658\n bsc#1056662 ).\n - i40evf: ignore link up if not running (bsc#1056658 bsc#1056662 ).\n - i40iw: Zero-out consumer key on allocate stag for FMR (bsc#1058659 ).\n - ibmvnic: Check CRQ command return codes (bsc#1094840).\n - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).\n - ibmvnic: Clear pending interrupt after device reset (bsc#1089644).\n - ibmvnic: Create separate initialization routine for resets (bsc#1094840).\n - ibmvnic: Define vnic_login_client_data name field as unsized array\n (bsc#1089198).\n - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).\n - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).\n - ibmvnic: Fix partial success login retries (bsc#1094840).\n - ibmvnic: Fix statistics buffers memory leak (bsc#1093990).\n - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).\n - ibmvnic: Handle all login error conditions (bsc#1089198).\n - ibmvnic: Handle error case when setting link state (bsc#1094840).\n - ibmvnic: Introduce active CRQ state (bsc#1094840).\n - ibmvnic: Introduce hard reset recovery (bsc#1094840).\n - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840).\n - ibmvnic: Only do H_EOI for mobility events (bsc#1094356).\n - ibmvnic: Return error code if init interrupted by transport event\n (bsc#1094840).\n - ibmvnic: Set resetting state at earliest possible point (bsc#1094840).\n - ide: Make ide_cdrom_prep_fs() initialize the sense buffer pointer\n (bsc#1099918).\n - ide: ide-atapi: fix compile error with defining macro DEBUG\n (bsc#1099918).\n - ide:ide-cd: fix kernel panic resulting from missing scsi_req_init\n (bsc#1099918).\n - idr: fix invalid ptr dereference on item delete (bsc#1051510).\n - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()\n (networking-stable-18_03_28).\n - igb: Allow to remove administratively set MAC on VFs (bsc#1056651 ).\n - igb: Clear TXSTMP when ptp_tx_work() is timeout (bsc#1056651 ).\n - igb: Fix a test with HWTSTAMP_TX_ON (bsc#1056651 bsc#1056643 ).\n - iio: ABI: Fix name of timestamp sysfs file (bsc#1051510).\n - iio: ad7793: Fix the serial interface reset (bsc#1051510).\n - iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ (bsc#1051510).\n - iio: ad_sigma_delta: Implement a dedicated reset function (bsc#1051510).\n - iio: adc/accel: Fix up module licenses (bsc#1051510).\n - iio: adc: cpcap: fix incorrect validation (bsc#1051510).\n - iio: adc: mcp320x: Fix oops on module unload (bsc#1051510).\n - iio: adc: mcp320x: Fix readout of negative voltages (bsc#1051510).\n - iio: adc: meson-saradc: fix the bit_idx of the adc_en clock\n (bsc#1051510).\n - iio: adc: stm32: fix scan of multiple channels with DMA (bsc#1051510).\n - iio: adc: ti-ads1015: add 10% to conversion wait time (bsc#1051510).\n - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling\n path of 'twl4030_madc_probe()' (bsc#1051510).\n - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'\n (bsc#1051510).\n - iio: adis_lib: Initialize trigger before requesting interrupt\n (bsc#1051510).\n - iio: buffer: check if a buffer has been set up when poll is called\n (bsc#1051510).\n - iio: buffer: fix the function signature to match implementation\n (bsc#1051510).\n - iio: core: Return error for failed read_reg (bsc#1051510).\n - iio: fix kernel-doc build errors (bsc#1051510).\n - iio: health: max30102: Add power enable parameter to get_temp function\n (bsc#1051510).\n - iio: health: max30102: Temperature should be in milli Celsius\n (bsc#1051510).\n - iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot()\n (bsc#1051510).\n - iio: st_pressure: st_accel: Initialise sensor platform data properly\n (bsc#1051510).\n - iio: st_pressure: st_accel: pass correct platform data to init\n (bsc#1051510).\n - iio: trigger: stm32-timer: fix get/set down count direction\n (bsc#1051510).\n - iio: trigger: stm32-timer: fix get/set down count direction\n (bsc#1051510).\n - iio: trigger: stm32-timer: preset shouldn't be buffered (bsc#1051510).\n - iio:buffer: make length types match kfifo types (bsc#1051510).\n - iio:kfifo_buf: check for uint overflow (bsc#1051510).\n - ima: Fallback to the builtin hash algorithm (bsc#1091686).\n - infiniband: drop unknown function from core_priv.h (bsc#1046306 ).\n - init: fix false positives in W+X checking (bsc#1093721).\n - initial support (display-only) for GP108 (bsc#1095094).\n - intel_th: Use correct device when freeing buffers (bsc#1051510).\n - iommu/amd: Take into account that alloc_dev_data() may return NULL\n (bsc#975772).\n - iommu/vt-d: Clear pasid table entry when memory unbound (bsc#1087214).\n - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).\n - iov_iter: fix memory leak in pipe_get_pages_alloc() (bsc#1092710).\n - iov_iter: fix return type of __pipe_get_pages() (bsc#1092710).\n - ip6_gre: better validate user provided tunnel names\n (networking-stable-18_04_10).\n - ip6_gre: fix device features for ioctl setup\n (networking-stable-17_12_31).\n - ip6_gre: init dev->mtu and dev->hard_header_len correctly\n (networking-stable-18_01_28).\n - ip6_gre: ip6gre_tap device should keep dst (networking-stable-17_10_09).\n - ip6_gre: only increase err_count for some certain type icmpv6 in\n ip6gre_err (networking-stable-17_11_14).\n - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header\n (networking-stable-17_10_09).\n - ip6_tunnel: better validate user provided tunnel names\n (networking-stable-18_04_10).\n - ip6_tunnel: disable dst caching if tunnel is dual-stack\n (networking-stable-18_01_12).\n - ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in\n cmdline (networking-stable-17_10_09).\n - ip6_vti: adjust vti mtu according to mtu of lower device (bsc#1082869).\n - ip6mr: fix stale iterator (networking-stable-18_02_06).\n - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table\n succeeds (git-fixes).\n - ip_gre: fix IFLA_MTU ignored on NEWLINK (bsc#1076830).\n - ip_tunnel: better validate user provided tunnel names\n (networking-stable-18_04_10).\n - ipip: only increase err_count for some certain type icmp in ipip_err\n (networking-stable-17_11_14).\n - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088872).\n - ipv4: Fix use-after-free when flushing FIB tables\n (networking-stable-17_12_31).\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be\n INADDR_ANY (networking-stable-18_01_28).\n - ipv4: fix fnhe usage by non-cached routes (networking-stable-18_05_15).\n - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg\n (networking-stable-18_05_15).\n - ipv4: igmp: guard against silly MTU values (bsc#1082869).\n - ipv6 sit: work around bogus gcc-8 -Wrestrict warning\n (networking-stable-18_03_07).\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL\n (git-fixes).\n - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy\n (networking-stable-18_04_26).\n - ipv6: fix access to non-linear packet in\n ndisc_fill_redirect_hdr_option() (networking-stable-18_03_28).\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU\n (networking-stable-18_01_28).\n - ipv6: flowlabel: do not leave opt->tot_len with garbage\n (networking-stable-17_11_14).\n - ipv6: mcast: better catch silly mtu values (networking-stable-17_12_31).\n - ipv6: old_dport should be a __be16 in __ip6_datagram_connect()\n (networking-stable-18_03_28).\n - ipv6: omit traffic class when calculating flow hash (bsc#1095042).\n - ipv6: sit: better validate user provided tunnel names\n (networking-stable-18_04_10).\n - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts\n (git-fixes).\n - ipv6: sr: fix NULL pointer dereference when setting encap source address\n (networking-stable-18_03_28).\n - ipv6: sr: fix TLVs not being copied using setsockopt\n (networking-stable-18_01_12).\n - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state\n (networking-stable-18_03_28).\n - ipv6: sr: fix seg6 encap performances with TSO enabled\n (networking-stable-18_04_10).\n - ipv6: the entire IPv6 header chain must fit the first fragment\n (networking-stable-18_04_10).\n - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bsc#1098401).\n - isdn: eicon: fix a missing-check bug (bsc#1051510).\n - iw_cxgb4: Atomically flush per QP HW CQEs (bsc#1046543 ).\n - iw_cxgb4: Fix an error handling path in 'c4iw_get_dma_mr()' (bsc#1064802\n bsc#1066129).\n - iw_cxgb4: print mapped ports correctly (bsc#1046543 ).\n - iwlmvm: tdls: Check TDLS channel switch support (bsc#1051510).\n - iwlwifi: add a bunch of new 9000 PCI IDs (1051510).\n - iwlwifi: add shared clock PHY config flag for some devices (bsc#1051510).\n - iwlwifi: avoid collecting firmware dump if not loaded (bsc#1051510).\n - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1051510).\n - iwlwifi: fw: harden page loading code (bsc#1051510).\n - iwlwifi: mvm: Correctly set IGTK for AP (bsc#1051510).\n - iwlwifi: mvm: Correctly set the tid for mcast queue (bsc#1051510).\n - iwlwifi: mvm: Direct multicast frames to the correct station\n (bsc#1051510).\n - iwlwifi: mvm: Fix channel switch for count 0 and 1 (bsc#1051510).\n - iwlwifi: mvm: Increase session protection time after CS (bsc#1051510).\n - iwlwifi: mvm: always init rs with 20mhz bandwidth rates (bsc#1051510).\n - iwlwifi: mvm: clear tx queue id when unreserving aggregation queue\n (bsc#1051510).\n - iwlwifi: mvm: do not warn in queue sync on RF-kill (bsc#1051510 ).\n - iwlwifi: mvm: fix "failed to remove key" message (bsc#1051510).\n - iwlwifi: mvm: fix IBSS for devices that support station type API\n (bsc#1051510).\n - iwlwifi: mvm: fix TSO with highly fragmented SKBs (bsc#1051510).\n - iwlwifi: mvm: fix TX of CCMP 256 (bsc#1051510).\n - iwlwifi: mvm: fix array out of bounds reference (bsc#1051510).\n - iwlwifi: mvm: fix assert 0x2B00 on older FWs (bsc#1051510).\n - iwlwifi: mvm: fix error checking for multi/broadcast sta (bsc#1051510).\n - iwlwifi: mvm: fix race in queue notification wait (bsc#1051510).\n - iwlwifi: mvm: fix security bug in PN checking (bsc#1051510).\n - iwlwifi: mvm: honor the max_amsdu_subframes limit (bsc#1051510).\n - iwlwifi: mvm: make sure internal station has a valid id (bsc#1051510).\n - iwlwifi: mvm: remove DQA non-STA client mode special case (bsc#1051510 ).\n - iwlwifi: mvm: set the correct tid when we flush the MCAST sta\n (bsc#1051510).\n - iwlwifi: pcie: compare with number of IRQs requested for, not number of\n CPUs (bsc#1051510).\n - ixgbe: do not set RXDCTL.RLPML for 82599 (bsc#1056657 ).\n - ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode\n (bsc#1056657 bsc#1056653 ).\n - jbd2: if the journal is aborted then do not allow update of the log tail\n (bsc#1052766).\n - jffs2_kill_sb(): deal with failed allocations (bsc#1052766).\n - kabi protect struct acpi_nfit_desc (bsc#1091424).\n - kabi: add struct bpf_map back (References: bsc#1098425).\n - kabi: arm64: reserve space in cpu_hwcaps and cpu_hwcap_keys arrays\n (bsc#1089086).\n - kabi: arm64: update crc for cpu_hwcaps and cpu_hwcap_keys References:\n bsc#1089086\n - kcm: lock lower socket in kcm_attach (networking-stable-18_03_28).\n - kconfig: Avoid format overflow warning from GCC 8.1 (bsc#1051510).\n - kconfig: Do not leak main menus during parsing (bsc#1051510).\n - kconfig: Fix automatic menu creation mem leak (bsc#1051510).\n - kconfig: Fix expr_free() E_NOT leak (bsc#1051510).\n - kernel/acct.c: fix the acct->needcheck check in check_free_space()\n (Git-fixes).\n - kernel/async.c: revert "async: simplify lowest_in_progress()"\n (Git-fixes).\n - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bsc#1051510).\n - kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"\n (Git-fixes).\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from\n !sig_kernel_only() signals (Git-fixes).\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL\n (Git-fixes).\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in\n complete_signal() (Git-fixes).\n - kexec: export PG_swapbacked to VMCOREINFO (bsc#1088354).\n - kexec_file: do not add extra alignment to efi memmap (bsc#1089268).\n - klp_symbols: make --klp-symbols argument semantic sane It selects build\n of klp symbols and defaults to off\n - kmod: fix wait on recursive loop (bsc#1099792).\n - kmod: reduce atomic operations on kmod_concurrent and simplify\n (bsc#1099792).\n - kmod: throttle kmod thread limit (bsc#1099792).\n - kobject: do not use WARN for registration failures (bsc#1051510).\n - kvm/x86: fix icebp instruction handling (bsc#1087088).\n - kvm: Introduce nopvspin kernel parameter (bsc#1056427).\n - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).\n - l2tp: check sockaddr length in pppol2tp_connect()\n (networking-stable-18_04_26).\n - l2tp: do not accept arbitrary sockets (bsc#1076830).\n - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events\n lan78xx_deferred_multicast_write) (networking-stable-18_04_10).\n - leds: pm8058: Silence pointer to integer size warning (bsc#1051510).\n - lib/kobject: Join string literals back (bsc#1051510).\n - lib/string_helpers: Add missed declaration of struct task_struct\n (bsc#1099918).\n - lib/test_bitmap.c: fix bitmap optimisation tests to report errors\n correctly (bsc#1051510).\n - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bsc#1051510).\n - libata: Blacklist some Sandisk SSDs for NCQ (bsc#1051510).\n - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bsc#1051510).\n - libata: blacklist Micron 500IT SSD with MU01 firmware (bsc#1051510).\n - libata: zpodd: make arrays cdb static, reduces object code size\n (bsc#1051510).\n - libata: zpodd: small read overflow in eject_tray() (bsc#1051510).\n - libceph, ceph: change permission for readonly debugfs entries\n (bsc#1089115).\n - libceph: adding missing message types to ceph_msg_type_name()\n (bsc#1089115).\n - libceph: fix misjudgement of maximum monitor number (bsc#1089115).\n - libceph: reschedule a tick in finish_hunting() (bsc#1089115).\n - libceph: un-backoff on tick when we have a authenticated session\n (bsc#1089115).\n - libceph: validate con->state at the top of try_write() (bsc#1089115).\n - libnvdimm, btt: add a couple of missing kernel-doc lines (bsc#1087210).\n - libnvdimm, btt: clean up warning and error messages (bsc#1087205).\n - libnvdimm, btt: fix format string warnings (bsc#1087205).\n - libnvdimm, dimm: handle EACCES failures from label reads ().\n - libnvdimm, label: change min label storage size per UEFI 2.7\n (bsc#1091666).\n - libnvdimm, namespace: use a safe lookup for dimm device name\n (bsc#1095321).\n - libnvdimm, nfit: fix persistence domain reporting (bsc#1091424).\n - libnvdimm, pmem: Add sysfs notifications to badblocks ().\n - libnvdimm, pmem: Do not flush power-fail protected CPU caches\n (bsc#1091424).\n - libnvdimm, pmem: Unconditionally deep flush on *sync (bsc#1091424).\n - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference\n lifetime ().\n - libnvdimm, region: hide persistence_domain when unknown (bsc#1091424).\n - libnvdimm: expose platform persistence attribute for nd_region\n (bsc#1091424).\n - libnvdimm: re-enable deep flush for pmem devices via fsync()\n (bsc#1091424).\n - livepatch: Allow to call a custom callback when freeing shadow variables\n (bsc#1071995 ).\n - livepatch: Initialize shadow variables safely by a custom callback\n (bsc#1071995 ).\n - llc: better deal with too small mtu (networking-stable-18_05_15).\n - llc: fix NULL pointer deref for SOCK_ZAPPED (networking-stable-18_04_26).\n - llc: hold llc_sap before release_sock() (networking-stable-18_04_26).\n - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it\n (bsc#1052766).\n - locking/atomics, dm-integrity: Convert ACCESS_ONCE() to\n READ_ONCE()/WRITE_ONCE() (bsc#1093023).\n - locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE()\n patterns to READ_ONCE()/WRITE_ONCE() (bsc#1093023).\n - locking/qspinlock: Ensure node is initialised before updating prev->next\n (bsc#1050549).\n - locking/qspinlock: Ensure node->count is updated before initialising\n node (bsc#1050549).\n - locking: Remove smp_read_barrier_depends() from\n queued_spin_lock_slowpath() (bsc#1050549).\n - loop: handle short DIO reads (bsc#1052766).\n - lpfc: Fix 16gb hbas failing cq create (bsc#1093290).\n - lpfc: Fix port initialization failure (bsc#1093290).\n - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak\n (bsc#1051510).\n - mac80211: Adjust SAE authentication timeout (bsc#1051510).\n - mac80211: Do not disconnect on invalid operating class (bsc#1051510).\n - mac80211: Fix condition validating WMM IE (bsc#1051510).\n - mac80211: Fix sending ADDBA response for an ongoing session\n (bsc#1051510).\n - mac80211: Fix setting TX power on monitor interfaces (bsc#1051510).\n - mac80211: drop frames with unexpected DS bits from fast-rx to slow path\n (bsc#1051510).\n - mac80211: mesh: fix wrong mesh TTL offset calculation (bsc#1051510).\n - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4\n (bsc#1051510).\n - mac80211: use timeout from the AddBA response instead of the request\n (bsc#1051510).\n - macros.kernel-source: define linux_arch for KMPs (boo#1098050).\n CONFIG_64BIT is no longer defined so KMP spec files need to include\n %{?linux_make_arch} in any make call to build modules or descent into\n the kernel directory for any reason.\n - macvlan: filter out unsupported feature flags\n (networking-stable-18_03_28).\n - macvlan: fix memory hole in macvlan_dev (bsc#1099918).\n - macvlan: remove unused fields in struct macvlan_dev (bsc#1099918).\n - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence\n (bsc#1051510).\n - mailbox: bcm-flexrm-mailbox: Fix mask used in CMPL_START_ADDR_VALUE()\n (bsc#1051510).\n - mailbox: mailbox-test: do not rely on rx_buffer content to signal data\n ready (bsc#1051510).\n - mbcache: initialize entry->e_referenced in mb_cache_entry_create()\n (bsc#1052766).\n - md raid10: fix NULL deference in handle_write_completed() (git-fixes).\n - md-cluster: choose correct label when clustered layout is not supported\n (bsc#1093023).\n - md-cluster: do not update recovery_offset for faulty device\n (bsc#1093023).\n - md-cluster: make function cluster_check_sync_size static (bsc#1093023).\n - md-multipath: Use seq_putc() in multipath_status() (bsc#1093023).\n - md/bitmap: clear BITMAP_WRITE_ERROR bit before writing it to sb\n (bsc#1093023).\n - md/bitmap: copy correct data for bitmap super (bsc#1093023).\n - md/bitmap: revert a patch (bsc#1093023).\n - md/r5cache: call mddev_lock/unlock() in r5c_journal_mode_show\n (bsc#1093023).\n - md/r5cache: fix io_unit handling in r5l_log_endio() (bsc#1093023).\n - md/r5cache: move mddev_lock() out of r5c_journal_mode_set()\n (bsc#1093023).\n - md/r5cache: print more info of log recovery (bsc#1093023).\n - md/raid0: attach correct cgroup info in bio (bsc#1093023).\n - md/raid1,raid10: silence warning about wait-within-wait (bsc#1093023).\n - md/raid1/10: add missed blk plug (bsc#1093023).\n - md/raid1: Fix trailing semicolon (bsc#1093023).\n - md/raid1: exit sync request if MD_RECOVERY_INTR is set (bsc#1093023).\n - md/raid1: fix NULL pointer dereference (bsc#1093023).\n - md/raid5: cap worker count (bsc#1093023).\n - md/raid5: correct degraded calculation in raid5_error (bsc#1093023).\n - md/raid5: simplify uninitialization of shrinker (bsc#1093023).\n - md: Delete gendisk before cleaning up the request queue (bsc#1093023).\n - md: allow metadata update while suspending (bsc#1093023).\n - md: always hold reconfig_mutex when calling mddev_suspend()\n (bsc#1093023).\n - md: be cautious about using ->curr_resync_completed for\n ->recovery_offset (bsc#1093023).\n - md: do not call bitmap_create() while array is quiesced (bsc#1093023).\n - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (bsc#1093023).\n - md: document lifetime of internal rdev pointer (bsc#1093023).\n - md: fix a potential deadlock of raid5/raid10 reshape (bsc#1093023).\n - md: fix a race condition for flush request handling (bsc#1093023).\n - md: fix deadlock error in recent patch (bsc#1093023).\n - md: fix md_write_start() deadlock w/o metadata devices (git-fixes).\n - md: fix two problems with setting the "re-add" device state\n (bsc#1098176).\n - md: forbid a RAID5 from having both a bitmap and a journal (bsc#1093023).\n - md: free unused memory after bitmap resize (bsc#1093023).\n - md: limit mdstat resync progress to max_sectors (bsc#1093023).\n - md: move suspend_hi/lo handling into core md code (bsc#1093023).\n - md: only allow remove_and_add_spares when no sync_thread running\n (bsc#1093023).\n - md: raid10: remove VLAIS (bsc#1093023).\n - md: raid10: remove a couple of redundant variables and initializations\n (bsc#1093023).\n - md: raid5: avoid string overflow warning (bsc#1093023).\n - md: release allocated bitset sync_set (bsc#1093023).\n - md: remove redundant variable q (bsc#1093023).\n - md: remove special meaning of ->quiesce(.., 2) (bsc#1093023).\n - md: rename some drivers/md/ files to have an "md-" prefix (bsc#1093023).\n - md: replace seq_release_private with seq_release (bsc#1093023).\n - md: separate request handling (bsc#1093023).\n - md: use TASK_IDLE instead of blocking signals (bsc#1093023).\n - md: use lockdep_assert_held (bsc#1093023).\n - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1093023).\n - media: atomisp_fops.c: disable atomisp_compat_ioctl32 (bsc#1051510).\n - media: au0828: add VIDEO_V4L2 dependency (bsc#1051510).\n - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bsc#1051510).\n - media: cx23885: Override 888 ImpactVCBe crystal frequency (bsc#1051510).\n - media: cx23885: Set subdev host data to clk_freq pointer (bsc#1051510).\n - media: dmxdev: fix error code for invalid ioctls (bsc#1051510).\n - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()\n (bsc#1051510).\n - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models (bsc#1051510).\n - media: em28xx: USB bulk packet size fix (bsc#1051510).\n - media: lgdt3306a: Fix a double kfree on i2c device remove (bsc#1051510).\n - media: lgdt3306a: Fix module count mismatch on usb unplug (bsc#1051510).\n - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918).\n - media: uvcvideo: Support realtek's UVC 1.5 device (bsc#1099109).\n - media: v4l2-compat-ioctl32: do not oops on overlay (bsc#1051510).\n - media: v4l2-compat-ioctl32: prevent go past max size (bsc#1051510).\n - media: videobuf2-core: do not go out of the buffer range (bsc#1051510).\n - media: vivid: check if the cec_adapter is valid (bsc#1051510).\n - mei: me: add cannon point device ids ().\n - mei: me: add cannon point device ids for 4th device ().\n - mei: remove dev_err message on an unsupported ioctl (bsc#1051510).\n - mfd: cros ec: spi: Do not send first message too soon (bsc#1051510).\n - mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock\n (bsc#1051510).\n - mfd: intel-lpss: Program REMAP register in PIO mode (bsc#1051510).\n - mkspec: only build docs for default variant kernel.\n - mlxsw: spectrum: Disable MAC learning for ovs port\n (networking-stable-17_12_31).\n - mlxsw: spectrum: Forbid linking to devices that have uppers FIX\n (stable-fixes).\n - mlxsw: spectrum: Prevent mirred-related crash on removal\n (networking-stable-17_10_09).\n - mlxsw: spectrum: Relax sanity checks during enslavement\n (networking-stable-18_01_12).\n - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic\n (networking-stable-18_03_28).\n - mlxsw: spectrum_router: Do not log an error on missing neighbor\n (networking-stable-18_01_28).\n - mlxsw: spectrum_router: Fix NULL pointer deref\n (networking-stable-18_01_12).\n - mlxsw: spectrum_router: Fix error path in mlxsw_sp_vr_create\n (networking-stable-18_03_07).\n - mlxsw: spectrum_router: Simplify a piece of code\n (networking-stable-18_01_12).\n - mlxsw: spectrum_switchdev: Check success of FDB add operation\n (networking-stable-18_03_07).\n - mm, oom_reaper: skip mm structs with mmu notifiers (bsc#1099918).\n - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset\n (bsc#1079152, VM Functionality).\n - mm, percpu: add support for __GFP_NOWARN flag (bsc#1089753).\n - mm, slab: reschedule cache_reap() on the same CPU (VM Functionality,\n bsc#1097796).\n - mm, swap: fix false error message in __swp_swapcount() (VM\n Functionality, bsc#1098043).\n - mm, swap: fix race between swap count continuation operations (VM\n Functionality, bsc#1097373). mm, swap: fix race between swap count\n continuation operations - KABI fix (VM Functionality, bsc#1097373).\n - mm, thp: do not cause memcg oom for thp (bnc#1089663).\n - mm/fadvise: discard partial page if endbyte is also EOF (bsc#1052766).\n - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bsc#1052766).\n - mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty() (VM\n Functionality, bsc#1097800).\n - mm/khugepaged.c: convert VM_BUG_ON() to collapse fail (VM Functionality,\n bsc#1097468).\n - mm/ksm.c: fix inconsistent accounting of zero pages (VM Functionality,\n bsc#1097780).\n - mm/mempolicy.c: avoid use uninitialized preferred_node (VM\n Functionality, bsc#1097465).\n - mm/page_owner: fix recursion bug after changing skip entries (VM\n Functionality, bsc#1097472).\n - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h\n (bsc#1078248).\n - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys\n (bsc#1078248).\n - mm/pkeys: Add an empty arch_pkeys_enabled() (bsc#1078248).\n - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (bsc#1078248).\n - mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()\n (bnc#1089667).\n - mm/thp: do not wait for lock_page() in deferred_split_scan() (VM\n Functionality, bsc#1097470).\n - mm: Fix memory size alignment in devm_memremap_pages_release() (VM\n Functionality, bsc#1097439).\n - mm: fix device-dax pud write-faults triggered by get_user_pages()\n (bsc#1052766).\n - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#971975 VM --\n git fixes).\n - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit\n systems (bsc#1088713).\n - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433\n (bsc#1051510).\n - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1051510).\n - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus\n (bsc#1051510).\n - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register\n (bsc#1051510).\n - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v (bsc#1051510).\n - mmc: sdhci-pci: Fix voltage switch for some Intel host controllers\n (bsc#1051510).\n - mmc: sdhci-pci: Only do AMD tuning for HS200 (bsc#1051510).\n - mq-deadline: Enable auto-loading when built as module (bsc#1099918).\n - mremap: Remove LATENCY_LIMIT from mremap to reduce the number of TLB\n shootdowns (bnc#1095115).\n - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS\n (bsc#1099918).\n - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bsc#1099918).\n - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0\n (bsc#1099918).\n - mtd: partitions: add helper for deleting partition (bsc#1099918).\n - mtd: partitions: remove sysfs files when deleting all master's\n partitions (bsc#1099918).\n - mtd: ubi: wl: Fix error return code in ubi_wl_init() (bsc#1051510).\n - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready()\n (bsc#1051510).\n - n_tty: Access echo_* variables carefully (bsc#1051510).\n - n_tty: Fix stall at n_tty_receive_char_special() (bsc#1051510).\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)\n (bnc#1094825).\n - nbd: do not start req until after the dead connection logic\n (bsc#1099918).\n - nbd: fix -ERESTARTSYS handling (bsc#1099918).\n - nbd: fix nbd device deletion (bsc#1099918).\n - nbd: fix return value in error handling path (bsc#1099918).\n - nbd: wait uninterruptible for the dead timeout (bsc#1099918).\n - net sched actions: fix refcnt leak in skbmod\n (networking-stable-18_05_15).\n - net sched actions: return explicit error when tunnel_key mode is not\n specified (bsc#1056787).\n - net/ipv6: Fix route leaking between VRFs (networking-stable-18_04_10).\n - net/ipv6: Increment OUTxxx counters after netfilter hook\n (networking-stable-18_04_10).\n - net/iucv: Free memory obtained by kzalloc (networking-stable-18_03_28).\n - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'\n (networking-stable-18_05_15).\n - net/mlx4_en: Verify coalescing parameters are in range\n (networking-stable-18_05_15).\n - net/mlx5: Avoid cleaning flow steering table twice during error flow\n (bsc#1091532).\n - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics\n (networking-stable-18_05_15).\n - net/mlx5: Eliminate query xsrq dead code (bsc#1046303 ).\n - net/mlx5: Fix build break when CONFIG_SMP=n (bsc#1046303 ).\n - net/mlx5: Fix mlx5_get_vector_affinity function (bsc#1046303 ).\n - net/mlx5e: Allow offloading ipv4 header re-write for icmp (bsc#1046303 ).\n - net/mlx5e: Do not reset Receive Queue params on every type change\n (bsc#1046303 ).\n - net/mlx5e: Err if asked to offload TC match on frag being first\n (networking-stable-18_05_15).\n - net/mlx5e: Fixed sleeping inside atomic context (bsc#1046303 ).\n - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1046303\n ).\n - net/mlx5e: TX, Use correct counter in dma_map error flow\n (networking-stable-18_05_15).\n - net/sched: cls_u32: fix cls_u32 on filter replace\n (networking-stable-18_03_07).\n - net/sched: fix NULL dereference in the error path of tcf_bpf_init()\n (bsc#1056787).\n - net/sched: fix NULL dereference in the error path of tunnel_key_init()\n (bsc#1056787).\n - net/sched: fix NULL dereference on the error path of tcf_skbmod_init()\n (bsc#1056787).\n - net/sctp: Always set scope_id in sctp_inet6_skb_msgname\n (networking-stable-17_11_20).\n - net/unix: do not show information about sockets from other namespaces\n (networking-stable-17_11_14).\n - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bsc#1087092).\n - net: Allow neigh contructor functions ability to modify the primary_key\n (networking-stable-18_01_28).\n - net: Fix hlist corruptions in inet_evict_bucket()\n (networking-stable-18_03_28).\n - net: Only honor ifindex in IP_PKTINFO if non-0\n (networking-stable-18_03_28).\n - net: Set sk_prot_creator when cloning sockets to the right proto\n (networking-stable-17_10_09).\n - net: af_packet: fix race in PACKET_{R|T}X_RING\n (networking-stable-18_04_26).\n - net: bonding: Fix transmit load balancing in balance-alb mode if\n specified by sysfs (networking-stable-17_10_09).\n - net: bonding: fix tlb_dynamic_lb default value\n (networking-stable-17_10_09).\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink\n leaks (networking-stable-17_12_31).\n - net: bridge: fix returning of vlan range op errors\n (networking-stable-17_11_14).\n - net: core: fix module type in sock_diag_bind\n (networking-stable-18_01_12).\n - net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY\n (networking-stable-17_12_31).\n - net: dsa: check master device before put (networking-stable-17_11_14).\n - net: dsa: mv88e6xxx: lock mutex when freeing IRQs\n (networking-stable-17_10_09).\n - net: emac: Fix napi poll list corruption (networking-stable-17_10_09).\n - net: ethernet: arc: Fix a potential memory leak if an optional regulator\n is deferred (networking-stable-18_03_28).\n - net: ethernet: sun: niu set correct packet size in skb\n (networking-stable-18_05_15).\n - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII\n PHY interface (networking-stable-18_03_28).\n - net: ethernet: ti: cpsw: fix net watchdog timeout\n (networking-stable-18_03_07).\n - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode\n (networking-stable-18_05_15).\n - net: ethernet: ti: cpsw: fix tx vlan priority mapping\n (networking-stable-18_04_26).\n - net: ethtool: Add missing kernel doc for FEC parameters (bsc#1046540 ).\n - net: fec: Fix unbalanced PM runtime calls (networking-stable-18_03_28).\n - net: fec: defer probe if regulator is not ready\n (networking-stable-18_01_12).\n - net: fec: free/restore resource in related probe error pathes\n (networking-stable-18_01_12).\n - net: fec: restore dev_id in the cases of probe error\n (networking-stable-18_01_12).\n - net: fec: unmap the xmit buffer that are not transferred by DMA\n (networking-stable-17_12_31).\n - net: fix deadlock while clearing neighbor proxy table\n (networking-stable-18_04_26).\n - net: fix possible out-of-bound read in skb_network_protocol()\n (networking-stable-18_04_10).\n - net: fool proof dev_valid_name() (networking-stable-18_04_10).\n - net: igmp: Use correct source address on IGMPv3 reports\n (networking-stable-17_12_31).\n - net: igmp: add a missing rcu locking section (git-fixes).\n - net: igmp: fix source address check for IGMPv3 reports (git-fixes).\n - net: ipv4: avoid unused variable warning for sysctl (git-fixes).\n - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68\n (networking-stable-18_03_07).\n - net: ipv6: keep sk status consistent after datagram connect failure\n (networking-stable-18_03_28).\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case\n (networking-stable-17_12_31).\n - net: phy: Fix mask value write on gmii2rgmii converter speed register\n (networking-stable-17_10_09).\n - net: phy: Tell caller result of phy_change()\n (networking-stable-18_03_28).\n - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT\n (networking-stable-18_03_07).\n - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well\n (networking-stable-17_12_31).\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg\n workaround (networking-stable-17_12_31).\n - net: qcom/emac: specify the correct size when mapping a DMA buffer\n (networking-stable-17_10_09).\n - net: qdisc_pkt_len_init() should be more robust\n (networking-stable-18_01_28).\n - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529\n bsc#1086319 ).\n - net: realtek: r8169: implement set_link_ksettings()\n (networking-stable-17_12_12).\n - net: reevalulate autoflowlabel setting after sysctl setting\n (networking-stable-17_12_31).\n - net: remove hlist_nulls_add_tail_rcu() (networking-stable-17_12_12).\n - net: sched: fix error path in tcf_proto_create() when modules are not\n configured (networking-stable-18_05_15).\n - net: sched: ife: check on metadata length (networking-stable-18_04_26).\n - net: sched: ife: handle malformed tlv length\n (networking-stable-18_04_26).\n - net: sched: ife: signal not finding metaid (networking-stable-18_04_26).\n - net: sched: report if filter is too large to dump\n (networking-stable-18_03_07).\n - net: stmmac: enable EEE in MII, GMII or RGMII only\n (networking-stable-18_01_12).\n - net: support compat 64-bit time in {s,g}etsockopt\n (networking-stable-18_05_15).\n - net: systemport: Correct IPG length settings\n (networking-stable-17_11_20).\n - net: systemport: Rewrite __bcm_sysport_tx_reclaim()\n (networking-stable-18_03_28).\n - net: tcp: close sock if net namespace is exiting\n (networking-stable-18_01_28).\n - net: validate attribute sizes in neigh_dump_table()\n (networking-stable-18_04_26).\n - net: vrf: Add support for sends to local broadcast address\n (networking-stable-18_01_28).\n - net_sched: fq: take care of throttled flows before reuse\n (networking-stable-18_05_15).\n - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed\n (networking-stable-17_11_20).\n - netfilter: use skb_to_full_sk in ip6_route_me_harder (bsc#1076830).\n - netlink: avoid a double skb free in genlmsg_mcast() (git-fixes).\n - netlink: do not proceed if dump's start() errs\n (networking-stable-17_10_09).\n - netlink: do not set cb_running if dump's start() errs\n (networking-stable-17_11_14).\n - netlink: ensure to loop over all netns in genlmsg_multicast_allns()\n (networking-stable-18_03_07).\n - netlink: extack needs to be reset each time through loop\n (networking-stable-18_01_28).\n - netlink: make sure nladdr has correct size in netlink_connect()\n (networking-stable-18_04_10).\n - netlink: put module reference if dump start fails (git-fixes).\n - netlink: reset extack earlier in netlink_rcv_skb\n (networking-stable-18_01_28).\n - nfit-test: Add platform cap support from ACPI 6.2a to test (bsc#1091424).\n - nfit: skip region registration for incomplete control regions\n (bsc#1091666).\n - nfp: use full 40 bits of the NSP buffer address (bsc#1055968).\n - nfs: system crashes after NFS4ERR_MOVED recovery (git-fixes).\n - nfsd: fix incorrect umasks (git-fixes).\n - nl80211: relax ht operation checks for mesh (bsc#1051510).\n - nubus: Avoid array underflow and overflow (bsc#1099918).\n - nubus: Fix up header split (bsc#1099918).\n - nvme-fabrics: allow duplicate connections to the discovery controller\n (bsc#1098706).\n - nvme-fabrics: allow internal passthrough command on deleting controllers\n (bsc#1098706).\n - nvme-fabrics: centralize discovery controller defaults (bsc#1098706).\n - nvme-fabrics: fix and refine state checks in __nvmf_check_ready\n (bsc#1098706).\n - nvme-fabrics: handle the admin-only case properly in nvmf_check_ready\n (bsc#1098706).\n - nvme-fabrics: refactor queue ready check (bsc#1098706).\n - nvme-fabrics: remove unnecessary controller subnqn validation\n (bsc#1098706).\n - nvme-fc: change controllers first connect to use reconnect path\n (bsc#1098706).\n - nvme-fc: fix nulling of queue data on reconnect (bsc#1098706).\n - nvme-fc: release io queues to allow fast fail (bsc#1098706).\n - nvme-fc: remove reinit_request routine (bsc#1098706).\n - nvme-fc: remove setting DNR on exception conditions (bsc#1098706).\n - nvme-multipath: fix sysfs dangerously created links (bsc#1096529).\n - nvme-rdma: Do not flush delete_wq by default during remove_one\n (bsc#1089977).\n - nvme-rdma: Fix command completion race at error recovery (bsc#1099041).\n - nvme-rdma: correctly check for target keyed sgl support (bsc#1099041).\n - nvme-rdma: do not override opts->queue_size (bsc#1099041).\n - nvme-rdma: fix error flow during mapping request data (bsc#1099041).\n - nvme-rdma: fix possible double free condition when failing to create a\n controller (bsc#1099041).\n - nvme/multipath: Fix multipath disabled naming collisions (bsc#1098706).\n - nvme: Set integrity flag for user passthrough commands (bsc#1098706).\n - nvme: Skip checking heads without namespaces (bsc#1098706).\n - nvme: Use admin command effects for admin commands (bsc#1098706).\n - nvme: add quirk to force medium priority for SQ creation ().\n - nvme: allow duplicate controller if prior controller being deleted\n (bsc#1098706).\n - nvme: check return value of init_srcu_struct function (bsc#1098706).\n - nvme: do not send keep-alives to the discovery controller ().\n - nvme: expand nvmf_check_if_ready checks (bsc#1098706).\n - nvme: fix NULL pointer dereference in nvme_init_subsystem (bsc#1098706).\n - nvme: fix extended data LBA supported setting ().\n - nvme: fix lockdep warning in nvme_mpath_clear_current_path ().\n - nvme: fix potential memory leak in option parsing (bsc#1098706).\n - nvme: move init of keep_alive work item to controller initialization\n (bsc#1098706).\n - nvme: target: fix buffer overflow ().\n - nvmet-fc: increase LS buffer count per fc port (bsc#1098706).\n - nvmet-rdma: Do not flush system_wq by default during remove_one\n (bsc#1089977).\n - nvmet: fix space padding in serial number ().\n - nvmet: switch loopback target state to connecting when resetting\n (bsc#1098706).\n - objtool, perf: Fix GCC 8 -Wrestrict error (Fix gcc 8 restrict error).\n - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute\n (bsc#1052766).\n - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1052766).\n - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources\n (bsc#1052766).\n - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid\n (bsc#1052766).\n - of: overlay: validate offset from property fixups (bsc#1051510).\n - of: platform: stop accessing invalid dev in of_platform_device_destroy\n (bsc#1051510).\n - of: unittest: for strings, account for trailing \\0 in property length\n field (bsc#1051510).\n - omapdrm: panel: fix compatible vendor string for td028ttec1\n (bsc#1051510).\n - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is\n found (networking-stable-18_05_15).\n - ovl: Put upperdentry if ovl_check_origin() fails (bsc#1088704).\n - ovl: Return -ENOMEM if an allocation fails ovl_lookup() (bsc#1096065).\n - ovl: fix failure to fsync lower dir.\n - ovl: fix lookup with middle layer opaque dir and absolute path redirects\n (bsc#1090605).\n - ovl: treat btrfs mounts as different superblocks (bsc#1059336).\n - p54: do not unregister leds when they are not initialized (bsc#1051510).\n - parport_pc: Add support for WCH CH382L PCI-E single parallel port card\n (bsc#1051510).\n - partitions/msdos: Unable to mount UFS 44bsd partitions (bsc#1051510).\n - pinctrl/amd: Fix build dependency on pinmux code (bsc#1051510).\n - pinctrl/amd: save pin registers over suspend/resume (bsc#1051510).\n - pinctrl: adi2: Fix Kconfig build problem (bsc#1051510).\n - pinctrl: armada-37xx: Fix direction_output() callback behavior\n (bsc#1051510).\n - pinctrl: artpec6: dt: add missing pin group uart5nocts (bsc#1051510).\n - pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts\n (bsc#1051510).\n - pinctrl: denverton: Fix UART2 RTS pin mode (bsc#1051510).\n - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bsc#1051510).\n - pinctrl: rockchip: enable clock when reading pin direction register\n (bsc#1051510).\n - pinctrl: samsung: Fix NULL pointer exception on external interrupts on\n S3C24xx (bsc#1051510).\n - pinctrl: samsung: Fix invalid register offset used for Exynos5433\n external interrupts (bsc#1051510).\n - pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using\n STP_ISEN_1_D (bsc#1051510).\n - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI\n pins group (bsc#1051510).\n - pinctrl: sunxi: Fix A64 UART mux value (bsc#1051510).\n - pinctrl: sunxi: Fix A80 interrupt pin bank (bsc#1051510).\n - pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping\n (bsc#1051510).\n - pinctrl: sx150x: Register pinctrl before adding the gpiochip\n (bsc#1051510).\n - pinctrl: sx150x: Unregister the pinctrl on release (bsc#1051510).\n - pipe: fix off-by-one error when checking buffer limits (bsc#1051510).\n - pktcdvd: Fix a recently introduced NULL pointer dereference\n (bsc#1099918).\n - pktcdvd: Fix pkt_setup_dev() error path (bsc#1099918).\n - platform/chrome: Use proper protocol transfer function (bsc#1051510).\n - platform/chrome: cros_ec_lpc: remove redundant pointer request\n (bsc#1051510).\n - platform/x86: asus-wireless: Fix NULL pointer dereference (bsc#1051510).\n - platform/x86: asus-wmi: Fix NULL pointer dereference (bsc#1051510).\n - platform/x86: fujitsu-laptop: Support Lifebook U7x7 hotkeys\n (bsc#1087284).\n - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill\n (bsc#1093035).\n - platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too\n (bsc#1098626).\n - platform/x86: thinkpad_acpi: suppress warning about palm detection\n (bsc#1051510).\n - power: supply: ab8500_charger: Bail out in case of error in\n 'ab8500_charger_init_hw_registers()' (bsc#1051510).\n - power: supply: ab8500_charger: Fix an error handling path (bsc#1051510).\n - power: supply: axp288_charger: Properly stop work on probe-error /\n remove (bsc#1051510).\n - powerpc/64/kexec: fix race in kexec when XIVE is shutdown (bsc#1088273).\n Refresh patchset with upstream patches\n - powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep\n (bsc#1055186, ).\n - powerpc/64s/idle: avoid sync for KVM state when waking from idle\n (bsc#1061840).\n - powerpc/64s: Add all POWER9 features to CPU_FTRS_ALWAYS (bsc#1055117).\n - powerpc/64s: Enable barrier_nospec based on firmware settings\n (bsc#1068032, bsc#1080157). Delete\n patches.arch/powerpc-64-barrier_nospec-Add-commandline-trigger.patch.\n Delete patches.arch/powerpc-64s-barrier_nospec-Add-hcall-trigger.patch.\n - powerpc/64s: Enhance the information in cpu_show_spectre_v1()\n (bsc#1068032).\n - powerpc/64s: Explicitly add vector features to CPU_FTRS_POSSIBLE\n (bsc#1055117).\n - powerpc/64s: Fix CPU_FTRS_ALWAYS vs DT CPU features (bsc#1055117).\n - powerpc/64s: Fix POWER9 DD2.2 and above in DT CPU features (bsc#1055117).\n - powerpc/64s: Fix POWER9 DD2.2 and above in cputable features\n (bsc#1055117).\n - powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR\n bits (bsc#1055117).\n - powerpc/64s: Fix mce accounting for powernv (bsc#1094244).\n - powerpc/64s: Fix pkey support in dt_cpu_ftrs, add CPU_FTR_PKEY bit\n (bsc#1055117).\n - powerpc/64s: Refine feature sets for little endian builds (bsc#1055117).\n - powerpc/64s: Remove POWER4 support (bsc#1055117).\n - powerpc/64s: Set assembler machine type to POWER4 (bsc#1055117).\n - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).\n - powerpc/fadump: exclude memory holes while reserving memory in second\n kernel (bsc#1092772).\n - powerpc/kvm: Fix guest boot failure on Power9 since DAWR changes\n (bsc#1061840).\n - powerpc/kvm: Fix lockups when running KVM guests on Power8 (bsc#1061840).\n - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1065729).\n - powerpc/livepatch: Fix KABI breaker in stacktrace.c (bsc#1071995\n bsc#1072856 bsc#1087458 bsc#1089664 bsc#1089669).\n - powerpc/livepatch: Fix build error with kprobes disabled (bsc#1071995 ).\n - powerpc/mm/radix: Fix always false comparison against MMU_NO_CONTEXT\n (bsc#1055186, ).\n - powerpc/mm/radix: Fix checkstops caused by invalid tlbiel (bsc#1055186,\n ).\n - powerpc/mm/radix: Parse disable_radix commandline correctly\n (bsc#1055186, ).\n - powerpc/mm/radix: Update command line parsing for disable_radix\n (bsc#1055186, ).\n - powerpc/mm/radix: Update pte fragment count from 16 to 256 on radix\n (bsc#1055186, ).\n - powerpc/mm: Add a CONFIG option to choose if radix is used by default\n (bsc#1055186, ).\n - powerpc/mm: Fix thread_pkey_regs_init() (bsc#1078248, git-fixes).\n - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc1056686).\n - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc1056686).\n - powerpc/perf: Fix kernel address leak via sampling registers\n (bsc1056686).\n - powerpc/perf: Infrastructure to support addition of blacklisted events\n (bsc1056686).\n - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer\n (bsc1056686).\n - powerpc/perf: Prevent kernel address leak via perf_get_data_addr()\n (bsc1056686).\n - powerpc/perf: fix bug references.\n - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (bsc#1078248,\n git-fixes).\n - powerpc/pkeys: Drop private VM_PKEY definitions (bsc#1078248).\n - powerpc/pseries: Restore default security feature flags on setup\n (bsc#1068032). Refresh\n patches.arch/powerpc-64s-barrier_nospec-Add-hcall-trigger.patch.\n - powerpc/ptrace: Fix enforcement of DAWR constraints (bsc#1099918).\n - powerpc/xive: Fix wrong xmon output caused by typo (bsc#1088273).\n - powerpc/xmon: Also setup debugger hooks when single-stepping\n (bsc#1072829).\n - powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code\n paths (bsc#1088804).\n - powerpc64/ftrace: Add helpers to hard disable ftrace (bsc#1088804).\n - powerpc64/ftrace: Delay enabling ftrace on secondary cpus (bsc#1088804).\n - powerpc64/ftrace: Disable ftrace during hotplug (bsc#1088804).\n - powerpc64/ftrace: Disable ftrace during kvm guest entry/exit\n (bsc#1088804).\n - powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (bsc#1088804).\n - powerpc64/ftrace: Use the generic version of ftrace_replace_code()\n (bsc#1088804).\n - powerpc64/kexec: Hard disable ftrace before switching to the new kernel\n (bsc#1088804).\n - powerpc64/module: Tighten detection of mcount call sites with\n -mprofile-kernel (bsc#1088804).\n - powerpc: Add ppc_breakpoint_available() (bsc#1055117).\n - powerpc: Machine check interrupt is a non-maskable interrupt\n (bsc#1094244).\n - powerpc: Remove unused CPU_FTR_ARCH_201 (bsc#1055117).\n - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032,\n bsc#1080157).\n - ppc64le: reliable stacktrace: handle graph traced functions\n (bsc#1089664).\n - ppc64le: reliable stacktrace: mark stacktraces with exception frames as\n unreliable (bsc#1089669).\n - ppc64le: reliable stacktrace: mark stacktraces with kretprobe_trampoline\n as unreliable (bsc#1090522).\n - ppp: avoid loop in xmit recursion detection code\n (networking-stable-18_03_28).\n - ppp: fix race in ppp device destruction (networking-stable-17_11_14).\n - ppp: prevent unregistered channels from connecting to PPP units\n (networking-stable-18_03_07).\n - ppp: unlock all_ppp_mutex before registering device\n (networking-stable-18_01_28).\n - pppoe: check sockaddr length in pppoe_connect()\n (networking-stable-18_04_26).\n - pppoe: take ->needed_headroom of lower device into account on xmit\n (networking-stable-18_01_28).\n - pptp: remove a buggy dst release in pptp_connect()\n (networking-stable-18_04_10).\n - printk: fix possible reuse of va_list variable (bsc#1100602).\n - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652).\n - ptr_ring: add barriers (networking-stable-17_12_31).\n - pty: cancel pty slave port buf's work in tty_release (bsc#1051510).\n - pwm: lpss: platform: Save/restore the ctrl register over a\n suspend/resume (bsc#1051510).\n - pwm: rcar: Fix a condition to prevent mismatch value setting to duty\n (bsc#1051510).\n - pwm: stmpe: Fix wrong register offset for hwpwm=2 case (bsc#1051510).\n - qed: Fix l2 initializations over iWARP personality (bsc#1050536\n bsc#1050545 ).\n - qed: Fix non TCP packets should be dropped on iWARP ll2 connection\n (bsc#1050545 ).\n - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1050536 bsc#1050545 ).\n - qed: Use after free in qed_rdma_free() (bsc#1050536 bsc#1050545 ).\n - qede: Fix gfp flags sent to rdma event node allocation (bsc#1050538\n bsc#1050545 ).\n - qede: Fix qedr link update (bsc#1050538 bsc#1050545 ).\n - qla2xxx: Enable T10-DIF with FC-NVMe enabled (bsc#1091264).\n - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054).\n - qmi_wwan: Add missing skb_reset_mac_header-call\n (networking-stable-17_11_20).\n - qmi_wwan: Add support for Quectel EP06 (networking-stable-18_02_06).\n - qmi_wwan: do not steal interfaces from class drivers (bsc#1092888).\n - r8169: fix powering up RTL8168h (bsc#1051510).\n - r8169: fix setting driver_data after register_netdev (bsc#1051510).\n - radeon: hide pointless #warning when compile testing (bsc#1051510).\n - radix tree test suite: add item_delete_rcu() (bsc#1095467).\n - radix tree test suite: fix compilation issue (bsc#1095467).\n - radix tree test suite: fix mapshift build target (bsc#1095467).\n - radix tree test suite: multi-order iteration race (bsc#1095467).\n - radix tree: fix multi-order iteration race (bsc#1095467).\n - raid10: check bio in r10buf_pool_free to void NULL pointer dereference\n (bsc#1098174).\n - raid1: copy write hint from master bio to behind bio (bsc#1093023).\n - raid1: prevent freeze_array/wait_all_barriers deadlock (bsc#1093023).\n - raid1: remove obsolete code in raid1_write_request (bsc#1093023).\n - raid5-ppl: PPL support for disks with write-back cache enabled\n (bsc#1093023).\n - raid5-ppl: fix handling flush requests (bsc#1093023).\n - raid5: Set R5_Expanded on parity devices as well as data (bsc#1093023).\n - raid5: remove raid5_build_block (bsc#1093023).\n - raid: remove tile specific raid6 implementation (bsc#1093023).\n - random: crng_reseed() should lock the crng instance that it is modifying\n (bsc#1051510).\n - random: use a different mixing algorithm for add_device_randomness()\n (bsc#1051510).\n - random: use a tighter cap in credit_entropy_bits_safe() (bsc#1051510).\n - rbd: use GFP_NOIO for parent stat and data requests (bsc#1093728).\n - rds: Incorrect reference counting in TCP socket creation (bsc#1076830).\n - rds: MP-RDS may use an invalid c_path (networking-stable-18_04_13).\n - rds: do not leak kernel memory to user land (networking-stable-18_05_15).\n - regulator: Do not return or expect -errno from of_map_mode()\n (bsc#1099029).\n - regulator: cpcap: Fix standby mode (bsc#1051510).\n - regulator: gpio: Fix some error handling paths in\n 'gpio_regulator_probe()' (bsc#1091960).\n - regulator: of: Add a missing 'of_node_put()' in an error handling path\n of 'of_regulator_match()' (bsc#1051510).\n - reiserfs: mark read-write mode unsupported ().\n - reiserfs: package in separate KMP ().\n - resource: fix integer overflow at reallocation (bsc#1086739).\n - restore cond_resched() in shrink_dcache_parent() (bsc#1098599).\n - rfkill: gpio: fix memory leak in probe error path (bsc#1051510).\n - rhashtable: Fix rhlist duplicates insertion (bsc#1051510).\n - rmdir(),rename(): do shrink_dcache_parent() only on success\n (bsc#1100340).\n - rocker: fix possible null pointer dereference in\n rocker_router_fib_event_work (networking-stable-18_02_06).\n - route: check sysctl_fib_multipath_use_neigh earlier than hash\n (networking-stable-18_04_10).\n - rpm/config.sh: Fixup BUGZILLA_PRODUCT variable\n - rpm/kernel-docs.spec.in: Fix and cleanup for 4.13 doc build\n (bsc#1048129) The whole DocBook stuff has been deleted. The PDF build\n still non-working thus the sub-packaging disabled so far.\n - rpm/kernel-source.changes.old: Add pre-SLE15 history (bsc#1098995).\n - rpm/modules.fips include module list from dracut\n - rpm: fix typo, SUSE_KERNEL_RELEASE -> SUSE_KERNEL_RELEASED\n (bsc#1095104). This causes release kernels to report as (unreleased).\n - rt2x00: do not pause queue unconditionally on error path (bsc#1051510).\n - rtc-opal: Fix handling of firmware error codes, prevent busy loops\n (bsc#1051510).\n - rtc: hctosys: Ensure system time does not overflow time_t (bsc#1051510).\n - rtc: pcf8563: fix output clock rate (bsc#1051510).\n - rtc: pl031: make interrupt optional (bsc#1051510).\n - rtc: snvs: Fix usage of snvs_rtc_enable (bsc#1051510).\n - rtc: tx4939: avoid unintended sign extension on a 24 bit shift\n (bsc#1051510).\n - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bsc#1051510).\n - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c\n (bsc#1051510).\n - rxrpc: Fix send in rxrpc_send_data_packet() (networking-stable-18_03_07).\n - s390/archrandom: Reconsider s390 arch random implementation\n (bnc#1096753, LTC#168037).\n - s390/archrandom: Rework arch random implementation (bnc#1096753,\n LTC#168037).\n - s390/cio: update chpid descriptor after resource accessibility event\n (bnc#1093148, LTC#167307).\n - s390/cpum_sf: ensure sample frequency of perf event attributes is\n non-zero (bnc#1096753, LTC#168037).\n - s390/crypto: Adjust s390 aes and paes cipher priorities (bsc#1090098).\n - s390/dasd: fix IO error for newly defined devices (bnc#1093148,\n LTC#167307).\n - s390/qdio: do not merge ERROR output buffers (bsc#1099715).\n - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1096753,\n LTC#168037).\n - s390/qeth: do not dump control cmd twice (bsc#1099715).\n - s390/qeth: fix IPA command submission race (bsc#1099715).\n - s390/qeth: fix IPA command submission race (networking-stable-18_03_07).\n - s390/qeth: fix MAC address update sequence (bnc#1093148, LTC#167307).\n - s390/qeth: fix overestimated count of buffer elements (bsc#1099715).\n - s390/qeth: fix overestimated count of buffer elements\n (networking-stable-18_03_07).\n - s390/qeth: free netdevice when removing a card (bsc#1099715).\n - s390/qeth: free netdevice when removing a card\n (networking-stable-18_03_28).\n - s390/qeth: lock read device while queueing next buffer (bsc#1099715).\n - s390/qeth: lock read device while queueing next buffer\n (networking-stable-18_03_28).\n - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093148, LTC#167307).\n - s390/qeth: use Read device to query hypervisor for MAC (bsc#1061024 ).\n - s390/qeth: when thread completes, wake up all waiters (bsc#1099715).\n - s390/qeth: when thread completes, wake up all waiters\n (networking-stable-18_03_28).\n - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1093148,\n LTC#167307).\n - s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak\n (bnc#1096753, LTC#168037).\n - s390: add automatic detection of the spectre defense (bsc#1090098).\n - s390: add sysfs attributes for spectre (bsc#1090098).\n - s390: correct nospec auto detection init order (bsc#1090098).\n - s390: move nobp parameter functions to nospec-branch.c (bsc#1090098).\n - s390: report spectre mitigation via syslog (bsc#1090098).\n - sch_netem: fix skb leak in netem_enqueue() (networking-stable-18_03_28).\n - sched/numa: Stagger NUMA balancing scan periods for new threads\n (Automatic NUMA Balancing ()).\n - sched/rt: Fix rq->clock_update_flags lower than RQCF_ACT_SKIP warning\n (bsc#1022476).\n - sched: Make resched_cpu() unconditional (Git-fixes).\n - sched: Stop resched_cpu() from sending IPIs to offline CPUs (Git-fixes).\n - sched: Stop switched_to_rt() from sending IPIs to offline CPUs\n (Git-fixes).\n - scripts/git_sort/git_sort.py:\n - scripts/git_sort/git_sort.py: Remove duplicated repo entry\n - scripts/git_sort/git_sort.py: add Viro's vfs git\n - scsi: core: return BLK_STS_OK for DID_OK in\n __scsi_error_from_host_byte() (bsc#1099918).\n - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961).\n - scsi: ipr: new IOASC update (bsc#1097961).\n - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088866).\n - scsi: lpfc: Change IO submit return to EBUSY if remote port is\n recovering (bsc#1088866).\n - scsi: lpfc: Comment cleanup regarding Broadcom copyright header\n (bsc#1088866).\n - scsi: lpfc: Correct fw download error message (bsc#1088866).\n - scsi: lpfc: Correct missing remoteport registration during link bounces\n (bsc#1088866).\n - scsi: lpfc: Correct target queue depth application changes (bsc#1088866).\n - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt\n (bsc#1088866).\n - scsi: lpfc: Enhance log messages when reporting CQE errors (bsc#1088866).\n - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts\n (bsc#1088866).\n - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1093290).\n - scsi: lpfc: Fix Abort request WQ selection (bsc#1088866).\n - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1088866).\n - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088866).\n - scsi: lpfc: Fix NULL pointer reference when resetting adapter\n (bsc#1088866).\n - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc\n (bsc#1088866).\n - scsi: lpfc: Fix driver not recovering NVME rports during target link\n faults (bsc#1088866).\n - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload\n (bsc#1088866).\n - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088866).\n - scsi: lpfc: Fix nvme remoteport registration race conditions\n (bsc#1088866).\n - scsi: lpfc: Fix port initialization failure (bsc#1093290).\n - scsi: lpfc: Fix up log messages and stats counters in IO submit code\n path (bsc#1088866).\n - scsi: lpfc: Handle new link fault code returned by adapter firmware\n (bsc#1088866).\n - scsi: lpfc: correct oversubscription of nvme io requests for an adapter\n (bsc#1088866).\n - scsi: lpfc: enhance LE data structure copies to hardware (bsc#1088866).\n - scsi: lpfc: fix spelling mistakes: "mabilbox" and "maibox" (bsc#1088866).\n - scsi: lpfc: update driver version to 12.0.0.2 (bsc#1088866).\n - scsi: lpfc: update driver version to 12.0.0.3 (bsc#1088866).\n - scsi: lpfc: update driver version to 12.0.0.4 (bsc#1088866).\n - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084570).\n - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084570).\n - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling\n (bsc#1084570).\n - scsi: qla2xxx: Delete session for nport id change (bsc#1077338).\n - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084570).\n - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084570).\n - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change\n (bsc#1084570).\n - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084570).\n - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe\n failure (bsc#1077338).\n - scsi: qla2xxx: Remove nvme_done_list (bsc#1084570).\n - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe\n (bsc#1084570).\n - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084570).\n - scsi: qla2xxx: Return busy if rport going away (bsc#1084570).\n - scsi: qla2xxx: Set IIDMA and fcport state before\n qla_nvme_register_remote() (bsc#1084570).\n - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084570).\n - scsi: raid_class: Add 'JBOD' RAID level (bsc#1093023).\n - scsi: sg: mitigate read/write abuse (bsc#1101296).\n - scsi: target: fix crash with iscsi target and dvd (bsc#1099918).\n - sctp: delay the authentication for the duplicated cookie-echo chunk\n (networking-stable-18_05_15).\n - sctp: do not check port in sctp_inet6_cmp_addr\n (networking-stable-18_04_26).\n - sctp: do not leak kernel memory to user space\n (networking-stable-18_04_10).\n - sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled\n (networking-stable-18_01_12).\n - sctp: fix dst refcnt leak in sctp_v6_get_dst()\n (networking-stable-18_03_07).\n - sctp: fix the handling of ICMP Frag Needed for too small MTUs\n (networking-stable-18_01_12).\n - sctp: fix the issue that the cookie-ack with auth can't get processed\n (networking-stable-18_05_15).\n - sctp: full support for ipv6 ip_nonlocal_bind and IP_FREEBIND\n (networking-stable-17_11_14).\n - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr\n - sctp: potential read out of bounds in sctp_ulpevent_type_enabled()\n (networking-stable-17_10_09).\n - sctp: remove sctp_chunk_put from fail_mark err path in\n sctp_ulpevent_make_rcvmsg (networking-stable-18_05_15).\n - sctp: reset owner sk for data chunks on out queues when migrating a sock\n (networking-stable-17_11_14).\n - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6\n (networking-stable-18_04_10).\n - sctp: use right member as the param of list_for_each_entry (git-fixes).\n - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d\n (networking-stable-18_05_15).\n - sdhci: Advertise 2.0v supply on SDIO host controller (bsc#1051510).\n - selftests/powerpc: Fix copyloops build since Power4 assembler change\n (bsc#1055117).\n - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bsc#1051510).\n - selinux: ensure the context is NUL terminated in\n security_context_to_sid_core() (bsc#1051510).\n - selinux: skip bounded transition processing if the policy isn't loaded\n (bsc#1051510).\n - serdev: fix memleak on module unload (bsc#1051510).\n - serdev: fix receive_buf return value when no callback (bsc#1051510).\n - serdev: fix registration of second slave (bsc#1051510).\n - serdev: ttyport: add missing open() error handling (bsc#1051510).\n - serdev: ttyport: add missing receive_buf sanity checks (bsc#1051510).\n - serdev: ttyport: enforce tty-driver open() requirement (bsc#1051510).\n - serdev: ttyport: fix NULL-deref on hangup (bsc#1051510).\n - serdev: ttyport: fix tty locking in close (bsc#1051510).\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bsc#1051510).\n - serial: 8250: omap: Fix idling of clocks for unused uarts (bsc#1051510).\n - serial: 8250_dw: Disable clock on error (bsc#1051510).\n - serial: 8250_fintek: Fix finding base_port with activated SuperIO\n (bsc#1051510).\n - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device\n (bsc#1051510).\n - serial: altera: ensure port->regshift is honored consistently\n (bsc#1051510).\n - serial: arc_uart: Fix out-of-bounds access through DT alias\n (bsc#1051510).\n - serial: core: mark port as initialized in autoconfig (bsc#1051510).\n - serial: fsl_lpuart: Fix out-of-bounds access through DT alias\n (bsc#1051510).\n - serial: imx: Fix out-of-bounds access through serial port index\n (bsc#1051510).\n - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS\n (bsc#1051510).\n - serial: mxs-auart: Fix out-of-bounds access through serial port index\n (bsc#1051510).\n - serial: omap: Fix EFR write on RTS deassertion (bsc#1051510).\n - serial: samsung: Fix out-of-bounds access through serial port index\n (bsc#1051510).\n - serial: samsung: fix maxburst parameter for DMA transactions\n (bsc#1051510).\n - serial: sh-sci: Fix out-of-bounds access through DT alias (bsc#1051510).\n - serial: sh-sci: Stop using printk format %pCr (bsc#1051510).\n - serial: sh-sci: prevent lockup on full TTY buffers (bsc#1051510).\n - serial: xuartps: Fix out-of-bounds access through DT alias (bsc#1051510).\n - sget(): handle failures of register_shrinker() (bsc#1052766).\n - sh_eth: fix SH7757 GEther initialization (networking-stable-18_01_12).\n - sh_eth: fix TSU resource handling (networking-stable-18_01_12).\n - skbuff: Fix not waking applications when errors are enqueued\n (networking-stable-18_03_28).\n - sky2: Increase D3 delay to sky2 stops working after suspend\n (bsc#1051510).\n - slip: Check if rstate is initialized before uncompressing\n (networking-stable-18_04_13).\n - sock: free skb in skb_complete_tx_timestamp on error\n (networking-stable-17_12_31).\n - soreuseport: fix mem leak in reuseport_add_sock()\n (networking-stable-18_02_06).\n - spi: Fix scatterlist elements size in spi_map_buf (bsc#1051510).\n - spi: a3700: Fix clk prescaling for coefficient over 15 (bsc#1051510).\n - spi: a3700: Return correct value on timeout detection (bsc#1051510).\n - spi: armada-3700: Fix failing commands with quad-SPI (bsc#1051510).\n - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bsc#1051510).\n - spi: atmel: init FIFOs before spi enable (bsc#1051510).\n - spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path\n (bsc#1051510).\n - spi: imx: do not access registers while clocks disabled (bsc#1051510).\n - spi: sh-msiof: Fix DMA transfer size check (bsc#1051510).\n - spi: spi-axi: fix potential use-after-free after deregistration\n (bsc#1051510).\n - spi: sun4i: disable clocks in the remove function (bsc#1051510).\n - spi: sun6i: disable/unprepare clocks on remove (bsc#1051510).\n - spi: xilinx: Detect stall with Unknown commands (bsc#1051510).\n - srcu: Provide ordering for CPU not involved in grace period\n (bsc#1052766).\n - staging: bcm2835-audio: Release resources on module_exit() (bsc#1051510).\n - staging: comedi: fix comedi_nsamples_left (bsc#1051510).\n - staging: comedi: ni_mio_common: ack ai fifo error interrupts\n (bsc#1051510).\n - staging: iio: ad5933: switch buffer mode to software (bsc#1051510).\n - staging: iio: ad7192: Fix - use the dedicated reset function avoiding\n dma from stack (bsc#1051510).\n - staging: iio: adc: ad7192: fix external frequency setting (bsc#1051510).\n - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr\n (bsc#1051510).\n - staging: vchiq_2835_arm: Fix NULL ptr dereference in free_pagelist\n (bsc#1051510).\n - staging: wilc1000: Fix bssid buffer offset in Txq (bsc#1051510).\n - stm class: Fix a use-after-free (bsc#1051510).\n - stm class: Use vmalloc for the master map (bsc#1051510).\n - stmmac: reset last TSO segment size after device open\n (networking-stable-17_12_12).\n - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX\n (networking-stable-18_04_26).\n - strparser: Fix incorrect strp->need_bytes value\n (networking-stable-18_04_26).\n - strparser: Fix sign of err codes (networking-stable-18_04_10).\n - sunrpc: remove incorrect HMAC request initialization (bsc#1051510).\n - supported.conf: Remove external flag from iwlwifi modules (bsc#1093273)\n - supported.conf: add arch/s390/crypto/crc32-vx_s390 (bsc#1089889).\n - supported.conf: fix folder of the driver module\n - supported.conf: mark new FIPS modules as supported: sha2-mb, sha3, crc32\n and crypto_engine (bsc#1074984)\n - supported.conf: remove obsolete entry drivers/tty/serial/of_serial ->\n drivers/tty/serial/8250/8250_of\n - swap: divide-by-zero when zero length swap file on ssd (bsc#1051510).\n - swiotlb: suppress warning when __GFP_NOWARN is set (bsc#1051510).\n - tap: reference to KVA of an unloaded module causes kernel panic\n (networking-stable-17_11_14).\n - target: transport should handle st FM/EOM/ILI reads (bsc#1081599).\n - tcp: do not read out-of-bounds opsize (networking-stable-18_04_26).\n - tcp: fix data delivery rate (networking-stable-17_10_09).\n - tcp: ignore Fast Open on repair mode (networking-stable-18_05_15).\n - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets\n (networking-stable-18_04_26).\n - tcp: release sk_frag.page in tcp_disconnect (networking-stable-18_02_06).\n - tcp: revert F-RTO extension to detect more spurious timeouts\n (networking-stable-18_03_07).\n - tcp: revert F-RTO middle-box workaround (bsc#1076830).\n - tcp_bbr: fix to zero idle_restart only upon S/ACKed data\n (networking-stable-18_05_15).\n - tcp_bbr: record "full bw reached" decision in new full_bw_reached bit\n (networking-stable-17_12_31).\n - tcp_bbr: reset full pipe detection on loss recovery undo\n (networking-stable-17_12_31).\n - tcp_bbr: reset long-term bandwidth sampling on loss recovery undo\n (networking-stable-17_12_31).\n - tcp_nv: fix division by zero in tcpnv_acked()\n (networking-stable-17_11_20).\n - team: Fix double free in error path (networking-stable-18_03_28).\n - team: avoid adding twice the same option to the event list\n (networking-stable-18_04_26).\n - team: fix netconsole setup over team (networking-stable-18_04_26).\n - team: move dev_mc_sync after master_upper_dev_link in team_port_add\n (networking-stable-18_04_10).\n - tee: check shm references are consistent in offset/size (bsc#1051510).\n - tee: shm: fix use-after-free via temporarily dropped reference\n (bsc#1051510).\n - test_firmware: fix missing unlock on error in\n config_num_requests_store() (bsc#1051510).\n - test_firmware: fix setting old custom fw path back on exit (bsc#1051510).\n - test_firmware: fix setting old custom fw path back on exit, second try\n (bsc#1051510).\n - tg3: APE heartbeat changes (bsc#1086286 ).\n - tg3: Add Macronix NVRAM support (bsc#1086286 ).\n - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent()\n (bsc#1086286 ).\n - tg3: prevent scheduling while atomic splat (bsc#1086286 ).\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior\n (bsc#1051510).\n - thermal: bcm2835: Stop using printk format %pCr (bsc#1051510).\n - thermal: enable broadcom menu for arm64 bcm2835 (bsc#1095573).\n - thermal: exynos: Propagate error value from tmu_read() (bsc#1051510).\n - thermal: exynos: Reading temperature makes sense only when TMU is turned\n on (bsc#1051510).\n - thermal: imx: Fix race condition in imx_thermal_probe() (bsc#1051510).\n - thermal: int3400_thermal: fix error handling in int3400_thermal_probe()\n (bsc#1051510).\n - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe\n (bsc#1051510).\n - thermal: power_allocator: fix one race condition issue for\n thermal_instances list (bsc#1051510).\n - thunderbolt: Prevent crash when ICM firmware is not running\n (bsc#1090888).\n - thunderbolt: Resume control channel after hibernation image is created\n (bsc#1051510).\n - thunderbolt: Serialize PCIe tunnel creation with PCI rescan\n (bsc#1090888).\n - thunderbolt: Wait a bit longer for ICM to authenticate the active NVM\n (bsc#1090888).\n - timekeeping: Eliminate the stale declaration of\n ktime_get_raw_and_real_ts64() (bsc#1099918).\n - timers: Invoke timer_start_debug() where it makes sense (Git-fixes).\n - timers: Reinitialize per cpu bases on hotplug (Git-fixes).\n - timers: Unconditionally check deferrable base (Git-fixes).\n - timers: Use deferrable base independent of base::nohz_active (Git-fixes).\n - tipc: add policy for TIPC_NLA_NET_ADDR (networking-stable-18_04_26).\n - tipc: fix a memory leak in tipc_nl_node_get_link()\n (networking-stable-18_01_28).\n - tipc: fix hanging poll() for stream sockets (networking-stable-17_12_31).\n - tipc: fix memory leak in tipc_accept_from_sock()\n (networking-stable-17_12_12).\n - tools headers: Restore READ_ONCE() C++ compatibility (bsc#1093023).\n - tools/lib/subcmd/pager.c: do not alias select() params (Fix gcc 8\n restrict error).\n - tracing/uprobe_event: Fix strncpy corner case (bsc#1099918).\n - tracing: Fix converting enum's from the map in trace_event_eval_update()\n (bsc#1099918).\n - tracing: Fix missing tab for hwlat_detector print format (bsc#1099918).\n - tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER (bsc#1099918).\n - tracing: Make the snapshot trigger work with instances (bsc#1099918).\n - tracing: probeevent: Fix to support minus offset from symbol\n (bsc#1099918).\n - tty fix oops when rmmod 8250 (bsc#1051510).\n - tty/serial: atmel: add new version check for usart (bsc#1051510).\n - tty/serial: atmel: use port->name as name in request_irq() (bsc#1051510).\n - tty: Avoid possible error pointer dereference at tty_ldisc_restore()\n (bsc#1051510).\n - tty: Do not call panic() at tty_ldisc_init() (bsc#1051510).\n - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bsc#1051510).\n - tty: fix __tty_insert_flip_char regression (bsc#1051510).\n - tty: fix tty_ldisc_receive_buf() documentation (bsc#1051510).\n - tty: improve tty_insert_flip_char() fast path (bsc#1051510).\n - tty: improve tty_insert_flip_char() slow path (bsc#1051510).\n - tty: make n_tty_read() always abort if hangup is in progress\n (bsc#1051510).\n - tty: n_gsm: Allow ADM response in addition to UA for control dlci\n (bsc#1051510).\n - tty: n_gsm: Fix DLCI handling for ADM mode if debug and 2 is not set\n (bsc#1051510).\n - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode\n (bsc#1051510).\n - tty: pl011: Avoid spuriously stuck-off interrupts (bsc#1051510).\n - tty: vt: fix up tabstops properly (bsc#1051510).\n - tun/tap: sanitize TUNSETSNDBUF input (networking-stable-17_11_14).\n - tun: allow positive return values on dev_get_valid_name() call\n (networking-stable-17_11_14).\n - tun: bail out from tun_get_user() if the skb is empty\n (networking-stable-17_10_09).\n - tun: call dev_get_valid_name() before register_netdevice()\n (networking-stable-17_11_14).\n - ubi: Fix error for write access (bsc#1051510).\n - ubi: Fix race condition between ubi volume creation and udev\n (bsc#1051510).\n - ubi: Reject MLC NAND (bsc#1051510).\n - ubi: block: Fix locking for idr_alloc/idr_remove (bsc#1051510).\n - ubi: fastmap: Cancel work upon detach (bsc#1051510).\n - ubi: fastmap: Cancel work upon detach (bsc#1051510).\n - ubi: fastmap: Do not flush fastmap work on detach (bsc#1051510).\n - ubi: fastmap: Erase outdated anchor PEBs during attach (bsc#1051510).\n - ubifs: Check ubifs_wbuf_sync() return code (bsc#1052766).\n - ubifs: free the encrypted symlink target (bsc#1052766).\n - udf: Avoid overflow when session starts at large offset (bsc#1052766).\n - udf: Fix leak of UTF-16 surrogates into encoded strings (bsc#1052766).\n - usb: core: Add quirk for HP v222w 16GB Mini (bsc#1090888).\n - usb: quirks: add control message delay for 1b1c:1b20 (bsc#1087092).\n - usb: typec: ucsi: Fix for incorrect status data issue (bsc#1100132).\n - usb: typec: ucsi: Increase command completion timeout value\n (bsc#1090888).\n - usb: typec: ucsi: acpi: Workaround for cache mode issue (bsc#1100132).\n - usb: xhci: Disable slot even when virt-dev is null (bsc#1085539).\n - usb: xhci: Fix potential memory leak in xhci_disable_slot()\n (bsc#1085539).\n - usb: xhci: Make some static functions global ().\n - usbip: usbip_host: delete device from busid_table after rebind\n (bsc#1096480).\n - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors\n (bsc#1096480).\n - usbip: usbip_host: fix bad unlock balance during stub_probe()\n (bsc#1096480).\n - usbip: usbip_host: fix to hold parent lock for device_attach() calls\n (bsc#1096480).\n - usbip: usbip_host: run rebind from exit when module is removed\n (bsc#1096480).\n - usbip: vudc: fix null pointer dereference on udc->lock (bsc#1087092).\n - userns: Do not fail follow_automount based on s_user_ns (bsc#1099918).\n - vfb: fix video mode and line_length being set when loaded (bsc#1100362).\n - vfio: Use get_user_pages_longterm correctly (bsc#1095337).\n - vfio: disable filesystem-dax page pinning (bsc#1095337).\n - vfio: platform: Fix reset module leak in error path (bsc#1099918).\n - vhost: Fix vhost_copy_to_user() (networking-stable-18_04_13).\n - vhost: correctly remove wait queue during poll failure\n (networking-stable-18_04_10).\n - vhost: fix vhost_vq_access_ok() log check (networking-stable-18_04_13).\n - vhost: validate log when IOTLB is enabled (networking-stable-18_04_10).\n - vhost_net: add missing lock nesting notation\n (networking-stable-18_04_10).\n - vhost_net: stop device during reset owner (networking-stable-18_02_06).\n - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in\n stifb_init_fb() (bsc#1090888 bsc#1099966).\n - video/hdmi: Allow "empty" HDMI infoframes (bsc#1051510).\n - video: fbdev/mmp: add MODULE_LICENSE (bsc#1051510).\n - video: fbdev: atmel_lcdfb: fix display-timings lookup (bsc#1051510).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bsc#1051510).\n - video: fbdev: au1200fb: Release some resources if a memory allocation\n fails (bsc#1051510).\n - video: fbdev: au1200fb: Return an error code if a memory allocation\n fails (bsc#1051510).\n - virtio-gpu: fix ioctl and expose the fixed status to userspace\n (bsc#1100382).\n - virtio: add ability to iterate over vqs (bsc#1051510).\n - virtio: release virtio index when fail to device_register (bsc#1051510).\n - virtio_console: do not tie bufs to a vq (bsc#1051510).\n - virtio_console: drop custom control queue cleanup (bsc#1051510).\n - virtio_console: free buffers after reset (bsc#1051510).\n - virtio_console: move removal code (bsc#1051510).\n - virtio_console: reset on out of memory (bsc#1051510).\n - virtio_net: fix adding vids on big-endian (networking-stable-18_04_26).\n - virtio_net: fix return value check in receive_mergeable() (bsc#1089271).\n - virtio_net: split out ctrl buffer (networking-stable-18_04_26).\n - virtio_ring: fix num_free handling in error case (bsc#1051510).\n - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi\n (networking-stable-18_04_26).\n - vlan: also check phy_driver ts_info for vlan's real device\n (networking-stable-18_04_10).\n - vlan: fix a use-after-free in vlan_device_event()\n (networking-stable-17_11_20).\n - vmw_balloon: fix inflation with batching (bsc#1051510).\n - vmw_balloon: fixing double free when batching mode is off (bsc#1051510).\n - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860).\n - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860).\n - vmxnet3: increase default rx ring sizes (bsc#1091860).\n - vmxnet3: repair memory leak (bsc#1051510).\n - vmxnet3: set the DMA mask before the first DMA map operation\n (bsc#1091860).\n - vmxnet3: use DMA memory barriers where required (bsc#1091860).\n - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860).\n - vrf: Fix use after free and double free in vrf_finish_output\n (networking-stable-18_04_10).\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend\n (bsc#1051510).\n - vt: change SGR 21 to follow the standards (bsc#1051510).\n - vt: prevent leaking uninitialized data to userspace via /dev/vcs*\n (bsc#1051510).\n - vti6: Change minimum MTU to IPV4_MIN_MTU, vti6 can carry IPv4 too\n (bsc#1082869).\n - vti6: Fix dev->max_mtu setting (bsc#1082869).\n - vti6: Keep set MTU on link creation or change, validate it (bsc#1082869).\n - vti6: Properly adjust vti6 MTU from MTU of lower device (bsc#1082869).\n - vti6: better validate user provided tunnel names\n (networking-stable-18_04_10).\n - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bsc#1076830).\n - vxlan: fix the issue that neigh proxy blocks all icmpv6 packets\n (networking-stable-17_11_20).\n - w1: mxc_w1: Enable clock before calling clk_get_rate() on it\n (bsc#1051510).\n - wait: add wait_event_killable_timeout() (bsc#1099792).\n - watchdog: da9063: Fix setting/changing timeout (bsc#1100843).\n - watchdog: da9063: Fix timeout handling during probe (bsc#1100843).\n - watchdog: da9063: Fix updating timeout value (bsc#1100843).\n - watchdog: f71808e_wdt: Fix WD_EN register read (bsc#1051510).\n - watchdog: f71808e_wdt: Fix magic close handling (bsc#1051510).\n - watchdog: sp5100_tco: Fix watchdog disable bit (bsc#1051510).\n - wcn36xx: Fix dynamic power saving (bsc#1051510).\n - wcn36xx: Introduce mutual exclusion of fw configuration (bsc#1051510).\n - wl1251: check return from call to wl1251_acx_arp_ip_filter (bsc#1051510).\n - workqueue: Allow retrieval of current task's work struct (bsc#1051510).\n - workqueue: use put_device() instead of kfree() (bsc#1051510).\n - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158).\n - x86/cpu_entry_area: Map also trace_idt_table (bsc#1089878).\n - x86/cpuinfo: Ignore ->initialized member (bsc#1091543).\n - x86/intel_rdt: Add command line parameter to control L2_CDP ().\n - x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization\n (CDP) ().\n - x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG ().\n - x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature\n ().\n - x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level\n systems (bsc#1088374).\n - x86/mm: add a function to check if a pfn is UC/UC-/WC (bsc#1087213).\n - x86/pkeys: Add arch_pkeys_enabled() (bsc#1078248).\n - x86/pkeys: Move vma_pkey() into asm/pkeys.h (bsc#1078248).\n - x86/pti: do not report XenPV as vulnerable (bsc#1097551).\n - x86/setup: Do not reserve a crash kernel region if booted on Xen PV\n (bsc#1085626).\n - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages\n calculation (bsc#1091543).\n - x86/smpboot: Fix __max_logical_packages estimate (bsc#1091543).\n - x86/smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a\n physical CPU (bsc#1091543).\n - x86/stacktrace: Clarify the reliable success paths (bnc#1058115).\n - x86/stacktrace: Do not fail for ORC with regs on stack (bnc#1058115).\n - x86/stacktrace: Do not unwind after user regs (bnc#1058115).\n - x86/stacktrace: Enable HAVE_RELIABLE_STACKTRACE for the ORC unwinder\n (bnc#1058115).\n - x86/stacktrace: Remove STACKTRACE_DUMP_ONCE (bnc#1058115).\n - x86/topology: Avoid wasting 128k for package id array (bsc#1091543).\n - x86/tsc: Future-proof native_calibrate_tsc() (bsc#1074873).\n - x86/unwind/orc: Detect the end of the stack (bnc#1058115).\n - x86/xen: Calculate __max_logical_packages on PV domains (bsc#1091543).\n - xen/acpi: off by one in read_acpi_id() (bnc#1065600).\n - xen/netfront: raise max number of slots in xennet_get_responses()\n (bnc#1076049).\n - xen/vcpu: Handle xen_vcpu_setup() failure at boot (bsc#1091543).\n - xen: do not print error message in case of missing Xenstore entry\n (bnc#1065600).\n - xfs: allow CoW remap transactions to use reserve blocks (bsc#1090535).\n - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090534).\n - xfs: detect agfl count corruption and reset agfl (bsc#1090534).\n - xfs: fix intent use-after-free on abort (bsc#1085400).\n - xfs: fix transaction allocation deadlock in IO path (bsc#1090535).\n - xhci: Add port status decoder for tracing purposes ().\n - xhci: Fix USB ports for Dell Inspiron 5775 (bsc#1090888).\n - xhci: add definitions for all port link states ().\n - xhci: add port speed ID to portsc tracing ().\n - xhci: add port status tracing ().\n - xhci: fix endpoint context tracer output (bsc#1087092).\n - xhci: workaround for AMD Promontory disabled ports wakeup (bsc#1087092).\n - xhci: zero usb device slot_id member when disabling and freeing a xhci\n slot (bsc#1090888).\n - xprtrdma: Fix corner cases when handling device removal (git-fixes).\n - xprtrdma: Fix list corruption / DMAR errors during MR recovery\n - xprtrdma: Return -ENOBUFS when no pages are available\n\n", "edition": 1, "modified": "2018-07-28T15:17:43", "published": "2018-07-28T15:17:43", "id": "OPENSUSE-SU-2018:2119-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00036.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18222", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-1130", "CVE-2018-8781", "CVE-2018-1065", "CVE-2018-7995", "CVE-2018-7480", "CVE-2018-1068", "CVE-2018-5803", "CVE-2018-3639"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639)\n\nTuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995)\n\nEyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.63\n * 3421.x versions prior to 3421.63\n * 3445.x versions prior to 3445.48\n * 3468.x versions prior to 3468.46\n * 3541.x versions prior to 3541.30\n * 3586.x versions prior to 3586.16\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.63\n * Upgrade 3421.x versions to 3421.63\n * Upgrade 3445.x versions to 3445.48\n * Upgrade 3468.x versions to 3468.46\n * Upgrade 3541.x versions to 3541.30\n * Upgrade 3586.x versions to 3586.16\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3654-2](<https://usn.ubuntu.com/3654-2/>)\n * [CVE-2017-17975](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17975>)\n * [CVE-2017-18193](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18193>)\n * [CVE-2017-18222](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18222>)\n * [CVE-2018-1065](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1065>)\n * [CVE-2018-1068](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1068>)\n * [CVE-2018-1130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1130>)\n * [CVE-2018-3639](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3639>)\n * [CVE-2018-5803](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5803>)\n * [CVE-2018-7480](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7480>)\n * [CVE-2018-7757](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7757>)\n * [CVE-2018-7995](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7995>)\n * [CVE-2018-8781](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8781>)\n * [CVE-2018-8822](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8822>)\n", "edition": 5, "modified": "2018-06-05T00:00:00", "published": "2018-06-05T00:00:00", "id": "CFOUNDRY:C3D94F66B833B0AB95D359CF97DF9AA9", "href": "https://www.cloudfoundry.org/blog/usn-3654-2/", "title": "USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-18203", "CVE-2017-2671", "CVE-2017-9075", "CVE-2018-1130", "CVE-2015-8830", "CVE-2012-6701", "CVE-2017-7308", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-15121", "CVE-2018-5803", "CVE-2017-8890", "CVE-2017-12190", "CVE-2018-3639"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1854\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)\n\n* kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Null pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-June/005268.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-06-21T11:55:42", "published": "2018-06-21T11:55:42", "id": "CESA-2018:1854", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-June/005268.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:29:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10940", "CVE-2018-10878", "CVE-2016-4913", "CVE-2018-13405", "CVE-2017-0861", "CVE-2018-18690", "CVE-2017-17805", "CVE-2018-10881", "CVE-2018-5344", "CVE-2018-1118", "CVE-2018-5848", "CVE-2018-7757", "CVE-2017-10661", "CVE-2018-1130", "CVE-2018-1120", "CVE-2018-8781", "CVE-2018-5391", "CVE-2015-8830", "CVE-2017-18232", "CVE-2018-7740", "CVE-2017-18208", "CVE-2018-10322", "CVE-2018-10883", "CVE-2017-18360", "CVE-2017-18344", "CVE-2018-10902", "CVE-2018-5803", "CVE-2018-1092", "CVE-2018-1000026", "CVE-2018-1094", "CVE-2018-10879"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3083\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005315.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 6, "modified": "2018-11-15T18:40:28", "published": "2018-11-15T18:40:28", "id": "CESA-2018:3083", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005315.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-02-02T13:13:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-5753", "CVE-2017-18222", "CVE-2018-1108", "CVE-2018-7566", "CVE-2018-8087", "CVE-2018-1066", "CVE-2018-1000199", "CVE-2018-7757", "CVE-2017-17975", "CVE-2018-8781", "CVE-2018-1065", "CVE-2017-5715", "CVE-2017-18257", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-18218", "CVE-2018-1093", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-7480", "CVE-2017-18216", "CVE-2018-1068", "CVE-2018-5803", "CVE-2018-1092", "CVE-2017-18224"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4188-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193\n CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224\n CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066\n CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108\n CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740\n CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781\n CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-17975\n\n Tuba Yavuz reported a use-after-free flaw in the USBTV007\n audio-video grabber driver. A local user could use this for denial\n of service by triggering failure of audio registration.\n\nCVE-2017-18193\n\n Yunlei He reported that the f2fs implementation does not properly\n handle extent trees, allowing a local user to cause a denial of\n service via an application with multiple threads.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18218\n\n Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet\n driver. A local user could use this for denial of service.\n\nCVE-2017-18222\n\n It was reported that the Hisilicon Network Subsystem (HNS) driver\n implementation does not properly handle ethtool private flags. A\n local user could use this for denial of service or possibly have\n other impact.\n\nCVE-2017-18224\n\n Alex Chen reported that the OCFS2 filesystem omits the use of a\n semaphore and consequently has a race condition for access to the\n extent tree during read operations in DIRECT mode. A local user\n could use this for denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the "noflush_merge" mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2017-18257\n\n It was reported that the f2fs implementation is prone to an infinite\n loop caused by an integer overflow in the __get_data_block()\n function. A local user can use this for denial of service via\n crafted use of the open and fallocate system calls with an\n FS_IOC_FIEMAP ioctl.\n\nCVE-2018-1065\n\n The syzkaller tool found a NULL pointer dereference flaw in the\n netfilter subsystem when handling certain malformed iptables\n rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN\n capability (in any user namespace) could use this to cause a denial\n of service. Debian disables unprivileged user namespaces by default.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-1093\n\n Wen Xu reported that a crafted ext4 filesystem image could trigger\n an out-of-bounds read in the ext4_valid_block_bitmap() function. A\n local user able to mount arbitrary filesystems could use this for\n denial of service.\n\nCVE-2018-1108\n\n Jann Horn reported that crng_ready() does not properly handle the\n crng_init variable states and the RNG could be treated as\n cryptographically safe too early after system boot.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-7480\n\n Hou Tao discovered a double-free flaw in the blkcg_init_queue()\n function in block/blk-cgroup.c. A local user could use this to cause\n a denial of service or have other impact.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8087\n\n A memory leak flaw was found in the hwsim_new_radio_nl() function in\n the simulated radio testing tool driver for mac80211, allowing a\n local user to cause a denial of service.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-10323\n\n Wen Xu reported a NULL pointer dereference flaw in the\n xfs_bmapi_write() function triggered when mounting and operating a\n crafted xfs filesystem image. A local user able to mount arbitrary\n filesystems could use this for denial of service.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.88-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 21, "modified": "2018-05-01T17:12:29", "published": "2018-05-01T17:12:29", "id": "DEBIAN:DSA-4188-1:E4177", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00114.html", "title": "[SECURITY] [DSA 4188-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:32", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2018-5803", "CVE-2018-1092", "CVE-2017-16914"], "description": "Package : linux\nVersion : 3.2.101-1\nCVE ID : CVE-2017-0861 CVE-2017-5715 CVE-2017-13166 CVE-2017-16526\n CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914\n CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2018-1068\n CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750\n CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566\n CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781\n CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199\nDebian Bug : 887106\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel\n (amd64 flavour) a local user with access to a suitable video\n device can exploit this to overwrite kernel memory, leading to\n privilege escalation.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a recieved packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel (amd64 flavour), a local user with the CAP_NET_ADMIN\n capability could use this to overwrite kernel memory, possibly\n leading to privilege escalation.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n \u8303\u9f99\u98de (Fan LongFei) reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nAdditionally, some mitigations for CVE-2017-5753 are included in this\nrelease:\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.101-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.101. It also fixes a regression in the\nprocfs hidepid option in the previous version (Debian bug #887106).\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 3, "modified": "2018-05-02T20:58:55", "published": "2018-05-02T20:58:55", "id": "DEBIAN:DLA-1369-1:33F82", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201805/msg00000.html", "title": "[SECURITY] [DLA 1369-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:02:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the "noflush_merge" mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2018-05-01T17:12:29", "published": "2018-05-01T17:12:29", "id": "DEBIAN:DSA-4187-1:481CA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00115.html", "title": "[SECURITY] [DSA 4187-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}