ID OPENVAS:1361412562310872293 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for kernel FEDORA-2017-e6012e74b6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.872293");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)");
script_cve_id("CVE-2017-2583");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for kernel FEDORA-2017-e6012e74b6");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"kernel on Fedora 25");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"FEDORA", value:"2017-e6012e74b6");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC25");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC25")
{
if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~4.9.5~200.fc25", rls:"FC25")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310872293", "bulletinFamily": "scanner", "title": "Fedora Update for kernel FEDORA-2017-e6012e74b6", "description": "The remote host is missing an update for the ", "published": "2017-01-24T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872293", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-e6012e74b6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E"], "cvelist": ["CVE-2017-2583"], "type": "openvas", "lastseen": "2019-05-29T18:34:36", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-2583"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of kernel", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a58befabaece428115a2a289c7ddd434d51e9f5a09cc3590ea4d3b0c4f29f91b", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "035982e88d94ddba60eadc6b538bf968", "key": "pluginID"}, {"hash": "13b8d2a524b964854209481fef41bf1e", "key": "href"}, {"hash": "70dcb71514eaeee72a0da0a6587afbc4", "key": "title"}, {"hash": "fd584abae6a960e09ce8a23bab1ea2b2", "key": "references"}, {"hash": "11f7c513624d71e37f73710e87660a12", "key": "sourceData"}, {"hash": "e7abf60a84a5ac895309f72a03411643", "key": "description"}, {"hash": "d96a6d49b4046e481d5c996d74c702d2", "key": "published"}, {"hash": "b22c2eef85d6da3d8ab303390b3e55b3", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872293", "id": "OPENVAS:1361412562310872293", "lastseen": "2018-08-30T19:20:11", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310872293", "published": "2017-01-24T00:00:00", "references": ["2017-e6012e74b6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e6012e74b6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872293\");\n script_version(\"$Revision: 6634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 09:32:24 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e6012e74b6\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel meta package\");\n script_tag(name: \"affected\", value: \"kernel on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-e6012e74b6\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for kernel FEDORA-2017-e6012e74b6", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:20:11"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-2583"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of kernel", "edition": 1, "enchantments": {}, "hash": "f14854ef2cc276ca46999c286beb6c6fc0a9b2d152d7415efed48ae84b5cebc0", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "035982e88d94ddba60eadc6b538bf968", "key": "pluginID"}, {"hash": "13b8d2a524b964854209481fef41bf1e", "key": "href"}, {"hash": "70dcb71514eaeee72a0da0a6587afbc4", "key": "title"}, {"hash": "fd584abae6a960e09ce8a23bab1ea2b2", "key": "references"}, {"hash": "f48b2af0bd81c0460d2e005d8c33ee02", "key": "modified"}, {"hash": "46bfbe8ad123e1445d76dda394454e2e", "key": "sourceData"}, {"hash": "e7abf60a84a5ac895309f72a03411643", "key": "description"}, {"hash": "d96a6d49b4046e481d5c996d74c702d2", "key": "published"}, {"hash": "b22c2eef85d6da3d8ab303390b3e55b3", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872293", "id": "OPENVAS:1361412562310872293", "lastseen": "2017-07-02T21:14:35", "modified": "2017-02-16T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310872293", "published": "2017-01-24T00:00:00", "references": ["2017-e6012e74b6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e6012e74b6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872293\");\n script_version(\"$Revision: 5305 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-16 09:56:57 +0100 (Thu, 16 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e6012e74b6\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel meta package\");\n script_tag(name: \"affected\", value: \"kernel on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-e6012e74b6\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for kernel FEDORA-2017-e6012e74b6", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:14:35"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-2583"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of kernel", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2b4793ccc525051663b372571c1d616130756c19a08290d52505c1a5399885c1", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "035982e88d94ddba60eadc6b538bf968", "key": "pluginID"}, {"hash": "13b8d2a524b964854209481fef41bf1e", "key": "href"}, {"hash": "70dcb71514eaeee72a0da0a6587afbc4", "key": "title"}, {"hash": "fd584abae6a960e09ce8a23bab1ea2b2", "key": "references"}, {"hash": "11f7c513624d71e37f73710e87660a12", "key": "sourceData"}, {"hash": "e7abf60a84a5ac895309f72a03411643", "key": "description"}, {"hash": "d96a6d49b4046e481d5c996d74c702d2", "key": "published"}, {"hash": "b22c2eef85d6da3d8ab303390b3e55b3", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872293", "id": "OPENVAS:1361412562310872293", "lastseen": "2017-07-25T10:57:45", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310872293", "published": "2017-01-24T00:00:00", "references": ["2017-e6012e74b6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e6012e74b6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872293\");\n script_version(\"$Revision: 6634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 09:32:24 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e6012e74b6\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel meta package\");\n script_tag(name: \"affected\", value: \"kernel on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-e6012e74b6\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for kernel FEDORA-2017-e6012e74b6", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-07-25T10:57:45"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-2583"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of kernel", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:44:15", "references": [{"idList": ["SUSE-SU-2017:0471-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:1990-1", "OPENSUSE-SU-2017:0456-1", "SUSE-SU-2017:0407-1", "OPENSUSE-SU-2017:0906-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3791-1:AE0FD"], "type": "debian"}, {"idList": ["F5:K81172534"], "type": "f5"}, {"idList": ["SL_20170628_KERNEL_ON_SL7_X.NASL", "FEDORA_2017-18CE368BA3.NASL", "FEDORA_2017-E6012E74B6.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "CENTOS_RHSA-2017-1615.NASL"], "type": "nessus"}, {"idList": ["RHSA-2017:1615", "RHSA-2017:1616"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310843249", "OPENVAS:703791", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310872292", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310703791"], "type": "openvas"}, {"idList": ["USN-3208-1", "USN-3754-1", "USN-3208-2", "USN-3361-1"], "type": "ubuntu"}, {"idList": ["ELSA-2017-1615-1", "ELSA-2017-3609", "ELSA-2017-3566", "ELSA-2017-1615", "ELSA-2017-3567", "ELSA-2017-3539"], "type": "oraclelinux"}, {"idList": ["CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB"], "type": "cloudfoundry"}, {"idList": ["MYHACK58:62201787550"], "type": "myhack58"}, {"idList": ["CVE-2017-2583"], "type": "cve"}, {"idList": ["CESA-2017:1615"], "type": "centos"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "2b4793ccc525051663b372571c1d616130756c19a08290d52505c1a5399885c1", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "035982e88d94ddba60eadc6b538bf968", "key": "pluginID"}, {"hash": "13b8d2a524b964854209481fef41bf1e", "key": "href"}, {"hash": "70dcb71514eaeee72a0da0a6587afbc4", "key": "title"}, {"hash": "fd584abae6a960e09ce8a23bab1ea2b2", "key": "references"}, {"hash": "11f7c513624d71e37f73710e87660a12", "key": "sourceData"}, {"hash": "e7abf60a84a5ac895309f72a03411643", "key": "description"}, {"hash": "d96a6d49b4046e481d5c996d74c702d2", "key": "published"}, {"hash": "b22c2eef85d6da3d8ab303390b3e55b3", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872293", "id": "OPENVAS:1361412562310872293", "lastseen": "2018-09-01T23:44:15", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310872293", "published": "2017-01-24T00:00:00", "references": ["2017-e6012e74b6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e6012e74b6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872293\");\n script_version(\"$Revision: 6634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 09:32:24 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e6012e74b6\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel meta package\");\n script_tag(name: \"affected\", value: \"kernel on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-e6012e74b6\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for kernel FEDORA-2017-e6012e74b6", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:44:15"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-2583"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-18T14:29:53", "references": [{"idList": ["SUSE-SU-2017:0471-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:1990-1", "OPENSUSE-SU-2017:0456-1", "SUSE-SU-2017:0407-1", "OPENSUSE-SU-2017:0906-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3791-1:AE0FD"], "type": "debian"}, {"idList": ["F5:K81172534"], "type": "f5"}, {"idList": ["RHSA-2017:1615", "RHSA-2017:1616"], "type": "redhat"}, {"idList": ["USN-3208-1", "USN-3754-1", "USN-3208-2", "USN-3361-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310843628", "OPENVAS:703791", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310872292", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310703791"], "type": "openvas"}, {"idList": ["ELSA-2017-1615-1", "ELSA-2017-3609", "ELSA-2017-3566", "ELSA-2017-1615", "ELSA-2017-3567", "ELSA-2017-3539"], "type": "oraclelinux"}, {"idList": ["CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB"], "type": "cloudfoundry"}, {"idList": ["MYHACK58:62201787550"], "type": "myhack58"}, {"idList": ["SL_20170628_KERNEL_ON_SL7_X.NASL", "FEDORA_2017-18CE368BA3.NASL", "UBUNTU_USN-3208-2.NASL", "FEDORA_2017-E6012E74B6.NASL", "REDHAT-RHSA-2017-1615.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "CENTOS_RHSA-2017-1615.NASL"], "type": "nessus"}, {"idList": ["CVE-2017-2583"], "type": "cve"}, {"idList": ["CESA-2017:1615"], "type": "centos"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "314908eb18332d0895cbc73fe0734ab14dcb7c293e3aa94dda92edb42908c630", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "035982e88d94ddba60eadc6b538bf968", "key": "pluginID"}, {"hash": "13b8d2a524b964854209481fef41bf1e", "key": "href"}, {"hash": "70dcb71514eaeee72a0da0a6587afbc4", "key": "title"}, {"hash": "fd584abae6a960e09ce8a23bab1ea2b2", "key": "references"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "bf85cb3f3f5d4bf614b37967565755a5", "key": "sourceData"}, {"hash": "d96a6d49b4046e481d5c996d74c702d2", "key": "published"}, {"hash": "b22c2eef85d6da3d8ab303390b3e55b3", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4525bc09d1c4c408a417a5eb7b850972", "key": "modified"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872293", "id": "OPENVAS:1361412562310872293", "lastseen": "2019-03-18T14:29:53", "modified": "2019-03-15T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310872293", "published": "2017-01-24T00:00:00", "references": ["2017-e6012e74b6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e6012e74b6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872293\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e6012e74b6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e6012e74b6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for kernel FEDORA-2017-e6012e74b6", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-03-18T14:29:53"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "b22c2eef85d6da3d8ab303390b3e55b3"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "13b8d2a524b964854209481fef41bf1e"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "035982e88d94ddba60eadc6b538bf968"}, {"key": "published", "hash": "d96a6d49b4046e481d5c996d74c702d2"}, {"key": "references", "hash": "fd584abae6a960e09ce8a23bab1ea2b2"}, {"key": "reporter", "hash": "a2323bbbec1269474bb5afba0147298f"}, {"key": "sourceData", "hash": "bf85cb3f3f5d4bf614b37967565755a5"}, {"key": "title", "hash": "70dcb71514eaeee72a0da0a6587afbc4"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "e4985f17435e9207ea93c609f94873802c7915760b10898335e93f93ce739871", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-2583"]}, {"type": "f5", "idList": ["F5:K81172534"]}, {"type": "nessus", "idList": ["FEDORA_2017-18CE368BA3.NASL", "FEDORA_2017-E6012E74B6.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "REDHAT-RHSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "CENTOS_RHSA-2017-1615.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "UBUNTU_USN-3208-1.NASL", "ORACLEVM_OVMSA-2017-0062.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872292", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310851506", "OPENVAS:703791", "OPENVAS:1361412562310703791", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310843628"]}, {"type": "virtuozzo", "idList": ["VZA-2017-004"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787550"]}, {"type": "centos", "idList": ["CESA-2017:1615"]}, {"type": "redhat", "idList": ["RHSA-2017:1615", "RHSA-2017:1616"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1615-1", "ELSA-2017-1615", "ELSA-2017-3539", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3609"]}, {"type": "ubuntu", "idList": ["USN-3208-2", "USN-3208-1", "USN-3361-1", "USN-3754-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0456-1", "SUSE-SU-2017:0575-1", "OPENSUSE-SU-2017:0906-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0407-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:1990-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3791-1:AE0FD"]}], "modified": "2019-05-29T18:34:36"}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:34:36"}, "vulnersScore": 6.7}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-e6012e74b6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872293\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:37 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-e6012e74b6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e6012e74b6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMA2BR5OTCZDLNZ3L57425PCTUCUHO7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310872293", "scheme": null}
{"cve": [{"lastseen": "2019-10-04T12:19:06", "bulletinFamily": "NVD", "description": "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-2583", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2583", "published": "2017-02-06T06:59:00", "title": "CVE-2017-2583", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2017-07-19T02:20:05", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-07-19T00:57:00", "published": "2017-07-19T00:57:00", "href": "https://support.f5.com/csp/article/K81172534", "id": "F5:K81172534", "title": "Linux kernel vulnerability CVE-2017-2583", "type": "f5", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-24T00:00:00", "id": "OPENVAS:1361412562310872292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872292", "title": "Fedora Update for kernel FEDORA-2017-18ce368ba3", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-18ce368ba3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872292\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:21:36 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2017-2583\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-18ce368ba3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-18ce368ba3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUP3VSS5T3CHVQKRLRAY7DBGZG3GODOT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.5~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2017-06-30T00:00:00", "id": "OPENVAS:1361412562310882747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882747", "title": "CentOS Update for kernel CESA-2017:1615 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:1615 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882747\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 05:12:15 +0200 (Fri, 30 Jun 2017)\");\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:1615 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the way Linux kernel allocates heap memory to build\nthe scattergather list from a fragment list(skb_shinfo(skb)- frag_list) in\nthe socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS +\n1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A\nremote user or process could use this flaw to potentially escalate their\nprivilege on a system. (CVE-2017-7477, Important)\n\n * The NFS2/3 RPC client could send long arguments to the NFS server. These\nencoded arguments are stored in an array of memory pages, and accessed\nusing pointer variables. Arbitrarily long arguments could make these\npointers point outside the array and cause an out-of-bounds memory access.\nA remote user or program could use this flaw to crash the kernel (denial of\nservice). (CVE-2017-7645, Important)\n\n * The NFSv2 and NFSv3 server implementations in the Linux kernel through\n4.10.13 lacked certain checks for the end of a buffer. A remote attacker\ncould trigger a pointer-arithmetic error or possibly cause other\nunspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and\nfs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n * The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)\nsupport was vulnerable to an incorrect segment selector(SS) value error.\nThe error could occur while loading values into the SS register in long\nmode. A user or process inside a guest could use this flaw to crash the\nguest, resulting in DoS or potentially escalate their privileges inside the\nguest. (CVE-2017-2583, Moderate)\n\n * A flaw was found in the Linux kernel's handling of packets with the URG\nflag. Applications using the splice() and tcp_splice_read() functionality\ncould allow a remote attacker to force the kernel to enter a condition in\nwhich it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n * Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than\nthe total-pages counter (HugePages_Total) in the /proc/meminfo file, and\nHugePages_Rsvd underflowed. With this update, the HugeTLB feature of the\nLinux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs.\n(BZ#1445184)\n\n * If a directory on a NFS client was modified while being listed, the NFS\nclient could restart the directory listing multiple times. Consequently,\nthe performance of listing the directory was sub-optimal. With this update,\nthe restarting of the di ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1615\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-06-29T00:00:00", "id": "OPENVAS:1361412562310871838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871838", "title": "RedHat Update for kernel RHSA-2017:1615-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:1615-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871838\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-29 05:10:09 +0200 (Thu, 29 Jun 2017)\");\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\",\n \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:1615-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system. Security Fix(es): * A flaw was\n found in the way Linux kernel allocates heap memory to build the scattergather\n list from a fragment list(skb_shinfo(skb)- frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter\n and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process\n could use this flaw to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to\n the NFS server. These encoded arguments are stored in an array of memory pages,\n and accessed using pointer variables. Arbitrarily long arguments could make\n these pointers point outside the array and cause an out-of-bounds memory access.\n A remote user or program could use this flaw to crash the kernel (denial of\n service). (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server\n implementations in the Linux kernel through 4.10.13 lacked certain checks for\n the end of a buffer. A remote attacker could trigger a pointer-arithmetic error\n or possibly cause other unspecified impacts using crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * The Linux\n kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was\n vulnerable to an incorrect segment selector(SS) value error. The error could\n occur while loading values into the SS register in long mode. A user or process\n inside a guest could use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the guest. (CVE-2017-2583,\n Moderate) * A flaw was found in the Linux kernel's handling of packets with the\n URG flag. Applications using the splice() and tcp_splice_read() functionality\n could allow a remote attacker to force the kernel to enter a condition in which\n it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to\n thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for\n reporting CVE-2017-2583. Bug Fix(es): * Previously, the reserved-pages counter\n (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in\n the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the\n HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow\n no longer occurs. (BZ#1445184) * If a directory on a NFS client was modified\n while being listed, the NFS client could restart the directory listing multiple\n times. Consequently, the performance of listing the directory was sub-optimal.\n With this up ... Description truncated, for more information please check the\n Reference URL\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1615-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-June/msg00060.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310843062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843062", "title": "Ubuntu Update for linux-lts-xenial USN-3208-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3208-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843062\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:14:53 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2017-2583\",\n \"CVE-2017-2584\", \"CVE-2017-5549\", \"CVE-2017-6074\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3208-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did\nnot properly restrict write operations in certain situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did\nnot properly perform reference counting in some situations. An unprivileged\nattacker could use this to cause a denial of service (system hang).\n(CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual\nmachine could use this to cause a denial of service (guest OS crash).\n(CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in\nthe Linux kernel did not properly emulate instructions on the SS segment\nregister. A local attacker in a guest virtual machine could use this to\ncause a denial of service (guest OS crash) or possibly gain administrative\nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\nimproperly emulated certain instructions. A local attacker could use this\nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in\nthe Linux kernel did not properly initialize memory related to logging. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly gain administrative\nprivileges. (CVE-2017-6074)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3208-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3208-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic-lpae\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-lowlatency\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-e500mc\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-smp\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-emb\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-smp\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310843061", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843061", "title": "Ubuntu Update for linux USN-3208-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3208-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843061\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:14:45 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2017-2583\",\n \"CVE-2017-2584\", \"CVE-2017-5549\", \"CVE-2017-6074\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3208-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the generic SCSI block layer in the Linux kernel did\nnot properly restrict write operations in certain situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did\nnot properly perform reference counting in some situations. An unprivileged\nattacker could use this to cause a denial of service (system hang).\n(CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual\nmachine could use this to cause a denial of service (guest OS crash).\n(CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in\nthe Linux kernel did not properly emulate instructions on the SS segment\nregister. A local attacker in a guest virtual machine could use this to\ncause a denial of service (guest OS crash) or possibly gain administrative\nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\nimproperly emulated certain instructions. A local attacker could use this\nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in\nthe Linux kernel did not properly initialize memory related to logging. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly gain administrative\nprivileges. (CVE-2017-6074)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3208-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3208-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1048-snapdragon\", ver:\"4.4.0-1048.52\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic-lpae\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-lowlatency\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-e500mc\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-smp\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-emb\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-smp\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1048.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191450", "title": "Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1450)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1450\");\n script_version(\"2020-01-23T11:47:36+0000\");\n script_cve_id(\"CVE-2016-3713\", \"CVE-2016-8630\", \"CVE-2017-1000252\", \"CVE-2017-17741\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5715\", \"CVE-2017-7518\", \"CVE-2018-10853\", \"CVE-2018-3639\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:47:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:47:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1450)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1450\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kvm' package(s) announced via the EulerOS-SA-2019-1450 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.(CVE-2016-3713)\n\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630)\n\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.(CVE-2017-2583)\n\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584)\n\nA reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (1024) index value.(CVE-2017-1000252)\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5715)\n\nA flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug excep ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kvm' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~4.4.11~30.011\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310851506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851506", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0456-1)", "type": "openvas", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851506\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:16:41 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2015-8709\", \"CVE-2016-7117\", \"CVE-2016-8645\", \"CVE-2016-9793\",\n \"CVE-2016-9806\", \"CVE-2016-9919\", \"CVE-2017-2583\", \"CVE-2017-2584\",\n \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-5577\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0456-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 42.2 kernel was updated to\n 4.4.42 stable release.\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077 1003253).\n\n - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL\n IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed.\n (bsc#1021294)\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down. (bsc#1021258).\n\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local users to gain\n privileges by establishing a user namespace, waiting for a root process\n to enter that namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no kernel bug\n here (bnc#959709 bsc#960561).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly hav ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0456-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.46~11.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.46~11.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.46~11.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.46~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:57:34", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405 \nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191 \nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nCVE-2017-2583 \nXiaohan Zhang reported that KVM for amd64 does not correctly\nemulate loading of a null stack selector. This can be used by a\nuser in a guest VM for denial of service (on an Intel CPU) or to\nescalate privileges within the VM (on an AMD CPU).\n\nCVE-2017-2584 \nDmitry Vyukov reported that KVM for x86 does not correctly emulate\nmemory access by the SGDT and SIDT instructions, which can result\nin a use-after-free and information leak.\n\nCVE-2017-2596 \nDmitry Vyukov reported that KVM leaks page references when\nemulating a VMON for a nested hypervisor. This can be used by a\nprivileged user in a guest VM for denial of service or possibly\nto gain privileges in the host.\n\nCVE-2017-2618 \nIt was discovered that an off-by-one in the handling of SELinux\nattributes in /proc/pid/attr could result in local denial of\nservice.\n\nCVE-2017-5549 \nIt was discovered that the KLSI KL5KUSB105 serial USB device\ndriver could log the contents of uninitialised kernel memory,\nresulting in an information leak.\n\nCVE-2017-5551 \nJan Kara found that changing the POSIX ACL of a file on tmpfs never\ncleared its set-group-ID flag, which should be done if the user\nchanging it is not a member of the group-owner. In some cases, this\nwould allow the user-owner of an executable to gain the privileges\nof the group-owner.\n\nCVE-2017-5897 \nAndrey Konovalov discovered an out-of-bounds read flaw in the\nip6gre_err function in the IPv6 networking code.\n\nCVE-2017-5970 \nAndrey Konovalov discovered a denial-of-service flaw in the IPv4\nnetworking code. This can be triggered by a local or remote\nattacker if a local UDP or raw socket has the IP_RETOPTS option\nenabled.\n\nCVE-2017-6001Di Shen discovered a race condition between concurrent calls to\nthe performance events subsystem, allowing a local attacker to\nescalate privileges. This flaw exists because of an incomplete fix\nof CVE-2016-6786.\nThis can be mitigated by disabling unprivileged use of performance\nevents: sysctl kernel.perf_event_paranoid=3CVE-2017-6074Andrey Konovalov discovered a use-after-free vulnerability in the\nDCCP networking code, which could result in denial of service or\nlocal privilege escalation. On systems that do not already have\nthe dccp module loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-dccp.conf install dccp false", "modified": "2017-07-07T00:00:00", "published": "2017-02-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703791", "id": "OPENVAS:703791", "title": "Debian Security Advisory DSA 3791-1 (linux - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3791.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3791-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703791);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-8405\", \"CVE-2016-9191\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2618\", \"CVE-2017-5549\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6074\");\n script_name(\"Debian Security Advisory DSA 3791-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-02-22 00:00:00 +0100 (Wed, 22 Feb 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3791.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405 \nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191 \nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nCVE-2017-2583 \nXiaohan Zhang reported that KVM for amd64 does not correctly\nemulate loading of a null stack selector. This can be used by a\nuser in a guest VM for denial of service (on an Intel CPU) or to\nescalate privileges within the VM (on an AMD CPU).\n\nCVE-2017-2584 \nDmitry Vyukov reported that KVM for x86 does not correctly emulate\nmemory access by the SGDT and SIDT instructions, which can result\nin a use-after-free and information leak.\n\nCVE-2017-2596 \nDmitry Vyukov reported that KVM leaks page references when\nemulating a VMON for a nested hypervisor. This can be used by a\nprivileged user in a guest VM for denial of service or possibly\nto gain privileges in the host.\n\nCVE-2017-2618 \nIt was discovered that an off-by-one in the handling of SELinux\nattributes in /proc/pid/attr could result in local denial of\nservice.\n\nCVE-2017-5549 \nIt was discovered that the KLSI KL5KUSB105 serial USB device\ndriver could log the contents of uninitialised kernel memory,\nresulting in an information leak.\n\nCVE-2017-5551 \nJan Kara found that changing the POSIX ACL of a file on tmpfs never\ncleared its set-group-ID flag, which should be done if the user\nchanging it is not a member of the group-owner. In some cases, this\nwould allow the user-owner of an executable to gain the privileges\nof the group-owner.\n\nCVE-2017-5897 \nAndrey Konovalov discovered an out-of-bounds read flaw in the\nip6gre_err function in the IPv6 networking code.\n\nCVE-2017-5970 \nAndrey Konovalov discovered a denial-of-service flaw in the IPv4\nnetworking code. This can be triggered by a local or remote\nattacker if a local UDP or raw socket has the IP_RETOPTS option\nenabled.\n\nCVE-2017-6001Di Shen discovered a race condition between concurrent calls to\nthe performance events subsystem, allowing a local attacker to\nescalate privileges. This flaw exists because of an incomplete fix\nof CVE-2016-6786.\nThis can be mitigated by disabling unprivileged use of performance\nevents: sysctl kernel.perf_event_paranoid=3CVE-2017-6074Andrey Konovalov discovered a use-after-free vulnerability in the\nDCCP networking code, which could result in denial of service or\nlocal privilege escalation. On systems that do not already have\nthe dccp module loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-dccp.conf install dccp false\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405\nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191\nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nDescription truncated. Please see the references for more information.", "modified": "2019-03-18T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310703791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703791", "title": "Debian Security Advisory DSA 3791-1 (linux - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3791.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3791-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703791\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-8405\", \"CVE-2016-9191\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2618\", \"CVE-2017-5549\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6074\");\n script_name(\"Debian Security Advisory DSA 3791-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 00:00:00 +0100 (Wed, 22 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3791.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405\nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191\nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:27:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-04-02T00:00:00", "id": "OPENVAS:1361412562310851529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851529", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0906-1)", "type": "openvas", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851529\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-02 06:31:35 +0200 (Sun, 02 Apr 2017)\");\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2017-2583\",\n \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-5669\",\n \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6347\",\n \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7184\", \"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0906-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Still left to do:\n\n - Check CVE descriptions. They need to be written in the past tense. They\n are processed automatically, THERE CAN BE ERRORS IN THERE!\n\n - Remove version numbers from the CVE descriptions\n\n - Check the capitalization of the subsystems, then sort again\n\n - For each CVE: Check the corresponding bug if everything is okay\n\n - If you remove CVEs or bugs: Do not forget to change the meta information\n\n - Determine which of the bugs after the CVE lines is the right one\n\n ======================================================================\n\n The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly manages lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0906-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.39~53.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.39~53.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.39~53.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-04-01T07:18:47", "bulletinFamily": "scanner", "description": "The 4.9.5 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2017-18CE368BA3.NASL", "href": "https://www.tenable.com/plugins/nessus/96705", "published": "2017-01-24T00:00:00", "title": "Fedora 24 : kernel (2017-18ce368ba3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-18ce368ba3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96705);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/24 14:09:05\");\n\n script_cve_id(\"CVE-2017-2583\");\n script_xref(name:\"FEDORA\", value:\"2017-18ce368ba3\");\n\n script_name(english:\"Fedora 24 : kernel (2017-18ce368ba3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.9.5 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-18ce368ba3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2583\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-18ce368ba3\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.9.5-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T07:24:17", "bulletinFamily": "scanner", "description": "The 4.9.5 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2017-E6012E74B6.NASL", "href": "https://www.tenable.com/plugins/nessus/96708", "published": "2017-01-24T00:00:00", "title": "Fedora 25 : kernel (2017-e6012e74b6)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e6012e74b6.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96708);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/24 14:09:09\");\n\n script_cve_id(\"CVE-2017-2583\");\n script_xref(name:\"FEDORA\", value:\"2017-e6012e74b6\");\n\n script_name(english:\"Fedora 25 : kernel (2017-e6012e74b6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.9.5 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6012e74b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2583\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-e6012e74b6\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.9.5-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T06:43:08", "bulletinFamily": "scanner", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user/process inside guest could use\n this flaw to crash the guest resulting in DoS or\n potentially escalate their privileges inside guest.\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "VIRTUOZZO_VZA-2017-004.NASL", "href": "https://www.tenable.com/plugins/nessus/97976", "published": "2017-03-27T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97976);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/01/14 10:10:15\");\n\n script_cve_id(\n \"CVE-2017-2583\",\n \"CVE-2017-2584\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-004)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user/process inside guest could use\n this flaw to crash the guest resulting in DoS or\n potentially escalate their privileges inside guest.\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2734643\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-10.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84a60371\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-10.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2dca61ae\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-10.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7af5a350\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-10.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-10.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-10.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T02:14:56", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if ", "modified": "2020-04-02T00:00:00", "id": "REDHAT-RHSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101101", "published": "2017-06-29T00:00:00", "title": "RHEL 7 : kernel (RHSA-2017:1615)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1615. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101101);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2017:1615)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3090941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7895\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:1615\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1615\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:47:56", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - A flaw was found in the way Linux kernel allocates heap\n memory to build the scattergather list from a fragment\n list(skb_shinfo(skb)->frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if\n ", "modified": "2017-06-29T00:00:00", "id": "SL_20170628_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/101105", "published": "2017-06-29T00:00:00", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101105);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way Linux kernel allocates heap\n memory to build the scattergather list from a fragment\n list(skb_shinfo(skb)->frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if\n 'MAX_SKB_FRAGS\n\n - 1' parameter and 'NETIF_F_FRAGLIST' feature were used\n together. A remote user or process could use this flaw\n to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important)\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel (denial of\n service). (CVE-2017-7645, Important)\n\n - The NFSv2 and NFSv3 server implementations in the Linux\n kernel through 4.10.13 lacked certain checks for the end\n of a buffer. A remote attacker could trigger a\n pointer-arithmetic error or possibly cause other\n unspecified impacts using crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895,\n Important)\n\n - The Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register in\n long mode. A user or process inside a guest could use\n this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the guest.\n (CVE-2017-2583, Moderate)\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could allow\n a remote attacker to force the kernel to enter a\n condition in which it could loop indefinitely.\n (CVE-2017-6214, Moderate)\n\nBug Fix(es) :\n\n - Previously, the reserved-pages counter (HugePages_Rsvd)\n was bigger than the total-pages counter\n (HugePages_Total) in the /proc/meminfo file, and\n HugePages_Rsvd underflowed. With this update, the\n HugeTLB feature of the Linux kernel has been fixed, and\n HugePages_Rsvd underflow no longer occurs.\n\n - If a directory on a NFS client was modified while being\n listed, the NFS client could restart the directory\n listing multiple times. Consequently, the performance of\n listing the directory was sub-optimal. With this update,\n the restarting of the directory listing happens less\n frequently. As a result, the performance of listing the\n directory while it is being modified has improved.\n\n - The Fibre Channel over Ethernet (FCoE) adapter in some\n cases failed to reboot. This update fixes the qla2xxx\n driver, and FCoE adapter now reboots as expected.\n\n - When a VM with Virtual Function I/O (VFIO) device was\n rebooted, the QEMU process occasionally terminated\n unexpectedly due to a failed VFIO Direct Memory Access\n (DMA) map request. This update fixes the vfio driver and\n QEMU no longer crashes in the described situation.\n\n - When the operating system was booted with the in-box\n lpfc driver, a kernel panic occurred on the\n little-endian variant of IBM Power Systems. This update\n fixes lpfc, and the kernel no longer panics in the\n described situation.\n\n - When creating or destroying a VM with Virtual Function\n I/O (VFIO) devices with 'Hugepages' feature enabled,\n errors in Direct Memory Access (DMA) page table entry\n (PTE) mappings occurred, and QEMU memory usage behaved\n unpredictably. This update fixes range computation when\n making room for large pages in Input/Output Memory\n Management Unit (IOMMU). As a result, errors in DMA PTE\n mappings no longer occur, and QEMU has a predictable\n memory usage in the described situation.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=6811\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d5e542\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T02:02:53", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2017:1615 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if ", "modified": "2020-04-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101139", "published": "2017-06-30T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2017-1615)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:1615 and \n# Oracle Linux Security Advisory ELSA-2017-1615 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101139);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-1615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:1615 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-June/007022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-1615\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T06:50:18", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if ", "modified": "2020-04-02T00:00:00", "id": "CENTOS_RHSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101120", "published": "2017-06-30T00:00:00", "title": "CentOS 7 : kernel (CESA-2017:1615)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1615 and \n# CentOS Errata and Security Advisory 2017:1615 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101120);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:1615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?327ae90b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T02:02:53", "bulletinFamily": "scanner", "description": "Description of changes:\n\n- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF=", "modified": "2020-04-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-1615-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101138", "published": "2017-06-30T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-1615-1.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101138);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/04/10 16:10:17\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"IAVA\", value:\"2017-A-0288\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>alexey.petrenko at oracle.com</A>)\n- Update x509.genkey [bug 24817676]\n\n[3.10.0-514.26.1.el7]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] \n{CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures \n(Mike Snitzer) [1449176 1383444]\n\n[3.10.0-514.25.1.el7]\n- [lib] kobject: grab an extra reference on kobject->sd to allow \nduplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which \nare going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during \nmodule coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) \n[1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri \nBenc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages \n(Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce \nFields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') \n[1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike \nSnitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') \n[1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe \n(Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) \n[1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) \n[1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) \n[1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S \nPeterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) \n[1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from \n__vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk \n(Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() \n(Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim \nKrcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) \n[1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron \nStowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event \n(Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones \n(Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) \n[1450124 1435818]\n\n[3.10.0-514.24.1.el7]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) \n[1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex \nWilliamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex \nWilliamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave \nWysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing \nlookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) \n[1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data \n(Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active \n(Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 \n1395838]\n\n[3.10.0-514.23.1.el7]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN \n(Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu \nMadhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash \n(Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx \n(Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of \nregister disconnect (Himanshu Madhani) [1446246 1436940]\n\n[3.10.0-514.22.1.el7]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry \nWoodman) [1445184 1385473]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-June/007023.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages. Note that the updated package may\nnot be immediately available from the package repository or its\nmirrors.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T02:14:57", "bulletinFamily": "scanner", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way memory was being allocated on the stack\nfor user space binaries. If heap (or different memory region) and\nstack memory regions were adjacent to each other, an attacker could\nuse this flaw to jump over the stack guard gap, cause controlled\nmemory corruption on process stack or the adjacent memory region, and\nthus increase their privileges on the system. This is a kernel-side\nmitigation which increases the stack guard gap size from one page to 1\nMiB to make successful exploitation of this issue more difficult.\n(CVE-2017-1000364, Important)\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if ", "modified": "2020-04-02T00:00:00", "id": "REDHAT-RHSA-2017-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/101102", "published": "2017-06-29T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2017:1616) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1616. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101102);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000379\", \"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1616\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2017:1616) (Stack Clash)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way memory was being allocated on the stack\nfor user space binaries. If heap (or different memory region) and\nstack memory regions were adjacent to each other, an attacker could\nuse this flaw to jump over the stack guard gap, cause controlled\nmemory corruption on process stack or the adjacent memory region, and\nthus increase their privileges on the system. This is a kernel-side\nmitigation which increases the stack guard gap size from one page to 1\nMiB to make successful exploitation of this issue more difficult.\n(CVE-2017-1000364, Important)\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature are both used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel, resulting in denial of service. (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Qualys Research Labs for reporting\nCVE-2017-1000364; Ari Kauppi for reporting CVE-2017-7895; and Xiaohan\nZhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.25.2\nsource tree, which provides a number of bug fixes over the previous\nversion. (BZ# 1452742)\n\n* Previously, a local lock acquisition around the\nip_send_unicast_reply() function was incorrectly terminated.\nConsequently, a list corruption occurred that led to a kernel panic.\nThis update adds locking functions around calls to\nip_send_unicast_reply(). As a result, neither list corruption nor\nkernel panic occur under the described circumstances. (BZ# 1455239)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7895\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000364\", \"CVE-2017-1000379\", \"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:1616\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1616\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-514.26.1.rt56.442.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T03:10:06", "bulletinFamily": "scanner", "description": "It was discovered that the generic SCSI block layer in the Linux\nkernel did not properly restrict write operations in certain\nsituations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly gain administrative privileges.\n(CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest\nvirtual machine could use this to cause a denial of service (guest OS\ncrash). (CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM\nimplementation in the Linux kernel did not properly emulate\ninstructions on the SS segment register. A local attacker in a guest\nvirtual machine could use this to cause a denial of service (guest OS\ncrash) or possibly gain administrative privileges in the guest OS.\n(CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel improperly emulated certain instructions. A local attacker\ncould use this to obtain sensitive information (kernel memory).\n(CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver\nin the Linux kernel did not properly initialize memory related to\nlogging. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2017-6074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "UBUNTU_USN-3208-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97322", "published": "2017-02-22T00:00:00", "title": "Ubuntu 16.04 LTS : linux, linux-snapdragon vulnerabilities (USN-3208-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3208-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97322);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5549\", \"CVE-2017-6074\");\n script_xref(name:\"USN\", value:\"3208-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-snapdragon vulnerabilities (USN-3208-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the generic SCSI block layer in the Linux\nkernel did not properly restrict write operations in certain\nsituations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly gain administrative privileges.\n(CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest\nvirtual machine could use this to cause a denial of service (guest OS\ncrash). (CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM\nimplementation in the Linux kernel did not properly emulate\ninstructions on the SS segment register. A local attacker in a guest\nvirtual machine could use this to cause a denial of service (guest OS\ncrash) or possibly gain administrative privileges in the guest OS.\n(CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel improperly emulated certain instructions. A local attacker\ncould use this to obtain sensitive information (kernel memory).\n(CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver\nin the Linux kernel did not properly initialize memory related to\nlogging. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2017-6074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3208-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10088\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5549\", \"CVE-2017-6074\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3208-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1048-snapdragon\", pkgver:\"4.4.0-1048.52\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-64-generic\", pkgver:\"4.4.0-64.85\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-64-generic-lpae\", pkgver:\"4.4.0-64.85\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-64-lowlatency\", pkgver:\"4.4.0-64.85\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.64.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.64.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.64.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1048.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:28:16", "bulletinFamily": "unix", "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo versions 7.0.0, 7.0.1, and 7.0.3.\n**Vulnerability id:** CVE-2017-2583\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user/process inside guest could use this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest.\n\n**Vulnerability id:** CVE-2017-2584\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.\n\n", "modified": "2017-02-03T00:00:00", "published": "2017-02-03T00:00:00", "id": "VZA-2017-004", "href": "https://help.virtuozzo.com/customer/portal/articles/2734643", "title": "Kernel security update: Virtuozzo ReadyKernel patch 10.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)", "type": "virtuozzo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:29:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:1615\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in\nthe socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A\nremote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation. (BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO) devices with \"Hugepages\" feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation. (BZ#1450856)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1615.html", "modified": "2017-06-29T21:03:21", "published": "2017-06-29T21:03:21", "href": "http://lists.centos.org/pipermail/centos-announce/2017-June/022489.html", "id": "CESA-2017:1615", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:54", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in\nthe socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A\nremote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation. (BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO) devices with \"Hugepages\" feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation. (BZ#1450856)", "modified": "2018-04-12T03:33:10", "published": "2017-06-28T19:08:50", "id": "RHSA-2017:1615", "href": "https://access.redhat.com/errata/RHSA-2017:1615", "type": "redhat", "title": "(RHSA-2017:1615) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:33", "bulletinFamily": "unix", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364; Ari Kauppi for reporting CVE-2017-7895; and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.25.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1452742)\n\n* Previously, a local lock acquisition around the ip_send_unicast_reply() function was incorrectly terminated. Consequently, a list corruption occurred that led to a kernel panic. This update adds locking functions around calls to ip_send_unicast_reply(). As a result, neither list corruption nor kernel panic occur under the described circumstances. (BZ#1455239)", "modified": "2018-03-19T16:29:53", "published": "2017-06-28T19:09:04", "id": "RHSA-2017:1616", "href": "https://access.redhat.com/errata/RHSA-2017:1616", "type": "redhat", "title": "(RHSA-2017:1616) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "myhack58": [{"lastseen": "2017-07-02T04:18:26", "bulletinFamily": "info", "description": "CentOS system maintenance engineer Johnny Hughes today released the security Bulletin, the requirements currently are using CentOS 7 series users as soon as possible the deployment of important kernel security updates. According to Red Hat published upsteam security Bulletin, the kernel update total fixes five security vulnerabilities, and fixes many other BUGS. \n! [](/Article/UploadPic/2017-7/2017723312773. jpg? www. myhack58. com) \nThis kernel update fixes(CVE-2017-7477)and(CVE-2017-7645)two remote code execution vulnerabilities, the former in the socket buffer(skb_buff)from the fragment list(skb_shinfo(skb)->frag_list)create a scattergather list to allocate heap memory, allowing an attacker to constantly elevated permissions. The latter is the impact of NFS2/3 RPC Client to the NFS server sends long data, thereby allowing a remote attacker to make the kernel crash. \n(CVE-2017-7895)fix up NFSv2 and an NFSv3 Server implementation found security vulnerability(CVE-2017-2583)is fixed based on the Kernel of the virtual machine CONFIG_KVM\uff09Vulnerability(CVE-2017-6214)is to fix the Linux Kernel processing URG flag process in the presence of security vulnerabilities. \nCentOS users need to be deployed as soon as possible kernel-3.10.0-514.26.1. el7 kernel update, it has now been confirmed the Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux HPC Node 7 and Red Hat Enterprise Linux Server TUS 7.3 version of the existence of the vulnerability. \n\n", "modified": "2017-07-02T00:00:00", "published": "2017-07-02T00:00:00", "id": "MYHACK58:62201787550", "href": "http://www.myhack58.com/Article/html/3/62/2017/87550.htm", "title": "CentOS 7 released a kernel security update that fixes five vulnerabilities-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "unix", "description": "- [3.10.0-514.26.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.26.1]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n[3.10.0-514.25.1]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n[3.10.0-514.24.1]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n[3.10.0-514.23.1]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n[3.10.0-514.22.1]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "modified": "2017-06-28T00:00:00", "published": "2017-06-28T00:00:00", "id": "ELSA-2017-1615", "href": "http://linux.oracle.com/errata/ELSA-2017-1615.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "description": "- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.26.1.el7]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n[3.10.0-514.25.1.el7]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n[3.10.0-514.24.1.el7]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n[3.10.0-514.23.1.el7]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n[3.10.0-514.22.1.el7]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "modified": "2017-06-28T00:00:00", "published": "2017-06-28T00:00:00", "id": "ELSA-2017-1615-1", "href": "http://linux.oracle.com/errata/ELSA-2017-1615-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:52", "bulletinFamily": "unix", "description": "kernel-uek\n[4.1.12-61.1.34]\n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720805] {CVE-2017-6214}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] {CVE-2017-6347}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] {CVE-2016-7910}", "modified": "2017-04-13T00:00:00", "published": "2017-04-13T00:00:00", "id": "ELSA-2017-3539", "href": "http://linux.oracle.com/errata/ELSA-2017-3539.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-118.18.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895}\n[3.8.13-118.18.1]\n- fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] \n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] \n- VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] \n- VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] \n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}", "modified": "2017-05-16T00:00:00", "published": "2017-05-16T00:00:00", "id": "ELSA-2017-3566", "href": "http://linux.oracle.com/errata/ELSA-2017-3566.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "unix", "description": "[2.6.39-400.295.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895}\n[2.6.39-400.295.1]\n- ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214}\n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257}\n- RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910}\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] \n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}", "modified": "2017-05-16T00:00:00", "published": "2017-05-16T00:00:00", "id": "ELSA-2017-3567", "href": "http://linux.oracle.com/errata/ELSA-2017-3567.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:56", "bulletinFamily": "unix", "description": "kernel-uek\n[4.1.12-103.3.8]\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365}\n[4.1.12-103.3.7]\n- i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222]\n[4.1.12-103.3.6]\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645497]\n[4.1.12-103.3.5]\n- dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533}\n[4.1.12-103.3.4]\n- mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585981] {CVE-2016-9604} {CVE-2016-9604}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200}\n- ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- scsi: megaraid_sas: handle dma_addr_t right on 32-bit (Arnd Bergmann) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME fast path io support (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME interface target prop added (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME Interface detection and prop settings (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete (Shivasharan S) [Orabug: 26560952] \n- fs/fuse: fuse mount can cause panic with no memory numa node (Somasundaram Krishnasamy) [Orabug: 26151828] \n- Fix regression which breaks DFS mounting (Sachin Prabhu) [Orabug: 26335022] \n- ol7/spec: sync up linux-firmware version for ol74 (Ethan Zhao) [Orabug: 26567308] [Orabug: 26567283] \n- nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797}\n- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797}\n- ol6/spec: sync up linux-firmware version for ol6 (Ethan Zhao) [Orabug: 26586911] [Orabug: 26586927]\n[4.1.12-103.3.2]\n- rds: tcp: cancel all worker threads before shutting down socket (Yuval Shaia) [Orabug: 26332905] \n- Revert 'ixgbevf: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- Revert 'ixgbe: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- xen: do not re-use pirq number cached in pci device msi msg data (Boris Ostrovsky) [Orabug: 26324865] \n- xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26520653] \n- ocfs2: fix deadlock caused by recursive locking in xattr (Eric Ren) [Orabug: 26554428] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26554428] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26554428] \n- Revert 'add OCFS2_LOCK_RECURSIVE arg_flags to ocfs2_cluster_lock() to prevent hang' (Ashish Samant) [Orabug: 26554428] \n- MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug: 26368162] {CVE-2017-7477} {CVE-2017-7477}\n- sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26492439] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671}\n- PCI: Workaround wrong flags completions for IDT switch (James Puthukattukaran) [Orabug: 26362330] \n- xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect (Annie Li)\n[4.1.12-103.3.1]\n- MSI: Dont assign MSI IRQ vector twice (Ashok Vairavan) [Orabug: 25982356] \n- IB/core: Remove stray semicolon in cma_init (Yuval Shaia) [Orabug: 26188883] \n- ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074}\n- scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26473220] \n- mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26473220] \n- blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26486215] \n- blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26486215] \n- nvme: Complete all stuck requests (Keith Busch) [Orabug: 26486215] \n- nvme: Dont suspend admin queue that wasnt created (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26486215] \n- nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26486215] \n- Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- net/sock: add WARN_ON(parent->sk) in sock_graft() (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: use sock_create_lite() to create the accept socket (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: set linger to 1 when unloading a rds-tcp (Sowmini Varadhan) [Orabug: 26236194] \n- rds: tcp: send handshake ping-probe from passive endpoint (Sowmini Varadhan) [Orabug: 26236194] \n- Revert 'SUNRPC: Refactor svc_set_num_threads()' (Dhaval Giani) [Orabug: 26450033] \n- Revert 'NFSv4: Fix callback server shutdown' (Dhaval Giani) [Orabug: 26450033] \n- mm: fix use-after-free if memory allocation failed in vma_adjust() (Kirill A. Shutemov) [Orabug: 25647067] \n- scsi: smartpqi: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 26191021] \n- scsi: smartpqi: bump driver version (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove writeq/readq function definitions (Corentin Labbe) [Orabug: 26191021] \n- scsi: smartpqi: add module parameters (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup list initialization (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add raid level show (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: make ioaccel references consistent (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance device add and remove messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update timeout on admin commands (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: map more raid errors to SCSI errors (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup controller branding (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update rescan worker (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update device offline (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct aio error path (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add lockup action (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove qdepth calculations for logical volumes (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance kdump (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: change return value for LUN reset operations (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add ptraid support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update copyright (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add new PCI device IDs (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: minor driver cleanup (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct BMIC identify physical drive (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: eliminate redundant error messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add pqi_wait_for_completion_io (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct bdma hw bug (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add heartbeat check (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add suspend and resume support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance resets (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add supporting events (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: ensure controller is in SIS mode at init (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add in controller checkpoint for controller lockups. (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: set pci completion timeout (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct remove scsi devices (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: fix time handling (Arnd Bergmann) [Orabug: 26191021] \n- Btrfs: fix extent_same allowing destination offset beyond i_size (Filipe Manana) [Orabug: 26376770] \n- NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26402457] \n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452559] \n- xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452559] \n- sparc64: Convert non-fatal error print to a debug print (DAX driver) (Sanath Kumar) [Orabug: 26476370] \n- selftests: sparc64: memory: Add tests for privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- memory: sparc64: Add privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Export the adi_state structure (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Use cpu_poke to resume idle cpu (Vijay Kumar) [Orabug: 26399224] \n- sparc64: Add a new hypercall CPU_POKE (Vijay Kumar) [Orabug: 26399224] \n- cpuset: consider dying css as offline (Tejun Heo) [Orabug: 26475766] \n- sparc64: Treat ERESTARTSYS as an acceptable error (DAX driver) (Sanath Kumar) [Orabug: 26475734] \n- sparc64: fix out of order spin_lock_irqsave and spin_unlock_restore (Thomas Tai) [Orabug: 26430325] \n- SPARC64: vcc: delay device removal until close() (Aaron Young) [Orabug: 26315957] \n- bnxt_en: Fix SRIOV on big-endian architecture. (Michael Chan) [Orabug: 26443303] \n- arch/sparc: Enable queued spinlock support for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce xchg16 for SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Enable queued rwlocks for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce cmpxchg_u8 SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Define config parameter CPU_BIG_ENDIAN (Allen Pais) [Orabug: 26373790] \n- kernel/locking: Fix compile error with qrwlock.c (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Remove the check #ifndef __LINUX_SPINLOCK_TYPES_H (Babu Moger) [Orabug: 26373790] \n- locking/qrwlock: Fix write unlock bug on big endian systems (pan xinhui) [Orabug: 26373790] \n- locking/qrwlock: Implement queue_write_unlock() using smp_store_release() (Will Deacon) [Orabug: 26373790] \n- locking/qspinlock: Avoid redundant read of next pointer (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Prefetch the next node cacheline (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Reduce reader/writer to reader lock transfer latency (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Better optimization for interrupt context readers (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename functions to queued_*() (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Dont contend with readers when setting _QW_WAITING (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS (Babu Moger) [Orabug: 26373790] \n- locking/qspinlock: Use a simple write to grab the lock (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Optimize for smaller NR_CPUS (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Extract out code snippets for the next patch (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Add pending bit (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Introduce a simple generic 4-byte queued spinlock (Waiman Long) [Orabug: 26373790] \n- qede: Add support for ingress headroom (Mintz, Yuval) [Orabug: 25933053] \n- qede: Update receive statistic once per NAPI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make OOO archipelagos into an array (Michal Kalderon) [Orabug: 25933053] \n- qed: Provide iSCSI statistics to management (Mintz, Yuval) [Orabug: 25933053] \n- qed: Inform qedi the number of possible CQs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Add missing stat for new isles (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont close the OUT_EN during init (Mintz, Yuval) [Orabug: 25933053] \n- qed: Configure cacheline size in HW (Tomer Tayar) [Orabug: 25933053] \n- qed: Dont use main-ptt in unrelated flows (Rahul Verma) [Orabug: 25933053] \n- qed: Warn PTT usage by wrong hw-function (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct MSI-x for storage (Mintz, Yuval) [Orabug: 25933053] \n- qed: fix missing break in OOO_LB_TC case (Colin Ian King) [Orabug: 25933053] \n- qed: Add a missing error code (Dan Carpenter) [Orabug: 25933053] \n- qed: RoCE doesnt need to use SRC (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct TM ILT lines in presence of VFs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix TM block ILT allocation (Michal Kalderon) [Orabug: 25933053] \n- qed: Revise QM cofiguration (Ariel Elior) [Orabug: 25933053] \n- qed: Use BDQ resource for storage protocols (Mintz, Yuval) [Orabug: 25933053] \n- qed: Utilize resource-lock based scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: Support management-based resource locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Send pf-flr as part of initialization (Mintz, Yuval) [Orabug: 25933053] \n- qed: Move to new load request scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: hw_init() to receive parameter-struct (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct HW stop flow (Tomer Tayar) [Orabug: 25933053] \n- qed: Reserve VF feature before PF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont waste SBs unused by RoCE (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct endian order of MAC passed to MFW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Pass src/dst sizes when interacting with MFW (Tomer Tayar) [Orabug: 25933053] \n- qed: Revise MFW command locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Always publish VF link from leading hwfn (Mintz, Yuval) [Orabug: 25933053] \n- qed: Raise verbosity of Malicious VF indications (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make qed_iov_mark_vf_flr() return bool (Mintz, Yuval) [Orabug: 25933053] \n- qed: Deprecate VF multiple queue-stop (Mintz, Yuval) [Orabug: 25933053] \n- qed: Uniform IOV queue validation (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct default VF coalescing configuration (Mintz, Yuval) [Orabug: 25933053] \n- qed: Set HW-channel to ready before ACKing VF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Clean VF malicious indication when disabling IOV (Mintz, Yuval) [Orabug: 25933053] \n- qed: Increase verbosity of VF -> PF errors (Mintz, Yuval) [Orabug: 25933053] \n- qed*: Add support for QL41xxx adapters (Mintz, Yuval) [Orabug: 25933053] \n- qed: Enable iSCSI Out-of-Order (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct out-of-bound access in OOO history (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix interrupt flags on Rx LL2 (Ram Amrani) [Orabug: 25933053] \n- qed: Free previous connections when releasing iSCSI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix mapping leak on LL2 rx flow (Mintz, Yuval) [Orabug: 25933053] \n- qed: Prevent creation of too-big u32-chains (Tomer Tayar) [Orabug: 25933053] \n- qed: Align CIDs according to DORQ requirement (Ram Amrani) [Orabug: 25933053] \n- qed*: Utilize Firmware 8.15.3.0 (Mintz, Yuval) [Orabug: 25933053] \n- qedi: Add PCI device-ID for QL41xxx adapters. (Manish Rangankar) [Orabug: 25933053] \n- qed: Fix copy of uninitialized memory (robert.foss@collabora.com) [Orabug: 25933053] \n- qed: Dont use attention PTT for configuring BW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix race with multiple VFs (Mintz, Yuval) [Orabug: 25933053] \n- qede: Add driver support for PTP (Sudarsana Reddy Kalluru) [Orabug: 25933053] \n- qede: Remove unnecessary datapath dereference (Mintz, Yuval) [Orabug: 25933053] \n- qede - mark SKB as encapsulated (Manish Chopra) [Orabug: 25933053] \n- qede: Postpone reallocation until NAPI end (Mintz, Yuval) [Orabug: 25933053] \n- qede: Split filtering logic to its own file (Mintz, Yuval) [Orabug: 25933053] \n- qede: Break datapath logic into its own file (Mintz, Yuval) [Orabug: 25933053] \n- SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26276067] \n- btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362455] \n- btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362455] \n- btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362455] \n- Revert 'mm: meminit: only set page reserved in the memblock region' (Dhaval Giani) [Orabug: 25879295] \n- Revert 'mm: meminit: move page initialization into a separate function' (Dhaval Giani) [Orabug: 25879295] \n- net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26402662] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363}\n- drm/mgag200: Fix to always set HiPri for G200e4 V2 (Mathieu Larouche) [Orabug: 26408731] \n- dtrace: FBT module support and SPARCs return probes (Tomas Jedlicka) [Orabug: 26414392] [Orabug: 26414402] \n- bnx2x: Dont post statistics to malicious VFs (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: Allow vfs to disable txvlan offload (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: fix pf2vf bulletin DMA mapping leak (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: Fix Multi-Cos (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: add missing configuration of VF VLAN filters (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix incorrect filter count in an error message (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: do not rollback VF MAC/VLAN filters we did not configure (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix detection of VLAN filtering feature for VF (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix possible overrun of VFPF multicast addresses array (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: lower verbosity of VF stats debug messages (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [Orabug: 26308277] \n- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077}\n- lpfc update for uek4 11.4.0.2 (rkennedy) [Orabug: 26283182] \n- lpfc: Driver responds LS_RJT to Beacon Off (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after firmware flash when (James Smart) [Orabug: 26283182] \n- lpfc: Vport creation is failing with Link (James Smart) [Orabug: 26283182] \n- lpfc: Null pointer dereference when (James Smart) [Orabug: 26283182] \n- lpfc: Fix return value of board_mode store (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix Port going offline after (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix spelling mistake 'entrys' (Colin Ian King) [Orabug: 26283182] \n- scsi: lpfc: Add MDS Diagnostic support. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix used-RPI accounting problem. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix panic on BFS configuration (James Smart) [Orabug: 26283182] \n- lpfc: Fix Express lane queue creation. (James Smart) [Orabug: 26283182] \n- lpfc: Fix driver usage of 128B WQEs when WQ_CREATE is (James Smart) [Orabug: 26283182] \n- lpfc: Add Fabric assigned WWN support. (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after issuing lip reset (James Smart) [Orabug: 26283182] \n- lpfc: Remove NULL ptr check before kfree. (James Smart) [Orabug: 26283182] \n- lpfc: Fix spelling in comments. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix PT2PT PRLI reject (James Smart) [Orabug: 26283182] \n- scsi: lpfc: correct rdp diag portnames (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix eh_deadline setting for sli3 adapters. (rkennedy) [Orabug: 26283182] \n- scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix missing spin_unlock on sql_list_lock (Colin Ian King) [Orabug: 26283182] \n- Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26402281] \n- blk-mq: dont redistribute hardware queues on a CPU hotplug event (Christoph Hellwig) [Orabug: 26039539] \n- RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351421] \n- xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26351649] \n- be2net: Update the driver version to 11.4.0.0 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix UE detection logic for BE3 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix offload features for Q-in-Q packets (Vlad Yasevich) [Orabug: 26403544] \n- benet: Use time_before_eq for time comparison (Karim Eshapa) [Orabug: 26403544] \n- be2net: Fix endian issue in logical link config command (Suresh Reddy) [Orabug: 26403544] \n- be2net: fix initial MAC setting (Ivan Vecera) [Orabug: 26403544] \n- drivers: net: generalize napi_complete_done() (Eric Dumazet) [Orabug: 26403544] \n- be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix unicast list filling (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix accesses to unicast list (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix non static symbol warnings (Wei Yongjun) [Orabug: 26403544] \n- be2net: Avoid redundant addition of mac address in HW (Suresh Reddy) [Orabug: 26403544] \n- be2net: Support UE recovery in BEx/Skyhawk adapters (Sriharsha Basavapatna) [Orabug: 26403544] \n- be2net: replace polling with sleeping in the FW completion path (Sathya Perla) [Orabug: 26403544] \n- be2net: support asymmetric rx/tx queue counts (Sathya Perla) [Orabug: 26403544] \n- net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26409533] \n- net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26415107] \n- dtrace: Add support for manual triggered cyclics (Tomas Jedlicka) [Orabug: 26384803] \n- dtrace: LOW level cyclics should use workqueues (Tomas Jedlicka) [Orabug: 26384779] \n- sparc64: add DAX2 support to dax driver (Allen Pais) [Orabug: 26317606] \n- uek-rpm: change memory allocator from slab to slub (Allen Pais) \n- arch/sparc: Avoid DCTI Couples (Allen Pais) [Orabug: 26413522] \n- drivers/usb: Skip auto handoff for TI and RENESAS usb controllers (Babu Moger) [Orabug: 26389756] \n- sparc-config: Enable timestamp in dmesg output. (Atish Patra) [Orabug: 26389709] \n- sparc64: rtrap must set PSTATE.mcde before handling outstanding user work (Anthony Yznaga) [Orabug: 26388591] \n- i40e: Correct the macros for setting the DMA attributes (Jack Vogel) [Orabug: 26386323] \n- sparc64: Exclude perf user callchain during critical sections (Dave Aldridge) [Orabug: 26386213] \n- sunvnet: restrict advertized checksum offloads to just IP (Shannon Nelson) [Orabug: 26338709] \n- sparc64: add ccb kill and info to DAX driver (Jonathan Helman) [Orabug: 26317602] \n- i40e: fix annoying message (Jesse Brandeburg) [Orabug: 26420290] \n- watchdog: Move hardlockup detector to separate file (Allen Pais) [Orabug: 26420310] \n- watchdog: Move shared definitions to nmi.h (Allen Pais) [Orabug: 26420310] \n- sparc64: Suppress kmalloc (DAX driver) warning due to allocation failure (Sanath Kumar) [Orabug: 26338830] \n- i40evf: Use le32_to_cpu before evaluating HW desc fields. (Tushar Dave) [Orabug: 26420345] \n- sparc64: revert pause instruction patch for atomic backoff and cpu_relax() (Babu Moger) [Orabug: 26309070] \n- SPARC64: Correct ATU IOTSB binding flow (Tushar Dave) [Orabug: 26419957] \n- SPARC64: Introduce IOMMU BYPASS method (Tushar Dave) [Orabug: 26420209] \n- i40e: Revert i40e temporary workaround (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable 64-bit DMA (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable sun4v dma ops to use IOMMU v2 APIs (Allen Pais) [Orabug: 21149316] \n- sparc64: Bind PCIe devices to use IOMMU v2 service (Allen Pais) [Orabug: 21149316] \n- sparc64: Initialize iommu_map_table and iommu_pool (Tushar Dave) [Orabug: 21149316] \n- sparc64: Add ATU (new IOMMU) support (Allen Pais) [Orabug: 21149316] \n- sparc64: Make FORCE_MAX_ZONEORDER to 13 for ATU (Allen Pais) [Orabug: 21149316] \n- Revert 'sparc64: bypass iommu to use 64bit address space' (Allen Pais) [Orabug: 21149316] \n- [PATCH] RDS: When RDS socket is closed, print unreleased MRs (Rama Nichanamatlu) [Orabug: 26261993] \n- IB/IPoIB: ibX: failed to create mcg debug file (Shamir Rabinovitch) [Orabug: 24711873] [Orabug: 25175533] \n- scsi: qedi: Fix memory leak in tmf response processing. (Dupuis, Chad) [Orabug: 25667174] \n- scsi: qedi: fix build error without DEBUG_FS (Arnd Bergmann) [Orabug: 25667174] \n- scsi: qedi: fix missing return error code check on call to qedi_setup_int (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() (Wei Yongjun) [Orabug: 25667174] \n- scsi: qedi: return via va_end to match corresponding va_start (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: fix build, depends on UIO (Randy Dunlap) [Orabug: 25667174] \n- scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. (Manish Rangankar) [Orabug: 25667174] \n- dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890}\n- Initialize fiblink list head during fib initialization (Dave Carroll) [Orabug: 26291272] \n- aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291272] \n- IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26409722] \n- bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] \n- bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] \n- bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] \n- IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 25908234] \n- bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397428] \n- i40e: remove FDIR_REQUIRES_REINIT driver flag (Jacob Keller) [Orabug: 26403617] \n- i40e: remove a useless goto statement (Jacob Keller) [Orabug: 26403617] \n- i40e: Check for new arq elements before leaving the adminq subtask loop (Christopher N Bednarz) [Orabug: 26403617] \n- i40e: use register for XL722 control register read/write (Paul M Stillwell Jr) [Orabug: 26403617] \n- i40e: Clean up handling of private flags (Alexander Duyck) [Orabug: 26403617] \n- i40evf: enforce descriptor write-back mechanism for VF (Preethi Banala) [Orabug: 26403617] \n- i40e: initialize params before notifying of l2_param_changes (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: Clean-up process_skb_fields (Alexander Duyck) [Orabug: 26403617] \n- i40e: removed no longer needed delays (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Fixed race conditions in VF reset (Robert Konklewski) [Orabug: 26403617] \n- i40e/i40evf: Fix use after free in Rx cleanup path (Alexander Duyck) [Orabug: 26403617] \n- i40e: fix configuration of RSS table with DCB (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: Do not enable NAPI on q_vectors that have no rings (Alexander Duyck) [Orabug: 26403617] \n- i40e: make use of hlist_for_each_entry_continue (Jacob Keller) [Orabug: 26403617] \n- i40e: document drivers use of ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: add support for SCTPv4 FDir filters (Jacob Keller) [Orabug: 26403617] \n- i40e: implement support for flexible word payload (Jacob Keller) [Orabug: 26403617] \n- i40e: add parsing of flexible filter fields from userdef (Jacob Keller) [Orabug: 26403617] \n- i40e: partition the ring_cookie to get VF index (Jacob Keller) [Orabug: 26403617] \n- i40e: allow changing input set for ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: restore default input set for each flow type (Jacob Keller) [Orabug: 26403617] \n- i40e: check current configured input set when adding ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: correctly honor the mask fields for ETHTOOL_SRXCLSRLINS (Jacob Keller) [Orabug: 26403617] \n- i40e: always remove old filter when adding new FDir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: explicitly fail on extended MAC field for ethtool_rx_flow_spec (Jacob Keller) [Orabug: 26403617] \n- i40e: add counters for UDP/IPv4 and IPv4 filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont re-enable ATR when flushing filters if SB has TCP4/IPv4 rules (Jacob Keller) [Orabug: 26403617] \n- i40e: reset fd_tcp_rule count when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: remove redundant check for fd_tcp_rule when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: exit ATR mode only when adding TCP/IPv4 filter succeeds (Jacob Keller) [Orabug: 26403617] \n- i40e: return immediately when failing to add fdir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: rework exit flow of i40e_add_fdir_ethtool (Jacob Keller) [Orabug: 26403617] \n- i40e: dont use arrays for (src|dst)_ip (Jacob Keller) [Orabug: 26403617] \n- i40e: send correct port number to AdminQ when enabling UDP tunnels (Jacob Keller) [Orabug: 26403617] \n- i40e: rename auto_disable_flags to hw_disabled_flags (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e/i40evf: Change version from 1.6.27 to 2.1.7 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Allow untrusted VFs to have more filters (Mitch Williams) [Orabug: 26403617] \n- i40e: Clarify steps in MAC/VLAN filters initialization routine (Filip Sadowski) [Orabug: 26403617] \n- i40e: fix RSS queues only operating on PF0 (Lihong Yang) [Orabug: 26403617] \n- i40e: fix ethtool to get EEPROM data from X722 interface (Lihong Yang) [Orabug: 26403617] \n- i40e: dont add more vectors to num_lan_msix than number of CPUs (Jacob Keller) [Orabug: 26403617] \n- i40e: KISS the client interface (Mitch Williams) [Orabug: 26403617] \n- i40e: fix up recent proxy and wol bits for X722_SUPPORT (Shannon Nelson) [Orabug: 26403617] \n- i40e: Acquire NVM lock before reads on all devices (Aaron Salter) [Orabug: 26403617] \n- scripts/spelling.txt: add 'varible' pattern and fix typo instances (Masahiro Yamada) [Orabug: 26403617] \n- i40e: Invoke softirqs after napi_reschedule (Benjamin Poirier) [Orabug: 26403617] \n- i40e: remove duplicate device id from PCI table (Carolyn Wyborny) [Orabug: 26403617] \n- i40e: mark the value passed to csum_replace_by_diff as __wsum (Jacob Keller) [Orabug: 26403617] \n- i40e: Error handling for link event (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: properly convert le16 value to CPU format (Jacob Keller) [Orabug: 26403617] \n- i40e: convert to cpu from le16 to generate switch_id correctly (Jacob Keller) [Orabug: 26403617] \n- i40e: refactor AQ CMD buffer debug printing (Alan Brady) [Orabug: 26403617] \n- i40e: Fix Adaptive ITR enabling (Carolyn Wyborny) [Orabug: 26403617] \n- i40evf: add comment (Mitch Williams) [Orabug: 26403617] \n- i40evf: free rings in remove function (Mitch Williams) [Orabug: 26403617] \n- i40e: remove unnecessary call to i40e_update_link_info (Jacob Keller) [Orabug: 26403617] \n- i40e: enable mc magic pkt wakeup during power down (Joshua Hay) [Orabug: 26403617] \n- i40e: fix disable overflow promiscuous mode (Alan Brady) [Orabug: 26403617] \n- i40e: Save more link abilities when using ethtool (Henry Tieman) [Orabug: 26403617] \n- i40e: avoid race condition when sending filters to firmware for addition (Jacob Keller) [Orabug: 26403617] \n- i40e: allow i40e_update_filter_state to skip broadcast filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont warn every time we clear an Rx timestamp register (Jacob Keller) [Orabug: 26403617] \n- i40e: Save link FEC info from link up event (Henry Tieman) [Orabug: 26403617] \n- i40e: Add bus number info to i40e_bus_info struct (Sudheer Mogilappagari) [Orabug: 26403617] \n- i40e: Clean up dead code (Mitch Williams) [Orabug: 26403617] \n- i40e/i40evf : Changed version from 1.6.25 to 1.6.27 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: update comment explaining where FDIR buffers are freed (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: eliminate i40e_pull_tail() (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Moves skb from i40e_rx_buffer to i40e_ring (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Limit DMA sync of RX buffers to actual packet size (Scott Peterson) [Orabug: 26403617] \n- i40evf: track outstanding client request (Mitch Williams) \n- i40e: dont check params until after checking for client instance (Jacob Keller) [Orabug: 26403617] \n- i40e: add interrupt rate limit verbosity (Alan Brady) [Orabug: 26403617] \n- i40e: refactor macro INTRL_USEC_TO_REG (Alan Brady) [Orabug: 26403617] \n- i40e: remove unused function (Mitch Williams) [Orabug: 26403617] \n- i40e: Remove FPK HyperV VF device ID (Jayaprakash Shanmugam) \n- i40e: Quick refactor to start moving data off stack and into Tx buffer info (Alexander Duyck) [Orabug: 26403617] \n- i40e: remove unnecessary __packed (Tushar Dave) [Orabug: 26403617] \n- i40evf: remove unused device ID (Mitch Williams) \n- i40e: Deprecating unused macro (Bimmy Pujari) [Orabug: 26403617] \n- i40e: when adding or removing MAC filters, correctly handle VLANs (Jacob Keller) [Orabug: 26403617] \n- i40e: avoid O(n^2) loop when deleting all filters (Jacob Keller) [Orabug: 26403617] \n- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: dont allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (Jacob Keller) [Orabug: 26403617] \n- i40e: Changed version from 1.6.21 to 1.6.25 (Bimmy Pujari) [Orabug: 26403617] \n- i40e/i40evf: Add support for mapping pages with DMA attributes (Alexander Duyck) [Orabug: 26396552] \n- aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26367703] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26388629] \n- dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26388629] \n- sparc64: Set valid bytes of misaligned no-fault loads (Rob Gardner) [Orabug: 26316944] \n- fs/fuse: Fix for correct number of numa nodes (Babu Moger) [Orabug: 26369428] \n- sparc64: delete old wrap code (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: new context wrap (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: add per-cpu mm of secondary contexts (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: redefine first version (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: combine activate_mm and switch_mm (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: reset mm cpumask after wrap (Pavel Tatashin) [Orabug: 26372254] \n- Revert 'sparc64: Restrict number of processes' (Pavel Tatashin) [Orabug: 26372230] \n- net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350974] \n- x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26361327] \n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645}\n- sparc64: broken %tick frequency on spitfire cpus (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: use prom interface to get %stick frequency (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize functions that access tick (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: add hot-patched and inlined get_tick() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: initialize time early (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: improve modularity tick options (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize loads in clock_sched() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: show time stamps from zero (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: access tick function from variable (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: remove trailing white spaces (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 26372235] \n- macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- sparc64: Add 16GB hugepage support (Nitin Gupta) [Orabug: 26319885] \n- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354404] \n- xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354404] \n- xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354404] \n- xfs: dont reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354404] \n- xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354404] \n- xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354404] \n- xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354404] \n- rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: various endian-ness fixes (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: remove cp_outgoing (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Take explicit refcounts on struct net (Sowmini Varadhan) [Orabug: 26235715] \n- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- dtrace: add kprobe-unsafe addresses to FBT blacklist (Kris Van Hees) [Orabug: 26324039] \n- dtrace: convert FBT blacklist to RB-tree (Kris Van Hees) [Orabug: 26324039] \n- e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (Konstantin Khlebnikov) [Orabug: 26338952] \n- e1000e: Dont return uninitialized stats (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: fix race condition around skb_tstamp_tx() (Jacob Keller) [Orabug: 26338952] \n- e1000e: Add Support for 38.4MHZ frequency (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Add Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Initial Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: fix timing for 82579 Gigabit Ethernet controller (Bernd Faust) [Orabug: 26338952] \n- e1000: Omit private ndo_get_stats function (Tobias Klauser) [Orabug: 26338952] \n- Revert 'e1000e: driver trying to free already-free irq' (Jeff Kirsher) [Orabug: 26338952] \n- e1000e: driver trying to free already-free irq (khalidm) [Orabug: 26338952] \n- e1000: use disable_hardirq() for e1000_netpoll() (WANG Cong) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: factor out systim sanitization (Jarod Wilson) [Orabug: 26338952] \n- e1000e: prevent division by zero if TIMINCA is zero (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: keep Rx/Tx HW_VLAN_CTAG in sync (Jarod Wilson) [Orabug: 26338952] \n- e1000e: keep VLAN interfaces functional after rxvlan off (Jarod Wilson) [Orabug: 26338952] \n- e1000e: dont modify SYSTIM registers during SIOCSHWTSTAMP ioctl (Jacob Keller) [Orabug: 26338952] \n- e1000e: mark shifted values as unsigned (Jacob Keller) [Orabug: 26338952] \n- e1000e: use BIT() macro for bit defines (Jacob Keller) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): do overflow check only if needed (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64 (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: Cleanup consistency in ret_val variable usage (Brian Walsh) [Orabug: 26338952] \n- e1000e: fix ethtool autoneg off for non-copper (Steve Shih) [Orabug: 26338952] \n- e1000: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000: Double Tx descriptors needed check for 82544 (Alexander Duyck) [Orabug: 26338952] \n- e1000: Do not overestimate descriptor counts in Tx pre-check (Alexander Duyck) [Orabug: 26338952] \n- e1000e: Initial support for KabeLake (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Clear ULP configuration register on ULP exit (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase PHY PLL clock gate timing (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase ULP timer (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Fix msi-x interrupt automask (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not write lsc to ics in msi-x mode (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not read ICR in Other interrupt (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Remove unreachable code (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Switch e1000e_up to void, drop code checking for error result (Alexander Duyck) [Orabug: 26338952] \n- e1000e: initial support for i219-LM (3) (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase timeout of polling bit RSPCIPHY (Raanan Avargil) [Orabug: 26338952] \n- e1000e: fix division by zero on jumbo MTUs (Dmitry Fleytman) [Orabug: 26338952] \n- e1000: Elementary checkpatch warnings and checks removed (Janusz Wolak) [Orabug: 26338952] \n- e1000: get rid of duplicate exit path (Jean Sacren) [Orabug: 26338952] \n- e1000: fix kernel-doc argument being missing (Jean Sacren) [Orabug: 26338952] \n- e1000e: clean up the local variable (Jean Sacren) [Orabug: 26338952] \n- e1000: fix a typo in the comment (Jean Sacren) [Orabug: 26338952] \n- e1000: clean up the checking logic (Jean Sacren) [Orabug: 26338952] \n- e1000: Remove checkpatch coding style errors (Janusz Wolak) [Orabug: 26338952] \n- e1000: fix data race between tx_ring->next_to_clean (Dmitriy Vyukov) [Orabug: 26338952] \n- e1000: make eeprom read/write scheduler friendly (Joern Engel) [Orabug: 26338952] \n- e1000e: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26338952] \n- e1000: remove dead e1000_init_eeprom_params calls (Francois Romieu) [Orabug: 26338952] \n- e1000e: Modify Tx/Rx configurations to avoid null pointer dereferences in e1000_open (Jia-Ju Bai) [Orabug: 26338952] \n- ixgbe: fix incorrect status check (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add missing configuration for rate select 1 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: always call setup_mac_link for multispeed fiber (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add write flush when configuring CS4223/7 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: correct CS4223/7 PHY identification (Emil Tantilov) [Orabug: 26339150] \n- ixgbevf: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add error checking to setting VF MAC (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Correct thermal sensor event check (Mark Rustad) [Orabug: 26339150] \n- ixgbe: enable L3/L4 filtering for Tx switched packets (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Remove MAC X550EM_X 1Gbase-t led_[on|off] support (Paul Greenwalt) [Orabug: 26339150] \n- ixgbevf: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Fix errors in retrieving RETA and RSS from PF (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add 1000Base-T device based on X550EM_X MAC (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Allow setting zero MAC address for VF (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: fix size of queue stats length (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: clean macvlan MAC filter table on VF reset (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Acquire PHY semaphore before device reset (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Fix output from ixgbe_dump (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: add check for VETO bit when configuring link for KR (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove unused define (Don Skidmore) [Orabug: 26339150] \n- ixgbe: do not use adapter->num_vfs when setting VFs via module parameter (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: return early instead of wrap block in if statement (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: move num_vfs_macvlans allocation into separate function (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add default setup_link for x550em_a MAC type (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: list X553 backplane speeds correctly (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Add X552 XFI backplane support (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Complete support for X553 sgmii (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Remove driver config for KX4 PHY (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove pr_cont uses (Joe Perches) [Orabug: 26339150] \n- ixgbe: Avoid Tx hang by not allowing more than the number of VFs supported. (Usha Ketineni) [Orabug: 26339150] \n- ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: update the rss key on h/w, when ethtool ask for it (Paolo Abeni) [Orabug: 26339150] \n- ixgbe: Dont bother clearing buffer memory for descriptor rings (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add private flag to control buffer mode (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add support for padding packet (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (Alexander Duyck) \n- ixgbe: Only DMA sync frame length (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Update version to reflect added functionality (Mark Rustad) [Orabug: 26339150] \n- ixgbe: prefix Data Center Bridge ops struct (Stephen Hemminger) [Orabug: 26339150] \n- ixgbe: Support 2.5Gb and 5Gb speed (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: Add PF support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: Add support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Implement support for firmware-controlled PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Implement firmware interface to access some PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Remove unused firmware version functions and method (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Fix issues with EEPROM access (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Configure advertised speeds correctly for KR/KX backplane (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: restore hw_addr on resume or error (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Yusuke Suzuki) [Orabug: 26339150] \n- ixgbevf: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: test for trust in macvlan adjustments for VF (Ken Cox) [Orabug: 26339150] \n- ixgbevf: handle race between close and suspend on shutdown (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: handle close/suspend race with netif_device_detach/present (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix reporting of 100Mb capability (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Reduce I2C retry count on X550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add bounds check for x540 LED functions (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: add mask for 64 RSS queues (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Report driver version to firmware for x550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: do not disable FEC from the driver (Emil Tantilov) [Orabug: 26339150] \n- net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26258518] \n- IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304670] \n- uek-config: disable CONFIG_MOUSE_PS2_VMMOUSE for ol6 (Ethan Zhao) [Orabug: 26264650] \n- igb: missing rtnl_unlock in igb_sriov_reinit() (Vasily Averin) [Orabug: 26242904] \n- igb: bump version to igb-5.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: bump version to igbvf-2.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igb: fix non static symbol warning (Wei Yongjun) [Orabug: 26242904] \n- igb: fix error code in igb_add_ethtool_nfc_entry() (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by VLAN priority (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by ethertype (Gangfeng Huang) [Orabug: 26242904] \n- igb: add support of RX network flow classification (Gangfeng Huang) [Orabug: 26242904] \n- igb: fix adjusting PTP timestamps for Tx/Rx latency (Kshitiz Gupta) [Orabug: 26242904] \n- igb: Only DMA sync frame length (Andrew Lunn) [Orabug: 26242904] \n- igb: call igb_ptp_suspend during suspend/resume cycle (Jacob Keller) [Orabug: 26242904] \n- igb: implement igb_ptp_suspend (Jacob Keller) [Orabug: 26242904] \n- igb: re-use igb_ptp_reset in igb_ptp_init (Jacob Keller) [Orabug: 26242904] \n- igb: introduce IGB_PTP_OVERFLOW_CHECK flag (Jacob Keller) [Orabug: 26242904] \n- igb: introduce ptp_flags variable and use it to replace IGB_FLAG_PTP (Jacob Keller) [Orabug: 26242904] \n- igbvf: use BIT() macro instead of shifts (Jacob Keller) [Orabug: 26242904] \n- igbvf: remove unused variable and dead code (Jacob Keller) [Orabug: 26242904] \n- igb: adjust PTP timestamps for Tx/Rx latency (Nathan Sullivan) [Orabug: 26242904] \n- igb: make igb_update_pf_vlvf static (Jacob Keller) [Orabug: 26242904] \n- igb: use BIT() macro or unsigned prefix (Jacob Keller) [Orabug: 26242904] \n- Revert 'igb: Fix a deadlock in igb_sriov_reinit' (Arika Chen) [Orabug: 26242904] \n- igb: Garbled output for 'ethtool -m' (Doron Shikmoni) [Orabug: 26242904] \n- igb: allow setting MAC address on i211 using a device tree blob (John Holland) [Orabug: 26242904] \n- igb: Fix sparse warning about passing __beXX into leXX_to_cpup (Alexander Duyck) [Orabug: 26242904] \n- igb: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [Orabug: 26242904] \n- igbvf: remove 'link is Up' message when registering mcast address (Jon Maxwell) [Orabug: 26242904] \n- igbvf: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: rename igb define to be more generic (Todd Fujinaka) [Orabug: 26242904] \n- igb: add conditions for I210 to generate periodic clock output (Roland Hii) [Orabug: 26242904] \n- igb: enable WoL for OEM devices regardless of EEPROM setting (Todd Fujinaka) [Orabug: 26242904] \n- igb: constify e1000_phy_operations structure (Julia Lawall) [Orabug: 26242904] \n- igb: When GbE link up, wait for Remote receiver status condition (Takuma Ueba) [Orabug: 26242904] \n- igb: Add workaround for VLAN tag stripping on 82576 (Alexander Duyck) [Orabug: 26242904] \n- igb: Enable use of 'bridge fdb add' to set unicast table entries (Alexander Duyck) [Orabug: 26242904] \n- igb: Drop unnecessary checks in transmit path (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for VLAN promiscuous with SR-IOV and NTUPLE (Alexander Duyck) [Orabug: 26242904] \n- igb: Clean-up configuration of VF port VLANs (Alexander Duyck) [Orabug: 26242904] \n- igb: Merge VLVF configuration into igb_vfta_set (Alexander Duyck) [Orabug: 26242904] \n- igb: Always enable VLAN 0 even if 8021q is not loaded (Alexander Duyck) [Orabug: 26242904] \n- igb: Do not factor VLANs into RLPML calculation (Alexander Duyck) [Orabug: 26242904] \n- igb: Allow asymmetric configuration of MTU versus Rx frame size (Alexander Duyck) [Orabug: 26242904] \n- igb: Refactor VFTA configuration (Alexander Duyck) [Orabug: 26242904] \n- igb: clean up code for setting MAC address (Alexander Duyck) [Orabug: 26242904] \n- igb/igbvf: dont give up (Mitch Williams) [Orabug: 26242904] \n- igb: Unpair the queues when changing the number of queues (Shota Suzuki) [Orabug: 26242904] \n- igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (Shota Suzuki) [Orabug: 26242904] \n- igb: Explicitly label self-test result indices (Joe Schultz) [Orabug: 26242904] \n- igb: Improve cable length function for I210, etc. (Joe Schultz) [Orabug: 26242904] \n- igb: Dont add PHY address to PCDL address (Aaron Sierra) [Orabug: 26242904] \n- igb: Remove GS40G specific defines/functions (Aaron Sierra) [Orabug: 26242904] \n- igb: improve handling of disconnected adapters (Jarod Wilson) [Orabug: 26242904] \n- igb: fix NULL derefs due to skipped SR-IOV enabling (Jan Beulich) [Orabug: 26242904] \n- igb: use the correct i210 register for EEMNGCTL (Todd Fujinaka) [Orabug: 26242904] \n- igb: dont unmap NULL hw_addr (Jarod Wilson) [Orabug: 26242904] \n- igb: add 88E1543 initialization code (Todd Fujinaka) [Orabug: 26242904] \n- net: igb: avoid using timespec (Arnd Bergmann) [Orabug: 26242904] \n- igb: assume MSI-X interrupts during initialization (Stefan Assmann) [Orabug: 26242904] \n- igbvf: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26242904] \n- igb: make sure SR-IOV init uses the right number of queues (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: clear buffer_info->dma after dma_unmap_single() (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix a memory leak in igb_probe (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Fix a deadlock in igb_sriov_reinit (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Teardown SR-IOV before unregister_netdev() (Alex Williamson) [Orabug: 26242904] \n- igb: add support for 1512 PHY (Todd Fujinaka) [Orabug: 26242904] \n- igb: implement high frequency periodic output signals (Richard Cochran) [Orabug: 26242904] \n- blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321954] \n- Documentation/sparc: Steps for sending break on sunhv console (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Send break twice from console to return to boot prom (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Migrate hvcons irq to panicked cpu (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Set cpu state to offline when stopped (Vijay Kumar) [Orabug: 26322031] \n- dtrace: io provider probes for nfs (Nicolas Droux) [Orabug: 26145701] \n- ctf: fix a variety of memory leaks and use-after-free bugs (Nick Alcock) [Orabug: 26323755] \n- DTrace: IP provider use-after-free for drop-out probe points (Alan Maguire) [Orabug: 25924594] \n- net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265801] \n- nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26284735] \n- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26284735] \n- percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26290757] \n- block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26290757] \n- vfio/pci: Fix unsigned comparison overflow (Alex Williamson) \n- restore mutex_lock() call to blk_mq_freeze_queue_start() (Dan Duval) [Orabug: 26266917] \n- sparc64: mm: fix copy_tsb to correctly copy huge page TSBs (Mike Kravetz) [Orabug: 26273004] \n- nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26284603] \n- nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26284626] \n- IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 26290377] \n- btrfs: fix clone / extent-same deadlocks (Mark Fasheh) [Orabug: 26093112] \n- btrfs: dont update mtime/ctime on deduped inodes (Mark Fasheh) [Orabug: 26093112] \n- btrfs: allow dedupe of same inode (Mark Fasheh) [Orabug: 26093112] \n- btrfs: fix deadlock with extent-same and readpage (Mark Fasheh) [Orabug: 26093112] \n- btrfs: pass unaligned length to btrfs_cmp_data() (Mark Fasheh) [Orabug: 26093112] \n- Fix Express lane queue creation. (James Smart) [Orabug: 26102276] \n- uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26185792] [Orabug: 25983319] \n- rds: tcp: fix memory leak in TIME_WAIT sockets (Sowmini Varadhan) [Orabug: 26189892] \n- rds: tcp: canonical connection order for all paths with index > 0 (Sowmini Varadhan) [Orabug: 25436912] \n- rds: tcp: allow progress of rds_conn_shutdown if the rds_connection is marked ERROR by an intervening FIN (Sowmini Varadhan) [Orabug: 25436912] \n- Backport multipath RDS from upstream to UEK4 (Sowmini Varadhan) [Orabug: 25436912]\n[4.1.12-103.2.1]\n- uek-rpm: enable bnxt driver for sparc (Allen Pais) [Orabug: 26222502] \n- uek-rpm: set CONFIG_FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 26222494] \n- sparc: Fix kernel BUG at arch/sparc/kernel/mdesc.c (Thomas Tai) \n- sparc64: allocate sufficient space for machine description (Thomas Tai) [Orabug: 26222471] \n- sparc64/mlx4_core: relaxed order for mlx4_core dma mappings (Shamir Rabinovitch) [Orabug: 26222434] \n- xsigo: UEK4-QU5: poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199200] \n- NVMe: During NVMe probe, get NVMe device information before mapping the device (Ashok Vairavan) [Orabug: 26194850] \n- sparc64: Fix an error code returned by a DAX ioctl (Sanath Kumar) [Orabug: 26190999] \n- sparc64: fix M8 ADI support (Anthony Yznaga) [Orabug: 26190997]\n[4.1.12-103.1.1]\n- Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088208] \n- scsi: megaraid_sas: Driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: array overflow in megasas_dump_frame() (Dan Carpenter) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Indentation and smatch warning fixes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Increase internal command pool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Bail out the driver load if ld_list_query fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: update can_queue only if the new value is less (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: avoid unaligned access in ioctl path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: big endian support changes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Big endian RDPQ mode fix (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: MR_TargetIdToLdGet u8 to u16 and avoid invalid raid-map access (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: In validate raid map, raid capability is not converted to cpu format for all lds (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: reduce size of fusion_context and use vmalloc if kmalloc fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add print in device removal path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: enhance debug logs in OCR context (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set residual bytes count during IO completion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 write performance for large io (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: change issue_dcmd to return void from int (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_get_request_descriptor always return valid desc (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Use DID_REQUEUE (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: RAID map is accessed for SYS PDs when use_seqnum_jbod_fp is not set (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Refactor MEGASAS_IS_LOGICAL macro using sdev (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: 32 bit descriptor fire cmd optimization (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 fast path code optimize (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: cpu select rework. (Shivasharan S) [Orabug: 26096381] \n- Revert 'scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth' (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: ldio_outstanding variable is not decremented in completion path (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: 128 MSIX Support (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: sd: Check for unaligned partial completion (Damien Le Moal) [Orabug: 26178369] \n- PCI/AER: include header file (Sudip Mukherjee) [Orabug: 25130845] \n- NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 25258071] \n- nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 25130845] \n- nvme.h: add AER constants (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 25130845] \n- nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 25130845] \n- NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 25130845] \n- NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25186219] \n- nvme: Limit command retries (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138123] \n- NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 25130845] \n- nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 25130845] \n- nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 25130845] \n- nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 25130845] \n- blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 25130845] \n- NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 25130845] \n- NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 25130845] \n- NVMe: Unbind driver on failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Delete only created queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 25130845] \n- nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 25130845] \n- NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 25130845] \n- nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 25130845] \n- nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 25130845] \n- nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 25130845] \n- nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 25130845] \n- NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 25130845] \n- NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: fix cntlid type (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 25130845] \n- nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 25130845] \n- NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 25130845] \n- block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 25130845] \n- nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 25130845] \n- nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 25130845] \n- block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 25130845] \n- nvme: rewrite discard support (Ming Lin) [Orabug: 25130845] \n- nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 25130845] \n- nvme: add missing lock nesting notation (Ming Lin) [Orabug: 25130845] \n- NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 25130845] \n- NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 25130845] \n- nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 25130845] \n- nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 25130845] \n- NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 25130845] \n- NVMe: Simplify device reset failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 25130845] \n- NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 25130845] \n- nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 25130845] \n- nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 25130845] \n- nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 25130845] \n- NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow request merges (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix io incapable return values (Keith Busch) [Orabug: 25130845] \n- nvme: split pci module out of core module (Ming Lin) [Orabug: 25130845] \n- nvme: split dev_list_lock (Ming Lin) [Orabug: 25130845] \n- nvme: move timeout variables to core.c (Ming Lin) [Orabug: 25130845] \n- nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 25130845] \n- nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 25130845] \n- nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 25130845] \n- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 25130845] \n- NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 25130845] \n- NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 25130845] \n- NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 25130845] \n- nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 25130845] \n- nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 25130845] \n- NVMe: Add pci error handlers (Keith Busch) [Orabug: 25130845] \n- nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 25130845] \n- nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 25130845] \n- nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify completion handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: special case AEN requests (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Simplify metadata setup (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 25130845] \n- nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 25130845] \n- nvme: simplify resets (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 25130845] \n- nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 25130845] \n- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 25130845] \n- nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 25130845] \n- nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 25130845] \n- nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 25130845] \n- nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use offset instead of a struct for registers (Christoph Hellwig) \n- nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 25130845] \n- nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 25130845] \n- block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 25130845] \n- block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 25130845] \n- nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 25130845] \n- nvme include linux types.h (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 25130845] \n- NVMe: Set affinity after allocating request queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 25130845] \n- NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 25130845] \n- Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 25130845] \n- Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- Revert 'nvme: Limit command retries' (Ashok Vairavan) \n- Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) \n- Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) \n- Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) \n- Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- forcedeth: enable forcedeth kernel option (Zhu Yanjun) [Orabug: 25571921] \n- ipmi: Edit ambiguous error message for unknown command (Atish Patra) [Orabug: 25461958] \n- kabi whitelist: Remove all ib_ symbols from the list. (Knut Omang) [Orabug: 25955825] \n- ext4: print ext4 mount option data_err=abort correctly (Ales Novak) [Orabug: 25691020] \n- IB/sa: Allocate SA query with kzalloc (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix netlink local service GFP crash (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix rdma netlink message flags (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Put netlink request into the request list before sending (Kaike Wan) [Orabug: 26124118] \n- IB/core: Fix a potential array overrun in CMA and SA agent (Yuval Shaia) [Orabug: 26124118] \n- IB/SA: Use correct free function (Mark Bloch) [Orabug: 26124118] \n- IB/sa: Route SA pathrecord query through netlink (Kaike Wan) [Orabug: 26124118] \n- IB/core: Add rdma netlink helper functions (Kaike Wan) [Orabug: 26124118] \n- IB/netlink: Add defines for local service requests through netlink (Kaike Wan) [Orabug: 26124118] \n- scsi: mpt3sas: remove redundant wmb (Sinan Kaya) [Orabug: 26096353] \n- scsi: mpt3sas: Updating driver version to v15.100.00.00 (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix for Crusader to achieve product targets with SAS devices. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix Firmware fault state 0x2100 during heavy 4K RR FIO stress test. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Added print to notify cable running at a degraded speed. (Chaitra P B) [Orabug: 26096353] \n- xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26072430] \n- qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 26021151] \n- Btrfs: dont BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25975316] \n- Btrfs: clarify do_chunk_alloc()s return value (Liu Bo) [Orabug: 25975316] \n- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25975316] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25955089] \n- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] \n- uek-rpm: configs: enable CONFIG_ACPI_NFIT (Todd Vierling) [Orabug: 25719149] \n- ipv6: Dont use ufo handling on later transformed packets (Jakub Sitnicki) [Orabug: 25533743] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- fs/file.c: __fget() and dup2() atomicity rules (Eric Dumazet) [Orabug: 25408921] \n- IB/ipoib: add get_settings in ethtool (Zhu Yanjun) [Orabug: 25048521] \n- RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26081079] \n- Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) \n- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] \n- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25975223] \n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895}\n- sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (Dave Kleikamp) [Orabug: 25491970] \n- sparc64: cache_line_size() returns larger value for cache line size. (chris hyser) \n- sparc64: fix inconsistent printing of handles in debug messages (Menno Lageman) \n- sparc64: set the ISCNTRLD bit for SP service handles (Menno Lageman) [Orabug: 25983868] \n- sparc64: DAX recursive lock removed (Rob Gardner) [Orabug: 26103487] \n- sparc/ftrace: Fix ftrace graph time measurement (Liam R. Howlett) [Orabug: 25995351] \n- sparc64: Increase max_phys_bits to 51 for M8. (Vijay Kumar) [Orabug: 25808647] \n- sparc64: 5-Level page table support for sparc (Vijay Kumar) [Orabug: 26076110] [Orabug: 25808647] \n- mm, gup: fix typo in gup_p4d_range() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: introduce __p4d_alloc() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: convert generic code to 5-level paging (Vijay Kumar) [Orabug: 25808647] \n(Vijay Kumar) [Orabug: 25808647] \n- arch, mm: convert all architectures to use 5level-fixup.h (Vijay Kumar) [Orabug: 25808647] \n- asm-generic: introduce __ARCH_USE_5LEVEL_HACK (Kirill A. Shutemov) [Orabug: 25808647] \n- asm-generic: introduce 5level-fixup.h (Kirill A. Shutemov) [Orabug: 25808647] \n- sparc64: prevent sunvdc from sending duplicate vdisk requests (Jag Raman) [Orabug: 25866770] \n- ldmvsw: stop the clean timer at beginning of remove (Shannon Nelson) [Orabug: 25748241] \n- sparc64: set CONFIG_EFI in config (Eric Snowberg) [Orabug: 26037358] \n- sparc64: /sys/firmware/efi missing during EFI boot (Eric Snowberg) [Orabug: 26037358] \n- Allow default value of npools used for iommu to be configured from cmdline (Allen Pais) \n- SPARC64: Add Linux vds driver Device ID support for Solaris guest boot (George Kennedy) [Orabug: 25836231] \n- sparc64: Remove locking of huge pages in DAX driver (Sanath Kumar) [Orabug: 25968141] \n- ldmvsw: unregistering netdev before disable hardware (Thomas Tai) \n- arch/sparc: Measure receiver forward progress to avoid send mondo timeout (Jane Chu) [Orabug: 25476541] \n- sparc64: update DAX submit to latest HV spec (Jonathan Helman) [Orabug: 25927558] \n- arch/sparc: increase CONFIG_NODES_SHIFT on SPARC to 5 (Jane Chu) [Orabug: 25577754] \n- arch/sparc: support NR_CPUS = 4096 (jane Chu) [Orabug: 25505750] \n- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 25973797] \n- sparc64: fix fault handling in NGbzero.S and GENbzero.S (Dave Aldridge) [Orabug: 25577560] \n- sparc64: modify sys_dax.h for new libdax (Jonathan Helman) [Orabug: 25927572] \n- bnx2x: Align RX buffers (Scott Wood) [Orabug: 25806778] \n- PCI: Fix unaligned accesses in VC code (David Miller) [Orabug: 25806778] \n- sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL (Daniel Jordan) [Orabug: 25830041] \n- lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined (Babu Moger) \n- config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc (Babu Moger) \n- sparc64: fix cdev_put() use-after-free when unbinding an LDom (Thomas Tai) [Orabug: 25911389] \n- sparc64: change DAX CCB_EXEC ENOBUFS print to debug (Jonathan Helman) [Orabug: 25927528] \n- xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 26107942] \n- xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 26107942] \n- xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 26107942] \n- xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 26107942] \n- xen-netfront: add rx page statistics (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 26107942] \n- xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 26107942] \n- xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 26107942] \n- include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 26107942] \n- xen-netback: fix type mismatch warning (Arnd Bergmann) \n- xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) \n- xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) \n- xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) \n- xen-netback: process guest rx packets in batches (David Vrabel) \n- xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) \n- xen-netback: refactor guest rx (David Vrabel) \n- xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) \n- xen-netback: separate guest side rx code into separate module (Paul Durrant) \n- x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 26107942] \n- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25970637] \n- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25970637] \n- RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 25920916] \n- mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 25912737] \n- sched/wait: Fix the signal handling fix (Peter Zijlstra) [Orabug: 25908266] \n- sparc64: Fix mapping of 64k pages with MAP_FIXED (Nitin Gupta) [Orabug: 25885991] \n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229}\n- net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar) [Orabug: 25873690] \n- Revert 'restrict /dev/mem to idle io memory ranges' (Chuck Anderson) [Orabug: 25832750] \n- I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25831471] \n- xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] \n- mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 25440329] \n- xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] \n- xen: events: Replace BUG() with BUG_ON() (Shyam Saini) \n- xen: remove stale xs_input_avail() from header (Juergen Gross) \n- xen: return xenstore command failures via response instead of rc (Juergen Gross) \n- xen: xenbus driver must not accept invalid transaction ids (Juergen Gross) \n- xen/evtchn: use rb_entry() (Geliang Tang) \n- xen/setup: Dont relocate p2m over existing one (Ross Lagerwall) \n- xen/balloon: Only mark a page as managed when it is released (Ross Lagerwall) \n- xen/scsifront: dont request a slot on the ring until request is ready (Juergen Gross) \n- xen/x86: Increase xen_e820_map to E820_X_MAX possible entries (Alex Thorlton) \n- x86: Make E820_X_MAX unconditionally larger than E820MAX (Alex Thorlton) \n- xen/pci: Bubble up error and fix description. (Konrad Rzeszutek Wilk) \n- xen: xenbus: set error code on failure (Pan Bian) \n- xen: set error code on failures (Pan Bian) \n- xen/events: use xen_vcpu_id mapping for EVTCHNOP_status (Vitaly Kuznetsov) \n- xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (Boris Ostrovsky) \n- tpm xen: Remove bogus tpm_chip_unregister (Jason Gunthorpe) \n- xen-scsifront: Add a missing call to kfree (Quentin Lambert) \n- xenfs: Use proc_create_mount_point() to create /proc/xen (Seth Forshee) \n- xen-netback: fix error handling output (Arnd Bergmann) \n- xen: make use of xenbus_read_unsigned() in xenbus (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pciback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-fbfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-scsifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pcifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-kbdfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-tpmfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkback (Juergen Gross) \n- xen: introduce xenbus_read_unsigned() (Juergen Gross) \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) \n- xenbus: check return value of xenbus_scanf() (Jan Beulich) \n- xenbus: prefer list_for_each() (Jan Beulich) \n- xenbus: advertise control feature flags (Juergen Gross) \n- xen/pciback: support driver_override (Juergen Gross) \n- xen/pciback: avoid multiple entries in slot list (Juergen Gross) \n- xen/pciback: simplify pcistub device handling (Juergen Gross) \n- x86/xen: add missing\n at end of printk warning message (Colin Ian King) \n- xen-netfront: avoid packet loss when ethernet header crosses page boundary (Vitaly Kuznetsov) \n- xen: Sync xen header (Juergen Gross) \n- xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() (Markus Elfring) \n- xen: Make VPMU init message look less scary (Juergen Gross) \n- xen: rename xen_pmu_init() in sys-hypervisor.c (Juergen Gross) \n- kexec: allow kdump with crash_kexec_post_notifiers (Petr Tesarik) \n- xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 (Jan Beulich) \n- proc: Allow creating permanently empty directories that serve as mount points (Eric W. Biederman) \n- xen: Resume PMU from non-atomic context (Boris Ostrovsky)\n[4.1.12-102]\n- Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 25829233] \n- Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 25829233] \n- Drivers: hv: vss: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: switch to using the hvutil_device_state state machine (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: process deferred messages when we complete the transaction (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: kvp: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Revert 'ipv4: use skb coalescing in defragmentation' (Florian Westphal) [Orabug: 25819103] \n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25802913] \n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583}\n- gfs2: fix slab corruption during mounting and umounting gfs file system (Thomas Tai) \n- gfs2: handle NULL rgd in set_rgrp_preferences (Abhi Das) [Orabug: 25791662] \n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644}\n- sched/wait: Fix signal handling in bit wait helpers (Peter Zijlstra) [Orabug: 25416990] \n- xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) \n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187}\n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25747721] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25747721] \n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669}\n[4.1.12-101]\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088}\n- tcp: fix potential memory corruption (Eric Dumazet) [Orabug: 25140382] \n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910}\n- xfs: Correctly lock inode when removing suid and file capabilities (Jan Kara) [Orabug: 24803533] \n- fs: Call security_ops->inode_killpriv on truncate (Jan Kara) [Orabug: 24803533] \n- fs: Provide function telling whether file_remove_privs() will do anything (Jan Kara) [Orabug: 24803533] \n- fs: Rename file_remove_suid() to file_remove_privs() (Jan Kara) [Orabug: 24803533] \n- IB/uverbs: Fix leak of XRC target QPs (Tariq Toukan) [Orabug: 24761732] \n- Some unsupported ioctls get logged unnecessarily (Venkat Venkatsubra) [Orabug: 24510137] \n- IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 25993951] \n- dtrace: improve io provider coverage (Nicolas Droux) [Orabug: 25816537]\n[4.1.12-100]\n- ol7/config: enable nf_tables packet duplication support (Ethan Zhao) [Orabug: 24694570] \n- netfilter: nf_dup: add missing dependencies with NF_CONNTRACK (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: nf_tables: add nft_dup expression (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: factor out packet duplication for IPv4/IPv6 (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: xt_TEE: get rid of WITH_CONNTRACK definition (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: move tee_active to core (Florian Westphal) [Orabug: 24694570] \n- ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags (Martin KaFai Lau) [Orabug: 24694570] \n- ext4: Fix data exposure after failed AIO DIO (Jan Kara) [Orabug: 24393811] \n- xfs: fold xfs_vm_do_dio into xfs_vm_direct_IO (Christoph Hellwig) [Orabug: 24393811] \n- xfs: dont use ioends for direct write completions (Christoph Hellwig) [Orabug: 24393811] \n- direct-io: always call ->end_io if non-NULL (Christoph Hellwig) [Orabug: 24393811] \n- Btrfs: send, fix failure to rename top level inode due to name collision (Robbie Ko) [Orabug: 25994280] \n- PCI: Check pref compatible bit for mem64 resource of PCIe device (Yinghai Lu) [Orabug: 22855133] \n- OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Keep resource idx order with bridge register number (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Reserve legacy mmio after PCI mmio (Yinghai Lu) [Orabug: 22855133] \n- PCI: Add pci_find_bus_resource() (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Use correct offset for bus address to resource (Yinghai Lu) [Orabug: 22855133] \n- PCI: Remove __pci_mmap_make_offset() (Yinghai Lu) [Orabug: 22855133] \n- PCI: Let pci_mmap_page_range() take resource address (Yinghai Lu) [Orabug: 22855133] \n- PCI: Fix proc mmap on sparc (Yinghai Lu) [Orabug: 22855133] \n- PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (Bjorn Helgaas) [Orabug: 22855133] \n- Revert 'sparc/PCI: Use correct bus address to resource offset' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Unify pci_register_region()' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Reserve legacy mmio after PCI mmio' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Keep resource idx order with bridge register number' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: kill wrong quirk about M7101' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Add has_mem64 for struct host_bridge' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Restore pref MMIO allocation logic for host bridge without mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc: Accommodate mem64_offset != mem_offset in pbm configuration' (Khalid Aziz) [Orabug: 22855133] \n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975482] \n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975482] \n- target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 25791789] \n- target: simplify backend driver registration (Christoph Hellwig) [Orabug: 25791789] \n- x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 25948913] \n- x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 25948913] \n- x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 25948913] \n- perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 25948913] \n- perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 25948913] \n- x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] \n- dtrace: proc:::exit should trigger only if thread group exits (Tomas Jedlicka) [Orabug: 25904298] \n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273}\n- ctf: prevent modules on the dedup blacklist from sharing any types at all (Nick Alcock) [Orabug: 26137220] \n- ctf: emit bitfields in in-memory order (Nick Alcock) [Orabug: 25815129] \n- ctf: bitfield support (Nick Alcock) [Orabug: 25815129] \n- ctf: emit file-scope static variables (Nick Alcock) [Orabug: 25962387] \n- ctf: speed up the dwarf2ctf duplicate detector some more (Nick Alcock) [Orabug: 25815306] \n- ctf: strdup() -> xstrdup() (Nick Alcock) [Orabug: 25815306] \n- ctf: speed up the dwarf2ctf duplicate detector (Nick Alcock) [Orabug: 25815306] \n- ctf: add module parameter to simple_dwfl_new() and adjust both callers (Nick Alcock) \n- ctf: fix the size of int and avoid duplicating it (Nick Alcock) [Orabug: 25815129] \n- ctf: allow overriding of DIE attributes: use it for parent bias (Nick Alcock) [Orabug: 25815129] \n- DTrace tcp/udp provider probes (Alan Maguire) [Orabug: 25815197] \n- dtrace: define DTRACE_PROBE_ENABLED to 0 when !CONFIG_DTRACE (Nick Alcock) [Orabug: 26145788] \n- dtrace: ensure limit is enforced even when pcs is NULL (Kris Van Hees) [Orabug: 25949692] \n- dtrace: make x86_64 FBT return probe detection less restrictive (Kris Van Hees) [Orabug: 25949048] \n- dtrace: support passing offset as arg0 to FBT return probes (Kris Van Hees) [Orabug: 25949086] \n- dtrace: make FBT entry probe detection less restrictive on x86_64 (Kris Van Hees) [Orabug: 25949030] \n- dtrace: adjust FBT entry probe dection for OL7 (Kris Van Hees) [Orabug: 25921361]\n[4.1.12-99]\n- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25999937] \n- qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Pramont) [Orabug: 25908317] \n- Revert 'be2net: fix MAC addr setting on privileged BE3 VFs' (Somasundaram Krishnasamy) [Orabug: 25870303] \n- Revert 'be2net: fix initial MAC setting' (Somasundaram Krishnasamy) [Orabug: 25802842] \n- xfs: track and serialize in-flight async buffers against unmount (Brian Foster) [Orabug: 25550712] \n- xfs: exclude never-released buffers from buftarg I/O accounting (Brian Foster) [Orabug: 25550712] \n- dm era: save spacemap metadata root after the pre-commit (Somasundaram Krishnasamy) [Orabug: 25547820] \n- Btrfs: incremental send, do not issue invalid rmdir operations (Robbie Ko) [Orabug: 26000657] \n- x86/platform/uv/BAU: Remove __ro_after_init declaration (Somasundaram Krishnasamy) [Orabug: 25920237] \n- x86/platform: Remove warning message for duplicate NMI handlers (Mike Travis) [Orabug: 25920237] \n- x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add wait_completion to bau_operations (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add status mmr location fields to bau_control (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add payload descriptor qualifier (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add uv_bau_version enumerated constants (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (Andrew Banman) [Orabug: 25920237] \n- fnic: Fixing sc abts status and flags assignment. (Satish Kharat) [Orabug: 25638880] \n- fnic: Adding debug IO, Abort latency counter and check condition count to fnic stats (Satish Kharat) [Orabug: 25638880] \n- fnic: Avoid false out-of-order detection for aborted command (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (Satish Kharat) [Orabug: 25638880] \n- fnic: minor white space changes (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Avoid sending reset to firmware when another reset is in progress (Satish Kharat) [Orabug: 25638880] \n- ovl: Do d_type check only if work dir creation was successful (Vivek Goyal) [Orabug: 25802620] \n- ovl: Ensure upper filesystem supports d_type (Vivek Goyal) [Orabug: 25802620] \n- sparc64: Add hardware capabilities for M8 (Dave Aldridge) [Orabug: 25555746] \n- sparc64: Stop performance counter before updating (Dave Aldridge) [Orabug: 25441707] \n- sparc64: Fix a race condition when stopping performance counters (Dave Aldridge) [Orabug: 25441707] \n- arch/sparc: Use new misaligned load instructions for memcpy and copy_from_user (Allen Pais) [Orabug: 25381567] \n- arch/sparc: Add a separate kernel memcpy functions for M8 (Allen Pais) [Orabug: 25381567] \n- sparc64: perf: make sure we do not set the 'picnht' bit in the PCR (Dave Aldridge) [Orabug: 24926097] \n- sparc64: perf: move M7 pmu event definitions to seperate file (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: add perf support for M8 devices (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: Fix the mapping between perf events and perf counters (Dave Aldridge) [Orabug: 23333572] \n- SPARC64: Enable IOMMU bypass for IB (Allen Pais) [Orabug: 25573557] \n- SPARC64: Introduce IOMMU BYPASS method (Allen Pais) [Orabug: 25573557] \n- PCI: Add PCI IDs for Infiniband (Tushar Dave) [Orabug: 25573557] \n- sched/fair: Disable the task group load_avg update for the root_task_group (Waiman Long) [Orabug: 25544560] \n- sched/fair: Move the cache-hot 'load_avg' variable into its own cacheline (Atish Patra) [Orabug: 25544560] \n- sched/fair: Avoid redundant idle_cpu() call in update_sg_lb_stats() (Waiman Long) [Orabug: 25544560] \n- sched/fair: Clean up load average references (Atish Patra) [Orabug: 25544560] \n- sched/fair: Provide runnable_load_avg back to cfs_rq (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Remove task and group entity load when they are dead (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Init cfs_rqs sched_entity load average (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Implement update_blocked_averages() for CONFIG_FAIR_GROUP_SCHED=n (Vincent Guittot) [Orabug: 25544560] \n- sched/fair: Rewrite runnable load and utilization average tracking (Atish Patra) [Orabug: 25544560] \n- sched/fair: Remove rqs runnable avg (Yuyang Du) [Orabug: 25544560] \n- sparc64: Allow enabling ADI on hugepages only (Khalid Aziz) [Orabug: 25969377] \n- sparc64: Save ADI tags on ADI enabled platforms only (Khalid Aziz) [Orabug: 25961592] \n- sparc64: increase FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 25448108] \n- sparc64: tsb size expansion (bob picco) [Orabug: 25448108] \n- sparc64: make tsb pointer computation symbolic (bob picco) [Orabug: 25448108] \n- sparc64: fix intermittent LDom hang waiting for vdc_port_up (Thomas Tai) \n- sparc64:block/sunvdc: Renamed bio variable name from req to bio (Vijay Kumar) [Orabug: 25128265] \n- sparc64:block/sunvdc: Added io stats accounting for bio based vdisk (Vijay Kumar) [Orabug: 25128265] \n- sparc64: Remove node restriction from PRIQ MSI assignments (chris hyser) [Orabug: 25110748] \n- blk-mq: Clean up all_q_list on request_queue deletion (chris hyser) [Orabug: 25569331] \n- sparc64: kern_addr_valid regression (bob picco) [Orabug: 25860542]\n[4.1.12-98]\n- sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25911008] \n- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25911008] [Orabug: 25931417] \n- sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997202] \n- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996411] \n- KVM: VMX: fix vmwrite to invalid VMCS (Radim Krcmar) \n- Revert 'i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter' (Brian Maly) [Orabug: 25877447] \n- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25888596] \n- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25835254] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- Revert 'sparc64: DAX request for non 4MB memory should return with unique errno' (Allen Pais) \n- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25852910] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25835133] \n- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25827254] \n- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25820395] \n- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25870705] \n- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25820812] \n- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 23072809] \n- sparc64: fix an issue when trying to bring hotplug cpus online (Dave Aldridge) [Orabug: 25667277] \n- sparc64: Fix memory corruption when THP is enabled (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix address range for page table free Orabug: 25704426 (Nitin Gupta) \n- sparc64: Add support for 2G hugepages (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix size check in huge_pte_alloc (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix build error in flush_tsb_user_page (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Add 64K page size support (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Remove xl-hugepages and add multi-page size support (Allen Pais) [Orabug: 25704426] \n- sparc64: do not dequeue stale VDS IO work entries (Jag Raman) [Orabug: 25455138] \n- SPARC64: Virtual Disk Device (vdsdev) Read-Only Option (options=ro) not working (George Kennedy) [Orabug: 23623853] \n- arch/sparc: Fix FPU register corruption with AES crypto test on M7 (Babu Moger) [Orabug: 25265878] \n- sunvnet: xoff not needed when removing port link (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: count multicast packets (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: track port queues correctly (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: add stats to track ldom to ldom packets and bytes (Shannon Nelson) [Orabug: 25190537] \n- ldmvsw: better use of link up and down on ldom vswitch (Shannon Nelson) [Orabug: 25525312] \n- dtrace: fix handling of save_stack_trace sentinel (x86 only) (Kris Van Hees) [Orabug: 25727046] \n- dtrace: DTrace walltime lock-free implementation (Tomas Jedlicka) [Orabug: 25715256]\n[4.1.12-97]\n- megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] \n- sparc64: Restrict number of processes (Sanath Kumar) [Orabug: 24523680] \n- SPARC64: vds_blk_rw() does not handle drives with q->limits.chunk_sectors > 0 (George Kennedy) [Orabug: 25373818] \n- sparc64: Improve boot time by per cpu map update (Atish Patra) [Orabug: 25496463] \n- arch/sparc: memblock resizes are not handled properly (Pavel Tatashin) [Orabug: 25415396] \n- SPARC64: LDOM vnet 'Got unexpected MCAST reply' (George Kennedy) [Orabug: 24954702] \n- ldmvsw: disable tso and gso for bridge operations (Shannon Nelson) [Orabug: 23293104] \n- ldmvsw: update and simplify version string (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove extra rcu_read_unlocks (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: straighten up message event handling logic (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: add memory barrier before check for tx enable (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: update version and version printing (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove unused variable in maybe_tx_wakeup (Sowmini Varadhan) [Orabug: 23293104] \n- sunvnet: make sunvnet common code dynamically loadable (Shannon Nelson) [Orabug: 23293104] \n- hwrng: n2 - update version info (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - support new hardware register layout (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - add device data descriptions (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - limit error spewage when self-test fails (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Anatoly Pugachev) [Orabug: 25127795] \n- tcp: fix tcp_fastopen unaligned access complaints on sparc (Shannon Nelson) [Orabug: 25163405] \n- vds: Add physical block support (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: Add missing hardware capabilities for M7 (Dave Aldridge) [Orabug: 25555746] \n- SPARC64: Fix vds_vtoc_set_default debug with large disks (George Kennedy) [Orabug: 25423802] \n- sparc64: VDC threads in guest domain do not resume after primary domain reboot (Jag Raman) [Orabug: 25519961] \n- sunvdc: Add support for setting physical sector size (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] \n- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 25641371] \n- SPARC64: VIO: Support for virtual-device MD node probing (Aaron Young) [Orabug: 24841906]\n[4.1.12-96]\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 257846022]\n[4.1.12-95]\n- PCI: hv: Microsoft changes in support of RHEL and UEK4 (Jake Oshins) [Orabug: 25507635] \n- Add the PCI Host driver into the UEK config files (Jack Vogel) [Orabug: 25507635]", "modified": "2017-08-23T00:00:00", "published": "2017-08-23T00:00:00", "id": "ELSA-2017-3609", "href": "http://linux.oracle.com/errata/ELSA-2017-3609.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:22:11", "bulletinFamily": "unix", "description": "USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074)", "modified": "2017-02-22T00:00:00", "published": "2017-02-22T00:00:00", "id": "USN-3208-2", "href": "https://usn.ubuntu.com/3208-2/", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:39", "bulletinFamily": "unix", "description": "It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074)", "modified": "2017-02-22T00:00:00", "published": "2017-02-22T00:00:00", "id": "USN-3208-1", "href": "https://usn.ubuntu.com/3208-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:22:19", "bulletinFamily": "unix", "description": "USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory allocator allowed duplicate freelist entries. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\ucc44\ucc44 and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanp\ucc44\ucc44 and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion). (CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)", "modified": "2017-07-21T00:00:00", "published": "2017-07-21T00:00:00", "id": "USN-3361-1", "href": "https://usn.ubuntu.com/3361-1/", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:38", "bulletinFamily": "unix", "description": "Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)\n\nIt was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472)\n\nIt was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11473)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)\n\nIt was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649)\n\nAndrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526)\n\nAndrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527)\n\nAndrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)\n\nIt was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538)\n\nAndrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)\n\nAndrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)\n\nIt was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255)\n\nIt was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nPengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)\n\nIt was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087)\n\nIt was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323)\n\nZhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1092)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093)\n\nIt was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940)\n\nShankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nIt was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204)\n\nIt was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021)", "modified": "2018-08-24T00:00:00", "published": "2018-08-24T00:00:00", "id": "USN-3754-1", "href": "https://usn.ubuntu.com/3754-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "software", "description": "# \n\n# **Severity**\n\nHigh\n\n# **Vendor**\n\nCanonical Ubuntu\n\n# **Versions Affected**\n\n * Canonical Ubuntu 14.04 LTS\n\n# **Description**\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>)) \n \nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). ([CVE-2016-9191](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9191>)) \n \nJim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). ([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>)) \n \nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. ([CVE-2017-2583](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2583>)) \n \nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). ([CVE-2017-2584](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2584>)) \n \nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-5549](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5549>)) \n \nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))\n\n# **Affected Cloud Foundry Products and Versions**\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including:\n * 3151.x versions prior to 3151.11\n * 3233.x versions prior to 3233.14\n * 3263.x versions prior to 3263.20\n * 3312.x versions prior to 3312.20\n * 3363.x versions prior to 3363.9\n\n# **Mitigation**\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry team recommends upgrading to the following BOSH stemcells:\n * Upgrade 3151.x versions to 3151.11\n * Upgrade 3233.x versions to 3233.14\n * Upgrade 3263.x versions to 3263.20\n * Upgrade 3312.x versions to 3312.20\n * Upgrade 3363.x versions to 3363.9\n\n# **References**\n\n * [https://www.ubuntu.com/usn/usn-3208-2/](<https://www.ubuntu.com/usn/usn-3208-2/>)\n * [CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>)\n * [CVE-2016-9191](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9191>)\n * [CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>)\n * [CVE-2017-2583](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2583>)\n * [CVE-2017-2584](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2584>)\n * [CVE-2017-5549](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5549>)\n * [CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>)\n", "modified": "2017-03-01T00:00:00", "published": "2017-03-01T00:00:00", "id": "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "href": "https://www.cloudfoundry.org/blog/usn-3208-2/", "title": "USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-02-13T21:00:01", "bulletinFamily": "unix", "description": "The openSUSE 42.2 kernel was updated to 4.4.42 stable release.\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077 1003253).\n - CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL\n IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed.\n (bsc#1021294)\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down. (bsc#1021258).\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local users to gain\n privileges by establishing a user namespace, waiting for a root process\n to enter that namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states "there is no kernel bug\n here (bnc#959709 bsc#960561).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531 bsc#1013542).\n - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux\n kernel omits a certain check of the dst data structure, which allowed\n remote attackers to cause a denial of service (panic) via a fragmented\n IPv6 packet (bnc#1014701).\n\n The following non-security bugs were fixed:\n\n - 8250/fintek: rename IRQ_MODE macro (boo#1009546).\n - acpi, nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).\n - acpi, nfit, libnvdimm: fix / harden ars_status output length handling\n (bsc#1023175).\n - acpi, nfit: validate ars_status output buffer size (bsc#1023175).\n - arm64/numa: fix incorrect log for memory-less node (bsc#1019631).\n - ASoC: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).\n - ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled\n (bsc#1010690).\n - ASoC: rt5670: add HS ground control (bsc#1016250).\n - avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1019784).\n - blacklist.conf: add 1b8d2afde54f libnvdimm, pfn: fix ARCH=alpha\n allmodconfig build failure (bsc#1023175).\n - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367)\n - blk: Do not collide with QUEUE_FLAG_WC from upstream (bsc#1022547)\n - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).\n - blk-mq: Always schedule hctx->next_cpu (bsc#1020817).\n - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).\n - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).\n - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).\n - blk-mq: improve warning for running a queue on the wrong CPU\n (bsc#1020817).\n - block: Change extern inline to static inline (bsc#1023175).\n - Bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - brcmfmac: Change error print on wlan0 existence (bsc#1000092).\n - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: fix inode leak on failure to setup whiteout inode in rename\n (bsc#1020975).\n - btrfs: fix lockdep warning about log_mutex (bsc#1021455).\n - btrfs: fix lockdep warning on deadlock against an inode's log mutex\n (bsc#1021455).\n - btrfs: fix number of transaction units for renames with whiteout\n (bsc#1020975).\n - btrfs: incremental send, fix invalid paths for rename operations\n (bsc#1018316).\n - btrfs: incremental send, fix premature rmdir operations (bsc#1018316).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: pin log earlier when renaming (bsc#1020975).\n - btrfs: pin logs earlier when doing a rename exchange operation\n (bsc#1020975).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, add missing error check for calls to path_loop()\n (bsc#1018316).\n - btrfs: send, avoid incorrect leaf accesses when sending utimes\n operations (bsc#1018316).\n - btrfs: send, fix failure to move directories with the same name around\n (bsc#1018316).\n - btrfs: send, fix invalid leaf accesses due to incorrect utimes\n operations (bsc#1018316).\n - btrfs: send, fix warning due to late freeing of orphan_dir_info\n structures (bsc#1018316).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: unpin log if rename operation fails (bsc#1020975).\n - btrfs: unpin logs if rename exchange operation fails (bsc#1020975).\n - [BZ 149851] kernel: Fix invalid domain response handling (bnc#1009718,\n LTC#149851).\n - ceph: fix bad endianness handling in parse_reply_info_extra\n (bsc#1020488).\n - clk: xgene: Add PMD clock (bsc#1019351).\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n - config: enable Ceph kernel client modules for ppc64le (fate#321098)\n - config: enable Ceph kernel client modules for s390x (fate#321098)\n - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)\n - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).\n - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).\n - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n - crypto: qat - zero esram only for DH85x devices (1021248).\n - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913).\n - crypto: xts - consolidate sanity check for keys (bsc#1018913).\n - crypto: xts - fix compile errors (bsc#1018913).\n - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n - dax: fix device-dax region base (bsc#1023175).\n - device-dax: check devm_nsio_enable() return value (bsc#1023175).\n - device-dax: fail all private mapping attempts (bsc#1023175).\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n - driver core: fix race between creating/querying glue dir and its cleanup\n (bnc#1008742).\n - drivers:hv: balloon: account for gaps in hot add regions (fate#320485).\n - drivers:hv: balloon: Add logging for dynamic memory operations\n (fate#320485).\n - drivers:hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not\n set (fate#320485).\n - drivers:hv: balloon: Fix info request to show max page count\n (fate#320485).\n - drivers:hv: balloon: keep track of where ha_region starts (fate#320485).\n - drivers:hv: balloon: replace ha_region_mutex with spinlock (fate#320485).\n - drivers:hv: balloon: Use available memory value in pressure report\n (fate#320485).\n - drivers:hv: cleanup vmbus_open() for wrap around mappings (fate#320485).\n - drivers:hv: do not leak memory in vmbus_establish_gpadl() (fate#320485).\n - drivers:hv: get rid of id in struct vmbus_channel (fate#320485).\n - drivers:hv: get rid of redundant messagecount in create_gpadl_header()\n (fate#320485).\n - drivers:hv: get rid of timeout in vmbus_open() (fate#320485).\n - drivers:hv: Introduce a policy for controlling channel affinity\n (fate#320485).\n - drivers:hv: make VMBus bus ids persistent (fate#320485).\n - drivers:hv: ring_buffer: count on wrap around mappings in\n get_next_pkt_raw() (v2) (fate#320485).\n - drivers:hv: ring_buffer: use wrap around mappings in hv_copy{from,\n to}_ringbuffer() (fate#320485).\n - drivers:hv: ring_buffer: wrap around mappings for ring buffers\n (fate#320485).\n - drivers:hv: utils: Check VSS daemon is listening before a hot backup\n (fate#320485).\n - drivers:hv: utils: Continue to poll VSS channel after handling requests\n (fate#320485).\n - drivers:hv: utils: fix a race on userspace daemons registration\n (bnc#1014392).\n - drivers:hv: utils: Fix the mapping between host version and protocol to\n use (fate#320485).\n - drivers:hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (fate#320485).\n - drivers:hv: vmbus: Base host signaling strictly on the ring state\n (fate#320485).\n - drivers:hv: vmbus: Enable explicit signaling policy for NIC channels\n (fate#320485).\n - drivers:hv: vmbus: finally fix hv_need_to_signal_on_read() (fate#320485,\n bug#1018385).\n - drivers:hv: vmbus: fix the race when querying & updating the percpu list\n (fate#320485).\n - drivers:hv: vmbus: Implement a mechanism to tag the channel for low\n latency (fate#320485).\n - drivers: hv: vmbus: Make mmio resource local (fate#320485).\n - drivers:hv: vmbus: On the read path cleanup the logic to interrupt the\n host (fate#320485).\n - drivers:hv: vmbus: On write cleanup the logic to interrupt the host\n (fate#320485).\n - drivers:hv: vmbus: Reduce the delay between retries in vmbus_post_msg()\n (fate#320485).\n - drivers:hv: vmbus: suppress some "hv_vmbus: Unknown GUID" warnings\n (fate#320485).\n - drivers:hv: vss: Improve log messages (fate#320485).\n - drivers:hv: vss: Operation timeouts should match host expectation\n (fate#320485).\n - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).\n - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).\n - drivers: net: xgene: Add change_mtu function (bsc#1019351).\n - drivers: net: xgene: Add flow control configuration (bsc#1019351).\n - drivers: net: xgene: Add flow control initialization (bsc#1019351).\n - drivers: net: xgene: Add helper function (bsc#1019351).\n - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).\n - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).\n - drivers: net: xgene: fix build after change_mtu function change\n (bsc#1019351).\n - drivers: net: xgene: fix: Coalescing values for v2 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: Disable coalescing on v1 hardware\n (bsc#1019351).\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).\n - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).\n - drivers: net: xgene: uninitialized variable in\n xgene_enet_free_pagepool() (bsc#1019351).\n - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).\n - drm/i915: add helpers for platform specific revision id range checks\n (bsc#1015367).\n - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also\n (bsc#1015367).\n - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367).\n - drm/i915: Call intel_dp_mst_resume() before resuming displays\n (bsc#1015359).\n - drm/i915: Cleaning up DDI translation tables (bsc#1014392).\n - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392).\n - drm/i915: Do not init hpd polling for vlv and chv from runtime_suspend()\n (bsc#1014120).\n - drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re\n - drm/i915/dp: Restore PPS HW state from the encoder resume hook\n (bsc#1019061).\n - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C\n (bsc#1015367).\n - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367).\n - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry\n 2 (bsc#1014392).\n - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367).\n - drm/i915: Fix watermarks for VLV/CHV (bsc#1011176).\n - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367).\n - drm/i915: Force VDD off on the new power seqeuencer before starting to\n use it (bsc#1009674).\n - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392).\n - drm/i915/gen9: Fix PCODE polling during CDCLK change notification\n (bsc#1015367).\n - drm/i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).\n - drm/i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).\n - drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port\n - drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV\n (bsc#1019061).\n - drm/i915: remove parens around revision ids (bsc#1015367).\n - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392).\n - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367).\n - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367).\n - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392).\n - drm/i915/skl: Update watermarks before the crtc is disabled\n (bsc#1015367).\n - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392).\n - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392).\n - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367).\n - drm/i915/vlv: Prevent enabling hpd polling in late suspend (bsc#1014120).\n - drm/i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).\n - drm: Use u64 for intermediate dotclock calculations (bnc#1006472).\n - drm/vc4: Fix an integer overflow in temporary allocation layout\n (bsc#1021294).\n - drm/vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).\n - drm: virtio-gpu: get the fb from the plane state for atomic updates\n (bsc#1023101).\n - EDAC, xgene: Fix spelling mistake in error messages (bsc#1019351).\n - efi/libstub: Move Graphics Output Protocol handling to generic code\n (bnc#974215).\n - fbcon: Fix vc attr at deinit (bsc#1000619).\n - Fix kABI breakage by i2c-designware baytrail fix (bsc#1011913).\n - Fix kABI breakage by linux/acpi.h inclusion in i8042-x86ia46io.h\n (bsc#1011660).\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n - gro_cells: mark napi struct as not busy poll candidates (bsc#966191\n FATE#320230 bsc#966186 FATE#320228).\n - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels()\n (fate#320485).\n - hv: change clockevents unbind tactics (fate#320485).\n - hv: do not reset hv_context.tsc_page on crash (fate#320485, bnc#1007729).\n - hv_netvsc: add ethtool statistics for tx packet issues (fate#320485).\n - hv_netvsc: Add handler for physical link speed change (fate#320485).\n - hv_netvsc: Add query for initial physical link speed (fate#320485).\n - hv_netvsc: count multicast packets received (fate#320485).\n - hv_netvsc: dev hold/put reference to VF (fate#320485).\n - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf()\n (fate#320485).\n - hv_netvsc: fix comments (fate#320485).\n - hv_netvsc: fix rtnl locking in callback (fate#320485).\n - hv_netvsc: Implement batching of receive completions (fate#320485).\n - hv_netvsc: improve VF device matching (fate#320485).\n - hv_netvsc: init completion during alloc (fate#320485).\n - hv_netvsc: make device_remove void (fate#320485).\n - hv_netvsc: make inline functions static (fate#320485).\n - hv_netvsc: make netvsc_destroy_buf void (fate#320485).\n - hv_netvsc: make RSS hash key static (fate#320485).\n - hv_netvsc: make variable local (fate#320485).\n - hv_netvsc: rearrange start_xmit (fate#320485).\n - hv_netvsc: refactor completion function (fate#320485).\n - hv_netvsc: remove excessive logging on MTU change (fate#320485).\n - hv_netvsc: remove VF in flight counters (fate#320485).\n - hv_netvsc: report vmbus name in ethtool (fate#320485).\n - hv_netvsc: simplify callback event code (fate#320485).\n - hv_netvsc: style cleanups (fate#320485).\n - hv_netvsc: use ARRAY_SIZE() for NDIS versions (fate#320485).\n - hv_netvsc: use consume_skb (fate#320485).\n - hv_netvsc: use kcalloc (fate#320485).\n - hv_netvsc: use RCU to protect vf_netdev (fate#320485).\n - hyperv: Fix spelling of HV_UNKOWN (fate#320485).\n - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while\n holding the punit semaphore (bsc#1011913).\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).\n - i2c: designware: Implement support for SMBus block read and write\n (bsc#1019351).\n - i2c: xgene: Fix missing code of DTB support (bsc#1019351).\n - i40e: Be much more verbose about what we can and cannot offload\n (bsc#985561).\n - i915: Delete previous two fixes for i915 (bsc#1019061). These upstream\n fixes brought some regressions, so better to revert for now.\n - i915: Disable\n patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The\n patch seems leading to the instability on Wyse box (bsc#1015367).\n - IB/core: Fix possible memory leak in cma_resolve_iboe_route()\n (bsc#966191 FATE#320230 bsc#966186 FATE#320228).\n - IB/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - IB/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172\n FATE#320226).\n - IB/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - ibmvnic: convert to use simple_open() (bsc#1015416).\n - ibmvnic: Driver Version 1.0.1 (bsc#1015416).\n - ibmvnic: drop duplicate header seq_file.h (bsc#1015416).\n - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416).\n - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416).\n - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416).\n - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context\n (bsc#1015416).\n - ibmvnic: Fix size of debugfs name buffer (bsc#1015416).\n - ibmvnic: Handle backing device failover and reinitialization\n (bsc#1015416).\n - ibmvnic: Start completion queue negotiation at server-provided optimum\n values (bsc#1015416).\n - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416).\n - ibmvnic: Update MTU after device initialization (bsc#1015416).\n - igb: add i211 to i210 PHY workaround (bsc#1009911).\n - igb: Workaround for igb i210 firmware issue (bsc#1009911).\n - Input: i8042 - Trust firmware a bit more when probing on X86\n (bsc#1011660).\n - intel_idle: Add KBL support (bsc#1016884).\n - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).\n - ipc/sem.c: add cond_resched in exit_sme (bsc#979378).\n - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474\n FATE#319812 bsc#969475 FATE#319814).\n - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474\n FATE#319812 bsc#969475 FATE#319814).\n - KABI fix (bsc#1014410).\n - kABI: protect struct mm_struct (kabi).\n - kABI: protect struct musb_platform_ops (kabi).\n - kABI: protect struct task_struct (kabi).\n - kABI: protect struct user_fpsimd_state (kabi).\n - kABI: protect struct wake_irq (kabi).\n - kABI: protect struct xhci_hcd (kabi).\n - kABI: protect user_namespace include in fs/exec (kabi).\n - kABI: protect user_namespace include in kernel/ptrace (kabi).\n - kabi/severities: Ignore changes in drivers/hv\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612, fate#313296).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,\n fate#313296).\n - libnvdimm, pfn: fix align attribute (bsc#1023175).\n - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock()\n (bsc#969756).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212).\n - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212).\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).\n - md-cluster: convert the completion to wait queue (fate#316335).\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock (fate#316335).\n - md: fix refcount problem on mddev when stopping array (bsc#1022304).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - [media] uvcvideo: uvc_scan_fallback() for webcams with broken chain\n (bsc#1021474).\n - misc/genwqe: ensure zero initialization (fate#321595).\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for\n sdhci-arasan4.9a (bsc#1019351).\n - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim\n progress (bnc#1013000).\n - mm, memcg: do not retry precharge charges (bnc#1022559).\n - mm, page_alloc: fix check for NULL preferred_zone (bnc#971975 VM\n performance -- page allocator).\n - mm, page_alloc: fix fast-path race with cpuset update or removal\n (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: fix premature OOM when racing with cpuset mems update\n (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: keep pcp count and list contents in sync if struct page\n is corrupted (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM\n performance -- page allocator).\n - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).\n - net/af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,\n LTC#150566).\n - net: ethernet: apm: xgene: use phydev from struct net_device\n (bsc#1019351).\n - net/hyperv: avoid uninitialized variable (fate#320485).\n - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701).\n - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701).\n - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191\n FATE#320230).\n - net/mlx5e: Use correct flow dissector key on flower offloading\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net: remove useless memset's in drivers get_stats64 (bsc#1019351).\n - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - netvsc: add rcu_read locking to netvsc callback (fate#320485).\n - netvsc: fix checksum on UDP IPV6 (fate#320485).\n - netvsc: reduce maximum GSO size (fate#320485).\n - netvsc: Remove mistaken udp.h inclusion (fate#320485).\n - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).\n - net: xgene: fix backward compatibility fix (bsc#1019351).\n - net/xgene: fix error handling during reset (bsc#1019351).\n - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).\n - nfit: fail DSMs that return non-zero status by default (bsc#1023175).\n - NFSv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - NFSv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).\n - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()\n (bnc#921494).\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n - PCI/AER: include header file (bsc#964944,FATE#319965).\n - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).\n - pci: hv: Allocate physically contiguous hypercall params buffer\n (fate#320485).\n - pci: hv: Delete the device earlier from hbus->children for hot-remove\n (fate#320485).\n - pci: hv: Fix hv_pci_remove() for hot-remove (fate#320485).\n - pci: hv: Handle hv_pci_generic_compl() error case (fate#320485).\n - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg()\n (fate#320485).\n - pci: hv: Make unnecessarily global IRQ masking functions static\n (fate#320485).\n - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device\n (fate#320485).\n - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail()\n (fate#320485).\n - pci: hv: Use pci_function_description in struct definitions\n (fate#320485).\n - pci: hv: Use the correct buffer size in new_pcichild_device()\n (fate#320485).\n - pci: hv: Use zero-length array in struct pci_packet (fate#320485).\n - pci: xgene: Add local struct device pointers (bsc#1019351).\n - pci: xgene: Add register accessors (bsc#1019351).\n - pci: xgene: Free bridge resource list on failure (bsc#1019351).\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).\n - pci: xgene: Remove unused platform data (bsc#1019351).\n - pci: xgene: Request host bridge window resources (bsc#1019351).\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n - phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode"\n (bsc#1019351).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - power: reset: xgene-reboot: Unmap region obtained by of_iomap\n (bsc#1019351).\n - qeth: check not more than 16 SBALEs on the completion queue\n (bnc#1009718, LTC#148203).\n - raid1: ignore discard error (bsc#1017164).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/kernel-binary.spec.in: Fix installation of /etc/uefi/certs\n (bsc#1019594)\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).\n - rtc: cmos: Do not enable interrupts in the middle of the interrupt\n handler (bsc#1022429).\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n - s390/cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).\n - s390/sysinfo: show partition extended name and UUID if available\n (bnc#1009718, LTC#150160).\n - s390/time: LPAR offset handling (bnc#1009718, LTC#146920).\n - s390/time: move PTFF definitions (bnc#1009718, LTC#146920).\n - sched: Allow hotplug notifiers to be setup early (bnc#1022476).\n - sched/core: Fix incorrect utilization accounting when switching to fair\n class (bnc#1022476).\n - sched/core: Fix set_user_nice() (bnc#1022476).\n - sched/core, x86/topology: Fix NUMA in package topology bug (bnc#1022476).\n - sched/cputime: Add steal time support to full dynticks CPU time\n accounting (bnc#1022476).\n - sched/cputime: Fix prev steal time accouting during CPU hotplug\n (bnc#1022476).\n - sched/deadline: Always calculate end of period on sched_yield()\n (bnc#1022476).\n - sched/deadline: Fix a bug in dl_overflow() (bnc#1022476).\n - sched/deadline: Fix lock pinning warning during CPU hotplug\n (bnc#1022476).\n - sched/deadline: Fix wrap-around in DL heap (bnc#1022476).\n - sched/fair: Avoid using decay_load_missed() with a negative value\n (bnc#1022476).\n - sched/fair: Fix fixed point arithmetic width for shares and effective\n load (bnc#1022476).\n - sched/fair: Fix load_above_capacity fixed point arithmetic width\n (bnc#1022476).\n - sched/fair: Fix min_vruntime tracking (bnc#1022476).\n - sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task()\n (bnc#1022476).\n - sched/fair: Improve PELT stuff some more (bnc#1022476).\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).\n - sched/rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).\n - sched/rt, sched/dl: Do not push if task's scheduling class was changed\n (bnc#1022476).\n - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).\n - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).\n - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).\n - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).\n - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels\n (fate#320485).\n - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).\n - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).\n - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update\n config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly,\n too. Also, the corresponding entry got removed from supported.conf.\n - ses: Fix SAS device detection in enclosure (bsc#1016403).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - supported.conf: delete xilinx/ll_temac (bsc#1011602)\n - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail\n (bsc#1018813)\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - tools: hv: Enable network manager for bonding scripts on RHEL\n (fate#320485).\n - tools: hv: fix a compile warning in snprintf (fate#320485).\n - Tools: hv: kvp: configurable external scripts path (fate#320485).\n - Tools: hv: kvp: ensure kvp device fd is closed on exec (fate#320485).\n - tools: hv: remove unnecessary header files and netlink related code\n (fate#320485).\n - tools: hv: remove unnecessary link flag (fate#320485).\n - tty: n_hdlc, fix lockdep false positive (bnc#1015840).\n - Update metadata for serial fixes (bsc#1013001)\n - vmbus: make sysfs names consistent with PCI (fate#320485).\n - x86/hpet: Reduce HPET counter read contention (bsc#1014710).\n - x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic\n (fate#320485).\n - x86/MCE: Dump MCE to dmesg if no consumers (bsc#1013994).\n\n", "modified": "2017-02-13T21:09:59", "published": "2017-02-13T21:09:59", "id": "OPENSUSE-SU-2017:0456-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00021.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-28T23:11:36", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n was mishandled during error processing (bnc#1003077).\n - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in\n drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified\n other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call\n (bnc#1021294).\n - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c\n in the VideoCore DRM driver in the Linux kernel did not set an errno\n value upon certain overflow detections, which allowed local users to\n cause a denial of service (incorrect pointer dereference and OOPS) via\n inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294).\n - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the\n Linux kernel preserved the setgid bit during a setxattr call involving a\n tmpfs filesystem, which allowed local users to gain group privileges by\n leveraging the existence of a setgid program with restrictions on\n execute permissions. (bnc#1021258).\n - CVE-2017-2583: The load_segment_descriptor implementation in\n arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a "MOV\n SS, NULL selector" instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS privileges via a\n crafted application (bnc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here"\n (bnc#1010933).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free\n operation associated with a new dump that started earlier than\n anticipated (bnc#1013540).\n - CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which\n allowed remote attackers to trigger an out-of-bounds access, leading to\n a denial-of-service attack (bnc#1023762).\n - CVE-2017-5970: Fixed a possible denial-of-service that could have been\n triggered by sending bad IP options on a socket (bsc#1024938).\n - CVE-2017-5986: an application could have triggered a BUG_ON() in\n sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was\n waiting\n on it to queue more data, and meanwhile another thread peeled off the\n association being used by the first thread (bsc#1025235).\n\n The following non-security bugs were fixed:\n\n - 8250: fintek: rename IRQ_MODE macro (boo#1009546).\n - acpi: nfit, libnvdimm: fix / harden ars_status output length handling\n (bsc#1023175).\n - acpi: nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).\n - acpi: nfit: validate ars_status output buffer size (bsc#1023175).\n - arm64: numa: fix incorrect log for memory-less node (bsc#1019631).\n - asoc: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).\n - asoc: rt5670: add HS ground control (bsc#1016250).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1019784).\n - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).\n - blk-mq: Always schedule hctx->next_cpu (bsc#1020817).\n - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).\n - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).\n - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).\n - blk-mq: improve warning for running a queue on the wrong CPU\n (bsc#1020817).\n - block: Change extern inline to static inline (bsc#1023175).\n - bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - brcmfmac: Change error print on wlan0 existence (bsc#1000092).\n - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n - btrfs: fix inode leak on failure to setup whiteout inode in rename\n (bsc#1020975).\n - btrfs: fix lockdep warning about log_mutex (bsc#1021455).\n - btrfs: fix lockdep warning on deadlock against an inode's log mutex\n (bsc#1021455).\n - btrfs: fix number of transaction units for renames with whiteout\n (bsc#1020975).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: incremental send, fix invalid paths for rename operations\n (bsc#1018316).\n - btrfs: incremental send, fix premature rmdir operations (bsc#1018316).\n - btrfs: pin log earlier when renaming (bsc#1020975).\n - btrfs: pin logs earlier when doing a rename exchange operation\n (bsc#1020975).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, add missing error check for calls to path_loop()\n (bsc#1018316).\n - btrfs: send, avoid incorrect leaf accesses when sending utimes\n operations (bsc#1018316).\n - btrfs: send, fix failure to move directories with the same name around\n (bsc#1018316).\n - btrfs: send, fix invalid leaf accesses due to incorrect utimes\n operations (bsc#1018316).\n - btrfs: send, fix warning due to late freeing of orphan_dir_info\n structures (bsc#1018316).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: unpin log if rename operation fails (bsc#1020975).\n - btrfs: unpin logs if rename exchange operation fails (bsc#1020975).\n - ceph: fix bad endianness handling in parse_reply_info_extra\n (bsc#1020488).\n - clk: xgene: Add PMD clock (bsc#1019351).\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)\n - config: enable Ceph kernel client modules for ppc64le\n - config: enable Ceph kernel client modules for s390x\n - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).\n - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).\n - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n - crypto: qat - zero esram only for DH85x devices (bsc#1021248).\n - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913).\n - crypto: xts - consolidate sanity check for keys (bsc#1018913).\n - crypto: xts - fix compile errors (bsc#1018913).\n - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n - dax: fix device-dax region base (bsc#1023175).\n - device-dax: check devm_nsio_enable() return value (bsc#1023175).\n - device-dax: fail all private mapping attempts (bsc#1023175).\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n - driver core: fix race between creating/querying glue dir and its cleanup\n (bnc#1008742).\n - drivers: hv: Introduce a policy for controlling channel affinity.\n - drivers: hv: balloon: Add logging for dynamic memory operations.\n - drivers: hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not\n set.\n - drivers: hv: balloon: Fix info request to show max page count.\n - drivers: hv: balloon: Use available memory value in pressure report.\n - drivers: hv: balloon: account for gaps in hot add regions.\n - drivers: hv: balloon: keep track of where ha_region starts.\n - drivers: hv: balloon: replace ha_region_mutex with spinlock.\n - drivers: hv: cleanup vmbus_open() for wrap around mappings.\n - drivers: hv: do not leak memory in vmbus_establish_gpadl().\n - drivers: hv: get rid of id in struct vmbus_channel.\n - drivers: hv: get rid of redundant messagecount in create_gpadl_header().\n - drivers: hv: get rid of timeout in vmbus_open().\n - drivers: hv: make VMBus bus ids persistent.\n - drivers: hv: ring_buffer: count on wrap around mappings in\n get_next_pkt_raw() (v2).\n - drivers: hv: ring_buffer: use wrap around mappings in hv_copy{from,\n to}_ringbuffer().\n - drivers: hv: ring_buffer: wrap around mappings for ring buffers.\n - drivers: hv: utils: Check VSS daemon is listening before a hot backup.\n - drivers: hv: utils: Continue to poll VSS channel after handling requests.\n - drivers: hv: utils: Fix the mapping between host version and protocol to\n use.\n - drivers: hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout.\n - drivers: hv: vmbus: Base host signaling strictly on the ring state.\n - drivers: hv: vmbus: Enable explicit signaling policy for NIC channels.\n - drivers: hv: vmbus: Implement a mechanism to tag the channel for low\n latency.\n - drivers: hv: vmbus: Make mmio resource local.\n - drivers: hv: vmbus: On the read path cleanup the logic to interrupt the\n host.\n - drivers: hv: vmbus: On write cleanup the logic to interrupt the host.\n - drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg().\n - drivers: hv: vmbus: finally fix hv_need_to_signal_on_read().\n - drivers: hv: vmbus: fix the race when querying and updating the percpu\n list.\n - drivers: hv: vmbus: suppress some "hv_vmbus: Unknown GUID" warnings.\n - drivers: hv: vss: Improve log messages.\n - drivers: hv: vss: Operation timeouts should match host expectation.\n - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).\n - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).\n - drivers: net: xgene: Add change_mtu function (bsc#1019351).\n - drivers: net: xgene: Add flow control configuration (bsc#1019351).\n - drivers: net: xgene: Add flow control initialization (bsc#1019351).\n - drivers: net: xgene: Add helper function (bsc#1019351).\n - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).\n - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n - drivers: net: xgene: fix build after change_mtu function change\n (bsc#1019351).\n - drivers: net: xgene: fix: Coalescing values for v2 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: Disable coalescing on v1 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).\n - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).\n - drivers: net: xgene: uninitialized variable in\n xgene_enet_free_pagepool() (bsc#1019351).\n - drm: Delete previous two fixes for i915 (bsc#1019061). These upstream\n fixes brought some regressions, so better to revert for now.\n - drm: Disable\n patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The\n patch seems leading to the instability on Wyse box (bsc#1015367).\n - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).\n - drm: Use u64 for intermediate dotclock calculations (bnc#1006472).\n - drm: i915: Do not init hpd polling for vlv and chv from\n runtime_suspend() (bsc#1014120).\n - drm: i915: Fix PCODE polling during CDCLK change notification\n (bsc#1015367).\n - drm: i915: Fix watermarks for VLV/CHV (bsc#1011176).\n - drm: i915: Force VDD off on the new power seqeuencer before starting to\n use it (bsc#1009674).\n - drm: i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).\n - drm: i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).\n - drm: i915: Prevent PPS stealing from a normal DP port on VLV/CHV\n (bsc#1019061).\n - drm: i915: Prevent enabling hpd polling in late suspend (bsc#1014120).\n - drm: i915: Restore PPS HW state from the encoder resume hook\n (bsc#1019061).\n - drm: i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).\n - drm: vc4: Fix an integer overflow in temporary allocation layout\n (bsc#1021294).\n - drm: vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).\n - drm: virtio-gpu: get the fb from the plane state for atomic updates\n (bsc#1023101).\n - edac: xgene: Fix spelling mistake in error messages (bsc#1019351).\n - efi: libstub: Move Graphics Output Protocol handling to generic code\n (bnc#974215).\n - fbcon: Fix vc attr at deinit (bsc#1000619).\n - fs: nfs: avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels().\n - hv: change clockevents unbind tactics.\n - hv: do not reset hv_context.tsc_page on crash.\n - hv_netvsc: Add handler for physical link speed change.\n - hv_netvsc: Add query for initial physical link speed.\n - hv_netvsc: Implement batching of receive completions.\n - hv_netvsc: Revert "make inline functions static".\n - hv_netvsc: Revert "report vmbus name in ethtool".\n - hv_netvsc: add ethtool statistics for tx packet issues.\n - hv_netvsc: count multicast packets received.\n - hv_netvsc: dev hold/put reference to VF.\n - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf().\n - hv_netvsc: fix comments.\n - hv_netvsc: fix rtnl locking in callback.\n - hv_netvsc: improve VF device matching.\n - hv_netvsc: init completion during alloc.\n - hv_netvsc: make RSS hash key static.\n - hv_netvsc: make device_remove void.\n - hv_netvsc: make inline functions static.\n - hv_netvsc: make netvsc_destroy_buf void.\n - hv_netvsc: make variable local.\n - hv_netvsc: rearrange start_xmit.\n - hv_netvsc: refactor completion function.\n - hv_netvsc: remove VF in flight counters.\n - hv_netvsc: remove excessive logging on MTU change.\n - hv_netvsc: report vmbus name in ethtool.\n - hv_netvsc: simplify callback event code.\n - hv_netvsc: style cleanups.\n - hv_netvsc: use ARRAY_SIZE() for NDIS versions.\n - hv_netvsc: use RCU to protect vf_netdev.\n - hv_netvsc: use consume_skb.\n - hv_netvsc: use kcalloc.\n - hyperv: Fix spelling of HV_UNKOWN.\n - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while\n holding the punit semaphore (bsc#1011913).\n - i2c: designware: Implement support for SMBus block read and write\n (bsc#1019351).\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).\n - i2c: xgene: Fix missing code of DTB support (bsc#1019351).\n - i40e: Be much more verbose about what we can and cannot offload\n (bsc#985561).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - igb: Workaround for igb i210 firmware issue (bsc#1009911).\n - igb: add i211 to i210 PHY workaround (bsc#1009911).\n - input: i8042: Trust firmware a bit more when probing on X86\n (bsc#1011660).\n - intel_idle: Add KBL support (bsc#1016884).\n - ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897, bsc#1023762).\n - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).\n - iwlwifi: Expose the default fallback ucode API to module info\n (boo#1021082, boo#1023884).\n - kgraft: iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612).\n - kgraft: xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n - libnvdimm: pfn: fix align attribute (bsc#1023175).\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md-cluster: convert the completion to wait queue.\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock.\n - md: ensure md devices are freed before module is unloaded (bsc#1022304).\n - md: fix refcount problem on mddev when stopping array (bsc#1022304).\n - misc: genwqe: ensure zero initialization.\n - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim\n progress (bnc#1013000).\n - mm: memcg: do not retry precharge charges (bnc#1022559).\n - mm: page_alloc: fix check for NULL preferred_zone (bnc#971975 VM\n performance -- page allocator).\n - mm: page_alloc: fix fast-path race with cpuset update or removal\n (bnc#971975 VM performance -- page allocator).\n - mm: page_alloc: fix premature OOM when racing with cpuset mems update\n (bnc#971975 VM performance -- page allocator).\n - mm: page_alloc: keep pcp count and list contents in sync if struct page\n is corrupted (bnc#971975 VM performance -- page allocator).\n - mm: page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM\n performance -- page allocator).\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for\n sdhci-arasan4.9a (bsc#1019351).\n - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).\n - net: af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,\n LTC#150566).\n - net: ethernet: apm: xgene: use phydev from struct net_device\n (bsc#1019351).\n - net: ethtool: Initialize buffer when querying device channel settings\n (bsc#969479).\n - net: hyperv: avoid uninitialized variable.\n - net: implement netif_cond_dbg macro (bsc#1019168).\n - net: remove useless memset's in drivers get_stats64 (bsc#1019351).\n - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).\n - net: xgene: fix backward compatibility fix (bsc#1019351).\n - net: xgene: fix error handling during reset (bsc#1019351).\n - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).\n - netvsc: Remove mistaken udp.h inclusion.\n - netvsc: add rcu_read locking to netvsc callback.\n - netvsc: fix checksum on UDP IPV6.\n - netvsc: reduce maximum GSO size.\n - nfit: fail DSMs that return non-zero status by default (bsc#1023175).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).\n - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()\n (bnc#921494).\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).\n - pci: hv: Allocate physically contiguous hypercall params buffer.\n - pci: hv: Fix hv_pci_remove() for hot-remove.\n - pci: hv: Handle hv_pci_generic_compl() error case.\n - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg().\n - pci: hv: Make unnecessarily global IRQ masking functions static.\n - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device.\n - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail().\n - pci: hv: Use pci_function_description in struct definitions.\n - pci: hv: Use the correct buffer size in new_pcichild_device().\n - pci: hv: Use zero-length array in struct pci_packet.\n - pci: include header file (bsc#964944).\n - pci: xgene: Add local struct device pointers (bsc#1019351).\n - pci: xgene: Add register accessors (bsc#1019351).\n - pci: xgene: Free bridge resource list on failure (bsc#1019351).\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).\n - pci: xgene: Remove unused platform data (bsc#1019351).\n - pci: xgene: Request host bridge window resources (bsc#1019351).\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n - phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode"\n (bsc#1019351).\n - power: reset: xgene-reboot: Unmap region obtained by of_iomap\n (bsc#1019351).\n - powerpc: fadump: Fix the race in crash_fadump() (bsc#1022971).\n - qeth: check not more than 16 SBALEs on the completion queue\n (bnc#1009718, LTC#148203).\n - raid1: Fix a regression observed during the rebuilding of degraded\n MDRAID VDs (bsc#1020048).\n - raid1: ignore discard error (bsc#1017164).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm: kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm: kernel-binary.spec.in: Fix installation of /etc/uefi/certs\n (bsc#1019594)\n - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).\n - rtc: cmos: Do not enable interrupts in the middle of the interrupt\n handler (bsc#1022429).\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n - s390: Fix invalid domain response handling (bnc#1009718).\n - s390: cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).\n - s390: sysinfo: show partition extended name and UUID if available\n (bnc#1009718, LTC#150160).\n - s390: time: LPAR offset handling (bnc#1009718, LTC#146920).\n - s390: time: move PTFF definitions (bnc#1009718, LTC#146920).\n - sched: Allow hotplug notifiers to be setup early (bnc#1022476).\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).\n - sched: core, x86/topology: Fix NUMA in package topology bug\n (bnc#1022476).\n - sched: core: Fix incorrect utilization accounting when switching to fair\n class (bnc#1022476).\n - sched: core: Fix set_user_nice() (bnc#1022476).\n - sched: cputime: Add steal time support to full dynticks CPU time\n accounting (bnc#1022476).\n - sched: cputime: Fix prev steal time accouting during CPU hotplug\n (bnc#1022476).\n - sched: deadline: Always calculate end of period on sched_yield()\n (bnc#1022476).\n - sched: deadline: Fix a bug in dl_overflow() (bnc#1022476).\n - sched: deadline: Fix lock pinning warning during CPU hotplug\n (bnc#1022476).\n - sched: deadline: Fix wrap-around in DL heap (bnc#1022476).\n - sched: fair: Avoid using decay_load_missed() with a negative value\n (bnc#1022476).\n - sched: fair: Fix fixed point arithmetic width for shares and effective\n load (bnc#1022476).\n - sched: fair: Fix load_above_capacity fixed point arithmetic width\n (bnc#1022476).\n - sched: fair: Fix min_vruntime tracking (bnc#1022476).\n - sched: fair: Fix the wrong throttled clock time for cfs_rq_clock_task()\n (bnc#1022476).\n - sched: fair: Improve PELT stuff some more (bnc#1022476).\n - sched: rt, sched/dl: Do not push if task's scheduling class was changed\n (bnc#1022476).\n - sched: rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).\n - sched: rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).\n - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).\n - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).\n - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).\n - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels.\n - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986, bsc#1025235).\n - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).\n - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update\n config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly,\n too. Also, the corresponding entry got removed from supported.conf.\n - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).\n - serial: Update metadata for serial fixes (bsc#1013001)\n - ses: Fix SAS device detection in enclosure (bsc#1016403).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - sfc: refactor debug-or-warnings printks (bsc#1019168).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail\n (bsc#1018813)\n - supported.conf: delete xilinx/ll_temac (bsc#1011602)\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - tools: hv: Enable network manager for bonding scripts on RHEL.\n - tools: hv: fix a compile warning in snprintf.\n - tools: hv: kvp: configurable external scripts path.\n - tools: hv: kvp: ensure kvp device fd is closed on exec.\n - tools: hv: remove unnecessary header files and netlink related code.\n - tools: hv: remove unnecessary link flag.\n - tty: n_hdlc, fix lockdep false positive (bnc#1015840).\n - uvcvideo: uvc_scan_fallback() for webcams with broken chain\n (bsc#1021474).\n - vmbus: make sysfs names consistent with PCI.\n - x86: MCE: Dump MCE to dmesg if no consumers (bsc#1013994).\n - x86: hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic.\n - xfs: don't allow di_size with high bit set (bsc#1024234).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs: track and serialize in-flight async buffers against unmount - kABI\n (bsc#1024508).\n\n", "modified": "2017-03-01T00:09:01", "published": "2017-03-01T00:09:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00047.html", "id": "SUSE-SU-2017:0575-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-01T13:17:35", "bulletinFamily": "unix", "description": "======================================================================\n Still left to do:\n - Check CVE descriptions. They need to be written in the past tense. They\n are processed automatically, THERE CAN BE ERRORS IN THERE!\n - Remove version numbers from the CVE descriptions\n - Check the capitalization of the subsystems, then sort again\n - For each CVE: Check the corresponding bug if everything is okay\n - If you remove CVEs or bugs: Do not forget to change the meta information\n - Determine which of the bugs after the CVE lines is the right one\n\n ======================================================================\n\n The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly manages lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations\n about skb data layout, which allowed local users to cause a denial of\n service (buffer over-read) or possibly have unspecified other impact via\n crafted system calls, as demonstrated by use of the MSG_MORE flag in\n conjunction with loopback UDP transmission (bnc#1027179).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1025235).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697).\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the\n Linux kernel did not properly validate meta block groups, which allowed\n physically proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4 image\n (bnc#1023377).\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c\n in the Linux kernel improperly emulates the VMXON instruction, which\n allowed KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references\n (bnc#1022785).\n - CVE-2017-2583: The load_segment_descriptor implementation in\n arch/x86/kvm/emulate.c in the Linux kernel improperly emulates a "MOV\n SS, NULL selector" instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS privileges via a\n crafted application (bnc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n\n The following non-security bugs were fixed:\n\n - Fix kABI breakage of musb struct in 4.1.39 (stable 4.1.39).\n - Revert "ptrace: Capture the ptracer's creds not PT_PTRACE_CAP" (stable\n 4.1.39).\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - ext4: validate s_first_meta_bg at mount time (bsc#1023377).\n - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bsc#1030118).\n\n", "modified": "2017-04-01T15:07:45", "published": "2017-04-01T15:07:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00000.html", "id": "OPENSUSE-SU-2017:0906-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-15T01:00:02", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (use-after-free) by leveraging incorrect handling of an swevent\n data structure during a CPU unplug operation (bnc#1010502).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (use-after-free)\n via vectors involving omission of the firmware name from a certain data\n structure (bnc#1010478).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel did not check whether a slot is a\n leaf, which allowed local users to obtain sensitive information from\n kernel memory or cause a denial of service (invalid pointer dereference\n and out-of-bounds read) via an application that uses associative-array\n data structures, as demonstrated by the keyutils test suite\n (bnc#1010475).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could enable a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.\n Android ID: A-31349935 (bnc#1014746).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain\n unusual hardware configurations, allowed remote attackers to execute\n arbitrary code via crafted fragmented packets (bnc#1008833).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed\n local users to bypass integer overflow checks, and cause a denial of\n service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS\n ioctl call, aka a "state machine confusion bug" (bnc#1007197).\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel\n misuses the kzalloc function, which allowed local users to cause a\n denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file (bnc#1007197).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531 1013542).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bsc#1019851).\n - CVE-2017-2583: Fixed broken emulation of "MOV SS, null selector"\n (bsc#1020602).\n - CVE-2017-5551: Clear SGID bit when setting file permissions on tmpfs\n (bsc#1021258).\n\n\n The following non-security bugs were fixed:\n\n - Fixup acl reference leak and missing conversions in ext3, gfs2, jfs,\n hfsplus\n - RAID1: ignore discard error (bsc#1017164).\n - Update\n patches.suse/btrfs-8446-fix-qgroup-accounting-when-creating-snap.patch\n (bsc#972993).\n - blacklist: PCI fixes required only for cxl (bsc#1016713).\n - blacklist: cxl fixes on SLE12 SP1 (bsc#1016725)\n - blacklist: ibmvnic fixes on SLE12 SP1 (bsc#1016961)\n - block_dev: do not test bdev->bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052\n fate#318602 bsc#922056 FATE#318604).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - bnx2x: fix lockdep splat (bsc#922052 fate#318602 bsc#922056 FATE#318604).\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space\n (bsc#1005666).\n - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c\n (bsc#983087).\n - btrfs: Revert "Btrfs: do not delay inode ref updates during log replay"\n (bsc#987192).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: do not delay inode ref updates during log replay (bsc#987192).\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing\n (bsc#983087).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL)\n (bsc#1008876).\n - ext4: fix data exposure after a crash (bsc#1012985).\n - fs: avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - fuse: do not use iocb after it may have been freed (bsc#1012985).\n - hpilo: Add support for iLO5 (bsc#999101).\n - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381\n FATE#318568 bsc#921338).\n - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036 FATE#318772).\n - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727 FATE#315946).\n - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727\n FATE#315946).\n - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036 FATE#318772).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - igb: Fix oops caused by missing queue pairing (bnc#857394).\n - ipmi_si: create hardware-independent softdep for ipmi_devintf\n (bsc#1009062).\n - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).\n - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963\n FATE#319084).\n - kabi fix (bsc#1014410).\n - kabi: Whitelist KVM KABI changes resulting from adding a hcall. caused\n by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use\n H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected\n as result of changing KVM KABI so whitelisting for now. If we get some\n additional input from IBM we can back out the patch.\n - kabi: protect __sk_mem_reclaim (kabi).\n - kabi: protect struct perf_event_context (kabi).\n - kabi: reintroduce sk_filter (kabi).\n - kbuild: Fix removal of the debian/ directory (bsc#1010213).\n - kernel: remove broken memory detection sanity check (bnc#1008567,\n LTC#148072).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n - move the call of __d_drop(anon) into __d_materialise_unique(dentry,\n anon) (bsc#984194).\n - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727\n FATE#315946).\n - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036 FATE#318772).\n - net/mlx5e: Do not modify CQ before it was created (bnc#923036\n FATE#318772).\n - net/mlx5e: Do not try to modify CQ moderation if it is not supported\n (bnc#923036 FATE#318772).\n - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036 FATE#318772).\n - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036 FATE#318772).\n - netback: correct array index (bsc#983348).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter\n (bsc#1012060)\n - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013001).\n - serial: 8250_pci: Fix potential use-after-free in error path\n (bsc#1013001).\n - sfc: clear napi_hash state when copying channels (bsc#923037\n FATE#318563).\n - sfc: fix potential stack corruption from running past stat bitmask\n (bsc#923037 FATE#318563).\n - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380\n FATE#315942).\n - sunrpc: Enforce an upper limit on the number of cached credentials\n (bsc#1012917).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - supported.conf: Add lib/*.ko to supported.conf (bsc#1019032)\n - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT\n REACHABLE (bsc#991273).\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()\n (bsc#921778 FATE#318558).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()\n (bsc#1013479).\n - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - xenbus: correctly signal errors from xenstored_local_init() (luckily\n none so far).\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n\n", "modified": "2017-02-15T00:08:49", "published": "2017-02-15T00:08:49", "id": "SUSE-SU-2017:0464-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00024.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-06T20:59:52", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem\n that allowed local users to gain privileges or cause a denial of service\n (memory corruption and system crash) (bnc#1010501).\n - CVE-2015-8963: Fixed a race condition in kernel/events/core.c that\n allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1010502).\n - CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that\n allowed local users to obtain sensitive information from kernel memory\n (bnc#1010507).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free)\n (bnc#1017710).\n - CVE-2016-7910: Fixed a use-after-free vulnerability in the block\n subsystem that allowed local users to gain privileges (bnc#1010716).\n - CVE-2016-7911: Fixed a race condition in the get_task_ioprio function\n that allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1010711).\n - CVE-2016-7913: Fixed a bug in the xc2028_set_config function that\n allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1010478).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function did\n not check whether a slot is a leaf, which allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (invalid pointer dereference and out-of-bounds read) (bnc#1010475).\n - CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could\n have enabled a local malicious application to execute arbitrary code\n within the context of the kernel. (bnc#1014746).\n - CVE-2016-8632: The net subsystem did not validate the relationship\n between the minimum fragment length and the maximum packet size, which\n allowed local users to gain privileges or cause a denial of service\n (heap-based buffer overflow) (bnc#1008831).\n - CVE-2016-8633: The firewire subsystem allowed remote attackers to\n execute arbitrary code via crafted fragmented packets in certain unusual\n hardware configurations (bnc#1008833).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) (bnc#1009969).\n - CVE-2016-8655: Fixed a race condition in the network subsystem that\n allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1012754).\n - CVE-2016-9083: The PCI subsystem local users to bypass integer overflow\n checks and cause a denial of service (memory corruption) or have\n unspecified other impact (bnc#1007197).\n - CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which\n allowed local users to cause a denial of service (integer overflow) or\n have unspecified other impact (bnc#1007197).\n - CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote\n attackers to cause a denial of service (out-of-bounds slab access) or\n possibly have unspecified other impact via crafted SCTP data\n (bnc#1011685).\n - CVE-2016-9576: The block subsystem did not properly restrict the type of\n iterator, which allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service (use-after-free)\n (bnc#1013604).\n - CVE-2016-9756: The kernel did not properly initialize Code Segment (CS)\n in certain error cases, which allowed local users to obtain sensitive\n information from kernel stack memory (bnc#1013038).\n - CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf\n and sk_rcvbuf, which allowed local users to cause a denial of service\n (memory corruption and system crash) or possibly have unspecified other\n impact (bnc#1013531).\n - CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact (bnc#1013533).\n - CVE-2016-9806: Fixed a race condition in the netlink_dump() function\n which could have allowed local users to cause a denial of service\n (double free) or possibly have unspecified other impact (bnc#1013540).\n - CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector"\n (bsc#1020602).\n - CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) (bnc#1019851).\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).\n\n The following non-security bugs were fixed:\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).\n - block_dev: do not test bdev->bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052\n bsc#922056).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - bnx2x: fix lockdep splat (bsc#922052 bsc#922056).\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space\n (bsc#1005666).\n - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c\n (bsc#983087).\n - btrfs: Revert "do not delay inode ref updates during log replay"\n (bsc#987192).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: do not delay inode ref updates during log replay (bsc#987192).\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing\n (bsc#983087).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL)\n (bsc#1008876).\n - cpuset: fix sched_load_balance that was accidentally broken in a\n previous update (bsc#1010294).\n - ext4: fix data exposure after a crash (bsc#1012985).\n - fs/dcache: move the call of __d_drop(anon) into\n __d_materialise_unique(dentry, anon) (bsc#984194).\n - fuse: do not use iocb after it may have been freed (bsc#1012985).\n - hpilo: Add support for iLO5 (bsc#999101).\n - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381\n bsc#921338).\n - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).\n - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).\n - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).\n - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - igb: Fix oops caused by missing queue pairing (bnc#857394).\n - ipmi_si: create hardware-independent softdep for ipmi_devintf\n (bsc#1009062).\n - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).\n - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).\n - kabi: protect __sk_mem_reclaim (kabi).\n - kabi: protect struct perf_event_context (kabi).\n - kabi: reintroduce sk_filter (kabi).\n - kernel: remove broken memory detection sanity check (bnc#1008567,\n LTC#148072).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).\n - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).\n - net/mlx5e: Do not modify CQ before it was created (bnc#923036).\n - net/mlx5e: Do not try to modify CQ moderation if it is not supported\n (bnc#923036).\n - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).\n - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).\n - netback: correct array index (bsc#983348).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - posix_acl: Fixup acl reference leak and missing conversions in ext3,\n gfs2, jfs, hfsplus.\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - proc: avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - raid1: ignore discard error (bsc#1017164).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter\n (bsc#1012060)\n - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013001).\n - sfc: clear napi_hash state when copying channels (bsc#923037).\n - sfc: fix potential stack corruption from running past stat bitmask\n (bsc#923037).\n - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).\n - sunrpc: Enforce an upper limit on the number of cached credentials\n (bsc#1012917).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT\n REACHABLE (bsc#991273).\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()\n (bsc#921778).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()\n (bsc#1013479).\n - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - xenbus: correctly signal errors from xenstored_local_init() (luckily\n none so far).\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n\n", "modified": "2017-02-06T21:07:31", "published": "2017-02-06T21:07:31", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00010.html", "id": "SUSE-SU-2017:0407-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-15T21:00:01", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to\n receive various security and bugfixes.\n\n The following feature was implemented:\n\n - The ext2 filesystem got reenabled and supported to allow support for\n "XIP" (Execute In Place) (FATE#320805).\n\n\n The following security bugs were fixed:\n\n - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bsc#1021258).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could enable a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.\n Android ID: A-31349935 (bnc#1014746).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (use-after-free)\n via vectors involving omission of the firmware name from a certain data\n structure (bnc#1010478).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (use-after-free) by leveraging incorrect handling of an swevent\n data structure during a CPU unplug operation (bnc#1010502).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel did not check whether a slot is a\n leaf, which allowed local users to obtain sensitive information from\n kernel memory or cause a denial of service (invalid pointer dereference\n and out-of-bounds read) via an application that uses associative-array\n data structures, as demonstrated by the keyutils test suite\n (bnc#1010475).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote\n attackers to execute arbitrary code via crafted fragmented packets\n (bnc#1008833).\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed\n local users to bypass integer overflow checks, and cause a denial of\n service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS\n ioctl call, aka a "state machine confusion bug (bnc#1007197).\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel\n misused the kzalloc function, which allowed local users to cause a\n denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file (bnc#1007197).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel uses an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n remote attackers to hijack TCP sessions via a blind in-window attack\n (bnc#989152).\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by changing a certain\n length value, aka a "double fetch" vulnerability (bnc#987542).\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986362 bnc#986365).\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n mishandled transactional state, which allowed local users to cause a\n denial of service (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact by starting and\n suspending a transaction before an exec system call (bnc#986569).\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n\n The following non-security bugs were fixed:\n\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable\n (bsc#981597).\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction\n (bsc#983619).\n - btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#994881).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: improve performance on fsync against new inode after\n rename/unlink (bsc#981038).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n - ext4: Fixup handling for custom configs in tuning.\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - ipv6: Fix improper use or RCU in\n patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.\n (bsc#961257)\n - ipv6: KABI workaround for ipv6: add complete rcu protection around\n np->opt.\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - kabi: reintroduce sk_filter (kabi).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612, fate#313296).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,\n fate#313296).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - modsign: Print appropriate status message when accessing UEFI variable\n (bsc#958606).\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,\n bsc#999943).\n - netfilter: allow logging fron non-init netns (bsc#970083).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - nfs: Do not write enable new pages while an invalidation is proceeding\n (bsc#999584).\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n - pci/aer: Clear error status registers during enumeration and restore\n (bsc#985978).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - scsi: Increase REPORT_LUNS timeout (bsc#982282).\n - series.conf: move stray netfilter patches to the right section\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n - supported.conf: Add ext2\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n - tty: audit: Fix audit source (bsc#1016482).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - xen: Fix refcnt regression in xen netback introduced by changes made for\n bug#881008 (bnc#978094)\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: fixed signedness of error code in xfs_inode_buf_verify\n (bsc#1003153).\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n - xhci: silence warnings in switch (bnc#991665).\n\n", "modified": "2017-02-15T21:07:58", "published": "2017-02-15T21:07:58", "id": "SUSE-SU-2017:0471-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00025.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-28T16:49:08", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.74 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n\n - CVE-2017-1000364: An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is not sufficiently\n large and can be "jumped" over (the stack guard page is bypassed), this\n affects Linux Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010) (bnc#1039348).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate certain levels data, which allowed local users to cause a\n denial of service (system hang) via a crafted ioctl call for a\n /dev/dri/renderD* device (bnc#1031796).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the\n Linux kernel did not make the allow_ptr_leaks value available for\n restricting the output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via crafted bpf\n system calls (bnc#1040279).\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to\n cause a denial of service (API operation calling its own callback, and\n infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE\n setsockopt implementations in the netfilter subsystem in the Linux\n kernel allow local users to gain privileges or cause a denial of service\n (memory corruption) by leveraging in-container root access to provide a\n crafted offset value that triggers an unintended decrement (bnc#986362).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986365).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel is too late in obtaining a certain lock and consequently cannot\n ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (integer\n signedness error and out-of-bounds write), or gain privileges (if the\n CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579).\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052).\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213).\n - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux\n kernel allowed local users to cause a denial of service (NULL pointer\n dereference) or possibly gain privileges by revoking keyring keys being\n used for ext4, f2fs, or ubifs encryption, causing cryptographic\n transform objects to be freed prematurely (bnc#1032006).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986.\n (bnc#1027066).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697).\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations\n about skb data layout, which allowed local users to cause a denial of\n service (buffer over-read) or possibly have unspecified other impact via\n crafted system calls, as demonstrated by use of the MSG_MORE flag in\n conjunction with loopback UDP transmission (bnc#1027179).\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel\n mishandled certain drain operations, which allowed local users to cause\n a denial of service (system hang) by leveraging access to a container\n environment for executing a crafted application, as demonstrated by\n trinity (bnc#1008842).\n - CVE-2017-2583: The load_segment_descriptor implementation in\n arch/x86/kvm/emulate.c in the Linux kernel improperly emulates a "MOV\n SS, NULL selector" instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS privileges via a\n crafted application (bnc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c\n in the Linux kernel improperly emulates the VMXON instruction, which\n allowed KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references\n (bnc#1022785).\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bnc#1025235).\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the\n Linux kernel allowed remote attackers to have unspecified impact via\n vectors involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bnc#1023762).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in\n drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted size value in a VC4_SUBMIT_CL\n ioctl call (bnc#1021294).\n - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c\n in the VideoCore DRM driver in the Linux kernel did not set an errno\n value upon certain overflow detections, which allowed local users to\n cause a denial of service (incorrect pointer dereference and OOPS) via\n inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294).\n - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the\n Linux kernel preserves the setgid bit during a setxattr call involving a\n tmpfs filesystem, which allowed local users to gain group privileges by\n leveraging the existence of a setgid program with restrictions on\n execute permissions. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-7097. (bnc#1021258).\n\n The following non-security bugs were fixed:\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal\n (bsc#1031717).\n - acpi: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).\n - acpi, ioapic: Clear on-stack resource before using it (bsc#1028819).\n - acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717).\n - acpi, nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).\n - acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717).\n - acpi, nfit, libnvdimm: fix / harden ars_status output length handling\n (bsc#1023175).\n - acpi, nfit: validate ars_status output buffer size (bsc#1023175).\n - acpi: Remove platform devices from a bus on removal (bsc#1028819).\n - acpi / scan: Drop support for force_remove (bnc#1029607).\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68\n stable queue).\n - arm64: hugetlb: fix the wrong address for several functions\n (bsc#1032681).\n - arm64: hugetlb: fix the wrong return value for\n huge_ptep_set_access_flags (bsc#1032681).\n - arm64: hugetlb: remove the wrong pmd check in find_num_contig()\n (bsc#1032681).\n - arm64/numa: fix incorrect log for memory-less node (bsc#1019631).\n - arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032).\n - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2\n mode (4.4.68 stable queue).\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable\n queue).\n - arm: Use full path in KBUILD_IMAGE definition (bsc#1010032).\n - ASoC: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).\n - ASoC: Intel: Skylake: Uninitialized variable in probe_codec()\n (bsc#1043231).\n - ASoC: rt5640: use msleep() for long delays (bsc#1031717).\n - ASoC: sti: Fix error handling if of_clk_get() fails (bsc#1031717).\n - avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - bcache: fix calling ida_simple_remove() with incorrect minor\n (bsc#1038085).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1019784).\n - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB\n numbering (bsc#989311)\n - blacklist.conf: a04a480d4392 net: Require exact match for TCP socket\n lookups if dif is l3mdev (v4.9-rc4) 10/11 conflicts are with code\n introduced by 74b20582ac38 ("net: l3mdev: Add hook in ip and ipv6",\n v4.7-rc1) which is not present in SP2. I think that either the problem\n was always there or was introduced by 74b20582ac38. If in the first\n case, the fix would have to be implemented differently; if in the second\n case, the fix is not needed in SP2.\n - blacklist.conf: blacklist reverted commit Commit 82486aa6f1b9 ("ipv4:\n restore rt-&gt;fi for reference counting") was later reverted and\n replaced by commit 3fb07daff8e9 ("ipv4: add reference counting to\n metrics"). This solution breaks kABI, though, and I'll need to look into\n it more carefully to see if it can be worked around easily.\n - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).\n - blk-mq: Always schedule hctx->next_cpu (bsc#1020817).\n - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).\n - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).\n - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).\n - blk-mq: improve warning for running a queue on the wrong CPU\n (bsc#1020817).\n - block: Change extern inline to static inline (bsc#1023175).\n - block: copy NOMERGE flag from bio to request (bsc#1030070).\n - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue).\n - bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).\n - bna: add missing per queue ethtool stat (bsc#966321 FATE#320156).\n - bna: avoid writing uninitialized data into hw registers (bsc#966321\n FATE#320156).\n - bna: integer overflow bug in debugfs (bsc#966321 FATE#320156).\n - bnx2x: allow adding VLANs while interface is down (bsc#1027273).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412\n FATE#321671).\n - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal\n (bsc#1042286).\n - bonding: do not use stale speed and duplex information (bsc#1042286).\n - bonding: fix 802.3ad aggregator reselection (bsc#1029514).\n - bonding: prevent out of bound accesses (bsc#1042286).\n - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable\n queue).\n - brcmfmac: add fallback for devices that do not report per-chain values\n (bsc#1043231).\n - brcmfmac: avoid writing channel out of allocated array (bsc#1043231).\n - brcmfmac: Change error print on wlan0 existence (bsc#1000092).\n - brcmfmac: Ensure pointer correctly set if skb data location changes\n (4.4.68 stable queue).\n - brcmfmac: Make skb header writable before use (4.4.68 stable queue).\n - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717).\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n - btrfs: add ASSERT for block group's memory leak (bsc#1012452).\n - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452).\n - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452).\n - btrfs: add check to sysfs handler of label (bsc#1012452).\n - btrfs: add dynamic debug support (bsc#1012452).\n - btrfs: add error handling for extent buffer in print tree (bsc#1012452).\n - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452).\n - btrfs: add missing check for writeback errors on fsync (bsc#1012452).\n - btrfs: add more validation checks for superblock (bsc#1012452).\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n - btrfs: add read-only check to sysfs handler of features (bsc#1012452).\n - btrfs: add semaphore to synchronize direct IO writes with fsync\n (bsc#1012452).\n - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).\n - btrfs: add tracepoint for adding block groups (bsc#1012452).\n - btrfs: add tracepoints for flush events (bsc#1012452).\n - btrfs: add transaction space reservation tracepoints (bsc#1012452).\n - btrfs: add validadtion checks for chunk loading (bsc#1012452).\n - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452).\n - btrfs: allow balancing to dup with multi-device (bsc#1012452).\n - btrfs: allow unlink to exceed subvolume quota (bsc#1019614).\n - btrfs: always reserve metadata for delalloc extents (bsc#1012452).\n - btrfs: always use trans-&gt;block_rsv for orphans (bsc#1012452).\n - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452).\n - btrfs: avoid deadlocks during reservations in btrfs_truncate_block\n (bsc#1012452).\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n - btrfs: avoid uninitialized variable warning (bsc#1012452).\n - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).\n - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452).\n - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing\n delalloc space (bsc#1012452).\n - btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block\n size (bsc#1012452).\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452).\n - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined\n (bsc#1012452).\n - btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone\n operation (bsc#1012452).\n - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units\n (bsc#1012452).\n - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction\n (bsc#1012452).\n - btrfs: btrfs_submit_direct_hook: Handle map_length &lt; bio vector\n length (bsc#1012452).\n - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup()\n (bsc#1012452).\n - btrfs: change delayed reservation fallback behavior (bsc#1012452).\n - btrfs: change how we calculate the global block rsv (bsc#1012452).\n - btrfs: change how we update the global block rsv (bsc#1012452).\n - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).\n - btrfs: check btree node's nritems (bsc#1012452).\n - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452).\n - btrfs: check inconsistence between chunk and block group (bsc#1012452).\n - btrfs: check reserved when deciding to background flush (bsc#1012452).\n - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452).\n - btrfs: Clean pte corresponding to page straddling i_size (bsc#1012452).\n - btrfs: clean the old superblocks before freeing the device (bsc#1012452).\n - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452).\n - btrfs: cleanup assigning next active device with a check (bsc#1012452).\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452).\n - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452).\n - btrfs: clone: use vmalloc only as fallback for nodesize bufer\n (bsc#1012452).\n - btrfs: Compute and look up csums based on sectorsized blocks\n (bsc#1012452).\n - btrfs: convert nodesize macros to static inlines (bsc#1012452).\n - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452).\n - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452).\n - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452).\n - btrfs: copy_to_sk drop unused root parameter (bsc#1012452).\n - btrfs: create a helper function to read the disk super (bsc#1012452).\n - btrfs: create example debugfs file only in debugging build (bsc#1012452).\n - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: create helper function __check_raid_min_devices() (bsc#1012452).\n - btrfs: csum_tree_block: return proper errno value (bsc#1012452).\n - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452).\n - btrfs: device add and remove: use GFP_KERNEL (bsc#1012452).\n - btrfs: Direct I/O read: Work on sectorsized blocks (bsc#1012452).\n - btrfs: divide btrfs_update_reserved_bytes() into two functions\n (bsc#1012452).\n - btrfs: do not background blkdev_put() (bsc#1012452).\n - btrfs: do not bother kicking async if there's nothing to reclaim\n (bsc#1012452).\n - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452).\n - btrfs: do not create empty block group if we have allocated data\n (bsc#1012452).\n - btrfs: do not decrease bytes_may_use when replaying extents\n (bsc#1012452).\n - btrfs: do not do nocow check unless we have to (bsc#1012452).\n - btrfs: do not do unnecessary delalloc flushes when relocating\n (bsc#1012452).\n - btrfs: do not force mounts to wait for cleaner_kthread to delete one or\n more subvolumes (bsc#1012452).\n - btrfs: do not wait for unrelated IO to finish before relocation\n (bsc#1012452).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1035866).\n - btrfs: do not write corrupted metadata blocks to disk (bsc#1012452).\n - btrfs: end transaction if we abort when creating uuid root (bsc#1012452).\n - btrfs: enhance btrfs_find_device_by_user_input() to check device path\n (bsc#1012452).\n - btrfs: error out if generic_bin_search get invalid arguments\n (bsc#1012452).\n - btrfs: expand cow_file_range() to support in-band dedup and\n subpage-blocksize (bsc#1012452).\n - btrfs: extend btrfs_set_extent_delalloc and its friends to support\n in-band dedupe and subpage size patchset (bsc#1012452).\n - btrfs: extent same: use GFP_KERNEL for page array allocations\n (bsc#1012452).\n - btrfs: fallback to vmalloc in btrfs_compare_tree (bsc#1012452).\n - btrfs: fallocate: use GFP_KERNEL (bsc#1012452).\n - btrfs: fallocate: Work with sectorsized blocks (bsc#1012452).\n - btrfs: fill relocation block rsv after allocation (bsc#1012452).\n - btrfs: fix an integer overflow check (bsc#1012452).\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n - btrfs: Fix block size returned to user space (bsc#1012452).\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452).\n - btrfs: fix build warning (bsc#1012452).\n - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452).\n - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452).\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n - btrfs: fix crash when tracepoint arguments are freed by wq callbacks\n (bsc#1012452).\n - btrfs: fix data loss after truncate when using the no-holes feature\n (bsc#1036214).\n - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452).\n - btrfs: fix delalloc accounting after copy_from_user faults (bsc#1012452).\n - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452).\n - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452).\n - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452).\n - btrfs: fix double free of fs root (bsc#1012452).\n - btrfs: fix eb memory leak due to readpage failure (bsc#1012452).\n - btrfs: fix em leak in find_first_block_group (bsc#1012452).\n - btrfs: fix emptiness check for dirtied extent buffers at check_leaf()\n (bsc#1012452).\n - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452).\n - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452).\n - btrfs: fix extent_same allowing destination offset beyond i_size\n (bsc#1012452).\n - btrfs: fix free space calculation in dump_space_info() (bsc#1012452).\n - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452).\n - btrfs: fix fspath error deallocation (bsc#1012452).\n - btrfs: fix handling of faults from btrfs_copy_from_user (bsc#1012452).\n - btrfs: fix inode leak on failure to setup whiteout inode in rename\n (bsc#1020975).\n - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452).\n - btrfs: Fix integer overflow when calculating bytes_per_bitmap\n (bsc#1012452).\n - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395).\n - btrfs: fix invalid reference in replace_path (bsc#1012452).\n - btrfs: fix listxattrs not listing all xattrs packed in the same item\n (bsc#1012452).\n - btrfs: fix lockdep deadlock warning due to dev_replace (bsc#1012452).\n - btrfs: fix lockdep warning about log_mutex (bsc#1021455).\n - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex\n and uuid_mutex (bsc#1012452).\n - btrfs: fix lock dep warning move scratch super outside of chunk_mutex\n (bsc#1012452).\n - btrfs: fix lockdep warning on deadlock against an inode's log mutex\n (bsc#1021455).\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452).\n - btrfs: fix memory leak of block group cache (bsc#1012452).\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n - btrfs: fix mixed block count of available space (bsc#1012452).\n - btrfs: fix number of transaction units for renames with whiteout\n (bsc#1020975).\n - btrfs: fix one bug that process may endlessly wait for ticket in\n wait_reserve_ticket() (bsc#1012452).\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n - btrfs: fix race between block group relocation and nocow writes\n (bsc#1012452).\n - btrfs: fix race between device replace and block group removal\n (bsc#1012452).\n - btrfs: fix race between device replace and chunk allocation\n (bsc#1012452).\n - btrfs: fix race between device replace and discard (bsc#1012452).\n - btrfs: fix race between device replace and read repair (bsc#1012452).\n - btrfs: fix race between fsync and direct IO writes for prealloc extents\n (bsc#1012452).\n - btrfs: fix race between readahead and device replace/removal\n (bsc#1012452).\n - btrfs: fix race setting block group back to RW mode during device\n replace (bsc#1012452).\n - btrfs: fix race setting block group readonly during device replace\n (bsc#1012452).\n - btrfs: fix read_node_slot to return errors (bsc#1012452).\n - btrfs: fix release reserved extents trace points (bsc#1012452).\n - btrfs: fix segmentation fault when doing dio read (bsc#1040425).\n - btrfs: Fix slab accounting flags (bsc#1012452).\n - btrfs: fix truncate_space_check (bsc#1012452).\n - btrfs: fix unexpected return value of fiemap (bsc#1012452).\n - btrfs: fix unprotected assignment of the left cursor for device replace\n (bsc#1012452).\n - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452).\n - btrfs: flush_space: treat return value of do_chunk_alloc properly\n (bsc#1012452).\n - btrfs: Force stripesize to the value of sectorsize (bsc#1012452).\n - btrfs: free sys_array eb as soon as possible (bsc#1012452).\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n - btrfs: Handle uninitialised inode eviction (bsc#1012452).\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452).\n - btrfs: Improve FL_KEEP_SIZE handling in fallocate (bsc#1012452).\n - btrfs: incremental send, do not delay rename when parent inode is new\n (bsc#1028325).\n - btrfs: incremental send, do not issue invalid rmdir operations\n (bsc#1028325).\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n - btrfs: introduce device delete by devid (bsc#1012452).\n - btrfs: introduce raid-type to error-code table, for minimum device\n constraint (bsc#1012452).\n - btrfs: introduce ticketed enospc infrastructure (bsc#1012452).\n - btrfs: introduce tickets_id to determine whether asynchronous metadata\n reclaim work makes progress (bsc#1012452).\n - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452).\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452).\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452).\n - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452).\n - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452).\n - btrfs: kill unused writepage_io_hook callback (bsc#1012452).\n - btrfs: let callers of btrfs_alloc_root pass gfp flags (bsc#1012452).\n - btrfs: Limit inline extents to root-&gt;sectorsize (bsc#1012452).\n - btrfs: make find_workspace always succeed (bsc#1012452).\n - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452).\n - btrfs: make mapping-&gt;writeback_index point to the last written page\n (bsc#1012452).\n - btrfs: make state preallocation more speculative in __set_extent_bit\n (bsc#1012452).\n - btrfs: make sure device is synced before return (bsc#1012452).\n - btrfs: make sure we stay inside the bvec during __btrfs_lookup_bio_sums\n (bsc#1012452).\n - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device()\n (bsc#1012452).\n - btrfs: memset to avoid stale content in btree leaf (bsc#1012452).\n - btrfs: memset to avoid stale content in btree node block (bsc#1012452).\n - btrfs: move error handling code together in ctree.h (bsc#1012452).\n - btrfs: optimize check for stale device (bsc#1012452).\n - btrfs: Output more info for enospc_debug mount option (bsc#1012452).\n - btrfs: parent_start initialization cleanup (bsc#1012452).\n - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452).\n - btrfs: pass number of devices to btrfs_check_raid_min_devices\n (bsc#1012452).\n - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452).\n - btrfs: pin log earlier when renaming (bsc#1020975).\n - btrfs: pin logs earlier when doing a rename exchange operation\n (bsc#1020975).\n - btrfs: preallocate compression workspaces (bsc#1012452).\n - btrfs: Print Warning only if ENOSPC_DEBUG is enabled (bsc#1012452).\n - btrfs: qgroup: Move half of the qgroup accounting time out of commit\n trans (bsc#1017461).\n - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614).\n - btrfs: Ratelimit "no csum found" info message (bsc#1012452).\n - btrfs: reada: add all reachable mirrors into reada device list\n (bsc#1012452).\n - btrfs: reada: Add missed segment checking in reada_find_zone\n (bsc#1012452).\n - btrfs: reada: Avoid many times of empty loop (bsc#1012452).\n - btrfs: reada: avoid undone reada extents in btrfs_reada_wait\n (bsc#1012452).\n - btrfs: reada: bypass adding extent when all zone failed (bsc#1012452).\n - btrfs: reada: Fix a debug code typo (bsc#1012452).\n - btrfs: reada: Fix in-segment calculation for reada (bsc#1012452).\n - btrfs: reada: ignore creating reada_extent for a non-existent device\n (bsc#1012452).\n - btrfs: reada: Jump into cleanup in direct way for __readahead_hook()\n (bsc#1012452).\n - btrfs: reada: limit max works count (bsc#1012452).\n - btrfs: reada: Move is_need_to_readahead contition earlier (bsc#1012452).\n - btrfs: reada: move reada_extent_put to place after __readahead_hook()\n (bsc#1012452).\n - btrfs: reada: Pass reada_extent into __readahead_hook directly\n (bsc#1012452).\n - btrfs: reada: reduce additional fs_info->reada_lock in reada_find_zone\n (bsc#1012452).\n - btrfs: reada: Remove level argument in severial functions (bsc#1012452).\n - btrfs: reada: simplify dev->reada_in_flight processing (bsc#1012452).\n - btrfs: reada: Use fs_info instead of root in __readahead_hook's argument\n (bsc#1012452).\n - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452).\n - btrfs: readdir: use GFP_KERNEL (bsc#1012452).\n - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452).\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning\n (bsc#1012452).\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452).\n - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: remove redundant error check (bsc#1012452).\n - btrfs: remove save_error_info() (bsc#1012452).\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf\n (bsc#1012452).\n - btrfs: remove unused function btrfs_assert() (bsc#1012452).\n - btrfs: rename and document compression workspace members (bsc#1012452).\n - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452).\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452).\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452).\n - btrfs: Reset IO error counters before start of device replacing\n (bsc#1012452).\n - btrfs: reuse existing variable in scrub_stripe, reduce stack usage\n (bsc#1012452).\n - btrfs: s_bdev is not null after missing replace (bsc#1012452).\n - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block\n (bsc#1012452).\n - btrfs: scrub: use GFP_KERNEL on the submission path (bsc#1012452).\n - btrfs: Search for all ordered extents that could span across a page\n (bsc#1012452).\n - btrfs: send, fix failure to rename top level inode due to name collision\n (bsc#1028325).\n - btrfs: send: silence an integer overflow warning (bsc#1012452).\n - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452).\n - btrfs: send: use temporary variable to store allocation size\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_sources_tmp\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452).\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844 bsc#1024015)\n - btrfs: Simplify conditions about compress while mapping btrfs flags to\n inode flags (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452).\n - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_new (bsc#1012452).\n - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452).\n - btrfs: skip commit transaction if we do not have enough pinned bytes\n (bsc#1037186).\n - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452).\n - btrfs: switch to common message helpers in open_ctree, adjust messages\n (bsc#1012452).\n - btrfs: switch to kcalloc in btrfs_cmp_data_prepare (bsc#1012452).\n - btrfs: sysfs: protect reading label by lock (bsc#1012452).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: trace pinned extents (bsc#1012452).\n - btrfs: track transid for delayed ref flushing (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move struct\n btrfs_ioctl_defrag_range_args (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines\n (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452).\n - btrfs: unpin log if rename operation fails (bsc#1020975).\n - btrfs: unpin logs if rename exchange operation fails (bsc#1020975).\n - btrfs: unsplit printed strings (bsc#1012452).\n - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452).\n - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452).\n - btrfs: Use correct format specifier (bsc#1012452).\n - btrfs: use correct offset for reloc_inode in\n prealloc_file_extent_cluster() (bsc#1012452).\n - btrfs: use dynamic allocation for root item in create_subvol\n (bsc#1012452).\n - btrfs: Use (eb-&gt;start, seq) as search key for tree modification log\n (bsc#1012452).\n - btrfs: use existing device constraints table btrfs_raid_array\n (bsc#1012452).\n - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes\n (bsc#1012452).\n - btrfs: use fs_info directly (bsc#1012452).\n - btrfs: use new error message helper in qgroup_account_snapshot\n (bsc#1012452).\n - btrfs: use proper type for failrec in extent_state (bsc#1012452).\n - btrfs: use root when checking need_async_flush (bsc#1012452).\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452).\n - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452).\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n - ceph: check i_nlink while converting a file handle to dentry\n (bsc#1039864).\n - ceph: Check that the new inode size is within limits in ceph_fallocate()\n (bsc#1037969).\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n - ceph: fix bad endianness handling in parse_reply_info_extra\n (bsc#1020488).\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763).\n - ceph: fix potential use-after-free (bsc#1043371).\n - ceph: fix recursively call between ceph_set_acl and __ceph_setattr\n (bsc#1034902).\n - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810).\n - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode\n (bsc#1012829).\n - cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831).\n - cgroup: remove redundant cleanup in css_create (bsc#1012829).\n - cifs: backport prepath matching fix (bsc#799133).\n - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935).\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue).\n - clk: xgene: Add PMD clock (bsc#1019351).\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n - config: enable Ceph kernel client modules for ppc64le (fate#321098)\n - config: enable Ceph kernel client modules for s390x (fate#321098)\n - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores\n (4.4.68 stable queue).\n - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717).\n - crypto: algif_hash - avoid zero-sized array (bnc#1007962).\n - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).\n - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).\n - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n - crypto: qat - zero esram only for DH85x devices (1021248).\n - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913).\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n - crypto: xts - consolidate sanity check for keys (bsc#1018913).\n - crypto: xts - fix compile errors (bsc#1018913).\n - cxgb4: Add control net_device for configuring PCIe VF (bsc#1021424).\n - cxgb4: Add llseek operation for flash debugfs entry (bsc#1021424).\n - cxgb4: add new routine to get adapter info (bsc#1021424).\n - cxgb4: Add PCI device ID for new adapter (bsc#1021424).\n - cxgb4: Add port description for new cards (bsc#1021424).\n - cxgb4: Add support to enable logging of firmware mailbox commands\n (bsc#1021424).\n - cxgb4: Check for firmware errors in the mailbox command loop\n (bsc#1021424).\n - cxgb4: correct device ID of T6 adapter (bsc#1021424).\n - cxgb4/cxgb4vf: Add set VF mac address support (bsc#1021424).\n - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G adapter\n (bsc#1021424).\n - cxgb4/cxgb4vf: Assign netdev->dev_port with port ID (bsc#1021424).\n - cxgb4/cxgb4vf: Display 25G and 100G link speed (bsc#1021424).\n - cxgb4/cxgb4vf: Remove deprecated module parameters (bsc#1021424).\n - cxgb4: DCB message handler needs to use correct portid to netdev mapping\n (bsc#1021424).\n - cxgb4: Decode link down reason code obtained from firmware (bsc#1021424).\n - cxgb4: Do not assume FW_PORT_CMD reply is always port info msg\n (bsc#1021424).\n - cxgb4: do not call napi_hash_del() (bsc#1021424).\n - cxgb4: Do not sleep when mbox cmd is issued from interrupt context\n (bsc#1021424).\n - cxgb4: Enable SR-IOV configuration via PCI sysfs interface (bsc#1021424).\n - cxgb4: Fix issue while re-registering VF mgmt netdev (bsc#1021424).\n - cxgb4: MU requested by Chelsio (bsc#1021424).\n - cxgb4: Properly decode port module type (bsc#1021424).\n - cxgb4: Refactor t4_port_init function (bsc#1021424).\n - cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled\n (bsc#1021424).\n - cxgb4: Support compressed error vector for T6 (bsc#1021424).\n - cxgb4: Synchronize access to mailbox (bsc#1021424).\n - cxgb4: update latest firmware version supported (bsc#1021424).\n - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n - dax: fix device-dax region base (bsc#1023175).\n - Delete previous two fixes for i915 (bsc#1019061). These upstream fixes\n brought some regressions, so better to revert for now.\n - dell-laptop: Adds support for keyboard backlight timeout AC settings\n (bsc#1013561).\n - device-dax: check devm_nsio_enable() return value (bsc#1023175).\n - device-dax: fail all private mapping attempts (bsc#1023175).\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n - device-dax: fix private mapping restriction, permit read-only\n (bsc#1031717).\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500).\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125).\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n - dm round robin: do not use this_cpu_ptr() without having preemption\n disabled (bsc#1040125).\n - dm verity fec: fix block calculation (bsc#1040125).\n - dm verity fec: fix bufio leaks (bsc#1040125).\n - dm verity fec: limit error correction recursion (bsc#1040125).\n - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments\n (bsc#1031717).\n - drivers: hv: util: do not forget to init host_ts.lock (bsc#1031206).\n - drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()\n (fate#320485, bug#1018385).\n - drivers: hv: vmbus: Prevent sending data on a rescinded channel\n (fate#320485, bug#1028217).\n - drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()\n (fate#320485, bsc#1023287, bsc#1028217).\n - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).\n - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).\n - drivers: net: xgene: Add change_mtu function (bsc#1019351).\n - drivers: net: xgene: Add flow control configuration (bsc#1019351).\n - drivers: net: xgene: Add flow control initialization (bsc#1019351).\n - drivers: net: xgene: Add helper function (bsc#1019351).\n - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).\n - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).\n - drivers: net: xgene: fix build after change_mtu function change\n (bsc#1019351).\n - drivers: net: xgene: fix: Coalescing values for v2 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: Disable coalescing on v1 hardware\n (bsc#1019351).\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).\n - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).\n - drivers: net: xgene: uninitialized variable in\n xgene_enet_free_pagepool() (bsc#1019351).\n - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O\n (bsc#1031717).\n - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).\n - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n - drm/i915: Do not init hpd polling for vlv and chv from runtime_suspend()\n (bsc#1014120).\n - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error\n (bsc#1031717).\n - drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re\n - drm/i915/dp: Restore PPS HW state from the encoder resume hook\n (bsc#1019061).\n - drm/i915: Fix crash after S3 resume with DP MST mode change\n (bsc#1029634).\n - drm/i915: Fix mismatched INIT power domain disabling during suspend\n (bsc#1031717).\n - drm/i915: Fix watermarks for VLV/CHV (bsc#1011176).\n - drm/i915: Force VDD off on the new power seqeuencer before starting to\n use it (bsc#1009674).\n - drm/i915/gen9: Fix PCODE polling during CDCLK change notification\n (bsc#1015367).\n - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT (bsc#1032581).\n - drm/i915: Listen for PMIC bus access notifications (bsc#1011913).\n - drm/i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).\n - drm/i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).\n - drm/i915: Nuke debug messages from the pipe update critical section\n (bsc#1031717).\n - drm/i915: Only enable hotplug interrupts if the display interrupts are\n enabled (bsc#1031717).\n - drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port\n - drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV\n (bsc#1019061).\n - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() settings (bsc#1031717).\n - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl\n (bsc#1040463).\n - drm/i915/vlv: Prevent enabling hpd polling in late suspend (bsc#1014120).\n - drm/i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).\n - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959,\n fate#322780)\n - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,\n bsc#995542).\n - drm/nouveau/tmr: fully separate alarm execution/pending lists\n (bsc#1043467).\n - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable\n queue).\n - drm/vc4: Fix an integer overflow in temporary allocation layout\n (bsc#1021294).\n - drm-vc4-Fix-an-integer-overflow-in-temporary-allocation-layout.patch\n - drm/vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).\n - drm-vc4-Return-EINVAL-on-the-overflow-checks-failing.patch\n - drm: virtio-gpu: get the fb from the plane state for atomic updates\n (bsc#1023101).\n - e1000e: Do not return uninitialized stats (bug#1034635).\n - edac, xgene: Fix spelling mistake in error messages (bsc#1019351).\n - efi: Do not issue error message when booted under Xen (bnc#1036638).\n - enic: set skb->hash type properly (bsc#922871 fate#318754).\n - ext4: fix data corruption for mmap writes (bsc#1012829).\n - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829).\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - ext4: fix use-after-iput when fscrypt contexts are inconsistent\n (bsc#1012829).\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n - f2fs: sanity check segment count (4.4.68 stable queue).\n - Fix a regression reported by bsc#1020048 in\n patches.fixes/0003-md-lockless-I-O-submission-for-RAID1.patch\n (bsc#982783,bsc#998106,bsc#1020048).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n - fuse: fix clearing suid, sgid for chown() (bsc#1012829).\n - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).\n - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n - hid: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL\n (bsc#1022340).\n - hv: do not reset hv_context.tsc_page on crash (fate#320485, bnc#1007729).\n - hv: export current Hyper-V clocksource (bsc#1031206).\n - hv_utils: implement Hyper-V PTP source (bsc#1031206).\n - i2c: designware-baytrail: Acquire P-Unit access on bus acquire\n (bsc#1011913).\n - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain\n (bsc#1011913).\n - i2c: designware-baytrail: Fix race when resetting the semaphore\n (bsc#1011913).\n - i2c: designware-baytrail: Only check iosf_mbi_available() for shared\n hosts (bsc#1011913).\n - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM\n method (bsc#1011913).\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).\n - i2c: designware: Implement support for SMBus block read and write\n (bsc#1019351).\n - i2c-designware: increase timeout (bsc#1011913).\n - i2c: designware: Never suspend i2c-busses used for accessing the system\n PMIC (bsc#1011913).\n - i2c: designware: Rename accessor_flags to flags (bsc#1011913).\n - i2c: xgene: Fix missing code of DTB support (bsc#1019351).\n - i40e: Be much more verbose about what we can and cannot offload\n (bsc#985561).\n - ib/addr: Fix setting source address in addr6_resolve() (bsc#1044082).\n - ib/core: Fix kernel crash during fail to initialize device (bsc#1022595\n FATE#322350).\n - ib/core: For multicast functions, verify that LIDs are multicast LIDs\n (bsc#1022595 FATE#322350).\n - ib/core: If the MGID/MLID pair is not on the list return an error\n (bsc#1022595 FATE#322350).\n - ib/ipoib: Fix deadlock between ipoib_stop and mcast join flow\n (bsc#1022595 FATE#322350).\n - ib/mlx5: Assign DSCP for R-RoCE QPs Address Path (bsc#966170 bsc#966172\n bsc#966191).\n - ib/mlx5: Check supported flow table size (bsc#966170 bsc#966172\n bsc#966191).\n - ib/mlx5: Enlarge autogroup flow table (bsc#966170 bsc#966172 bsc#966191).\n - ib/mlx5: Fix kernel to user leak prevention logic (bsc#966170 bsc#966172\n bsc#966191).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - ibmvnic: Activate disabled RX buffer pools on reset (bsc#1044767).\n - ibmvnic: Add set_link_state routine for setting adapter link state\n (fate#322021, bsc#1031512).\n - ibmvnic: Allocate number of rx/tx buffers agreed on by firmware\n (fate#322021, bsc#1031512).\n - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Call napi_disable instead of napi_enable in failure path\n (fate#322021, bsc#1031512).\n - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021,\n bsc#1040855).\n - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021,\n bsc#1038297).\n - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512).\n - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297).\n - ibmvnic: Client-initiated failover (bsc#1043990).\n - ibmvnic: Continue skb processing after skb completion error\n (fate#322021, bsc#1038297).\n - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512).\n - ibmvnic: Correct ibmvnic handling of device open/close (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init and release routines for the bounce buffer\n (fate#322021, bsc#1031512).\n - ibmvnic: Create init and release routines for the rx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init and release routines for the tx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init/release routines for stats token (fate#322021,\n bsc#1031512).\n - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED\n (fate#322021, bsc#1040855).\n - ibmvnic: Delete napi's when releasing driver resources (fate#322021,\n bsc#1038297).\n - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512).\n - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021,\n bsc#1031512).\n - ibmvnic: driver initialization for kdump/kexec (bsc#1044772).\n - ibmvnic: Ensure that TX queues are disabled in __ibmvnic_close\n (bsc#1044767).\n - ibmvnic: Exit polling routine correctly during adapter reset\n (bsc#1044767).\n - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855).\n - ibmvnic: Fix endian errors in error reporting output (fate#322021,\n bsc#1031512).\n - ibmvnic: Fix endian error when requesting device capabilities\n (fate#322021, bsc#1031512).\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021,\n bsc#1031512).\n - ibmvnic: Fix initial MTU settings (bsc#1031512).\n - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021,\n bsc#1038297, Fixes: ed651a10875f).\n - ibmvnic: Fix overflowing firmware/hardware TX queue (fate#322021,\n bsc#1031512).\n - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512).\n - ibmvnic: Free skb's in cases of failure in transmit (fate#322021,\n bsc#1031512).\n - ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs\n (fate#322021, bsc#1031512).\n - ibmvnic: Halt TX and report carrier off on H_CLOSED return code\n (fate#322021, bsc#1040855).\n - ibmvnic: Handle failover after failed init crq (fate#322021,\n bsc#1040855).\n - ibmvnic: Handle processing of CRQ messages in a tasklet (fate#322021,\n bsc#1031512).\n - ibmvnic: Initialize completion variables before starting work\n (fate#322021, bsc#1031512).\n - ibmvnic: Insert header on VLAN tagged received frame (fate#322021,\n bsc#1031512).\n - ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs\n (fate#322021, bsc#1031512).\n - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021,\n bsc#1031512).\n - ibmvnic: Move ibmvnic adapter intialization to its own routine\n (fate#322021, bsc#1031512).\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021,\n bsc#1031512).\n - ibmvnic: Move initialization of the stats token to ibmvnic_open\n (fate#322021, bsc#1031512).\n - ibmvnic: Move login and queue negotiation into ibmvnic_open\n (fate#322021, bsc#1031512).\n - ibmvnic: Move login to its own routine (fate#322021, bsc#1031512).\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021,\n bsc#1038297).\n - ibmvnic: Move resource initialization to its own routine (fate#322021,\n bsc#1038297).\n - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855).\n - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512).\n - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297).\n - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512).\n - ibmvnic: Remove inflight list (fate#322021, bsc#1031512).\n - ibmvnic: Remove netdev notify for failover resets (bsc#1044120).\n - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512).\n - ibmvnic: Remove VNIC_CLOSING check from pending_scrq (bsc#1044767).\n - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297).\n - ibmvnic: Report errors when failing to release sub-crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855).\n - ibmvnic: Reset the CRQ queue during driver reset (fate#322021,\n bsc#1040855).\n - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855).\n - ibmvnic: Return failure on attempted mtu change (bsc#1043236).\n - ibmvnic: Sanitize entire SCRQ buffer on reset (bsc#1044767).\n - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855).\n - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512).\n - ibmvnic: Split initialization of scrqs to its own routine (fate#322021,\n bsc#1031512).\n - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855).\n - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512).\n - ibmvnic: Updated reset handling (fate#322021, bsc#1038297).\n - ibmvnic: Update main crq initialization and release (fate#322021,\n bsc#1031512).\n - ibmvnic: Use common counter for capabilities checks (fate#322021,\n bsc#1031512).\n - ibmvnic: use max_mtu instead of req_mtu for MTU range check\n (bsc#1031512).\n - ibmvnic: Validate napi exist before disabling them (fate#322021,\n bsc#1031512).\n - ibmvnic: Wait for any pending scrqs entries at driver close\n (fate#322021, bsc#1038297).\n - ibmvnic: Whitespace correction in release_rx_pools (fate#322021,\n bsc#1038297).\n - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717).\n - infiniband: avoid dereferencing uninitialized dst on error path\n (git-fixes).\n - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843).\n - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842).\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848).\n - iommu: Handle default domain attach failure (bsc#1038846).\n - iommu/vt-d: Do not over-free page table directories (bsc#1038847).\n - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208).\n - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header\n (4.4.68 stable queue).\n - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286).\n - ipv6: fix endianness error in icmpv6_err (bsc#1042286).\n - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable\n queue).\n - ipv6: release dst on error in ip6_dst_lookup_tail (git-fixes).\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable\n queue).\n - isa: Call isa_bus_init before dependent ISA bus drivers register\n (bsc#1031717).\n - iscsi-target: Return error if unable to add network portal (bsc#1032803).\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570).\n - iwlwifi: Expose the default fallback ucode API to module info\n (boo#1021082, boo#1023884).\n - jump label: fix passing kbuild_cflags when checking for asm goto support\n (git-fixes).\n - kabi: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n - kABI: move and hide new cxgbi device owner field (bsc#1018885).\n - kABI: protect cgroup include in kernel/kthread (kabi).\n - kABI: protect struct fib_info (kabi).\n - kABI: protect struct iscsi_conn (kabi).\n - kABI: protect struct mnt_namespace (kabi).\n - kABI: protect struct musb_platform_ops (kabi).\n - kABI: protect struct pglist_data (kabi).\n - kABI: protect struct se_node_acl (kabi).\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n - kABI: protect struct tcp_fastopen_cookie (kabi).\n - kABI: protect struct user_fpsimd_state (kabi).\n - kABI: protect struct wake_irq (kabi).\n - kABI: protect struct xhci_hcd (kabi).\n - kABI: protect struct xlog (bsc#1043598).\n - kABI: restore can_rx_register parameters (kabi).\n - kABI: restore ttm_ref_object_add parameters (kabi).\n - kABI workaround 4.4.65 adding #include <linux/mount.h> to kernel/sysctl.c\n - kabi workaround for net: ipv6: Fix processing of RAs in presence of VRF\n (bsc#1042286).\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - kernel: Fix invalid domain response handling (bnc#1009718, LTC#149851).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612, fate#313296).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,\n fate#313296).\n - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662).\n - kgr/module: make a taint flag module-specific (fate#313296).\n - kgr: remove all arch-specific kgraft header files (fate#313296).\n - kprobes/x86: Fix kernel panic when certain exception-handling addresses\n are probed (4.4.68 stable queue).\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue).\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue).\n - kvm: svm: add support for RDTSCP (bsc#1033117).\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix race in l2tp_recv_common() (bsc#1042286).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: hold tunnel socket when handling control frames in l2tp_ip and\n l2tp_ip6 (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable\n queue).\n - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125).\n - libceph: NULL deref on crush_decode() error path (bsc#1044015).\n - libcxgb: add library module for Chelsio drivers (bsc#1021424).\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in\n nbytes (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices\n (bsc#1003581).\n - libnvdimm, pfn: fix align attribute (bsc#1023175).\n - libnvdimm, pfn: fix memmap reservation size versus 4K alignment\n (bsc#1031717).\n - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125).\n - livepatch: Allow architectures to specify an alternate ftrace location\n (FATE#322421).\n - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662).\n - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER\n (bsc#1031717).\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).\n - md: allow creation of mdNNN arrays via md_mod/parameters/new_array\n (bsc#1032339).\n - md.c:didn't unlock the mddev before return EINVAL in array_size_store\n (bsc#1038143).\n - md-cluster: convert the completion to wait queue (fate#316335).\n - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087).\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock (fate#316335).\n - md: ensure md devices are freed before module is unloaded (bsc#1022304).\n - md: fix refcount problem on mddev when stopping array (bsc#1022304).\n - md: handle read-only member devices better (bsc#1033281).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md: MD_CLOSING needs to be cleared after called md_set_readonly or\n do_md_stop (bsc#1038142).\n - md/raid1: add rcu protection to rdev in fix_read_error (References:\n bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: avoid reusing a resync bio after error handling (Fate#311379).\n - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: handle flush request correctly\n (bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: Refactor raid1_make_request\n (bsc#998106,bsc#1020048,bsc#982783).\n - md: support disabling of create-on-open semantics (bsc#1032339).\n - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717).\n - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717).\n - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717).\n - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717).\n - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717).\n - media: cx23885: uninitialized variable in cx23885_av_work_handler()\n (bsc#1031717).\n - media: DaVinci-VPBE: Check return value of a setup_if_config() call in\n vpbe_set_output() (bsc#1031717).\n - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717).\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717).\n - media: exynos4-is: fix a format string bug (bsc#1031717).\n - media: gspca: konica: add missing endpoint sanity check (bsc#1031717).\n - media: lirc_imon: do not leave imon_probe() with mutex held\n (bsc#1031717).\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717).\n - media: rc: allow rc modules to be loaded if rc-main is not a module\n (bsc#1031717).\n - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717).\n - media: sh-vou: clarify videobuf2 dependency (bsc#1031717).\n - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs()\n (bsc#1031717).\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n - media: uvcvideo: Fix empty packet statistic (bsc#1031717).\n - media: uvcvideo: uvc_scan_fallback() for webcams with broken chain\n (bsc#1021474).\n - media: vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231).\n - mem-hotplug: fix node spanned pages when we have a movable node\n (bnc#1034671).\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue).\n - mlx4: Fix memory leak after mlx4_en_update_priv() (bsc#966170 bsc#966172\n bsc#966191).\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n - mmc: Downgrade error level (bsc#1042536).\n - mm,compaction: serialize waitqueue_active() checks (bsc#971975).\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for\n sdhci-arasan4.9a (bsc#1019351).\n - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717).\n - mmc: sdhci: restore behavior when setting VDD via external regulator\n (bsc#1031717).\n - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM --\n git fixes).\n - mm: fix set pageblock migratetype in deferred struct page init\n (bnc#1027195).\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).\n - mm/hugetlb: check for reserved hugepages during memory offline\n (bnc#971975 VM -- git fixes).\n - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975\n VM -- git fixes).\n - mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200).\n - mm, memcg: do not retry precharge charges (bnc#1022559).\n - mm, page_alloc: fix check for NULL preferred_zone (bnc#971975 VM\n performance -- page allocator).\n - mm, page_alloc: fix fast-path race with cpuset update or removal\n (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: fix premature OOM when racing with cpuset mems update\n (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: keep pcp count and list contents in sync if struct page\n is corrupted (bnc#971975 VM performance -- page allocator).\n - mm, page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM\n performance -- page allocator).\n - mm/page_alloc: Remove useless parameter of __free_pages_boot_core\n (bnc#1027195).\n - mm: page_alloc: skip over regions of invalid pfns where possible\n (bnc#1031200).\n - module: fix memory leak on early load_module() failures (bsc#1043014).\n - module: move add_taint_module() to a header file (fate#313296).\n - mountproto.patch: Add commit id\n - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue).\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable\n queue).\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).\n - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717).\n - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717).\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue).\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n - mwifiex: Remove unused 'chan_num' variable (bsc#1031717).\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n - net/af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,\n LTC#150566).\n - net: bridge: start hello timer only if device is up (bnc#1012382).\n - net/ena: change condition for host attribute configuration (bsc#1026509).\n - net/ena: change driver's default timeouts (bsc#1026509).\n - net: ena: change the return type of ena_set_push_mode() to be void\n (bsc#1026509).\n - net: ena: Fix error return code in ena_device_init() (bsc#1026509).\n - net/ena: fix ethtool RSS flow configuration (bsc#1026509).\n - net/ena: fix NULL dereference when removing the driver after device\n reset failed (bsc#1026509).\n - net/ena: fix potential access to freed memory during device reset\n (bsc#1026509).\n - net/ena: fix queues number calculation (bsc#1026509).\n - net/ena: fix RSS default hash configuration (bsc#1026509).\n - net/ena: reduce the severity of ena printouts (bsc#1026509).\n - net/ena: refactor ena_get_stats64 to be atomic context safe\n (bsc#1026509).\n - net/ena: remove ntuple filter support from device feature list\n (bsc#1026509).\n - net: ena: remove superfluous check in ena_remove() (bsc#1026509).\n - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).\n - net/ena: update driver version to 1.1.2 (bsc#1026509).\n - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).\n - net: ena: use setup_timer() and mod_timer() (bsc#1026509).\n - net: ethernet: apm: xgene: use phydev from struct net_device\n (bsc#1019351).\n - net: ethtool: Initialize buffer when querying device channel settings\n (bsc#969479 FATE#320634).\n - netfilter: allow logging from non-init namespaces (bsc#970083).\n - netfilter: nf_conntrack_sip: extend request line validation\n (bsc#1042286).\n - netfilter: nf_ct_expect: remove the redundant slash when policy name is\n empty (bsc#1042286).\n - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags\n (bsc#1042286).\n - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to\n register (bsc#1042286).\n - netfilter: nfnetlink_queue: reject verdict request from different portid\n (bsc#1042286).\n - netfilter: restart search if moved to other chain (bsc#1042286).\n - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286).\n - net: fix compile error in skb_orphan_partial() (bnc#1012382).\n - net: ibmvnic: Remove unused net_stats member from struct ibmvnic_adapter\n (fate#322021, bsc#1031512).\n - net: icmp_route_lookup should use rt dev to determine L3 domain\n (bsc#1042286).\n - net: implement netif_cond_dbg macro (bsc#1019168).\n - net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286).\n - net: ipv6: set route type for anycast routes (bsc#1042286).\n - net: l3mdev: Add master device lookup by index (bsc#1042286).\n - net: make netdev_for_each_lower_dev safe for device removal\n (bsc#1042286).\n - net/mlx4_core: Avoid command timeouts during VF driver device shutdown\n (bsc#1028017).\n - net/mlx4_core: Avoid delays during VF driver device shutdown\n (bsc#1028017).\n - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#1028017).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#1028017).\n - net/mlx4_en: Fix bad WQE issue (bsc#1028017).\n - net/mlx5: Do not unlock fte while still using it (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5e: Modify TIRs hash only when it's needed (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5: Fix create autogroup prev initializer (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5: Prevent setting multicast macs for VFs (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5: Release FTE lock in error flow (bsc#966170 bsc#966172\n bsc#966191).\n - net: remove useless memset's in drivers get_stats64 (bsc#1019351).\n - net: vrf: Create FIB tables on link create (bsc#1042286).\n - net: vrf: Fix crash when IPv6 is disabled at boot time (bsc#1042286).\n - net: vrf: Fix dev refcnt leak due to IPv6 prefix route (bsc#1042286).\n - net: vrf: Fix dst reference counting (bsc#1042286).\n - net: vrf: protect changes to private data with rcu (bsc#1042286).\n - net: vrf: Switch dst dev to loopback on device delete (bsc#1042286).\n - netvsc: add rcu_read locking to netvsc callback (fate#320485).\n - netxen_nic: set rcode to the return status from the call to\n netxen_issue_cmd (bsc#966339 FATE#320150).\n - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).\n - net: xgene: fix backward compatibility fix (bsc#1019351).\n - net/xgene: fix error handling during reset (bsc#1019351).\n - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).\n - nfit: fail DSMs that return non-zero status by default (bsc#1023175).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfs: do not try to cross a mountpount when there isn't one there\n (bsc#1028041).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (git-fixes).\n - nfs: Fix "Do not increment lock sequence ID after NFS4ERR_MOVED"\n (git-fixes).\n - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes).\n - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes).\n - nfs: Fix NFS4 nfs4_do_reclaim() might_sleep()/scheduling while atomic\n splats. Bug exists in all RT trees &gt;= v3.16, was spotted/fixed in\n v4.8-rt, but with no stable-rt backport. Pick it up.\n - nfs: flush out dirty data on file fput() (bsc#1021762).\n - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes).\n - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes).\n - nfsv4: fix a reference leak caused WARNING messages (git-fixes).\n - nfsv4: Fix the underestimation of delegation XDR space reservation\n (git-fixes).\n - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829).\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).\n - nvme: Delete created IO queues on reset (bsc#1031717).\n - nvme: Do not suspend admin queue that wasn't created (bsc#1026505).\n - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532).\n - nvme: Suspend all queues before deletion (bsc#1026505).\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock\n (bsc#1004003).\n - ocfs2: fix deadlock issue when taking inode lock at vfs entry points\n (bsc#1004003).\n - overlayfs: compat, fix incorrect dentry use in ovl_rename2 (bsc#1032400).\n - overlayfs: compat, use correct dentry to detect compat mode in\n ovl_compat_is_whiteout (bsc#1032400).\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n - pci/AER: include header file (bsc#964944,FATE#319965).\n - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).\n - pci: hv: Fix wslot_to_devfn() to fix warnings on device removal\n (fate#320485, bug#1028217).\n - pci: hv: Use device serial number as PCI domain (fate#320485,\n bug#1028217).\n - pci: pciehp: Prioritize data-link event over presence detect\n (bsc#1031040,bsc#1037483).\n - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057).\n - pci: Work around Intel Sunrise Point PCH incorrect ACS capability\n (bsc#1030057).\n - pci: xgene: Add local struct device pointers (bsc#1019351).\n - pci: xgene: Add register accessors (bsc#1019351).\n - pci: xgene: Free bridge resource list on failure (bsc#1019351).\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).\n - pci: xgene: Remove unused platform data (bsc#1019351).\n - pci: xgene: Request host bridge window resources (bsc#1019351).\n - percpu: remove unused chunk_alloc parameter from pcpu_get_pages()\n (bnc#971975 VM -- git fixes).\n - perf/x86/intel/rapl: Make Knights Landings support functional\n (bsc#1042517).\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell server\n (bsc#1035887).\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue).\n - phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode"\n (bsc#1019351).\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes\n (bnc#1012985).\n - ping: implement proper locking (bsc#1031003).\n - pkcs#7: fix missing break on OID_sha224 case (bsc#1031717).\n - platform/x86: fujitsu-laptop: use brightness_set_blocking for\n LED-setting callbacks (bsc#1031717).\n - pm / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231).\n - pm / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717).\n - pm / wakeirq: Fix spurious wake-up events for dedicated wakeirqs\n (bsc#1031717).\n - pm / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717).\n - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717).\n - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764\n fate#315275, LTC#103998).\n - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n - powerpc: Create a helper for getting the kernel toc value (FATE#322421).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM\n (bsc#1032141).\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel\n (FATE#322421).\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI\n (FATE#322421).\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace\n (FATE#322421).\n - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421).\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421).\n - powerpc/livepatch: Add livepatch header (FATE#322421).\n - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421).\n - powerpc/livepatch: Add livepatch stack to struct thread_info\n (FATE#322421).\n - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).\n - powerpc/module: Mark module stubs with a magic value (FATE#322421).\n - powerpc/module: Only try to generate the ftrace_caller() stub once\n (FATE#322421).\n - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount()\n call (FATE#322421).\n - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue).\n - power: reset: xgene-reboot: Unmap region obtained by of_iomap\n (bsc#1019351).\n - power: supply: bq24190_charger: Call power_supply_changed() for relevant\n component (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Do not read fault register outside\n irq_handle_thread() (4.4.68 stable queue).\n - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Handle fault before status on interrupt\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Install irq_handler_thread() at end of\n probe() (4.4.68 stable queue).\n - printk: Switch to the sync mode when an emergency message is printed\n (bsc#1034995).\n - qeth: check not more than 16 SBALEs on the completion queue\n (bnc#1009718, LTC#148203).\n - quota: fill in Q_XGETQSTAT inode information for inactive quotas\n (bsc#1042356).\n - radix-tree: fix radix_tree_iter_retry() for tagged iterators\n (bsc#1012829).\n - raid1: a new I/O barrier implementation to remove resync window\n (bsc#998106,bsc#1020048,bsc#982783).\n - raid1: avoid unnecessary spin locks in I/O barrier code\n (bsc#998106,bsc#1020048,bsc#982783).\n - raid1: ignore discard error (bsc#1017164).\n - ravb: Fix use-after-free on `ifconfig eth0 down` (git-fixes).\n - rdma/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570).\n - rdma/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570).\n - rdma/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570).\n - Refresh patches.suse/blk-timeout-no-round. Refresh\n patches.drivers/0041-block-add-ability-to-flag-write-back-caching-on-a-devi\n ce.patch Do not collide with QUEUE_FLAG_WC from upstream (bsc#1022547)\n - regulator: isl9305: fix array size (bsc#1031717).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - Revert "acpi, nfit, libnvdimm: fix interleave set cookie calculation\n (64-bit comparison)" (kabi).\n - Revert "btrfs: qgroup: Move half of the qgroup accounting time out of"\n (bsc#1017461 bsc#1033885).\n - Revert "btrfs: qgroup: Move half of the qgroup accounting time out of"\n This reverts commit f69c1d0f6254c73529a48fd2f87815d047ad7288.\n - Revert "give up on gcc ilog2() constant optimizations" (kabi).\n - Revert "KVM: nested VMX: disable perf cpuid reporting" (4.4.68 stable\n queue).\n - Revert "l2tp: take reference on sessions being dumped" (kabi).\n - Revert "mac80211: pass block ack session timeout to to driver" (kabi).\n - Revert "mac80211: RX BA support for sta max_rx_aggregation_subframes"\n (kabi).\n - Revert "net: introduce device min_header_len" (kabi).\n - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow"\n (bsc#1028017).\n - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi).\n - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).\n - Revert "target: Fix NULL dereference during LUN lookup + active I/O\n shutdown" (kabi).\n - Revert "wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event" (kabi).\n - rpm/kernel-binary.spec.in: Fix installation of /etc/uefi/certs\n (bsc#1019594)\n - rpm/kernel-binary.spec: remove superfluous flags This should make build\n logs more readable and people adding more flags should have easier time\n finding a place to add them in the spec file.\n - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter\n (bsc#1012060)\n - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate\n (bsc#1035922)\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).\n - rtc: cmos: Do not enable interrupts in the middle of the interrupt\n handler (bsc#1022429).\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data\n (bsc#1026462).\n - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable\n queue).\n - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286).\n - s390/cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).\n - s390/dasd: check if query host access feature is supported (bsc#1037871).\n - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573).\n - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683,\n LTC#152318).\n - s390/sysinfo: show partition extended name and UUID if available\n (bnc#1009718, LTC#150160).\n - s390/time: LPAR offset handling (bnc#1009718, LTC#146920).\n - s390/time: move PTFF definitions (bnc#1009718, LTC#146920).\n - sbp-target: Fix second argument of percpu_ida_alloc() (bsc#1032803).\n - sched: Allow hotplug notifiers to be setup early (bnc#1022476).\n - sched/core: Fix incorrect utilization accounting when switching to fair\n class (bnc#1022476).\n - sched/core: Fix set_user_nice() (bnc#1022476).\n - sched/core, x86/topology: Fix NUMA in package topology bug (bnc#1022476).\n - sched/cputime: Add steal time support to full dynticks CPU time\n accounting (bnc#1022476).\n - sched/cputime: Fix prev steal time accouting during CPU hotplug\n (bnc#1022476).\n - sched/deadline: Always calculate end of period on sched_yield()\n (bnc#1022476).\n - sched/deadline: Fix a bug in dl_overflow() (bnc#1022476).\n - sched/deadline: Fix lock pinning warning during CPU hotplug\n (bnc#1022476).\n - sched/deadline: Fix wrap-around in DL heap (bnc#1022476).\n - sched/fair: Avoid using decay_load_missed() with a negative value\n (bnc#1022476).\n - sched/fair: Fix fixed point arithmetic width for shares and effective\n load (bnc#1022476).\n - sched/fair: Fix load_above_capacity fixed point arithmetic width\n (bnc#1022476).\n - sched/fair: Fix min_vruntime tracking (bnc#1022476).\n - sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task()\n (bnc#1022476).\n - sched/fair: Improve PELT stuff some more (bnc#1022476).\n - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting\n (bsc#1018419).\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).\n - sched/rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).\n - sched/rt, sched/dl: Do not push if task's scheduling class was changed\n (bnc#1022476).\n - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458).\n - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458).\n - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458).\n - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458).\n - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo()\n (bsc#1038458).\n - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458).\n - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458).\n - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458).\n - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458).\n - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458).\n - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6 (bsc#1038458).\n - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458).\n - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458).\n - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458).\n - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458).\n - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458).\n - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458).\n - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458).\n - scsi: be2iscsi: Move functions to right files (bsc#1038458).\n - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458).\n - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458).\n - scsi: be2iscsi: Remove alloc_mcc_tag & beiscsi_pci_soft_reset\n (bsc#1038458).\n - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458).\n - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458).\n - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458).\n - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458).\n - scsi: be2iscsi: Update copyright information (bsc#1038458).\n - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458).\n - scsi: be2iscsi: Update the driver version (bsc#1038458).\n - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885).\n - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature\n (bsc#1021424).\n - scsi: cxlflash: Remove the device cleanly in the system shutdown path\n (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3\n - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340).\n - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).\n - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910).\n - scsi: do not print 'reservation conflict' for TEST UNIT READY\n (bsc#1027054).\n - scsi_error: count medium access timeout only once per EH run\n (bsc#993832, bsc#1032345).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (bsc#1034419).\n - scsi: ipr: Driver version 2.6.4 (bsc#1031555, fate#321595).\n - scsi: ipr: Error path locking fixes (bsc#1031555, fate#321595).\n - scsi: ipr: Fix abort path race condition (bsc#1031555, fate#321595).\n - scsi: ipr: Fix missed EH wakeup (bsc#1031555, fate#321595).\n - scsi: ipr: Fix SATA EH hang (bsc#1031555, fate#321595).\n - scsi: ipr: Remove redundant initialization (bsc#1031555, fate#321595).\n - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue).\n - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125).\n - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68\n stable queue).\n - scsi_transport_fc: do not call queue_work under lock (bsc#1013887).\n - scsi_transport_fc: fixup race condition in fc_rport_final_delete()\n (bsc#1013887).\n - scsi_transport_fc: return -EBUSY for deleted vport (bsc#1013887).\n - sctp: check af before verify address in sctp_addr_id2transport\n (git-fixes).\n - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).\n - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable\n queue).\n - series.conf cosmetic adjustment (missing rt version placeholders)\n - series.conf: remove silly comment\n - ses: Fix SAS device detection in enclosure (bsc#1016403).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - sfc: refactor debug-or-warnings printks (bsc#1019168).\n - softirq: Let ksoftirqd do its job (bsc#1019618).\n - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable\n queue).\n - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()\n (bsc#1031717).\n - staging: wlan-ng: add missing byte order conversion (4.4.68 stable\n queue).\n - sunrpc: Allow xprt->ops->timer method to sleep (git-fixes).\n - sunrpc: ensure correct error is reported by xs_tcp_setup_socket()\n (git-fixes).\n - sunrpc: fix UDP memory accounting (git-fixes).\n - sunrpc: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes).\n - supported.conf: added drivers/net/ethernet/chelsio/libcxgb/libcxgb\n - supported.conf: Add tcp_westwood as supported module (fate#322432)\n - supported.conf: Bugzilla and FATE references for dcdbas and dell_rbu\n - sysfs: be careful of error returns from ops->show() (bsc#1028883).\n - taint/module: Clean up global and module taint flags handling\n (fate#313296).\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - tcp: account for ts offset only if tsecr not zero (bsc#1042286).\n - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue).\n - tcp: do not underestimate skb->truesize in tcp_trim_head() (4.4.68\n stable queue).\n - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286).\n - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286).\n - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286).\n - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data\n (bsc#1042286).\n - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue).\n - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974).\n - thp: reduce indentation level in change_huge_pmd() (bnc#1027974).\n - tpm: Downgrade error level (bsc#1042535).\n - tpm: fix checks for policy digest existence in tpm2_seal_trusted()\n (bsc#1034048, Pending fixes 2017-04-10).\n - tpm: fix RC value check in tpm2_seal_trusted (bsc#1034048, Pending fixes\n 2017-04-10).\n - tpm: fix: set continueSession attribute for the unseal operation\n (bsc#1034048, Pending fixes 2017-04-10).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n - udp: avoid ufo handling on IP payload compression packets (bsc#1042286).\n - udplite: call proper backlog handlers (bsc#1042286).\n - Update mainline reference in\n patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch S\n ee (bsc#1028158) for the context in which this was discovered upstream.\n - Update metadata for serial fixes (bsc#1013001)\n - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900).\n - Update patches.kernel.org/patch-4.4.47-48 (bnc#1012382 bnc#1022181). Add\n a bnc reference.\n - usb: chipidea: Handle extcon events properly (4.4.68 stable queue).\n - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable\n queue).\n - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: musb: ux500: Fix NULL pointer dereference at system PM\n (bsc#1038033).\n - usb: serial: ark3116: fix open error handling (bnc#1038043).\n - usb: serial: ch341: add register and USB request definitions\n (bnc#1038043).\n - usb: serial: ch341: add support for parity, frame length, stop bits\n (bnc#1038043).\n - usb: serial: ch341: fix baud rate and line-control handling\n (bnc#1038043).\n - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043).\n - usb: serial: ch341: fix modem-status handling (bnc#1038043).\n - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043).\n - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68\n stable queue).\n - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043).\n - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043).\n - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable\n queue).\n - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable\n queue).\n - usb: serial: quatech2: fix control-message error handling (bnc#1038043).\n - usb: serial: sierra: fix bogus alternate-setting assumption\n (bnc#1038043).\n - usb: serial: ssu100: fix control-message error handling (bnc#1038043).\n - usb: serial: ti_usb_3410_5052: fix control-message error handling\n (4.4.68 stable queue).\n - Use make --output-sync feature when available (bsc#1012422). The mesages\n in make output can interleave making it impossible to extract warnings\n reliably. Since version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing this issue.\n Detect the flag and use it if available.\n - Use up spare in struct module for livepatch (FATE#322421).\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).\n - vrf: remove slave queue and private slave struct (bsc#1042286).\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752).\n - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).\n - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512).\n - x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153,\n bsc#1027616).\n - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153,\n bsc#1027616).\n - x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616).\n - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153,\n bsc#1027616).\n - x86/ioapic: Ignore root bridges without a companion ACPI device\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable\n queue).\n - x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616).\n - x86/ioapic: Support hot-removal of IOAPICs present during boot\n (bsc#1027153, bsc#1027616).\n - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).\n - x86/MCE: Dump MCE to dmesg if no consumers (bsc#1013994).\n - x86/mce: Fix copy/paste error in exception table entries (fate#319858).\n - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).\n - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0\n (4.4.68 stable queue).\n - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs\n (bsc#9048891).\n - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).\n - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier\n (bsc#1011913).\n - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68\n stable queue).\n - x86/platform: Remove warning message for duplicate NMI handlers\n (bsc#1029220).\n - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).\n - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).\n - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).\n - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024).\n - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024).\n - x86/platform/uv/BAU: Add status mmr location fields to bau_control\n (bsc#1035024).\n - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024).\n - x86/platform/uv/BAU: Add uv_bau_version enumerated constants\n (bsc#1035024).\n - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024).\n - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024).\n - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances\n (bsc#1035024).\n - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024).\n - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024).\n - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset()\n (bsc#1035024).\n - x86/platform/uv/BAU: Disable software timeout on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack\n register (bsc#1035024).\n - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status\n (bsc#1035024).\n - x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version\n information (bsc#1035024).\n - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024).\n - x86/platform/UV: Clean up the NMI code to match current coding style\n (bsc#1023866).\n - x86/platform/UV: Clean up the UV APIC code (bsc#1023866).\n - x86/platform/UV: Ensure uv_system_init is called when necessary\n (bsc#1023866).\n - x86/platform/UV: Fix 2 socket config problem (bsc#1023866).\n - x86/platform/uv: Fix calculation of Global Physical Address\n (bsc#1031147).\n - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).\n - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source\n (bsc#1023866).\n - x86/platform/UV: Verify NMI action is valid, default is standard\n (bsc#1023866).\n - x86/ras/therm_throt: Do not log a fake MCE for thermal events\n (bsc#1028027).\n - xen: add sysfs node for guest type (bnc#1037840).\n - xen: adjust early dom0 p2m handling to xen hypervisor behavior\n (bnc#1031470).\n - xen-blkback: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen/blkfront: Fix crash if backend does not follow the right states.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xen/mce: do not issue error message for failed /dev/mcelog registration\n (bnc#1036638).\n - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).\n - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).\n - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV\n (bsc#1014136)\n - xfrm: Fix memory leak of aead algorithm name (bsc#1042286).\n - xfrm: Only add l3mdev oif to dst lookups (bsc#1042286).\n - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421).\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n - xfs: do not allow di_size with high bit set (bsc#1024234).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1041160).\n - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation\n (bsc#1015609).\n - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: fix eofblocks race with file extending async dio writes\n (bsc#1040929).\n - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168).\n - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff()\n (bsc#1041168).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598).\n - xfs: in _attrlist_by_handle, copy the cursor back to userspace\n (bsc#1041242).\n - xfs: log recovery tracepoints to track current lsn and buffer submission\n (bsc#1043598).\n - xfs: Make __xfs_xattr_put_listen preperly report errors (bsc#1041242).\n - xfs: only return -errno or success from attr ->put_listent (bsc#1041242).\n - xfs: pass current lsn to log recovery buffer validation (bsc#1043598).\n - xfs: refactor log record unpack and data processing (bsc#1043598).\n - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421).\n - xfs: rework log recovery to submit buffers on LSN boundaries\n (bsc#1043598).\n - xfs: rework the inline directory verifiers (bsc#1042421).\n - xfs: sanity check directory inode di_size (bsc#1042421).\n - xfs: sanity check inode di_mode (bsc#1042421).\n - xfs: Split default quota limits by quota type (bsc#1040941).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs: track and serialize in-flight async buffers against unmount - kABI\n (bsc#1024508).\n - xfs: update metadata LSN in buffers during log recovery (bsc#1043598).\n - xfs: use ->b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n - xfs: verify inline directory data forks (bsc#1042421).\n - xgene_enet: remove bogus forward declarations (bsc#1032673).\n - zswap: do not param_set_charp while holding spinlock (VM Functionality,\n bsc#1042886).\n - blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335)\n - blacklist.conf: blacklist c34a69059d78 (bnc#1044880)\n - btrfs: disable possible cause of premature ENOSPC (bsc#1040182)\n - btrfs: Manually implement device_total_bytes getter/setter\n (bsc#1043912).\n - btrfs: Round down values which are written for total_bytes_size\n (bsc#1043912).\n - dm: remove dummy dm_table definition (bsc#1045307)\n - Fix soft lockup in svc_rdma_send (bsc#1044854).\n - fs/exec.c: account for argv/envp pointers (bnc#1039354,\n CVE-2017-1000365).\n - hpsa: limit transfer length to 1MB (bsc#1025461).\n - hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).\n - IB/ipoib: Fix memory leak in create child syscall (bsc#1022595\n FATE#322350).\n - ibmvnic: Correct return code checking for ibmvnic_init during probe\n (bsc#1045286).\n - ibmvnic: Fix assignment of RX/TX IRQ's (bsc#1046589).\n - ibmvnic: Fix error handling when registering long-term-mapped buffers\n (bsc#1045568).\n - ibmvnic: Fix incorrectly defined ibmvnic_request_map_rsp structure\n (bsc#1045568).\n - ibmvnic: Remove module author mailing address (bsc#1045467).\n - ibmvnic: Return from ibmvnic_resume if not in VNIC_OPEN state\n (bsc#1045235).\n - iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570).\n - iwlwifi: 8000: fix MODULE_FIRMWARE input.\n - iwlwifi: 9000: increase the number of queues.\n - iwlwifi: add device ID for 8265.\n - iwlwifi: add device IDs for the 8265 device.\n - iwlwifi: add disable_11ac module param.\n - iwlwifi: add new 3168 series devices support.\n - iwlwifi: add new 8260 PCI IDs.\n - iwlwifi: add new 8265.\n - iwlwifi: add new 8265 series PCI ID.\n - iwlwifi: Add new PCI IDs for 9260 and 5165 series.\n - iwlwifi: Add PCI IDs for the new 3168 series.\n - iwlwifi: Add PCI IDs for the new series 8165.\n - iwlwifi: add support for 12K Receive Buffers.\n - iwlwifi: add support for getting HW address from CSR.\n - iwlwifi: avoid d0i3 commands when no/init ucode is loaded.\n - iwlwifi: bail out in case of bad trans state.\n - iwlwifi: block the queues when we send ADD_STA for uAPSD.\n - iwlwifi: change the Intel Wireless email address.\n - iwlwifi: check for valid ethernet address provided by OEM.\n - iwlwifi: clean up transport debugfs handling.\n - iwlwifi: clear ieee80211_tx_info->driver_data in the op_mode.\n - iwlwifi: Document missing module options.\n - iwlwifi: dump prph registers in a common place for all transports.\n - iwlwifi: dvm: advertise NETIF_F_SG.\n - iwlwifi: dvm: fix compare_const_fl.cocci warnings.\n - iwlwifi: dvm: handle zero brightness for wifi LED.\n - iwlwifi: dvm: remove a wrong dependency on m.\n - iwlwifi: dvm: remove Kconfig default.\n - iwlwifi: dvm: remove stray debug code.\n - iwlwifi: export the _no_grab version of PRPH IO functions.\n - iwlwifi: expose fw usniffer mode to more utilities.\n - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000.\n - iwlwifi: Fix firmware name maximum length definition.\n - iwlwifi: fix name of ucode loaded for 8265 series.\n - iwlwifi: fix printf specifier.\n - iwlwifi: generalize d0i3_entry_timeout module parameter.\n - iwlwifi: mvm: adapt the firmware assert log to new firmware.\n - iwlwifi: mvm: add 9000-series RX API.\n - iwlwifi: mvm: add 9000 series RX processing.\n - iwlwifi: mvm: add a non-trigger window to fw dbg triggers.\n - iwlwifi: mvm: add an option to start rs from HT/VHT rates.\n - iwlwifi: mvm: Add a station in monitor mode.\n - iwlwifi: mvm: add bt rrc and ttc to debugfs.\n - iwlwifi: mvm: add bt settings to debugfs.\n - iwlwifi: mvm: add ctdp operations to debugfs.\n - iwlwifi: mvm: add CT-KILL notification.\n - iwlwifi: mvm: add debug print if scan config is ignored.\n - iwlwifi: mvm: add extended dwell time.\n - iwlwifi: mvm: add new ADD_STA command version.\n - iwlwifi: mvm: Add P2P client snoozing.\n - iwlwifi: mvm: add registration to cooling device.\n - iwlwifi: mvm: add registration to thermal zone.\n - iwlwifi: mvm: add support for negative temperatures.\n - iwlwifi: mvm: add tlv for multi queue rx support.\n - iwlwifi: mvm: add trigger for firmware dump upon TDLS events.\n - iwlwifi: mvm: add trigger for firmware dump upon TX response status.\n - iwlwifi: mvm: advertise NETIF_F_SG.\n - iwlwifi: mvm: Align bt-coex priority with requirements.\n - iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface.\n - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning.\n - iwlwifi: mvm: avoid panics with thermal device usage.\n - iwlwifi: mvm: avoid to WARN about gscan capabilities.\n - iwlwifi: mvm: bail out if CTDP start operation fails.\n - iwlwifi: mvm: bump firmware API to 21.\n - iwlwifi: mvm: bump max API to 20.\n - iwlwifi: mvm: change access to ieee80211_hdr.\n - iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station.\n - iwlwifi: mvm: change mcc update API.\n - iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk.\n - iwlwifi: mvm: Change number of associated stations when station becomes\n associated.\n - iwlwifi: mvm: change protocol offload flows.\n - iwlwifi: mvm: change the check for ADD_STA status.\n - iwlwifi: mvm: check FW's response for nvm access write cmd.\n - iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value.\n - iwlwifi: mvm: check minimum temperature notification length.\n - iwlwifi: mvm: cleanup roc te on restart cleanup.\n - iwlwifi: mvm: Configure fragmented scan for scheduled scan.\n - iwlwifi: mvm: configure scheduled scan according to traffic conditions.\n - iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c.\n - iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured.\n - iwlwifi: mvm: disable DQA support.\n - iwlwifi: mvm: Do not switch to D3 image on suspend.\n - iwlwifi: mvm: don't ask beacons when P2P GO vif and no assoc sta.\n - iwlwifi: mvm: don't keep an mvm ref when the interface is down.\n - iwlwifi: mvm: don't let NDPs mess the packet tracking.\n - iwlwifi: mvm: don't restart HW if suspend fails with unified image.\n - iwlwifi: mvm: don't try to offload AES-CMAC in AP/IBSS modes.\n - iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit.\n - iwlwifi: mvm: dump more registers upon error.\n - iwlwifi: mvm: dump the radio registers when the firmware crashes.\n - iwlwifi: mvm: enable L3 filtering.\n - iwlwifi: mvm: Enable MPLUT only on supported hw.\n - iwlwifi: mvm: enable VHT MU-MIMO for supported hardware.\n - iwlwifi: mvm: extend time event duration.\n - iwlwifi: mvm: fix accessing Null pointer during fw dump collection.\n - iwlwifi: mvm: fix d3_test with unified D0/D3 images.\n - iwlwifi: mvm: fix debugfs signedness warning.\n - iwlwifi: mvm: fix extended dwell time.\n - iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans().\n - iwlwifi: mvm: fix memory leaks in error paths upon fw error dump.\n - iwlwifi: mvm: fix netdetect starting/stopping for unified images.\n - iwlwifi: mvm: fix RSS key sizing.\n - iwlwifi: mvm: fix unregistration of thermal in some error flows.\n - iwlwifi: mvm: flush all used TX queues before suspending.\n - iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware doesn't\n support it.\n - iwlwifi: mvm: handle pass all scan reporting.\n - iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans.\n - iwlwifi: mvm: infrastructure for frame-release message.\n - iwlwifi: mvm: kill iwl_mvm_enable_agg_txq.\n - iwlwifi: mvm: let the firmware choose the antenna for beacons.\n - iwlwifi: mvm: make collecting fw debug data optional.\n - iwlwifi: mvm: move fw-dbg code to separate file.\n - iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw.\n - iwlwifi: mvm: prepare the code towards TSO implementation.\n - iwlwifi: mvm: refactor d3 key update functions.\n - iwlwifi: mvm: refactor the way fw_key_table is handled.\n - iwlwifi: mvm: remove an extra tab.\n - iwlwifi: mvm: Remove bf_vif from iwl_power_vifs.\n - iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort.\n - iwlwifi: mvm: remove redundant d0i3 flag from the config struct.\n - iwlwifi: mvm: remove shadowing variable.\n - iwlwifi: mvm: remove stray nd_config element.\n - iwlwifi: mvm: remove the vif parameter of\n iwl_mvm_configure_bcast_filter().\n - iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported().\n - iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination.\n - iwlwifi: mvm: report wakeup for wowlan.\n - iwlwifi: mvm: reset mvm->scan_type when firmware is started.\n - iwlwifi: mvm: return the cooling state index instead of the budget.\n - iwlwifi: mvm: ROC: cleanup time event info on FW failure.\n - iwlwifi: mvm: ROC: Extend the ROC max delay duration & limit ROC\n duration.\n - iwlwifi: mvm: rs: fix a potential out of bounds access.\n - iwlwifi: mvm: rs: fix a theoretical access to uninitialized array\n elements.\n - iwlwifi: mvm: rs: fix a warning message.\n - iwlwifi: mvm: rs: fix TPC action decision algorithm.\n - iwlwifi: mvm: rs: fix TPC statistics handling.\n - iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed.\n - iwlwifi: mvm: set default new STA as non-aggregated.\n - iwlwifi: mvm: set the correct amsdu enum values.\n - iwlwifi: mvm: set the correct descriptor size for tracing.\n - iwlwifi: mvm: small update in the firmware API.\n - iwlwifi: mvm: support A-MSDU in A-MPDU.\n - iwlwifi: mvm: support beacon storing.\n - iwlwifi: mvm: support description for user triggered fw dbg collection.\n - iwlwifi: mvm: support rss queues configuration command.\n - iwlwifi: mvm: Support setting continuous recording debug mode.\n - iwlwifi: mvm: support setting minimum quota from debugfs.\n - iwlwifi: mvm: support sw queue start/stop from mvm.\n - iwlwifi: mvm: take care of padded packets.\n - iwlwifi: mvm: take the transport ref back when leaving.\n - iwlwifi: mvm: track low-latency sources separately.\n - iwlwifi: mvm: update GSCAN capabilities.\n - iwlwifi: mvm: update ucode status before stopping device.\n - iwlwifi: mvm: use build-time assertion for fw trigger ID.\n - iwlwifi: mvm: use firmware station lookup, combine code.\n - iwlwifi: mvm: various trivial cleanups.\n - iwlwifi: mvm: writing zero bytes to debugfs causes a crash.\n - iwlwifi: nvm: fix loading default NVM file.\n - iwlwifi: nvm: fix up phy section when reading it.\n - iwlwifi: pcie: add 9000 series multi queue rx DMA support.\n - iwlwifi: pcie: add infrastructure for multi-queue rx.\n - iwlwifi: pcie: add initial RTPM support for PCI.\n - iwlwifi: pcie: Add new configuration to enable MSIX.\n - iwlwifi: pcie: add pm_prepare and pm_complete ops.\n - iwlwifi: pcie: add RTPM support when wifi is enabled.\n - iwlwifi: pcie: aggregate Flow Handler configuration writes.\n - iwlwifi: pcie: allow the op_mode to block the tx queues.\n - iwlwifi: pcie: allow to pretend to have Tx CSUM for debug.\n - iwlwifi: pcie: avoid restocks inside rx loop if not emergency.\n - iwlwifi: pcie: buffer packets to avoid overflowing Tx queues.\n - iwlwifi: pcie: build an A-MSDU using TSO core.\n - iwlwifi: pcie: configure more RFH settings.\n - iwlwifi: pcie: detect and workaround invalid write ptr behavior.\n - iwlwifi: pcie: don't increment / decrement a bool.\n - iwlwifi: pcie: enable interrupts before releasing the NIC's CPU.\n - iwlwifi: pcie: enable multi-queue rx path.\n - iwlwifi: pcie: extend device reset delay.\n - iwlwifi: pcie: fine tune number of rxbs.\n - iwlwifi: pcie: fix a race in firmware loading flow.\n - iwlwifi: pcie: fix erroneous return value.\n - iwlwifi: pcie: fix global table size.\n - iwlwifi: pcie: fix identation in trans.c.\n - iwlwifi: pcie: fix RF-Kill vs. firmware load race.\n - iwlwifi: pcie: forbid RTPM on device removal.\n - iwlwifi: pcie: mark command queue lock with separate lockdep class.\n - iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim.\n - iwlwifi: pcie: refactor RXBs reclaiming code.\n - iwlwifi: pcie: remove ICT allocation message.\n - iwlwifi: pcie: remove pointer from debug message.\n - iwlwifi: pcie: re-organize code towards TSO.\n - iwlwifi: pcie: set RB chunk size back to 64.\n - iwlwifi: pcie: update iwl_mpdu_desc fields.\n - iwlwifi: print index in api/capa flags parsing message.\n - iwlwifi: refactor the code that reads the MAC address from the NVM.\n - iwlwifi: remove IWL_DL_LED.\n - iwlwifi: remove unused parameter from grab_nic_access.\n - iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables.\n - iwlwifi: set max firmware version of 7265 to 17.\n - iwlwifi: support ucode with d0 unified image - regular and usniffer.\n - iwlwifi: trans: make various conversion macros inlines.\n - iwlwifi: trans: support a callback for ASYNC commands.\n - iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian.\n - iwlwifi: tt: move ucode_loaded check under mutex.\n - iwlwifi: uninline iwl_trans_send_cmd.\n - iwlwifi: update host command messages to new format.\n - iwlwifi: Update PCI IDs for 8000 and 9000 series.\n - iwlwifi: update support for 3168 series firmware and NVM.\n - iwlwifi: various comments and code cleanups.\n - kabi: ignore fs_info parameter for tracepoints that didn't have it\n (bsc#1044912).\n - kabi/severities: ignore kABi changes in iwlwifi stuff itself\n - lan78xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - Linux 4.4.74 (CVE-2017-1000364 bnc#1012382 bnc#1039348 bnc#1045340\n bsc#1031717 bsc#1043231).\n - loop: Add PF_LESS_THROTTLE to block/loop device thread (bsc#1027101).\n - md: fix a null dereference (bsc#1040351).\n - md: use a separate bio_set for synchronous IO (bsc#1040351).\n - mm: fix new crash in unmapped_area_topdown() (bnc#1039348).\n - mm: larger stack guard gap, between vmas (bnc#1039348, CVE-2017-1000364,\n bnc#1045340).\n - net/mlx5e: Fix timestamping capabilities reporting (bsc#966170\n bsc#1015342).\n - NFSv4: don't let hanging mounts block other mounts (bsc#1040364).\n - powerpc/fadump: add reschedule point while releasing memory\n (bsc#1040609).\n - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669).\n - powerpc/fadump: avoid holes in boot memory area when fadump is\n registered (bsc#1037669).\n - powerpc/fadump: provide a helpful error message (bsc#1037669).\n - powerpc/fadump: return error when fadump registration fails\n (bsc#1040567).\n - powerpc/ftrace: Pass the correct stack pointer for\n DYNAMIC_FTRACE_WITH_REGS (FATE#322421).\n - printk: Correctly handle preemption in console_unlock() (bsc#1046434).\n - printk/xen: Force printk sync mode when migrating Xen guest\n (bsc#1043347).\n - RDMA/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr()\n (bsc#1026570).\n - Reenable and refresh\n patches.suse/iwlwifi-expose-default-fallback-ucode-api.\n - reiserfs: don't preallocate blocks for extended attributes (bsc#990682).\n - smartpqi: limit transfer length to 1MB (bsc#1025461).\n - tty: Destroy ldisc instance on hangup (bnc#1043488).\n - tty: Fix ldisc crash on reopened tty (bnc#1043488).\n - tty: Handle NULL tty->ldisc (bnc#1043488).\n - tty: Move tty_ldisc_kill() (bnc#1043488).\n - tty: Prepare for destroying line discipline on hangup (bnc#1043488).\n - tty: Refactor tty_ldisc_reinit() for reuse (bnc#1043488).\n - tty: Reset c_line from driver's init_termios (bnc#1043488).\n - tty: Simplify tty_set_ldisc() exit handling (bnc#1043488).\n - tty: Use 'disc' for line discipline index name (bnc#1043488).\n - Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335)\n - Update patches.fixes/xfs-split-default-quota-limits-by-quota-type.patch\n (bsc#1040941). Fix the bug nr used.\n\n", "modified": "2017-07-28T15:10:24", "published": "2017-07-28T15:10:24", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00054.html", "id": "SUSE-SU-2017:1990-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-09-25T22:40:17", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3791-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 22, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2016-9191\n CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618\n CVE-2017-5549 CVE-2017-5551 CVE-2017-5897 CVE-2017-5970\n CVE-2017-6001 CVE-2017-6074\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787\n\n It was discovered that the performance events subsystem does not\n properly manage locks during certain migrations, allowing a local\n attacker to escalate privileges. This can be mitigated by\n disabling unprivileged use of performance events:\n sysctl kernel.perf_event_paranoid=3\n\nCVE-2016-8405\n\n Peter Pi of Trend Micro discovered that the frame buffer video\n subsystem does not properly check bounds while copying color maps to\n userspace, causing a heap buffer out-of-bounds read, leading to\n information disclosure.\n\nCVE-2016-9191\n\n CAI Qian discovered that reference counting is not properly handled\n within proc_sys_readdir in the sysctl implementation, allowing a\n local denial of service (system hang) or possibly privilege\n escalation.\n\nCVE-2017-2583\n\n Xiaohan Zhang reported that KVM for amd64 does not correctly\n emulate loading of a null stack selector. This can be used by a\n user in a guest VM for denial of service (on an Intel CPU) or to\n escalate privileges within the VM (on an AMD CPU).\n\nCVE-2017-2584\n\n Dmitry Vyukov reported that KVM for x86 does not correctly emulate\n memory access by the SGDT and SIDT instructions, which can result\n in a use-after-free and information leak.\n\nCVE-2017-2596\n\n Dmitry Vyukov reported that KVM leaks page references when\n emulating a VMON for a nested hypervisor. This can be used by a\n privileged user in a guest VM for denial of service or possibly\n to gain privileges in the host.\n\nCVE-2017-2618\n\n It was discovered that an off-by-one in the handling of SELinux\n attributes in /proc/pid/attr could result in local denial of\n service.\n\nCVE-2017-5549\n\n It was discovered that the KLSI KL5KUSB105 serial USB device\n driver could log the contents of uninitialised kernel memory,\n resulting in an information leak.\n\nCVE-2017-5551\n\n Jan Kara found that changing the POSIX ACL of a file on tmpfs never\n cleared its set-group-ID flag, which should be done if the user\n changing it is not a member of the group-owner. In some cases, this\n would allow the user-owner of an executable to gain the privileges\n of the group-owner.\n\nCVE-2017-5897\n\n Andrey Konovalov discovered an out-of-bounds read flaw in the\n ip6gre_err function in the IPv6 networking code.\n\nCVE-2017-5970\n\n Andrey Konovalov discovered a denial-of-service flaw in the IPv4\n networking code. This can be triggered by a local or remote\n attacker if a local UDP or raw socket has the IP_RETOPTS option\n enabled.\n\nCVE-2017-6001\n\n Di Shen discovered a race condition between concurrent calls to\n the performance events subsystem, allowing a local attacker to\n escalate privileges. This flaw exists because of an incomplete fix\n of CVE-2016-6786. This can be mitigated by disabling unprivileged\n use of performance events: sysctl kernel.perf_event_paranoid=3\n\nCVE-2017-6074\n\n Andrey Konovalov discovered a use-after-free vulnerability in the\n DCCP networking code, which could result in denial of service or\n local privilege escalation. On systems that do not already have\n the dccp module loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-02-22T19:15:31", "published": "2017-02-22T19:15:31", "id": "DEBIAN:DSA-3791-1:AE0FD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00044.html", "title": "[SECURITY] [DSA 3791-1] linux security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}
