The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive
various security and bugfixes.
Security issues fixed: CVE-2014-9322: A local privilege escalation in the
x86_64 32bit compatibility signal handling was fixed, which could be used
by local attackers to crash the machine or execute code.
CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode
on the x86_64 platform were fixed, where local attackers could crash the
machine.
CVE-2014-8133: Insufficient validation of TLS register usage could leak
information from the kernel stack to userspace.
CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not
properly handle private syscall numbers during use of the ftrace
subsystem, which allowed local users to gain privileges or cause a denial
of service (invalid pointer dereference) via a crafted application.
CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine)
mishandled noncanonical addresses when emulating instructions that change
the rip (Instruction Pointer). A guest user with access to I/O or the MMIO
could use this flaw to cause a denial of service (system crash) of the
guest.
CVE-2014-3611: A race condition flaw was found in the way the Linux
kernel’s KVM subsystem handled PIT (Programmable Interval Timer)
emulation. A guest user who has access to the PIT I/O ports could use this
flaw to crash the host.
CVE-2014-3610: If the guest writes a noncanonical value to certain MSR
registers, KVM will write that value to the MSR in the host context and a
#GP will be raised leading to kernel panic. A privileged guest user could
have used this flaw to crash the host.
CVE-2014-7841: A remote attacker could have used a flaw in SCTP to crash
the system by sending a maliciously prepared SCTP packet in order to
trigger a NULL pointer dereference on the server.
CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote
attackers to cause a denial of service (system crash) via a malformed
ASCONF chunk, related to net/sctp/sm_make_chunk.c and
net/sctp/sm_statefuns.c.
CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback
function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial
Driver in the Linux kernel allowed physically proximate attackers to
execute arbitrary code or cause a denial of service (memory corruption and
system crash) via a crafted device that provides a large amount of (1)
EHCI or (2) XHCI data associated with a bulk response.
Bugs fixed: BTRFS:
Hyper-V:
zSeries / S390:
kGraft:
Other:
NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for support (bnc#905758).
Enable cmac(aes) and cmac(3des_ede) for FIPS mode (bnc#905296
bnc#905772).
scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633).
powerpc/vphn: NUMA node code expects big-endian (bsc#900126).
net: fix checksum features handling in netif_skb_features() (bnc#891259).
be2net: Fix invocation of be_close() after be_clear() (bnc#895468).
PCI: pciehp: Clear Data Link Layer State Changed during init
(bnc#898297).
PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898297).
PCI: pciehp: Use link change notifications for hot-plug and removal
(bnc#898297).
PCI: pciehp: Make check_link_active() non-static (bnc#898297).
PCI: pciehp: Enable link state change notifications (bnc#898297).
ALSA: hda - Treat zero connection as non-error (bnc#902898).
bcache: add mutex lock for bch_is_open (bnc#902893).
futex: Fix a race condition between REQUEUE_PI and task death (bcn
#851603 (futex scalability series)).
Linux 3.12.31 (bnc#895983 bnc#897912).
futex: Ensure get_futex_key_refs() always implies a barrier (bcn #851603
(futex scalability series)).
usbback: don’t access request fields in shared ring more than once.
Update Xen patches to 3.12.30.
locking/rwsem: Avoid double checking before try acquiring write lock
(Locking scalability.).
zcrypt: toleration of new crypto adapter hardware (bnc#894057,
LTC#117041).
zcrypt: support for extended number of ap domains (bnc#894057,
LTC#117041).
kABI: protect linux/fs.h include in mm/internal.h.
Linux 3.12.30 (FATE#315482 bnc#862957 bnc#863526 bnc#870498).
Update patches.fixes/xfs-mark-all-internal-workqueues-as-freezable.patch
(bnc#899785).
xfs: mark all internal workqueues as freezable.
drm/i915: Move DP port disable to post_disable for pch platforms
(bnc#899787).
pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim
fix (bnc#895680).
Linux 3.12.29 (bnc#879255 bnc#880892 bnc#887046 bnc#887418 bnc#891619
bnc#892612 bnc#892650 bnc#897101).
iommu/vt-d: Work around broken RMRR firmware entries (bnc#892860).
iommu/vt-d: Store bus information in RMRR PCI device path (bnc#892860).
iommu/vt-d: Only remove domain when device is removed (bnc#883139).
driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#883139).
Update config files: Re-enable CONFIG_FUNCTION_PROFILER (bnc#899489)
Option FUNCTION_PROFILER was enabled in debug and trace kernels so far,
but it was accidentally disabled before tracing features were merged
into the default kernel and the trace flavor was discarded. So all
kernels are missing the feature now. Re-enable it.
xfs: xlog_cil_force_lsn doesn’t always wait correctly.
scsi: clear ‘host_scribble’ upon successful abort (bnc#894863).
module: warn if module init + probe takes long (bnc#889297 bnc#877622
bnc#889295 bnc#893454).
mm, THP: don’t hold mmap_sem in khugepaged when allocating THP
(bnc#880767, VM Performance).
pagecache_limit: batch large nr_to_scan targets (bnc#895221).
iommu/vt-d: Check return value of acpi_bus_get_device() (bnc#903307).
rpm/kernel-binary.spec.in: Fix including the secure boot cert in
/etc/uefi/certs
sched: Reduce contention in update_cfs_rq_blocked_load() (Scheduler/core
performance).
x86: use optimized ioresource lookup in ioremap function (Boot time
optimisations (bnc#895387)).
x86: optimize resource lookups for ioremap (Boot time
optimisations (bnc#895387)).
usb: Do not re-read descriptors for wired devices in
usb_authorize_device() (bnc#904354).
netxen: Fix link event handling (bnc#873228).
x86, cpu: Detect more TLB configuration -xen (TLB Performance).
x86/mm: Fix RCU splat from new TLB tracepoints (TLB Performance).
x86/mm: Set TLB flush tunable to sane value (33) (TLB Performance).
x86/mm: New tunable for single vs full TLB flush (TLB Performance).
x86/mm: Add tracepoints for TLB flushes (TLB Performance).
x86/mm: Unify remote INVLPG code (TLB Performance).
x86/mm: Fix missed global TLB flush stat (TLB Performance).
x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB
Performance).
x86, cpu: Detect more TLB configuration (TLB Performance).
mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
IvyBridge (TLB Performance).
x86/mm: Clean up the TLB flushing code (TLB Performance).
mm: free compound page with correct order (VM Functionality).
bnx2x: Utilize FW 7.10.51 (bnc#887382).
bnx2x: Remove unnecessary internal mem config (bnc#887382).
rtnetlink: fix oops in rtnl_link_get_slave_info_data_size (bnc#901774).
dm: do not call dm_sync_table() when creating new devices (bnc#901809).
[media] uvc: Fix destruction order in uvc_delete() (bnc#897736).
uas: replace WARN_ON_ONCE() with lockdep_assert_held() (FATE#315595).
cxgb4/cxgb4vf: Add Devicde ID for two more adapter (bsc#903999).
cxgb4/cxgb4vf: Add device ID for new adapter and remove for dbg adapter
(bsc#903999).
cxgb4: Adds device ID for few more Chelsio T4 Adapters (bsc#903999).
cxgb4: Check if rx checksum offload is enabled, while reading hardware
calculated checksum (bsc#903999).
xen-pciback: drop SR-IOV VFs when PF driver unloads (bsc#901839).
This update also includes fixes contained in the Linux 3.12.stable release
series, not seperately listed here.
bugzilla.suse.com/show_bug.cgi?id=851603
bugzilla.suse.com/show_bug.cgi?id=853040
bugzilla.suse.com/show_bug.cgi?id=860441
bugzilla.suse.com/show_bug.cgi?id=862957
bugzilla.suse.com/show_bug.cgi?id=863526
bugzilla.suse.com/show_bug.cgi?id=870498
bugzilla.suse.com/show_bug.cgi?id=873228
bugzilla.suse.com/show_bug.cgi?id=874025
bugzilla.suse.com/show_bug.cgi?id=877622
bugzilla.suse.com/show_bug.cgi?id=879255
bugzilla.suse.com/show_bug.cgi?id=880767
bugzilla.suse.com/show_bug.cgi?id=880892
bugzilla.suse.com/show_bug.cgi?id=881085
bugzilla.suse.com/show_bug.cgi?id=883139
bugzilla.suse.com/show_bug.cgi?id=887046
bugzilla.suse.com/show_bug.cgi?id=887382
bugzilla.suse.com/show_bug.cgi?id=887418
bugzilla.suse.com/show_bug.cgi?id=889295
bugzilla.suse.com/show_bug.cgi?id=889297
bugzilla.suse.com/show_bug.cgi?id=891259
bugzilla.suse.com/show_bug.cgi?id=891619
bugzilla.suse.com/show_bug.cgi?id=892254
bugzilla.suse.com/show_bug.cgi?id=892612
bugzilla.suse.com/show_bug.cgi?id=892650
bugzilla.suse.com/show_bug.cgi?id=892860
bugzilla.suse.com/show_bug.cgi?id=893454
bugzilla.suse.com/show_bug.cgi?id=894057
bugzilla.suse.com/show_bug.cgi?id=894863
bugzilla.suse.com/show_bug.cgi?id=895221
bugzilla.suse.com/show_bug.cgi?id=895387
bugzilla.suse.com/show_bug.cgi?id=895468
bugzilla.suse.com/show_bug.cgi?id=895680
bugzilla.suse.com/show_bug.cgi?id=895983
bugzilla.suse.com/show_bug.cgi?id=896391
bugzilla.suse.com/show_bug.cgi?id=897101
bugzilla.suse.com/show_bug.cgi?id=897736
bugzilla.suse.com/show_bug.cgi?id=897770
bugzilla.suse.com/show_bug.cgi?id=897912
bugzilla.suse.com/show_bug.cgi?id=898234
bugzilla.suse.com/show_bug.cgi?id=898297
bugzilla.suse.com/show_bug.cgi?id=899192
bugzilla.suse.com/show_bug.cgi?id=899489
bugzilla.suse.com/show_bug.cgi?id=899551
bugzilla.suse.com/show_bug.cgi?id=899785
bugzilla.suse.com/show_bug.cgi?id=899787
bugzilla.suse.com/show_bug.cgi?id=899908
bugzilla.suse.com/show_bug.cgi?id=900126
bugzilla.suse.com/show_bug.cgi?id=901090
bugzilla.suse.com/show_bug.cgi?id=901774
bugzilla.suse.com/show_bug.cgi?id=901809
bugzilla.suse.com/show_bug.cgi?id=901925
bugzilla.suse.com/show_bug.cgi?id=902010
bugzilla.suse.com/show_bug.cgi?id=902016
bugzilla.suse.com/show_bug.cgi?id=902346
bugzilla.suse.com/show_bug.cgi?id=902893
bugzilla.suse.com/show_bug.cgi?id=902898
bugzilla.suse.com/show_bug.cgi?id=903279
bugzilla.suse.com/show_bug.cgi?id=903307
bugzilla.suse.com/show_bug.cgi?id=904013
bugzilla.suse.com/show_bug.cgi?id=904077
bugzilla.suse.com/show_bug.cgi?id=904115
bugzilla.suse.com/show_bug.cgi?id=904354
bugzilla.suse.com/show_bug.cgi?id=904871
bugzilla.suse.com/show_bug.cgi?id=905087
bugzilla.suse.com/show_bug.cgi?id=905100
bugzilla.suse.com/show_bug.cgi?id=905296
bugzilla.suse.com/show_bug.cgi?id=905758
bugzilla.suse.com/show_bug.cgi?id=905772
bugzilla.suse.com/show_bug.cgi?id=907818
bugzilla.suse.com/show_bug.cgi?id=908184
bugzilla.suse.com/show_bug.cgi?id=909077
bugzilla.suse.com/show_bug.cgi?id=910251
bugzilla.suse.com/show_bug.cgi?id=910697