Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to
receive various security and bugfixes.

Following security bugs were fixed:

• CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
  kernel through 3.17.2 did not properly perform RIP changes, which
  allowed guest OS users to cause a denial of service (guest OS crash) via
  a crafted application (bsc#899192).
• CVE-2014-8086: Race condition in the ext4_file_write_iter function in
  fs/ext4/file.c in the Linux kernel through 3.17 allowed local users to
  cause a denial of service (file unavailability) via a combination of a
  write action and an F_SETFL fcntl operation for the O_DIRECT flag
  (bsc#900881).
• CVE-2014-8159: The InfiniBand (IB) implementation did not properly
  restrict use of User Verbs for registration of memory regions, which
  allowed local users to access arbitrary physical memory locations, and
  consequently cause a denial of service (system crash) or gain
  privileges, by leveraging permissions on a uverbs device under
  /dev/infiniband/ (bsc#914742).
• CVE-2015-1465: The IPv4 implementation in the Linux kernel before 3.18.8
  did not properly consider the length of the Read-Copy Update (RCU) grace
  period for redirecting lookups in the absence of caching, which allowed
  remote attackers to cause a denial of service (memory consumption or
  system crash) via a flood of packets (bsc#916225).
• CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19
  used an incorrect data type in a sysctl table, which allowed local users
  to obtain potentially sensitive information from kernel memory or
  possibly have unspecified other impact by accessing a sysctl entry
  (bsc#919007).
• CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 used an
  incorrect data type in a sysctl table, which allowed local users to
  obtain potentially sensitive information from kernel memory or possibly
  have unspecified other impact by accessing a sysctl entry (bsc#919018).
• CVE-2015-2666: Fixed a flaw that allowed crafted microcode to overflow
  the kernel stack (bsc#922944).
• CVE-2015-2830: Fixed int80 fork from 64-bit tasks mishandling
  (bsc#926240).
• CVE-2015-2922: Fixed possible denial of service (DoS) attack against
  IPv6 network stacks due to improper handling of Router Advertisements
  (bsc#922583).
• CVE-2015-3331: Fixed buffer overruns in RFC4106 implementation using
  AESNI (bsc#927257).
• CVE-2015-3332: Fixed TCP Fast Open local DoS (bsc#928135).
• CVE-2015-3339: Fixed race condition flaw between the chown() and
  execve() system calls which could have lead to local privilege
  escalation (bsc#928130).
• CVE-2015-3636: Fixed use-after-free in ping sockets which could have
  lead to local privilege escalation (bsc#929525).

The following non-security bugs were fixed:

• /proc/stat: convert to single_open_size() (bsc#928122).
• ACPI / sysfs: Treat the count field of counter_show() as unsigned
  (bsc#909312).
• Automatically Provide/Obsolete all subpackages of old flavors
  (bsc#925567)
• Btrfs: btrfs_release_extent_buffer_page did not free pages of dummy
  extent (bsc#930226).
• Btrfs: fix inode eviction infinite loop after cloning into it
  (bsc#930224).
• Btrfs: fix inode eviction infinite loop after extent_same ioctl
  (bsc#930224).
• Btrfs: fix log tree corruption when fs mounted with -o discard
  (bsc#927116).
• Btrfs: fix up bounds checking in lseek (bsc#927115).
• Fix rtworkqueues crash. Calling __sched_setscheduler() in interrupt
  context is forbidden, and destroy_worker() did so in the timer interrupt
  with a nohz_full config. Preclude that possibility for both boot options.
• Input: psmouse - add psmouse_matches_pnp_id helper function (bsc#929092).
• Input: synaptics - fix middle button on Lenovo 2015 products
  (bsc#929092).
• Input: synaptics - handle spurious release of trackstick buttons
  (bsc#929092).
• Input: synaptics - re-route tracksticks buttons on the Lenovo 2015
  series (bsc#929092).
• Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015
  (bsc#929092).
• Input: synaptics - retrieve the extended capabilities in query $10
  (bsc#929092).
• NFS: Add attribute update barriers to nfs_setattr_update_inode()
  (bsc#920262).
• NFS: restore kabi after change to nfs_setattr_update_inode (bsc#920262).
• af_iucv: fix AF_IUCV sendmsg() errno (bsc#927308, LTC#123304).
• audit: do not reject all AUDIT_INODE filter types (bsc#927455).
• bnx2x: Fix kdump when iommu=on (bsc#921769).
• cpufreq: fix a NULL pointer dereference in __cpufreq_governor()
  (bsc#924664).
• dasd: Fix device having no paths after suspend/resume (bsc#927308,
  LTC#123896).
• dasd: Fix inability to set a DASD device offline (bsc#927308,
  LTC#123905).
• dasd: Fix unresumed device after suspend/resume (bsc#927308, LTC#123892).
• dasd: Missing partition after online processing (bsc#917125, LTC#120565).
• drm/radeon/cik: Add macrotile mode array query (bsc#927285).
• drm/radeon: fix display tiling setup on SI (bsc#927285).
• drm/radeon: set correct number of banks for CIK chips in DCE
  (bsc#927285).
• iommu/amd: Correctly encode huge pages in iommu page tables (bsc#931014).
• iommu/amd: Optimize alloc_new_range for new fetch_pte interface
  (bsc#931014).
• iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface
  (bsc#931014).
• iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface
  (bsc#931014).
• iommu/amd: Return the pte page-size in fetch_pte (bsc#931014).
• ipc/shm.c: fix overly aggressive shmdt() when calls span multiple
  segments (ipc fixes).
• ipmi: Turn off all activity on an idle ipmi interface (bsc#915540).
• ixgbe: fix detection of SFP+ capable interfaces (bsc#922734).
• kgr: add error code to the message in kgr_revert_replaced_funs.
• kgr: add kgraft annotations to kthreads wait_event_freezable() API calls.
• kgr: correct error handling of the first patching stage.
• kgr: handle the delayed patching of the modules.
• kgr: handle the failure of finalization stage.
• kgr: return error in kgr_init if notifier registration fails.
• kgr: take switching of the fops out of kgr_patch_code to new function.
• kgr: use for_each_process_thread (bsc#929883).
• kgr: use kgr_in_progress for all threads (bnc#929883).
• libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
• mlx4: Call dev_kfree_skby_any instead of dev_kfree_skb (bsc#928708).
• mm, numa: really disable NUMA balancing by default on single node
  machines (Automatic NUMA Balancing).
• mm: vmscan: do not throttle based on pfmemalloc reserves if node has no
  reclaimable pages (bsc#924803, VM Functionality).
• net/mlx4: Cache line CQE/EQE stride fixes (bsc#927084).
• net/mlx4_core: Cache line EQE size support (bsc#927084).
• net/mlx4_core: Enable CQE/EQE stride support (bsc#927084).
• net/mlx4_en: Add mlx4_en_get_cqe helper (bsc#927084).
• perf/x86/amd/ibs: Update IBS MSRs and feature definitions.
• powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the
  allowed address space (bsc#930669).
• powerpc/numa: Add ability to disable and debug topology updates
  (bsc#924809).
• powerpc/numa: Enable CONFIG_HAVE_MEMORYLESS_NODES (bsc#924809).
• powerpc/numa: Enable USE_PERCPU_NUMA_NODE_ID (bsc#924809).
• powerpc/numa: check error return from proc_create (bsc#924809).
• powerpc/numa: ensure per-cpu NUMA mappings are correct on topology
  update (bsc#924809).
• powerpc/numa: use cached value of update->cpu in update_cpu_topology
  (bsc#924809).
• powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
  (bsc#928141).
• powerpc/pseries: Introduce api_version to migration sysfs interface
  (bsc#926314).
• powerpc/pseries: Little endian fixes for post mobility device tree
  update (bsc#926314).
• powerpc/pseries: Simplify check for suspendability during
  suspend/migration (bsc#926314).
• powerpc: Fix sys_call_table declaration to enable syscall tracing.
• powerpc: Fix warning reported by verify_cpu_node_mapping() (bsc#924809).
• powerpc: Only set numa node information for present cpus at boottime
  (bsc#924809).
• powerpc: reorder per-cpu NUMA information initialization (bsc#924809).
• powerpc: some changes in numa_setup_cpu() (bsc#924809).
• quota: Fix use of units in quota getting / setting interfaces
  (bsc#913232).
• rpm/kernel-binary.spec.in: Fix build if there is no *.crt file
• rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not
  match
• s390/bpf: Fix ALU_NEG (A = -A) (bsc#917125, LTC#121759).
• s390/bpf: Fix JMP_JGE_K (A >= K) and JMP_JGT_K (A > K) (bsc#917125,
  LTC#121759).
• s390/bpf: Fix JMP_JGE_X (A > X) and JMP_JGT_X (A >= X) (bsc#917125,
  LTC#121759).
• s390/bpf: Fix offset parameter for skb_copy_bits() (bsc#917125,
  LTC#121759).
• s390/bpf: Fix sk_load_byte_msh() (bsc#917125, LTC#121759).
• s390/bpf: Fix skb_copy_bits() parameter passing (bsc#917125, LTC#121759).
• s390/bpf: Zero extend parameters before calling C function (bsc#917125,
  LTC#121759).
• s390/sclp: Consolidate early sclp init calls to sclp_early_detect()
  (bsc#917125, LTC#122429).
• s390/sclp: Determine HSA size dynamically for zfcpdump (bsc#917125,
  LTC#122429).
• s390/sclp: Move declarations for sclp_sdias into separate header file
  (bsc#917125, LTC#122429).
• s390/sclp: Move early code from sclp_cmd.c to sclp_early.c (bsc#917125,
  LTC#122429).
• s390/sclp: replace uninitialized early_event_mask_sccb variable with
  sccb_early (bsc#917125, LTC#122429).
• s390/sclp: revert smp-detect-possible-cpus.patch (bsc#917125,
  LTC#122429).
• s390/sclp_early: Add function to detect sclp console capabilities
  (bsc#917125, LTC#122429).
• s390/sclp_early: Get rid of sclp_early_read_info_sccb_valid (bsc#917125,
  LTC#122429).
• s390/sclp_early: Pass sccb pointer to every *_detect() function
  (bsc#917125, LTC#122429).
• s390/sclp_early: Replace early_read_info_sccb with sccb_early
  (bsc#917125, LTC#122429).
• s390/sclp_early: Return correct HSA block count also for zero
  (bsc#917125, LTC#122429).
• s390/smp: limit number of cpus in possible cpu mask (bsc#917125,
  LTC#122429).
• s390: kgr, change the kgraft state only if enabled.
• sched, time: Fix lock inversion in thread_group_cputime()
• sched: Fix potential near-infinite distribute_cfs_runtime() loop
  (bsc#930786)
• sched: Robustify topology setup (bsc#924809).
• seqlock: Add irqsave variant of read_seqbegin_or_lock() (Time
  scalability).
• storvsc: Set the SRB flags correctly when no data transfer is needed
  (bsc#931130).
• x86/apic/uv: Update the APIC UV OEM check (bsc#929145).
• x86/apic/uv: Update the UV APIC HUB check (bsc#929145).
• x86/apic/uv: Update the UV APIC driver check (bsc#929145).
• x86/microcode/intel: Guard against stack overflow in the loader
  (bsc#922944).