Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
  potentially escalate their privileges inside a guest. (bsc#1087088)
• CVE-2018-8897: An unprivileged system user could use incorrect set up
  interrupt stacks to crash the Linux kernel resulting in DoS issue.
  (bsc#1087088)
• CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c
  had an integer-overflow vulnerability allowing local users with access
  to the udldrmfb driver to obtain full read and write permissions on
  kernel physical pages, resulting in a code execution in kernel space
  (bnc#1090643).
• CVE-2018-10124: The kill_something_info function in kernel/signal.c
  might allow local users to cause a denial of service via an INT_MIN
  argument (bnc#1089752).
• CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might
  allow local users to cause a denial of service by triggering an
  attempted use of the -INT_MIN value (bnc#1089608).
• CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
  drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
  of service (memory consumption) via many read accesses to files in the
  /sys/class/sas_phy directory, as demonstrated by the
  /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).
• CVE-2017-13220: An elevation of privilege vulnerability in the Upstream
  kernel bluez was fixed. (bnc#1076537).
• CVE-2017-11089: A buffer overread is observed in nl80211_set_station
  when user space application sends attribute
  NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
  (bnc#1088261).
• CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function
  in the ALSA subsystem allowed attackers to gain privileges via
  unspecified vectors (bnc#1088260).
• CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
  function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
  NCPFS servers to crash the kernel or execute code (bnc#1086162).
• CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c
  allowed local users to cause a denial of service (BUG) by leveraging a
  race condition with __dm_destroy during creation and removal of DM
  devices (bnc#1083242).

The following non-security bugs were fixed:

• Integrate fixes resulting from bsc#1088147 More info in the respective
  commit messages.
• kabi: x86/kaiser: properly align trampoline stack (bsc#1087260).
• dcache: Add cond_resched in shrink_dentry_list (bsc#1086194).
• kGraft: fix small race in reversion code (bsc#1083125).
• kabi/severities: Ignore kgr_shadow_* kABI changes
• kvm/x86: fix icebp instruction handling (bsc#1087088).
• livepatch: Allow to call a custom callback when freeing shadow variables
  (bsc#1082299 fate#313296).
• livepatch: Initialize shadow variables safely by a custom callback
  (bsc#1082299 fate#313296).
• usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275).
• x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
• x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).
• x86/kaiser: properly align trampoline stack (bsc#1087260).
• x86/retpoline: do not perform thunk calls in ring3 vsyscall code
  (bsc#1085331).